Slashdot Mirror

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

All Kickstarter campaigns are getting a show of support, according to a new web site. "Every day, The Creative Fund backs all newly launched projects based on our current patronage." It's the newest offering from BackerKit, which also makes a data management platform for crowdfunding campaigns, and so far they've pledged $1 to 10,594 different Kickstarter projects.

An anonymous reader quotes VentureBeat: One dollar doesn't seem like a lot, but it's just a start. BackerKit cofounder Rosanna Yau says that this is more of a proof of concept, to see if their community is willing to rally around the idea. She and cofounder Maxwell Salzberg have set up a Patreon, a monthly subscription service that enables people to support creators directly. All the donations they receive from that platform will be distributed among Kickstarter projects, and the goal is to make sure all projects have at least one pledge....

Yau says that the company is open to contributing more than a $1 in the future. Its Patreon guidelines say that for each $2,000 milestone reached, the fund will pledge $1 more to all Kickstarter projects. If something doesn't get funded, the fund's pledges will get recycled and re-donated to new projects.
A Medium post says the new fund "supports the entrepreneurial spirit of all independent creators, one dollar at a time....

"Everyone deserves some inspiration and a virtual high-five."

As user growth slows in developed markets, Silicon Valley companies are increasingly looking at developing markets such as India for new customers. The playbook of many of these companies is similar: make services work on low-cost devices that are increasingly popular among new users in these nations. Facebook, Microsoft, Uber, Twitter, Google, and Amazon have all released "lite" apps (they usually have fewer features, but are comparatively less resource intensive) for these markets, with some also offering their services as progressive web app (that mimic app-esque behavior on a website, but don't require installation of any special app for access). But how do these apps fare on the low-cost devices? And what is it like to live on a low-cost smartphone? A reporter ditched his iPhone for a $60 Android handset to find out: The phone is, well, basic. It comes with a slow-as-molasses processor, so little memory that I kept having to remove and reinstall apps to keep the thing running, a camera that would have been at home on the first iPhone, a two-year-old version of Android, about a dozen pre-installed Google apps that take up hundreds of megabytes, and a single, measly gigabyte of usable storage. Imagine your favorite Android phone, except with a waaay crappier screen, cameras, storage, and battery to get an idea.

What I bumped into immediately after turning on the Bharat 2 for the first time was the lack of storage, and this limitation entirely defined what I used my phone for. I had to start off by uninstalling the pre-installed bloatware before I actually installed any apps, because the first thing I got after switching on the phone was a low storage notification.

Slack went out the window because it was too bloated; Outlook, my email app of choice, was too big to install; and pretty much everything else -- banking apps, shopping apps, games, and more -- was a luxury I'd live without. Even Google Maps Go, a lightweight browser version of Google Maps that the company said is "designed to run quickly and smoothly on devices with limited memory," was crippled, allowing me to look up a location only to prompt me to download the full version of Google Maps when I asked for turn-by-turn directions.

So I boiled down to the essentials: staying in touch with people, catching up on news, ordering cabs, and watching videos (which went shockingly well, and supports the huge popularity of video here), pretty much the same as the Next Billion. Further reading: Shitphone: A Love Story (2015).

"The wealthy are plotting to leave us behind," writes Douglas Rushkoff, describing what he learned from a high-paying speaking gig about the future of technology for "five super-wealthy guys...from the upper echelon of the hedge fund world," -- and what it says about perceptions of technology today. The Event. That was their euphemism for the environmental collapse, social unrest, nuclear explosion, unstoppable virus, or Mr. Robot hack that takes everything down. This single question occupied us for the rest of the hour. They knew armed guards would be required to protect their compounds from the angry mobs. But how would they pay the guards once money was worthless? What would stop the guards from choosing their own leader...?

That's when it hit me: At least as far as these gentlemen were concerned, this was a talk about the future of technology. Taking their cue from Elon Musk colonizing Mars, Peter Thiel reversing the aging process, or Sam Altman and Ray Kurzweil uploading their minds into supercomputers, they were preparing for a digital future that had a whole lot less to do with making the world a better place than it did with transcending the human condition altogether and insulating themselves from a very real and present danger of climate change, rising sea levels, mass migrations, global pandemics, nativist panic, and resource depletion. For them, the future of technology is really about just one thing: escape.

There's nothing wrong with madly optimistic appraisals of how technology might benefit human society. But the current drive for a post-human utopia is something else. It's less a vision for the wholesale migration of humanity to a new state of being than a quest to transcend all that is human: the body, interdependence, compassion, vulnerability, and complexity.... It's a reduction of human evolution to a video game that someone wins by finding the escape hatch and then letting a few of his BFFs come along for the ride... The future became less a thing we create through our present-day choices or hopes for humankind than a predestined scenario we bet on with our venture capital but arrive at passively. This freed everyone from the moral implications of their activities... Ultimately, according to the technosolutionist orthodoxy, the human future climaxes by uploading our consciousness to a computer or, perhaps better, accepting that technology itself is our evolutionary successor.
The piece -- titled "Survival of the Richest" -- is an interesting read, and ends by suggesting this inspiring counter-philosophy.

"Being human is not about individual survival or escape. It's a team sport."

A recently discovered hole in Valve's API allowed observers to generate extremely precise and publicly accessible data for the total number of players for thousands of Steam games. While Valve has now closed this inadvertent data leak, Ars can still provide the data it revealed as a historical record of the aggregate popularity of a large portion of the Steam library. From the report: The new data derivation method, as ably explained in a Medium post from The End Is Nigh developer Tyler Glaiel, centers on the percentage of players who have accomplished developer-defined Achievements associated with many games on the service. On the Steam web site, that data appears rounded to two decimal places. In the Steam API, however, the Achievement percentages were, until recently, provided to an extremely precise 16 decimal places.

This added precision means that many Achievement percentages can only be factored into specific whole numbers. (This is useful since each game's player count must be a whole number.) With multiple Achievements to check against, it's possible to find a common denominator that works for all the percentages with high reliability. This process allows for extremely accurate reverse engineering of the denominator representing the total player base for an Achievement percentage. As Glaiel points out, for instance, an Achievement earned by 0.012782207690179348 percent of players on his game translates precisely to 8 players out of 62,587 without any rounding necessary (once some vagaries of floating point representation are ironed out). Ars has shared the Achievement-derived player numbers in their report; there's also a handy CSV file. Some of the titles with the most total unique players include Team Fortress 2 (50,191,347 player estimate), Counter-Strike: Global Offensive (46,305,966 player estimate), PLAYERUNKNOWN'S BATTLEGROUNDS (36,604,134 player estimate), Unturned (27,381,399 player estimate), and Left 4 Dead 2 (23,143,723 player estimate).

A user on Medium named "Punch a Server" says you should not use Google Cloud due to the "'no-warnings-given, abrupt way' they pull the plug on your entire system if they (or the machines) believe something is wrong." The user has a project running in production on Google Cloud (GCP) that is used to monitor hundreds of wind turbines and scores of solar plants scattered across 8 countries. When their project goes down, money is lost. An anonymous Slashdot reader shares the report: Early today morning (June 28, 2018) I receive an alert from Uptime Robot telling me my entire site is down. I receive a barrage of emails from Google saying there is some "potential suspicious activity" and all my systems have been turned off. EVERYTHING IS OFF. THE MACHINE HAS PULLED THE PLUG WITH NO WARNING. The site is down, app engine, databases are unreachable, multiple Firebases say I've been downgraded and therefore exceeded limits.

Customer service chat is off. There's no phone to call. I have an email asking me to fill in a form and upload a picture of the credit card and a government issued photo id of the card holder. Great, let's wake up the CFO who happens to be the card holder. What if the card holder is on leave and is unreachable for three days? We would have lost everything -- years of work -- millions of dollars in lost revenue. I fill in the form with the details and thankfully within 20 minutes all the services started coming alive. The first time this happened, we were down for a few hours. In all we lost everything for about an hour. An automated email arrives apologizing for "inconvenience" caused. Unfortunately The Machine has no understanding of the "quantum of inconvenience" caused.

A security failure in a popular quiz app on Facebook left millions of people's data exposed for almost two years, a cybersecurity activist revealed Thursday. From a report: The application, called Nametests.com, has run Facebook quizzes for years, but it left unprotected the personal data of Facebook users taking such a quiz on its website, allowing third parties to read and steal the data, the activist said. The leak was discovered by Belgian hacker Inti de Ceukelaire, who published his findings in a blog post. "There was a security leak at one of the most popular quiz apps that was accessible for at least two years," De Ceukelaire told POLITICO. "I can only note that Facebook didn't see this." He added that the data exposed included pictures, status updates, friends lists and more.

Frosty Piss writes: The Stanford Prison Experiment was conducted in 1971 by psychology professor Philip Zimbardo using college students to investigate the psychological effects of perceived power by focusing on the struggle between prisoners and prison officers. In the study, volunteers were randomly assigned to be either "guards" or "prisoners" in a mock prison, with Zimbardo serving as the superintendent. The results seemed to show that the students quickly embraced their assigned roles, with some guards enforcing authoritarian measures and ultimately subjecting some prisoners to psychological torture, while many of the prisoners passively accepted psychological abuse and, by the officers' request, actively harassed other prisoners who tried to stop it. After Berkeley graduate Douglas Korpi appeared to have a nervous breakdown while playing the role of an inmate, the experiment was shut down. There's just one problem: Korpi's breakdown was a sham. Dr. Ben Blum took to Medium to publish his claims. "Blum's expose -- based on previously unpublished recordings of Zimbardo, a Stanford psychology professor, and interviews with the participants -- offers evidence that the 'guards' were coached to be cruel," reports New York Post. "One of the men who acted as an inmate told Blum he enjoyed the experiment because he knew the guards couldn't actually hurt him."

"There were no repercussions. We knew [the guards] couldn't hurt us, they couldn't hit us. They were white college kids just like us, so it was a very safe situation," said Douglas Korpi, who was 22-years-old when he acted as an inmate in the study. The Berkeley grad now admits the whole thing was fake. Zimbardo also "admitted that he was an active participant in the study, meaning he had influence over the results," reports New York Post. According to an audio recording from the Stanford archive, you can hear Zimbardo encouraging the guards to act "tough."

An anonymous reader writes: Netflix's engineering team has an insightful post today that looks at how the industry is handling video coding; the differences in their methodologies; and the challenges new comers face. An excerpt, which sums up where we are:

"MPEG-2, VC1, H.263, H.264/AVC, H.265/HEVC, VP9, AV1 -- all of these standards were built on the block-based hybrid video coding structure. Attempts to veer away from this traditional model have been unsuccessful. In some cases (say, distributed video coding), it was because the technology was impractical for the prevalent use case. In most other cases, however, it is likely that not enough resources were invested in the new technology to allow for maturity.

"Unfortunately, new techniques are evaluated against the state-of-the-art codec, for which the coding tools have been refined from decades of investment. It is then easy to drop the new technology as "not at-par." Are we missing on better, more effective techniques by not allowing new tools to mature? How many redundant bits can we squeeze out if we simply stay on the paved path and iterate on the same set of encoding tools?"

The Federal Communications Commission's repeal of net neutrality rules, which had required internet service providers to offer equal access to all web content, took effect on Monday. The rules, enacted by the administration of President Barack Obama in 2015, prohibited internet providers from charging more for certain content or from giving preferential treatment to certain websites. CNET: FCC Chairman Ajit Pai has called the Obama-era rules "heavy-handed" and "a mistake," and he's argued that they deterred innovation and depressed investment in building and expanding broadband networks. To set things right, he says, he's taking the FCC back to a "light touch" approach to regulation, a move that Republicans and internet service providers have applauded.

But supporters of net neutrality -- such as big tech companies like Google and Facebook, as well as consumer groups and pioneers of the internet like World Wide Web creator Tim Berners-Lee -- say the internet as we know it may not exist without these protections. "We need a referee on the field who can throw a flag," former FCC Chairman and Obama appointee Tom Wheeler said at MIT during a panel discussion in support of rules like those he championed. Wheeler was chairman when the rules passed three years ago. We expect to see some protests today as the tussle to convince House representatives to reinstate the regulations continues. Some members of Congress are still fighting to overturn the ruling, so there's hope for a net neutrality return if legislators agree to it.

Further reading: The Washington Post published an interview of Pai over the weekend. In the interview, Pai remained bullish that the FTC could stop abuses. He also criticized Senate Dems and others for spreading misinformation during net neutrality debate. Over at CNET, Ajit Pai has written an op-ed, in which ... he is defending his move. Fight for the Future: The FCC repeal of net neutrality goes into effect TODAY, but Congress can still stop it and save the Internet.

New submitter DuroSoft writes: It has been over a year since Microsoft unveiled its open source GVFS (Git Virtual File System) project, designed to make terabyte-scale repositories, like it's own 270GB Windows source code, manageable using Git. The problem is that the GNOME project already has a virtual file system by the name of GVfs that has been in use for years, with hundreds of threads on Stack Overflow, etc. Yet Microsoft's GVFS has already surpassed GVfs in Google and is causing confusion. To make matters worse, Microsoft has officially refused to change the name, despite a large public backlash on GitHub and social media, and despite pull requests providing scripts that can change the name to anything Microsoft wants. Is this mere arrogance on Microsoft's part, laziness to do a quick Google search before using a name, or is it something more sinister?

Longtime reader theodp writes: Nonprofit Code.org, which is bankrolled by the likes of Microsoft, Facebook, Amazon, Google, and Infosys, has teamed up with the Computer Science Teachers Association (CSTA) and is "calling on all educators and parents" to "help us build a database of all schools that teach (or don't teach) computer science" (via direct responses and email advocacy tools). Called the K-12 Computer Science Access Report, Code.org says "the database will be a resource that everyone in the CS community can use." For what purposes, however, is not entirely clear, although the Code.org Medium post indicates the database will be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." The post cites a 2016 study conducted by Google and Gallup -- which took principals to task for being clueless about what constituted "computer science" and misgauging parental and student demand for CS -- and goes on to add that the new database will allow the organization to "be able to report more precisely which schools do or don't offer this opportunity to their students." As far as a timeframe for the naughty-or-nice K-12 CS school database goes, Code.org reports, "our goal is to gather data for 100% of US schools by the end of 2018." In earlier posts, Code.org has thanked its partners for their help in "changing [K-12 CS] education policies in forty states" (make that 43 states!) and claimed credit for "pressing lawmakers" into unlocking Federal funding for K-12 CS with the passage of the Every Student Succeeds Act.

Longtime reader theodp writes: Nonprofit Code.org, which is bankrolled by the likes of Microsoft, Facebook, Amazon, Google, and Infosys, has teamed up with the Computer Science Teachers Association (CSTA) and is "calling on all educators and parents" to "help us build a database of all schools that teach (or don't teach) computer science" (via direct responses and email advocacy tools). Called the K-12 Computer Science Access Report, Code.org says "the database will be a resource that everyone in the CS community can use." For what purposes, however, is not entirely clear, although the Code.org Medium post indicates the database will be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." The post cites a 2016 study conducted by Google and Gallup -- which took principals to task for being clueless about what constituted "computer science" and misgauging parental and student demand for CS -- and goes on to add that the new database will allow the organization to "be able to report more precisely which schools do or don't offer this opportunity to their students." As far as a timeframe for the naughty-or-nice K-12 CS school database goes, Code.org reports, "our goal is to gather data for 100% of US schools by the end of 2018." In earlier posts, Code.org has thanked its partners for their help in "changing [K-12 CS] education policies in forty states" (make that 43 states!) and claimed credit for "pressing lawmakers" into unlocking Federal funding for K-12 CS with the passage of the Every Student Succeeds Act.

Longtime reader theodp writes: Nonprofit Code.org, which is bankrolled by the likes of Microsoft, Facebook, Amazon, Google, and Infosys, has teamed up with the Computer Science Teachers Association (CSTA) and is "calling on all educators and parents" to "help us build a database of all schools that teach (or don't teach) computer science" (via direct responses and email advocacy tools). Called the K-12 Computer Science Access Report, Code.org says "the database will be a resource that everyone in the CS community can use." For what purposes, however, is not entirely clear, although the Code.org Medium post indicates the database will be used by the nonprofit and the CS community to "make our shared vision [for every school to teach computer science] a reality." The post cites a 2016 study conducted by Google and Gallup -- which took principals to task for being clueless about what constituted "computer science" and misgauging parental and student demand for CS -- and goes on to add that the new database will allow the organization to "be able to report more precisely which schools do or don't offer this opportunity to their students." As far as a timeframe for the naughty-or-nice K-12 CS school database goes, Code.org reports, "our goal is to gather data for 100% of US schools by the end of 2018." In earlier posts, Code.org has thanked its partners for their help in "changing [K-12 CS] education policies in forty states" (make that 43 states!) and claimed credit for "pressing lawmakers" into unlocking Federal funding for K-12 CS with the passage of the Every Student Succeeds Act.

An anonymous reader shares a report: An Indian on-demand streaming service, with fewer than 400 employees, has pulled off a milestone that Silicon Valley companies Facebook, Amazon and Google-owned YouTube can only dream about at the moment. On several occasions Sunday evening, more than 10 million viewers simultaneously tuned in to Hotstar, the largest on-demand streaming service in India, to watch the deciding match of the 11th edition of Indian Premier League cricket tournament. The real-time concurrent views, displayed publicly on Hotstar's website, peaked at 10.7 million, the highest any online streaming service has reported to date. It's a big milestone for Star India-owned Hotstar, which first broke the previous top record -- about 8 million concurrent views -- in the first qualifier match in the same cricket tournament last week. In 2012, YouTube reported that its platform saw about 8 million concurrent views on the live-stream of skydiver Felix Baumgartner jumping from near-space to the Earth's surface.

Computer History Museum (CHM), an institution which explores the history of computing and its impact on the human experience, announced on Tuesday the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm. From the press release: The first version of Eudora was created in the 1980s by Steve Dorner who was working at the University of Illinois at Urbana-Champaign. It took Dorner over a year to create the first version of Eudora, which had 50,000 lines of C code and ran only on the Apple Macintosh. In 1991, Qualcomm licensed Eudora from the University of Illinois and distributed it free of charge. Qualcomm later released Eudora as a consumer product in 1993, and it quickly gained popularity. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of users. After 15 years, in 2006, Qualcomm decided that Eudora was no longer consistent with their other major project lines, and they stopped development. The discussion with Qualcomm for the release of the Eudora source code by the company's museum took five years. Len Shustek, the chairman of the board of trustees of the Computer History Museum, writes: Eventually many email clients were written for personal computers, but few became as successful as Eudora. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of happy users. Eudora was elegant, fast, feature-rich, and could cope with mail repositories containing hundreds of thousands of messages. In my opinion it was the finest email client ever written, and it has yet to be surpassed. I still use it today, but, alas, the last version of Eudora was released in 2006. It may not be long for this world. With thanks to Qualcomm, we are pleased to release the Eudora source code for its historical interest, and with the faint hope that it might be resuscitated. I will muse more about that later.

The Amazon Echo and other smart speakers have helped push the audience for digital radio past that of FM and AM in the UK for the first time. According to Radio Joint Audience Research (RAJAR), digital listening has reached a new record share of 50.9%, up from 47.2% a year ago. This milestone will trigger a government review into whether the analog FM radio signal should be switched off altogether. iNews reports: The BBC said it would be "premature" to switch off the FM signal. It could cut off drivers with analogue car radios and disenfranchise older wireless listeners. Margot James, Digital minister, welcomed "an important milestone for radio." She confirmed that the Government will "work closely with all partners -- the BBC, commercial radio, (transmitter business) Arqiva, car manufacturers and listeners" before committing to a timetable for analogue switch-off.

James Purnell, BBC Director of Radio and Education, said: "We're fully committed to digital, and growing its audiences, but, along with other broadcasters, we've already said that it would be premature to switch off FM." Mr Purnell said that BBC podcast listening was up a third across all audiences since the same time last year, accounting now for 40,000 hours a week. But younger audiences have not inherited the habit of listening to "live" radio, even on digital.

chicksdaddy shares a report from The Security Ledger: Kremlin linked news sites like RT and Sputnik figure prominently in an online disinformation campaign portraying Syrian humanitarian workers ("White Helmets") as terrorists and crisis actors, according to an analysis (PDF) by researchers at University of Washington and Harvard. An online "echosystem" of propaganda websites including Russia backed news outlets Sputnik and RT is attacking the credibility of humanitarian workers on the ground in rebel occupied Syria, according to a new analysis by researchers at The University of Washington and Harvard University. Online rumors circulated through so called "alternative" media sites have attacked the Syrian Civil Defense (aka "White Helmets") as "crisis actors" and Western agents working on behalf of the U.S. and NATO. Statistical analysis of the online rumors reveal a tight network of websites sharing nearly identical content via Twitter and other social media platforms, wrote Kate Starbird. Starbird is an Assistant Professor of Human Centered Design & Engineering at University of Washington and a leading expert on so-called "crisis informatics."

In activity reminiscent of the disinformation campaigns that roiled the U.S. Presidential election in 2016, articles by what Starbird describes as "a few prominent journalists and bloggers" writing for self described "alternative" news sites like 21stCenturyWire, GlobalResearch, MintPressNews, and ActivistPost are picked up by other, smaller and more niche websites including both left- and right-leaning partisan news sites, "clickbait sites," and conspiracy theory websites. Government funded media outlets from Syria, Iran, Hezbollah and Russia figure prominently in the Syrian disinformation campaign, Starbird's team found. In particular, "Russian government-funded media outlets (i.e. SputnikNews and RT) play a prominent and multi-faceted role within this ecosystem," she wrote.

Lyft announced it will spend millions of dollars to make all its rides carbon neutral. An anonymous reader quotes CNN Money: The San Francisco-based ride-hailing company announced Thursday that it will pay for a range of environmentally beneficial projects to compensate for the emissions from the millions of car journeys it provides every week. The tactic, known as carbon offsets, is a way for Lyft to do something about climate change without changing its business model. Lyft will fund initiatives including forestry projects, renewable energy ventures and capturing emissions from landfills.

The efforts will put Lyft among the 10 largest voluntary offset programs in the world, according to 3Degrees, the renewable energy company Lyft is partnering with to find suitable projects... Lyft will track how many miles its drivers cover -- and the make and model of their vehicles -- to calculate exactly how many emissions it must offset. The company will not limit itself just to the carbon footprint from when passengers are in Lyft vehicles, but will also include the mileage its drivers rack up on their way to pick people up.
Lyft co-founder John Zimmer believes that within their first year they'll offset over a million metric tons of carbon -- "equivalent to planting tens of millions of trees or taking hundreds of thousands of cars off the road."

Zimmer told CNN that "With great scale comes great responsibility."

Uber's first acquisition under CEO Dara Khosrowshahi is of Jump Bikes, a startup that rents out shared electric dockless bikes in San Francisco and Washington DC. "The deal comes two months after Uber partnered with Jump in San Francisco to make bike rentals available through the Uber app," reports Quartz. From the report: TechCrunch reports that the deal was valued at close to $200 million. Jump, which launched in 2008 as Social Bicycles, had raised about $15 million in funding. In January the company became the first in San Francisco to receive a permit for a dockless e-bike program. Jump's team will stay "independent and focused on growth vs. integration," with CEO Ryan Rzepecki reporting directly to Khosrowshahi, Uber's CEO told his company in an email this morning (April 9). In a post on Medium, Rzepecki said Khosrowshahi's leadership made Jump feel more comfortable with the deal. "We could see the shift in the company once Dara was named CEO as he began leading with humility and in a way that we felt reflected our values," Rzepecki wrote.

TechRadar marked the 25th anniversary of the Ruby programming language by writing "there are still questions over whether it can survive another 25 years." The popularity of the Ruby language has been bolstered for many years by the success of the Ruby on Rails (RoR) web application framework which dominated the web scene, particularly among startups who wanted something that deal with much of the heavy lifting... But RoR, although popular, isn't the superstar that it was and It has faced fierce competition as issues such as scaling have become a greater concern for web companies. The JavaScript framework Node.js, for instance, has become popular as it requires less memory to deal with numerous connections because of its callback functions...

To improve performance further Ruby is introducing JIT (Just-In-Time) technology, which is already used by JVM and other languages. "We've created a prototype of this JIT compiler so that this year, probably on Christmas Day, Ruby 2.6 will be released," Matz confirmed. You can try the initial implementation of the MJIT compiler in the 2.6 preview1... Probably the clearest overview explanation of how MJIT works is supplied by Shannon Skipper: "With MJIT, certain Ruby YARV instructions are converted to C code and put into a .c file, which is compiled by GCC or Clang into a .so dynamic library file. The RubyVM can then use that cached, precompiled native code from the dynamic library the next time the RubyVM sees that same YARV instruction.
Ruby creator Yukihiro Matsumoto says Ruby 3.0 "has a goal of being three times faster than Ruby 2.0," and TechRadar reports that it's obvious that Matsumoto "will do anything he can to enable Ruby to survive and thrive..."

And in addition, "he's thoroughly enjoying himself doing what he does... and his outlook is quite simple: Programming is fun, he's had fun for the last 25 years making Ruby, and at the age of 52 now, he hopes that he'll get to spend the next 25 years having as much fun working on the language he dreamt up and wrote down in -- a now lost -- notebook, at the age of 17."

"We want Ruby to be the language that is around for a long time and people still use," Matsumoto tells another interviewer, "not the one people used to use."

hackingbear writes from a report: Amazon is reportedly likely to earmark $1 billion for a television series (Warning: source paywalled, alternative source) based on the ultra-popular Chinese science fiction trilogy The Three Body Problem. The American video subscription service will likely acquire the rights to the Yugo-winning, extremely popular trilogy of novels written by Liu Cixin and produce three seasons of episodes. The rights to the trilogy are currently owned by Lin Qi, the chairman of Youzu Interactive, a Chinese developer and publisher that typically focuses on online and mobile games.

theodp writes: Nearly a week after an autonomous Uber SUV claimed the first life in testing of self-driving vehicles, The Washington Post reports that Waymo CEO John Krafcik says he is confident its cars would have performed differently under the circumstances (Warning: source may be paywalled; alternative source), since they are intensively programmed to avoid such calamities. "I can say with some confidence that in situations like that one with pedestrians -- in this case a pedestrian with a bicycle -- we have a lot of confidence that our technology would be robust and would be able to handle situations like that," Krafcik said Saturday when asked if a Waymo car would have reacted differently than the self-driving Uber.

In explaining its since-settled lawsuit against Uber last year, Google charged that Uber was "using key parts of Waymo's self-driving technology," and added it was "seeking an injunction to stop the misappropriation of our designs." In announcing the settlement of the lawsuit last month, Uber CEO Dara Khosrowshahi noted, "we are taking steps with Waymo to ensure our LIDAR and software represents just our good work." A Google spokesperson added, "We have reached an agreement with Uber that we believe will protect Waymo's intellectual property now and into the future. We are committed to working with Uber to make sure that each company develops its own technology. This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber Advanced Technologies Group hardware and software." All of which might prompt some to ask: was Elaine Herzberg collateral damage in Google and Uber's IP war? "I want to be really respectful of Elaine [Herzberg], the woman who lost her life and her family," Krafcik continued. "I also want to recognize the fact that there are many different investigations going on now regarding what happened in Tempe on Sunday." His assessment, he said, was "based on our knowledge of what we've seen so far with the accident and our own knowledge of the robustness that we've designed into our systems."

theodp writes: Nearly a week after an autonomous Uber SUV claimed the first life in testing of self-driving vehicles, The Washington Post reports that Waymo CEO John Krafcik says he is confident its cars would have performed differently under the circumstances (Warning: source may be paywalled; alternative source), since they are intensively programmed to avoid such calamities. "I can say with some confidence that in situations like that one with pedestrians -- in this case a pedestrian with a bicycle -- we have a lot of confidence that our technology would be robust and would be able to handle situations like that," Krafcik said Saturday when asked if a Waymo car would have reacted differently than the self-driving Uber.

In explaining its since-settled lawsuit against Uber last year, Google charged that Uber was "using key parts of Waymo's self-driving technology," and added it was "seeking an injunction to stop the misappropriation of our designs." In announcing the settlement of the lawsuit last month, Uber CEO Dara Khosrowshahi noted, "we are taking steps with Waymo to ensure our LIDAR and software represents just our good work." A Google spokesperson added, "We have reached an agreement with Uber that we believe will protect Waymo's intellectual property now and into the future. We are committed to working with Uber to make sure that each company develops its own technology. This includes an agreement to ensure that any Waymo confidential information is not being incorporated in Uber Advanced Technologies Group hardware and software." All of which might prompt some to ask: was Elaine Herzberg collateral damage in Google and Uber's IP war? "I want to be really respectful of Elaine [Herzberg], the woman who lost her life and her family," Krafcik continued. "I also want to recognize the fact that there are many different investigations going on now regarding what happened in Tempe on Sunday." His assessment, he said, was "based on our knowledge of what we've seen so far with the accident and our own knowledge of the robustness that we've designed into our systems."

Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."

But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."

Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week." Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
The article also interviews the founders of Blockstack, a blockchain-based marketplace for apps where all user data remains local and encrypted. "There's no company in the middle that's hosting all the data," they tell the Post. "We're going back to the world where it's like the old-school Microsoft Word -- where your interactions are yours, they're local and nobody's tracking them." On Medium, Mastodon founder Eugene Rochko also acknowledges Scuttlebutt and Hubzilla, ending his post with a message to all social media users: "To make an impact, we must act."

Lauren Weinstein believes Google has already created an alternative to Facebook's "sick ecosystem": Google Plus. "There are no ads on Google+. Nobody can buy their way into your feed or pay Google for priority. Google doesn't micromanage what you see. Google doesn't sell your personal information to any third parties..." And most importantly, "There's much less of an emphasis on hanging around with those high school nitwits whom you despised anyway, and much more a focus on meeting new persons from around the world for intelligent discussions... G+ posts more typically are about 'us' -- and tend to be far more interesting as a result." (Even Linus Torvalds is already reviewing gadgets there.)

Wired has also compiled their own list of alternatives to every Facebook service. But what are Slashdot's readers doing for their social media fix? Leave your own thoughts and suggestions in the comments.

Is there a good alternative to Facebook?

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.

Last week, an MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. Uber was less than pleased by their findings and used a blog post to highlight problems with the researchers' methodology. "Now the lead researcher behind the draft paper has admitted that Uber's criticism was actually pretty valid -- while also asking Uber and Lyft to make more data available, in order to improve his analysis," reports Fortune. From the report: The issue with the draft paper from MIT's Center for Energy and Environmental Policy Research (CEEPR), Uber's chief economist Jonathan Hall said, was this: The researchers asked drivers how much money they made on average each week from such services, but then asked "How much of your total monthly income comes from driving" -- without specifying that such income must relate to on-demand services. Of course, many people driving for Uber and Lyft also earn money from regular jobs and other income sources. And this, Hall alleged, skewed the researchers' results.

"Hall's specific criticism is valid," wrote Stephen Zoepf, the executive director of Stanford's Center for Automotive Research, who led the MIT study, on Monday. "In re-reading the wording of the two questions, I can see how respondents could have interpreted the two questions in the manner Hall describes." Zoepf said he would be updating the CEEPR paper, but in the meantime he recalculated the figures using a methodology suggested by Hall, and found that the median profit was $8.55 per hour, rather than $3.37, and only 8% of drivers lose money on on-demand platforms. Using another methodology, he added, the median rises to $10 per hour and only 4% of drivers lose money.

An MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. But now Reuters reports: Uber Chief Executive Dara Khosrowshahi criticized the MIT study in a tweet on Friday as "Mathematically Incompetent Theories (at least as it pertains to ride-sharing)," and linked to a response by Uber chief economist Jonathan Hall that challenged the study's methodology. Hall's rebuttal to the study said the likely misinterpretation of a survey question and the study's "inconsistent logic" produced a wage result that was below similar studies elsewhere. He said the study used a "flawed methodology" compared with a survey that found drivers' average hour earnings were $15.68. "The earnings figures suggested in the paper are less than half the hourly earnings numbers reported in the very survey the paper derives its data from," wrote Hall.

The MIT study's lead author, Stephen Zoepf, told Reuters in an email on Saturday, "I can see how the question on revenue might have been interpreted differently by respondents" and called Hall's rebuttal thoughtful. "I'm re-running the analysis this weekend using Uber's more optimistic assumptions and should have new results and a public response acknowledging the discrepancy by Monday," he wrote.
Saturday Uber's CEO tweeted a thank-you to MIT, "for listening and revisiting this study and its findings. Right thing to do."

theodp writes: It's exactly five years since Code.org launched with the video What Most Schools Don't Teach ," noted Code.org in a Monday blog post entitled Dedicating Our 5 year Anniversary to our Partners. "Since then, tens of millions of students have begun learning computer science, hundreds of thousands of schools have begun teaching CS, tens of thousands of teachers have attended workshops to introduce CS in their classrooms, hundreds of school districts have added CS to their curriculum, and forty U.S. states and 25 countries have announced policies and plans to support CS in schools [...] We should start by thanking our amazing donors, particularly Amazon [$10+ million], Facebook [$10+ million], Google [$3+ million], Infosys [$10+ million], and Microsoft [$10+ million]. Whether it's corporate funders, foundations, or individual donors, without your generous funding, we wouldn't exist [...] Changing education policies in forty states wouldn't be possible without the help of Microsoft, College Board, Amazon, and every partner in the Code.org Advocacy Coalition [...] We're particularly fortunate and proud to have had the vocal support of Bill Gates [$4+ million] and Mark Zuckerberg [$1+ million] since day one." Hey, it takes a corporate village to raise a CS-savvy child!

Chris Dixon has an essay about the long-term promise of blockchain-based networks to upend web-based businesses such as Facebook and Twitter. He writes: When they hit the top of the S-curve, their relationships with network participants change from positive-sum to zero-sum. The easiest way to continue growing lies in extracting data from users and competing with complements over audiences and profits. Historical examples of this are Microsoft vs Netscape, Google vs Yelp, Facebook vs Zynga, and Twitter vs its 3rd-party clients. Operating systems like iOS and Android have behaved better, although still take a healthy 30% tax, reject apps for seemingly arbitrary reasons, and subsume the functionality of 3rd-party apps at will. For 3rd parties, this transition from cooperation to competition feels like a bait-and-switch. Over time, the best entrepreneurs, developers, and investors have become wary of building on top of centralized platforms. We now have decades of evidence that doing so will end in disappointment. In addition, users give up privacy, control of their data, and become vulnerable to security breaches. These problems with centralized platforms will likely become even more pronounced in the future.

Chris Dixon has an essay about the long-term promise of blockchain-based networks to upend web-based businesses such as Facebook and Twitter. He writes: When they hit the top of the S-curve, their relationships with network participants change from positive-sum to zero-sum. The easiest way to continue growing lies in extracting data from users and competing with complements over audiences and profits. Historical examples of this are Microsoft vs Netscape, Google vs Yelp, Facebook vs Zynga, and Twitter vs its 3rd-party clients. Operating systems like iOS and Android have behaved better, although still take a healthy 30% tax, reject apps for seemingly arbitrary reasons, and subsume the functionality of 3rd-party apps at will. For 3rd parties, this transition from cooperation to competition feels like a bait-and-switch. Over time, the best entrepreneurs, developers, and investors have become wary of building on top of centralized platforms. We now have decades of evidence that doing so will end in disappointment. In addition, users give up privacy, control of their data, and become vulnerable to security breaches. These problems with centralized platforms will likely become even more pronounced in the future.

Wikimedia: Wikimedia 2030, the global discussion to define the future of the Wikimedia movement, created a bold vision for the future of Wikimedia and the role we want to play in the world as a movement. With this shared vision for our movement's future in mind, the Wikimedia Foundation is evolving how we work with partners to address some of the critical barriers to participating in free knowledge globally. After careful evaluation, the Wikimedia Foundation has decided to discontinue one of its partnership approaches, the Wikipedia Zero program. Wikipedia Zero was created in 2012 to address one barrier to participating in Wikipedia globally: high mobile data costs. Through the program, we partnered with mobile operators to waive mobile data fees for their customers to freely access Wikipedia on mobile devices. Over the course of this year, no additional Wikipedia Zero partnerships will be formed, and the remaining partnerships with mobile operators will expire. In the program's six year tenure, we have partnered with 97 mobile carriers in 72 countries to provide access to Wikipedia to more than 800 million people free of mobile data charges. Further reading: Medium.

Melissa McEwen, writing on Medium: A few months ago I attended an event for women in tech. A lot of the attendees were new developers, graduates from code schools or computer science programs. Almost everyone told me they were having trouble getting their first job. I was lucky. My first "real" job out of college was "Junior Application developer" at Columbia University in 2010. These days it's a rare day to find even a job posting for a junior developer position. People who advertise these positions say they are inundated with resumes. But on the senior level companies complain they can't find good developers. Gee, I wonder why?

I'm not really sure the exact economics of this, because I don't run these companies. But I know what companies have told me: "we don't hire junior developers because we can't afford to have our senior developers mentor them." I've seen the rates for senior developers because I am one and I had project managers that had me allocate time for budgeting purposes. I know the rate is anywhere from $190-$300 an hour. That's what companies believe they are losing on junior devs.

An anonymous reader writes: Fight for the Future, a nonprofit advocacy group concerned with digital rights, has posted to medium today, revealing that many major websites, online communities, and internet users are planning a "day of action" focused on finding the final vote needed to pass the Congressional Review Act (CRA). "50 Senators have already come out in support of the CRA, which would completely overturn the FCC's December 14 decision and restore net neutrality protections," the post reads. "Several Senators have indicated that they are considering becoming the 51st vote we need to win, but they're under huge pressure from telecom lobbyists. Only a massive burst of energy from the internet will get them to move."

The day of action is scheduled for February 27, and participants include Tumblr, Etsy, Vimeo, Medium, Namecheap, Imgur, Sonos, and DuckDuckGo. "Internet users will be encouraged to sound the alarm on social media and sign up to receive alerts with their lawmaker's position on net neutrality and prompts to take action on the big day, while websites, subreddits, and online communities will display prominent alerts driving phone calls, emails, and tweets to Senators and Representatives calling on them to pass the CRA." The post notes that we're faced with an uphill battle as the fight will elevate to the House of Representatives if the CRA can pass the Senate. From there it will go to the President's desk.

theodp writes: On Tuesday, it was announced that Alaska Airlines will make a new Code.org series of six short videos starring Microsoft's Bill Gates on How Computers Work available as inflight entertainment. "Because students and adults alike can learn from these videos," wrote Code.org CEO Hadi Partovi, "we are pleased to announce Khan Academy and Alaska Airlines will make them available beyond Code.org classrooms."
The original submission notes that Gates (and the Bill and Melinda Gates Foundation) have contributed millions to both educational groups, but Alaska Airlines calls the videos "entertaining and approachable," and says they'll start appearing on their flights in April.

But the videos are also available online, and besides Gates also feature appearances by former Apple designer May Li Khoe and Nat Brown, one of the creators of Microsoft's Xbox gaming system.

_Sharp'r_ writes: According to a new study by Uber's Advanced Technology Group, widespread adoption of self-driving trucks would happen primarily on long-haul routes. The increase in efficiency would lead to more goods being trucked, causing enough additional local delivery routes driven by humans to overall increase the need for truck drivers. Driver contracts may need to be updated to pay for more time spent waiting/delivering instead of physically driving. "Uber does not believe that self-driving trucks will be doing 'dock to dock' runs for a very long time," reports The Atlantic. "They see a future in which self-driving trucks drive highway miles between what they call transfer hubs, where human drivers will take over for the last miles through complex urban and industrial terrain."

As for how Uber came to this conclusion, they created a model of the industry's labor market based on Bureau of Labor Statistics data. "Then, they created scenarios that looked at a range of self-driving-truck adoption rates and how often those autonomous trucks would be on the road in comparison to human-driven vehicles," reports The Atlantic. Uber also calculated the utilization rate of the self-driving trucks. "Basically, if the self-driving trucks are used far more efficiently, it would drive down the cost of freight, which would stimulate demand, leading to more business," reports The Atlantic. "And, if more freight is out on the roads, and humans are required to run it around local areas, then there will be a greater, not lesser, need for truck drivers."

theodp writes: Computer Science Teacher Alfred Thompson wonders how other high school CS teachers use textbooks. "It's not a conversation I hear much about," he writes. Indeed, many teachers apparently don't rely on CS textbooks much at all. In fact, the highly-touted new AP Computer Science Principles (AP CSP) course does not require a CS textbook for students (sample College Board AP CSP syllabus), albeit to the chagrin of some. Some of the bigger providers of AP CSP curriculum -- e.g., BJC and Code.org, both of whom partner with Microsoft TEALS -- don't require a traditional CS textbook. But with teachers being recruited to teach Computer Science even if they don't have a CS background, should students learning CS have a textbook? Or is the high AP exam pass rate enjoyed by AP CSP students proof that no-more-books works?

U.S. regulators are scrutinizing one of the world's largest cryptocurrency exchanges as questions mount over a digital token linked to its backers, Bloomberg reported on Tuesday. From the report: The U.S. Commodity Futures Trading Commission sent subpoenas last week to virtual-currency venue Bitfinex and Tether, a company that issues a widely traded coin and claims it's pegged to the dollar, according to a person familiar with the matter. The firms share the same chief executive officer. Tether's coins have become a popular substitute for dollars on cryptocurrency exchanges worldwide, with about $2.3 billion of the tokens outstanding as of Tuesday. While Tether has said all of its coins are backed by U.S. dollars held in reserve, the company has yet to provide conclusive evidence of its holdings to the public or have its accounts audited. Skeptics have questioned whether the money is really there.
Update: "Bitfinex'ed", a pseudonymous blogger whose been calling foul on Tether and Bitfinex for months, outlines steps he thinks exchanges that use Tether should take ASAP.

Google's parent company Alphabet today announced the launch of Chronicle, a new cybersecurity company that aims to give companies a better chance at detecting and fighting off hackers. "Chronicle is graduating out of Alphabet's X moonshot group and is now a standalone company under the Alphabet umbrella, just like Google," TechCrunch reports. From the report: Stephen Gillett, who joined X from Google Ventures and was previously the COO of Symantec, will be the new company's CEO. To get started, Chronicle will offer two services: a security intelligence and analytics platform for enterprises, and VirusTotal, the online malware and virus scanner that Google acquired in 2012. Gillett writes that the general idea behind Chronicle is to eliminate a company's security blind spots and allow businesses to get a better picture of their security posture. "We want to 10x the speed and impact of security teams' work by making it much easier, faster and more cost-effective for them to capture and analyze security signals that have previously been too difficult and expensive to find," writes Gillett. "We are building our intelligence and analytics platform to solve this problem."

What exactly this new platform will look like remains to be seen, though. Gillett notes that it will run on Alphabet's infrastructure and use machine learning and advanced search capabilities to help businesses analyze their security data. Chronicle also says that it will offer its services in the cloud so that they can "grow with an organization's needs and don't add yet another piece of security software to implement and manage."

Steve Yegge, a longtime Google engineer who gained popularity after his rant on Google+ went viral, wrote another rant on Wednesday, in which he announced he has left Google. His rationale behind leaving Google, in his own words: The main reason I left Google is that they can no longer innovate. They've pretty much lost that ability. I believe there are several contributing factors, of which I'll list four here. First, they're conservative: They are so focused on protecting what they've got, that they fear risk-taking and real innovation. Gatekeeping and risk aversion at Google are the norm rather the exception. Second, they are mired in politics, which is sort of inevitable with a large enough organization; the only real alternative is a dictatorship, which has its own downsides. Third, Google is arrogant. It has taken me years to understand that a company full of humble individuals can still be an arrogant company. Google has the arrogance of the "we", not the "I". Fourth, last, and probably worst of all, Google has become 100% competitor-focused rather than customer focused. They've made a weak attempt to pivot from this, with their new internal slogan "Focus on the user and all else will follow." But unfortunately it's just lip service.

You can look at Google's entire portfolio of launches over the past decade, and trace nearly all of them to copying a competitor: Google+ (Facebook), Google Cloud (AWS), Google Home (Amazon Echo), Allo (WhatsApp), Android Instant Apps (Facebook, WeChat), Google Assistant (Apple/Siri), and on and on and on. They are stuck in me-too mode and have been for years. They simply don't have innovation in their DNA any more. And it's because their eyes are fixed on their competitors, not their customers.

Travis Jeffery, writing for HackerNoon: There's a security best practice where sign ins aren't supposed to say "password is incorrect." Instead they're supposed to say the "username or password is incorrect." This "best practice" is bullshit. Stripe's and GitHub's sign ins for example follow this practice. The idea is if an attacker knows a username, he or she could concentrate on that account using SQL injection, brute forcing the password, phishing, and so on. Here's the problem. All a hacker has to do is sign up to know whether the username is valid or not. Why bother then with obfuscating the sign in? Only the dumbest, laziest hacker is stopped by the "username or password is incorrect" sign in. You gain no security, yet your customers lose clarity. Stripe has their form submission behind reCAPTCHA to prevent naive scripts attacking their sign up. However this has been broken multiple times and likely won't ever be perfect. Even if reCAPTCHA was perfect, a hacker could manually validate their usernames of interest by trying to sign up, then automate an attack on the sign in page.

Vincent Bevins, writing for The Outline: So every morning, I get messages asking me to click through to articles like "How I Optimized My Morning Routine To Get More Done Than ever -- before 8 a.m.!" The people posting links like this have a sickness, and we need to stop it before it gets out of hand. Of course, if you actually click through to this trash, it's a bit shocking to see what they actually do. Some guy is proud that he set aside his social life so that he could unleash four extremely psychologically damaging apps on the world by the age of 30. Or it's like, "Congratulate Lisa on her new job as advertising director for Nestle in Africa." Here's a productivity idea: Just, fucking, don't make shitty apps, or do advertising for Nestle, or really for anything. I often see shit like, "Ten Habits I Have QUIT to Get More Done," and I think, "Maybe quit writing posts like this." If you're waking up at 4 a.m. to write 1,000 words about how you write 1,000 words every day, what are you actually getting done? Just stay in bed. Whenever I am back in the Protestant centers of modern capitalism (New York or London, basically), it's especially jarring to remember what it feels like to treat being busy as if it were a virtue.

Media software maker Plex today announced a new incubator and community resource called Plex Labs. "The idea here is to help the company's internal passion projects gain exposure, along with those from Plex community members," reports TechCrunch. "Plex Labs is also unveiling its first product: a music player called Plexamp," which is designed to replace the long-lost Winamp. From the report: The player was built by several Plex employees in their free time, and is meant for those who use Plex for music. As the company explains in its announcement, the goal was to build a small player that sits unobtrusively on the desktop and can handle any music format. The team limited itself to a single window, making Plexamp the smaller Plex player to date, in terms of pixel size. Under the hood, Plexamp uses the open source audio player Music Player Daemon (MPD), along with a combination of ES7, Electron, React, and MobX technologies. The end result is a player that runs on either macOS or Windows and works like a native app. That is, you can use media keys for skipping tracks or playing and pausing music, and receive notifications. The player can also handle any music format, and can play music offline when the Plex server runs on your laptop.

The player also supports gapless playback, soft transitions and visualizations to accompany your music. Plus, the visualizations' palette of colors is pulled from the album art, Plex notes. Additionally, Plexamp makes use of a few up-and-coming features that will be included in Plex's subscription, Plex Pass, in the future. These new features are powering functionality like loudness leveling (to normalize playback volume), smart transitions (to compute the optimal overlap times between tracks), soundprints (to represent tracks visually), waveform seeking (to present a graphical view of tracks), Library stations, and artist radio.

Media software maker Plex today announced a new incubator and community resource called Plex Labs. "The idea here is to help the company's internal passion projects gain exposure, along with those from Plex community members," reports TechCrunch. "Plex Labs is also unveiling its first product: a music player called Plexamp," which is designed to replace the long-lost Winamp. From the report: The player was built by several Plex employees in their free time, and is meant for those who use Plex for music. As the company explains in its announcement, the goal was to build a small player that sits unobtrusively on the desktop and can handle any music format. The team limited itself to a single window, making Plexamp the smaller Plex player to date, in terms of pixel size. Under the hood, Plexamp uses the open source audio player Music Player Daemon (MPD), along with a combination of ES7, Electron, React, and MobX technologies. The end result is a player that runs on either macOS or Windows and works like a native app. That is, you can use media keys for skipping tracks or playing and pausing music, and receive notifications. The player can also handle any music format, and can play music offline when the Plex server runs on your laptop.

The player also supports gapless playback, soft transitions and visualizations to accompany your music. Plus, the visualizations' palette of colors is pulled from the album art, Plex notes. Additionally, Plexamp makes use of a few up-and-coming features that will be included in Plex's subscription, Plex Pass, in the future. These new features are powering functionality like loudness leveling (to normalize playback volume), smart transitions (to compute the optimal overlap times between tracks), soundprints (to represent tracks visually), waveform seeking (to present a graphical view of tracks), Library stations, and artist radio.

An anonymous reader quotes a report from The Verge: Lawmakers and public officials are responding to the FCC's decision to gut net neutrality with promises of action. In the hours following the FCC hearing, officials from around the country announced lawsuits and bills intended to counter the FCC's decision. In New York, Attorney General Eric Schneiderman said that he's leading a multi-state lawsuit to challenge the FCC's vote, though he didn't give further details on the suit or who would be joining him. Calling today's decision an "illegal rollback," he described it as giving "Big Telecom an early Christmas present."

Washington state Attorney General Bob Ferguson also announced he would sue alongside Schneiderman and other attorneys general across the country, saying that he held "a strong legal argument" and that it was likely the government had failed to follow the law with this vote. Other officials from Santa Clara, California, including county supervisor Joe Simitian, are also suing the FCC to block the decision. "We believe the depth of your ideas should outweigh the depths of your pockets," Simitian said at a press conference.

State Sen. Scott Wiener (D-CA) announced plans to introduce a bill to adopt net neutrality as a requirement in his state. He wrote in a Medium post, "If the FCC won't stand up for a free and open internet, California will."

Rep. Mike Coffman (R-CO) tweeted that he will be submitting net neutrality legislation, saying that this was a decision better left to Congress. Coffman was the first Republican to ask the FCC to delay the vote, citing "unanticipated negative consequences" on Tuesday. Furthermore, Sen. Bernie Sanders (D-VT) and Sen. Brian Schatz (D-HI) are supporting Sen. Ed Markey's (D-MA) plan to introduce a Congressional Review Act resolution to undo the FCC vote. Even Rep. Marsha Blackburn (R-TN), who had previously announced on Twitter her support for Ajit Pai and the FCC, tweeted a video, saying, "We will codify the need for no blocking, no throttling, and making certain that we preserve that free and open internet." We're likely to see many others express their disappointment with the FCC's decision over the next few hours and days.

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls "an aggregated, interactive database that allows for fast (one second response) searches and new breach imports." For example, searching for "admin," "administrator" and "root" returned 226,631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1,400,553,869.

New submitter substance2003 writes: Vid.me has announced they are shutting down on December 15th 2017 citing that they could not find a path to sustainability. This news should be of concern as content creators have been getting increasingly frustrated with Youtube's algorithms that demonetize their videos and this means they have one less alternative to turn towards.

An anonymous reader writes: "On December 1st, 24 Pull Requests will be opening its virtual doors once again, asking you to give the gift of a pull request to an open source project in need," writes UK-based software developer Andrew Nesbitt -- noting that last year the site registered more than 16,000 pull requests. "And they're not all by programmers. Often the contribution with the most impact might be an improvement to technical documentation, some tests, or even better -- guidance for other contributors."

This year they're even touting "24 Pull Requests hack events," happening around the world from Lexington, Kentucky to Torino, Italy. (Last year 80 people showed up for an event in London.) "You don't have to hack alone this Christmas!" suggests the site, also inviting local communities and geek meetups (as well as open source-loving companies) to host their own events.
Contributing to open source projects can also beef up your CV (for when you're applying for your next job), the site points out, and "Even small contributions can be really valuable to a project."

"You've been benefiting from the use of open source projects all year. Now is the time to say thanks to the maintainers of those projects, and a little birdy tells me that they love receiving pull requests!"

Mozilla's VP of Technology Strategy, Sean White, writes: I'm excited to announce the initial release of Mozilla's open source speech recognition model that has an accuracy approaching what humans can perceive when listening to the same recordings... There are only a few commercial quality speech recognition services available, dominated by a small number of large companies. This reduces user choice and available features for startups, researchers or even larger companies that want to speech-enable their products and services. This is why we started DeepSpeech as an open source project.

Together with a community of likeminded developers, companies and researchers, we have applied sophisticated machine learning techniques and a variety of innovations to build a speech-to-text engine that has a word error rate of just 6.5% on LibriSpeech's test-clean dataset. vIn our initial release today, we have included pre-built packages for Python, NodeJS and a command-line binary that developers can use right away to experiment with speech recognition.
The announcement also touts the release of nearly 400,000 recordings -- downloadable by anyone -- as the first offering from Project Common Voice, "the world's second largest publicly available voice dataset." It launched in July "to make it easy for people to donate their voices to a publicly available database, and in doing so build a voice dataset that everyone can use to train new voice-enabled applications." And while they've started with English-language recordings, "we are working hard to ensure that Common Voice will support voice donations in multiple languages beginning in the first half of 2018."

"We at Mozilla believe technology should be open and accessible to all, and that includes voice... As the web expands beyond the 2D page, into the myriad ways where we connect to the Internet through new means like VR, AR, Speech, and languages, we'll continue our mission to ensure the Internet is a global public resource, open and accessible to all."