Slashdot Mirror

HashCat, an open-source password recovery tool, can now crack an eight-character Windows NTLM password hash in less than 2.5 hours. "Current password cracking benchmarks show that the minimum eight character password, no matter how complex, can be cracked in less than 2.5 hours" using a hardware rig that utilizes eight Nvidia GTX 2080Ti GPUs, explained a hacker who goes by the pseudonym Tinker on Twitter in a DM conversation with The Register. "The eight character password is dead." From the report: It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. According to Tinker, it's still used for storing Windows passwords locally or in the NTDS.dit file in Active Directory Domain Controllers. It's dead at least in the context of hacking attacks on organizations that rely on Windows and Active Directory. NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos. Tinker estimates that buying the GPU power described would require about $10,000; others have claimed the necessary computer power to crack an eight-character NTLM password hash can be rented in Amazon's cloud for just $25.

NIST's latest guidelines say passwords should be at least eight characters long. Some online service providers don't even demand that much. When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six. Tinker said the eight character password was used as a benchmark because it's what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance. So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, "correcthorsebatterystaple." That or whatever maximum length random password via a password management app, with two-factor authentication enabled in either case.

You asked questions, we've got the answers!

Christine Peterson is a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986. One of her favorite tasks has been contacting the winners of the institute's annual Feynman Prize in Nanotechnology, but she also coined the term "Open Source software" for that famous promotion strategy meeting in 1998.

Christine took some time to answer questions from Slashdot readers.
What exactly happened in 1998?
by Anonymous Coward

Prior to 1998, had you heard anyone using the phrase "open source" before? Or was it something you came up with on your own as the only logical set of words to describe source code which is openly shared.

Starting earlier, our non-profit, Foresight Institute, had been holding a series of small invitational meetings at our office in Los Altos, focused on our free software project and the field in general. One topic of discussion that came up now and then was the problem of the name free software and how it confused newcomers into thinking that the main point was the price because, sadly, in English our word for "free as in freedom" and "free as in price" are the same. (In Spanish they wisely use different words for these two concepts.) But nothing had yet been suggested that seemed good enough to catch on.

Sometime after that the term "open source software" popped into my mind, and my immediate thought was "that's good enough." Not ideal, not great, but good enough to solve the problem. I ran it by a few friends including Mark Miller and Eric Drexler, and they agreed it was probably good enough. One other friend, who worked in PR, thought that "open" had already been overused in the software field, which was true, but it seemed appropriate in this context so I decided to go ahead with the idea anyway.

Eric Raymond came to visit Silicon Valley in connection with the transition of the Netscape code from proprietary to publicly available, so we met again to discuss these new developments. While there Eric took a call from two people from Netscape, and when he was done I asked to speak to them, a man and a woman (possibly Mitchell Baker?). I mentioned the name problem and they agreed, but none of us then had a better term to suggest.

When Eric Raymond visited again, he needed to have other local meetings and doesn't drive, so I offered to drive him around. That's when I found myself sitting in on the meeting at VA Research that included Larry Augustin, Sam Ockman, and "maddog" by phone; I wasn't invited to it. Probably the others thought I was Eric's chauffeur or even his girlfriend. Prior to the meeting I had discussed the "open source software" idea with Todd Anderson, who was also at this meeting, but not with Eric himself, whom I didn't know as well at this point. Being a non-programmer, I had pretty much zero status at this meeting, except with the two who already knew me, so I didn't feel it would work to just say "Hey, here's why you guys all need to use my terminology for your field." The meeting was primarily on broader free software topics anyway, so I just listened and didn't see an opening. Fortunately, Todd was on the ball and tried an interesting tactic: he just used the term casually, not introducing it formally but just throwing it out there in another context. Of course then I perked up and started paying closer attention to see what would happen, if anything. A few minutes later someone else, who hadn't been informed in advance, spontaneously used it, again in a context unrelated to a change in terminology. Todd and I looked at each other and smiled: the meme had jumped successfully!

Later in the meeting, as a rather minor matter compared to the rest of it, the group had a brief discussion and agreed that open source software would be a useful term. No attention was paid then to who suggested it originally, which was fine with me. Later on, Eric even briefly thought it was he himself who came up with it (which would be quite a plausible thing for him to do), but Todd took the initiative to let him know that it was me, and immediately Eric was super gracious about correcting the record on that.

At the time, Todd told me that someday I would be glad to have credit for this, and he was quite right about that. So thank you Todd, wherever you are (and please get in touch).

I don't recall hearing the phrase before it popped into my head, though I found out later that it has long been widely used in the "intelligence" (i.e., spy) field to refer to publicly available information content, so the usage is similar enough to not be a problem. Since the recent coverage of the 20th anniversary, a couple of previous uses in a software context have turned up also. But since I was neither in software nor in intelligence, I probably did not see any of these uses.

I've seen a couple of commenters suggesting that I should defend a claim to having coined the term. Fortunately for me, I don't need to do this, because that decision is not based on my current input or comments. It's an open source community decision based on past experiences, and as a non-programmer I don't even get a vote on this. I just have to accept whatever the community decides, which is why I waited twenty years to let things settle out before publishing my own account.

For a more of the history, see my longer version at Opensource.com. (The OSI history page lists Michael Tiemann also at the VA Research meeting, which is probably correct though I don't recall it. It also has the meeting dated two days earlier than my notes indicate; sadly my calendar data from those days is not accessible format-wise anymore.)

What was it like in 1998?
by DevNull127

As someone who worked closely with Eric Raymond (and had interactions with Jon "maddog" Hall), what were they like in 1998? I'm curious what the whole "mood" of the development community was like in 1998 at that historic meeting. Maybe you could also talk about how things changed -- what they were like before the Open Source movement revved into high gear, and what they were like after.

And how does it all compare to when you first joined the tech scene in the 1980s?

CP: When I arrived in Silicon Valley in 1985, we were still in the early days of the personal computer. Most people did not have an email address or even a fax machine. Only visionaries like Ted Nelson and Doug Engelbart were talking about hypertext and the future of online personal computing. At that time, working on Nelson's Xanadu Hypertext Project was one of the few ways available to move toward that future, and it was through that project that I met many very smart software people including Mark S. Miller and Dean Tribble (who have just started a new company, Agoric, to advance secure smart contracts). It was an exciting time in terms of knowing the potential, but frustrating because the underlying chips were still slow, with little memory or graphics functionality, and online communications were done over regular phone lines using modems, painfully slow.

I vividly recall when Martin Haeberli came to the Foresight office to show us an early MOSAIC browser. It wasn't super impressive at that time, but he explained that this was the start of what would become a world of online hypertext, and he was right. The early days of the World Wide Web were extremely exciting to those of us who had been inspired by Nelson's and Engelbart's visions of hypertext. FINALLY we got to make links! But also they had an undercurrent of intense frustration, because so many of the visionary features were missing, such as automatic micropayments to authors for their original publications and even their quotes used elsewhere online. But the term micropayment was seen by many as anathema, because "information should be free." Even back then, some of us knew that there was no such thing as a free lunch, and that expenses must be paid somehow. It's this lack of micropayments to content providers that has led to today's ubiquitous business model of selling users' personal information and manipulating them using highly-targeted ads, and the negative effects of that on society.

At the time, the open-sourcing of Netscape was seen as yet another innovative Silicon Valley company succumbing to unfair pressure by the all-powerful behemoth Microsoft. This sad situation had the silver lining of bringing an exciting browser project into the free software world. But the small startups trying to do support for free software were having a heck of a time explaining to customers why they should have to pay anything at all to use "free software". (And of course they don't, if they are good enough at dealing with code...which most people, including me, are not.) This awkwardness is what led to the addition of "open source software" to the original -- and still useful -- name "free software".

I did not get to know maddog, but in 1998 Eric Raymond was the one who was most active in doing public outreach, especially media, on behalf of open source. He worked very hard for months or years, unpaid to my knowledge, to promote these ideas and the community. There were many others of course, including Bruce Perens who with Eric co-founded Open Source Initiative to defend the ideas and approve licenses that met the new Open Source Criteria they wrote. Tim O'Reilly played a key role by convening and hosting the community in meetings to make group decisions. And of course we should remember Richard Stallman and the Free Software Foundation, which had been and still are doing similar work under the original term.

To me as a relative outsider, it seemed that there was a big change when the new term was introduced, which happened very close in time to the Netscape open-sourcing. I had been reading Slashdot occasionally, mainly to admire the way it was designed and enabled users to interact much more effectively that other systems I'd seen. But when the new term arrived, it seemed that suddenly there was a fast ramp-up of attention and especially media coverage of the field. For a while it seemed like every day there was a new exciting development in "open source", which often appeared in quotes because it was so new. And these were appearing in non-programmer publications, ultimately in mainstream news media. Reading Slashdot became a daily necessity, especially for me, since I was getting some kind of thrilling brain chemistry surge every time I saw the term used. I still do, but it's smaller now: a nano surge.

Nanotech Prognosis / Open Source Utopia
by qaute

What's the current outlook for nanotechnology? Technically speaking, do we get Star Trek replicators soon, or is that still a 25+ year thing?

The ultimate dream in nanotechnology is a molecular assembler (atomic 3D printer) on every desktop, with a widespread community of hardware designers/developers analogous to open source software today. You'll be able to, say, download files to build a new car from GitHub. Hackaday has a good writeup. Suppose that someone finally figures out how to build such a molecular assembler. Chances are it'll be patent-encumbered and NDA'd. How can we [get] from here to there...? Politically, how do regulations, industry, and patents look?

Socially, is it generally viewed as positive or negative these days?

CP: Let's say that the goal is an open-source molecular 3D printer able to construct molecular machinery, plus a large library of open-source designs to use with the device. Let's divide this into the hardware components and software components.

It's taken decades and billions of dollars investment to get us where we are today in conventional hardware chips. That kind of investment has not been made yet in molecular machinery. I think eventually we would get there using human chemists, but it appears that instead there will be a shortcut. Progress in artificial intelligence is moving faster now, and I expect that instead of human chemists and human designers of molecular machinery and associated construction pathways, this work will be done faster via AI. We do not need AGI (artificial general intelligence) to do this. Targeted knowledge of chemistry and design engineering are what is needed, and that's coming sooner than AGI. So it could well be sooner than 25+ years depending on AI progress, but (and here's the catch) if that happens, the world will be changing in many other ways also, both positive and negative, to the extent that we may have other issues to deal with instead of having the opportunity of focusing on writing open source code for atomically-precise manufacturing.

Regarding regulations and patents: there's no particular regulatory focus on molecular machinery just now, and there probably won't be much until an actual problem crops up. As an example, consider the recent hearings on Facebook: the US legislators are not educated enough on those issues to grapple effectively with them. Patents seem likely to continue to be used whenever a company does the work, unless it sees a strategic advantage to open-sourcing the work.

I don't think that nanotech or atomically-precise manufacturing is on the public radar these days, either positive or negative. The nanotech term itself has become a marketing term for anything with at least one nanoscale dimension, so the average person who hears it probably thinks that we already have nanotech and therefore it's not a big deal. But it's not clear that we need or want the average person to be paying attention to atomically-precise manufacturing just now anyway, so maybe that's just as well.

Open source or free software
by Jim Hall

Some people prefer one term over the other. I'm curious: all these years later, do you still prefer the term open source software or are you more aligned to Free software?

CP: I use both terms, depending on context. When I'm with longtime hackers such as John Gilmore who naturally use the earlier term, I use it too. And of course if one is at a meeting of the Free Software Foundation, it's polite to use their preferred terminology.

However in dealing with non-software people or young people, I believe that the open source term is much clearer and therefore more useful. I tried doing a search on the two terms, and they are both in active use, but I found more "open source software" than "free software" usages. (This is a very crude measure and may be wrong, of course.)

Probably in Spanish-speaking countries, where they have the words gratis and libre to distinguish our two meanings for the English word free, there is less reason to use the new term. Someone could do a PhD dissertation comparing how the new term spread in the English-speaking world vs. the Spanish-speaking world. That would enable us to tease apart how much the newer term spread due to the free/free confusion problem vs. any more intrinsic value it may have, e.g., implying that the source code is open to public view.

Open source and medicine
by AmiMoJo

How can we get more open source medical software? Given that medical devices are so heavily regulated it seems like it will be hard to get, say, an open source pacemaker system that users can hack, or at least audit.

Radio software seems to be in a similar state - cellular modems, wifi chipsets etc. are all heavily regulated and closed source, with signed code required for updates.

CP: As far as I can tell, the Internet of Things world is still using the "security through obscurity" model. Given that, regulators are naturally going to favor closed source code, since that seems to be a way to reduce the likelihood of attacks.

If we want regulators to approve open source software for important devices, we need to show that it's as secure, or preferably more secure, than closed source code.

Although I am not a programmer, I have paid enough attention to this general issue to be intrigued with object capabilities (ocaps) as a path forward toward more secure code, whether closed and open source.

Currently the most serious effort I'm aware of in this area is Agoric.

There are (at least) two problems that ocaps does not solve. Social engineering will continue to be an issue, though my understanding is that ocaps reduces the damage that these can cause. Finally, there is the problem of compromised hardware: deliberate back doors designed into our computer chips; this is a huge problem with only very expensive solutions; see the hardware question below for more on this.

For more on security, see the paper Cyber, Nano, and AGI Risks: Decentralized Approaches to Reducing Risks, by myself, Mark S. Miller, and Allison Duettmann, from the proceedings of UCLA's First International Colloquium on Catastrophic and Existential Risk (2017).

Pollution
by lhowaf

Nano-materials, in general, seem to be becoming a significant source of hard-to-cleanup pollution. Do you see nano-tech heading in the same direction?

CP: The long-term goal of atomically-precise nanotech is the complete control of the structure of matter (to the extent we care about that structure). This would include extremely advanced abilities to clean up the natural environment. The question is what the pathway looks like to get there, and how clean can we make that pathway? This last question is a matter of what we decide to do. If society decides that preventing nanoscale pollution is a priority, then we'll do much better than if we don't try. It's at least possible to consider how to make this happen commercially, through traditional regulatory mechanisms. The more difficult challenge is military use, and use in regions which don't prioritize environmental values. No easy answers here. But the ultimate goal, at least, is a very clean environment, and it should be achievable eventually. It was this prospect that drew me into trying to advance this field in the first place.

How to deal with nanotech hype problem?
by Goldsmith

I am a nanotechnologist. I've done great academic research, worked for the government, managed a few grants, and started a few companies. It's very easy to hype the potential of nanotechnology. On the other hand, it's very hard to get attention put on results from serious commercial efforts. Granting agencies and our community are not good at supporting companies that do what we all tell each other needs to get done (i.e. NanoIntegris). We are great at supporting academic research groups that have a patina of commercial application (i.e. IBM).

As a field we've missed celebrating a number of major commercialization milestones. CNT and graphene electronics are available commercially! Who knew? For five years or so, you could find commercial graphene electronics in cell phone screens in Shenzhen. For the last two years, you could find commercial graphene biosensors at many big pharma companies. For the last year, you could buy CNT based high power RF electronics.

If we were interested in showing the real potential of the field, wouldn't the leaders want to show everyone that it IS working? We have actually met the NNI timeline for commercialization set in the 1990s. The goals we set out with 20 years ago seem to mean nothing to the hype machine we've created.

Simply put, how do we deal with the addiction to hype in nanotechnology, and focus a bit more on substantive accomplishment?

CP: I'm speaking here from a US perspective. This problem is not unique to nanotechnology, or even to technology in general. It's part of a general decline that has at least two sources, the decline in education standards and the decline of serious journalism, resulting in a hype culture with hype consumers who cannot tell the difference among exciting current technologies, valid engineering prospects, and complete nonsense.

It takes substantial science background to understand why nanotech and atomically-precise manufacturing are interesting, and few in our society today have that background. Our K-12 system is largely broken. Many of our colleges and universities now optimize for student entertainment and enjoyment, rather than the hard road of learning science and engineering.

Serious journalism has been decimated -- worse than decimated, including science and technology journalism. Consumers want all their information for free, and in many cases, you get what you pay for in this area as in others. Could micropayments help? Perhaps something built into the browser sending pennies or fraction of pennies to content originators? I am not sure. It seems worth a try. It could at least help with the privacy problem.

As for the education problem: we need to admit the disaster and try some major experiments. For example, some blame the decline of university standards on deceptively easy loans to students who don't realize what they are getting into. Glenn Reynolds has written books worth reading on this general problem of educational decline in the US, and I would look to him for ideas on solutions.

To me, compared to earlier decades, US society overall seems kind of decadent, cynical, in a cultural decline. I hope we can turn this around somehow. People like Slashdot readers give me hope. And there are still many, many people truly working to make the world a better place, including here in Silicon Valley. My view of Silicon Valley has a positive bias because I meet people through Foresight Institute, which helps select for good folks. I invite you all to join our email list (use blue button on this page) and come to our events. Some are research workshops (e.g., application form for Atomic Precision for Longevity workshop) and some are more accessible, such as our salons and Vision Weekend (videos). If you like what you see, consider donating; we are entirely supported by individual donations from great folks like the open source community.

Why Nanotechnology, for Laypeople
by qaute

Integrated circuits, solar panels, and GMOs are some pretty big results in nanotech these days. What are some future benefits we can look forward to that help justify further research to non-techies?

CP: My own focus is on the long term, very advanced applications such as molecular repair of the human body, ending disease and even aging itself. To me this is highly motivating! That's on top of the original goal of restoring the environment that drew me in originally.

Coming up with near- and intermediate-term applications is harder. This is why venture capitalists make lots of money, when they do their job well. Picking winning new applications is so challenging, especially in getting the timing right.

I can say this: amazing new catalysts and filtration technologies are on the way. Sound boring? It is totally not. Huge energy savings, cheap clean water for everyone (this would even help prevent wars), even blood filtration to take out all the stuff that should not be there.

________________________________________________________________________________
Nanotech threat landscape
by bjorng

How concerned should we be about nanotechnology equivalents of the software threats we see today? I would hate to have my circulatory system held hostage for bitcoin.

The Nanotechnology Corollary to Metsploit
by Anonymous Coward

The Internet of Things (IoT) seems to be a ramp-up to Micro-Electromechanical Machines (MEMs), which, in turn, will prime another ramp into atomic-scale nanotechnology. But already, security is atrocious. Worse than Windows XP's exploitation, endless automatic updates and a constant avalanche of zero-day patches.

What will a metasploit framework and CVE database for IoT, MEMs and smaller systems look like? How will biomedical bug bounties, vulnerabilities, exploits and weaponized payloads play themselves out?
________________________________________________________________________________

CP: We should be very concerned and more important, very vigilant. We need to solve today's Internet of Insecure Things as soon as possible, before even more of our world is controlled by software. As mentioned above, I am placing my hope in Agoric and object capabilities in general. There are also suggestions for how to address the insecure chip problem, though they are expensive and have performance costs as well; see the question from AmiMoJo below.

Recent improvements in physical security
by AmiMoJo

Recently big gains have been made in physical security. Many phones are encrypted by default and relatively difficult for unauthorized persons to unlock. Encrypted storage is increasingly common for computers too, although open source support for technologies like OPALv2 seems to be lagging behind closed source systems. In 2017 AMD introduced encrypted RAM.

All of these rely on special hardware to protect encryption keys and perform encryption functions at speeds fast enough to avoid any significant performance loss. It seems like hardware is necessary for very high levels of physical security anyway, e.g. tamper-proof boot ROMs.

How can open source provide this level of security when high end hardware is increasingly difficult for individuals to fabricate? Should we be thinking about how we can fabricate our own security processors and key storage, or is there another way to achieve high levels of physical security?

CP: My understanding from Mark S. Miller is that yes, we need to be thinking about fabricating our own chips, if we want to get around the problem of deliberately-installed backdoors.

In the paper cited above we write, "In the near term one can imagine a technology example that can be secure against those risks: a good open source processor design for which there is a proof of security comparable to the proof of security of the seL4 software. There are many open source processor designs that are sufficiently high performance that, when run on a field-programmable gate array (FPGA), can run fast enough to be practical for many applications. By combining these well-designed processors with a layout algorithm that randomizes layout decisions, the processor could be randomly laid out for each individual hardware instance. Given this randomized layout, there is no feasible corruption of the FPGA hardware that can escape notice under electron microscopes and that would also be able to successfully corrupt most instances of the processor."

UPDATE: After writing the above, I met with Mark and he explained that another approach has been found to the problem of insecure chips. At the recent Zcon0 conference, a method was described using zkSnarks and/or Coda. It's not financially practical yet, and doesn't fix leakage of data, but addresses the integrity issue. This is way outside my area of expertise. Eventually, the Agoric website will have many relevant documents on these topics, but not yet.

50 years ahead
by EngineeringStudent

I heard a myth a few decades ago, that top-secret work in most fields is at least 50 years ahead of the current published state of the art. I can't begin to imagine what that would look like here. What sorts of things do you think are solidly plausible within the next 50 years of work in the field of nano-technology, and how would we detect them "in the field" today, if we were to look for them...?

I know there were published discussions about silicon based listening and transmitting devices, bugs, that were smaller than grains of salt. I also know that there was great published fervor over single-pixel cameras, and, in my personal opinion, I have seen a surprising gap in entangled non-return imaging. I expect "they" have working, single-photon, non-return-imaging cameras on grains of silicon too small for the eye to work with, so perhaps nano drone swarms used for data gathering/surveillance, where each drone is less than 0.1mm across?

When I look at robo-cat, and the alleged robo-squirrels or robo-insects, I think they have such swarms that can be ingested/injected/otherwise-implanted inside animals that don't realize they have become "listening posts". What would you do with a fully-functional jet-engine that was only a few microns across? I remember sub-cellular size bar-codes made by shooting proton based cylindrical holes in silicon, then lithographing layers of gold or other stuff to make the code, then removing the silicon substrate. Could we put markers into people to inform future medical reconstruction such as "non-invasive" 3d printing of organs in-vivo? How would we detect sub-cell-size tagging, or fabrication? I like the idea of nanotech-driven bio-energy harvesting. Why can't we turn trees into solar panels by hacking into their organic photosynthesis?

CP: These areas are above my pay grade, but for inspiration on what could be possible in 50 years I would look at high-quality hard science fiction. Some of those writers pay close attention to physical limits. Yes, the surveillance technology should be amazingly good (or bad, depending on one's point of view). I'm not sure we would need advance markers in the body in order to do great 3D printing of organs in vivo, but I could be wrong on that. Eventually I expect we will come up with physical barriers that only allow understood molecular structures to pass though, to avoid having to detect sub-cell size tagging inside our bodies, when it's harder to find. But that's very long-term and ambitious.

Is physical security a political problem?
by Anonymous Coward

How to defend against molecule-sized machines is a question, but there is a meta-question there: will we be subject to constant false flag attacks and entrapment? Year 2030: Great Leader or Deep State accuses you of carrying a nanotech attack. You and perhaps people of your supporting network get disappeared into high security facilities, solitary confinement and all. Can we disprove the authorities' lies? Will people be able to know... Will there be anyone left to speak for you?

CP: Yes, this is a meta question and not about nanotech per se. If government is so dysfunctional and corrupt that the scenario above can take place, we have already lost. Our goal has to be to prevent that level of corruption from taking hold. Edmund Burke wrote, "The only thing necessary for the triumph of evil is for good men to do nothing." To take a US perspective, there have been various times in our country's history when the smartest and most civic-minded people have turned their attention to political matters, to get them straightened out for their own generation and those to come. Jefferson wrote, "We will be soldiers, so our sons may be farmers, so their sons may be artists." Sadly, it's looking like it's time to turn from being artists to being soldiers -- not physical soldiers, but soldiers in the fight for freedom, openness, and other values the open source community cares about.

theodp writes: As part of its 'Iron Viz' data visualization contests that lead up to its annual conferences, Tableau Software ($4.8B market cap) has awarded $500 gift cards to 'Twitter Crowd Favorites', contestants whose data viz draw the most 'votes' (tagged Tweets) on Twitter. But no more. As it expanded Iron Viz eligibility to China, Tableau said it 'just didn't seem fair' to allow popular voting in its worldwide contests since the Chinese government blocks citizens' Twitter use. "As Chinese authors join the contest," the Tableau Public blog explained, "we have to say goodbye to the Twitter Crowd Favorite. Twitter is blocked in mainland China and it wouldn't be fair for our Chinese contestants." And the latest Iron Viz Contest FAQs confirm the change: "Q. I heard there won't be a Crowd Favorite prize, is that true? A. Absolutely true. China is among the new countries who can take part in the Iron Viz, and Twitter doesn't work in mainland China. The usual Twitter Popular Vote just didn't seem fair."
This XKCD comic still has my all-time favorite data visualizations.

Artem Tashkinov writes: The XKCD comics has posted a wonderful and exceptionally relevant post in regard to the today's situation with various instant messaging solutions. E-mail has served us well in the past, however, it's not suitable for any real-time communications involving video and audio. XMPP was a nice idea, however, it has largely failed except for a low number of geeks who stick to it. Nowadays, some people install up to seven instant messengers to be able to keep up with various circles of people. How do you see this situation being resolved?

People desperately need a universal solution which is secure, decentralized, fault tolerant, not attached to your phone number, protects your privacy, supports video and audio chats and sending of files, works behind NATs and other firewalls and has the ability to send offline messages. I believe we need a modern version of SMTP. [How would you solve the instant messaging problem?]

A new radio transmitter "seizes complete control of nearby drones as they're in mid-flight," reports Ars Technica: From then on, the drones are under the full control of the person with the hijacking device. The remote control in the possession of the original operator experiences a loss of all functions, including steering, acceleration, and altitude... Besides hijacking a drone, the device provides a digital fingerprint that's unique to each craft. The fingerprint can be used to identify trusted drones from unfriendly ones and potentially to provide forensic evidence for use in criminal or civil court cases...

Hijacks could allow law-enforcement officers to safely seize control of vulnerable drones that are endangering or interfering with first responders. The hacks could also provide ordinary citizens with a less-draconian way of disabling a drone they believe is impinging on their property or privacy... A patchwork of federal and state laws makes it unclear if even local authorities have the legal authority to shoot or hack an aircraft out of the sky.
XKCD once proposed solving the problem with butterfly nets, but instead this new attack is exploiting unencrypted DSMx radio signals.

"Last year, we announced that beginning with the release of Windows 10, all new Windows 10 kernel mode drivers must be submitted to the Windows Hardware Developer Center Dashboard portal to be digitally signed by Microsoft," reads a MSDN blog post. "However, due to technical and ecosystem readiness issues, this was not enforced by Windows Code Integrity and remained only a policy statement. Starting with new installations of Windows 10, version 1607, the previously defined driver signing rules will be enforced by the Operating System, and Windows 10, version 1607 will not load any new kernel mode drivers which are not signed by the Dev Portal."

Slashdot reader mikejuk quotes a report from i-programmer.info which argues "the control of what software users can run on their machines is becoming ever tighter," and compares Microsoft's proposal to an XKCD cartoon: Before you start to panic about backward compatibility with existing drivers the lockdown is only going to be enforced on new installations of Windows 10. If you simply upgrade an existing system then the OS will take over the drivers that are already installed... Only new installations, i.e. installing all drivers from scratch, will enforce the new rules from Windows 10 version 1607... Be warned, if you need to do a fresh install of Windows 10 in the future you might find that your existing drivers are rejected.

Reader Thelasko writes: The BBC has a story about people with names that break computer databases. "When Jennifer Null tries to buy a plane ticket, she gets an error message on most websites. The site will say she has left the surname field blank and ask her to try again." Thelasko compares it to the XKCD comic about Bobby Tables, though it's a real problem that's also been experienced by a Hawaiian woman named Janice Keihanaikukauakahihulihe'ekahaunaele, whose last name exceeds the 36-character limit on state ID cards. And in 2010, programmer John Graham-Cumming complained about web sites (including Yahoo) which refused to accept hyphenated last names. Programmer Patrick McKenzie pointed the BBC to a 2011 W3C post highlighting the key issues with names, along with his own list of common mistaken assumptions. "They don't necessarily test for the edge cases," McKenzie says, noting that even when filing his own income taxes in Japan, his last name exceeds the number of characters allowed.

PolygamousRanchKid writes: The ballot to fill a legislative seat in Canada next month includes none of the above—and it's a real person. Sheldon Bergson, 46, had his name legally changed to Above Znoneofthe and is now a candidate for the Ontario legislature, the CBC reports. The election is Feb. 11. The ballot lists candidates in alphabetical order by surname so his name will be the 10th of the 10 candidates as Znoneofthe Above, according to CBC. One of his opponents is running on the line of the None of The Above Party. Maybe the American folks can learn from their cousins up north? Shouldn't every election have a line for "None of the above"? I can't wait until Little Bobby Tables hits 35.

Dave Knott writes: XKCD creator Randall Munroe has decided to celebrate the release of his new book, Thing Explainer, by creating a "small game" called Hoverboard. In actuality, it is a gigantic scrolling comic in the same style as his previous Click And Drag. However, this time there is a game element as one navigates the comic. Explore giant starships and volcanoes, or search for hidden lairs, all in the name of finding as many hidden gold coins as possible.

Dave Knott writes: XKCD creator Randall Munroe has decided to celebrate the release of his new book, Thing Explainer, by creating a "small game" called Hoverboard. In actuality, it is a gigantic scrolling comic in the same style as his previous Click And Drag. However, this time there is a game element as one navigates the comic. Explore giant starships and volcanoes, or search for hidden lairs, all in the name of finding as many hidden gold coins as possible.

Dave Knott writes: XKCD creator Randall Munroe has decided to celebrate the release of his new book, Thing Explainer, by creating a "small game" called Hoverboard. In actuality, it is a gigantic scrolling comic in the same style as his previous Click And Drag. However, this time there is a game element as one navigates the comic. Explore giant starships and volcanoes, or search for hidden lairs, all in the name of finding as many hidden gold coins as possible.

szczys writes: Everyone loves Tamagochi, the little electronic keychains spawned in the '90s that let you raise digital pets. Some time ago, XKCD made a quip about an internet-based matrix of thousands of these digital entities. That quip is now a reality thanks to elite hardware hacker Jeroen Domburg (aka Sprite_TM). In his recent talk called "The Tamagochi Singularity" at the Hackaday SuperConference he revealed that he had built an infinite network of virtual Tamagochi by implementing the original hardware as a virtual machine. This included developing AI to keep them happy, and developing a protocol to emulate their IR interactions. But he went even further, hacking an original keychain to use wirelessly as a console which can look in on any of the virtual Tamagochi living on his underground network. This full-stack process is unparalleled in just about every facet: complexity, speed of implementation, awesome factor, and will surely spark legions of other Tamagochi Matrices.

An anonymous reader writes: XKCD cartoonist Randall Munroe will be publishing a new book in November, but it's already become Amazon's #1 best-seller in two "Science & Math" subcategories, for mechanics and scientific instruments. Inspired by a cartoon describing NASA's Saturn V rocket as "the up-goer V", Randall's created a large-format collection of blueprints describing datacenters, tectonic plates, and even the controls in an airplane cockpit — using only the thousand most common English words. "Since this book explains things, I've called it Thing Explainer," Randall writes on the XKCD blog, trying to mimic the humorously simple style of his book. Randall's previous book of scientific hypotheticals — published one year ago — is still Amazon's #1 best-selling book in their "Physics" category, ranking higher than Stephen Hawking's "A Brief History of Time."

An anonymous reader writes: XKCD cartoonist Randall Munroe will be publishing a new book in November, but it's already become Amazon's #1 best-seller in two "Science & Math" subcategories, for mechanics and scientific instruments. Inspired by a cartoon describing NASA's Saturn V rocket as "the up-goer V", Randall's created a large-format collection of blueprints describing datacenters, tectonic plates, and even the controls in an airplane cockpit — using only the thousand most common English words. "Since this book explains things, I've called it Thing Explainer," Randall writes on the XKCD blog, trying to mimic the humorously simple style of his book. Randall's previous book of scientific hypotheticals — published one year ago — is still Amazon's #1 best-selling book in their "Physics" category, ranking higher than Stephen Hawking's "A Brief History of Time."

HughPickens.com writes Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you'll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You'll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You'll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like "cap liz donna demon self", "bang vivo thread duct knob train", and "brig alert rope welsh foss rang orb". If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you've generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn't take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It's a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training."

HughPickens.com writes Color scientists already have a word for it: Dressgate. Now the Washington Post reports that a puzzling thing happened on Thursday night consuming millions — perhaps tens of millions — across the planet and trending on Twitter ahead of even Jihadi John's identification. The problem was this: Roughly three-fourths of people swore that this dress was white and gold, according to BuzzFeed polling but everyone else said it's dress was blue. Others said the dress could actually change colors. So what's going on? According to the NYT our eyes are able to assign fixed colors to objects under widely different lighting conditions. This ability is called color constancy. But the photograph doesn't give many clues about the ambient light in the room. Is the background bright and the dress in shadow? Or is the whole room bright and all the colors are washed out? If you think the dress is in shadow, your brain may remove the blue cast and perceive the dress as being white and gold. If you think the dress is being washed out by bright light, your brain may perceive the dress as a darker blue and black.

According to Beau Lotto, the brain is doing something remarkable and that's why people are so fascinated by this dress. "It's entertaining two realities that are mutually exclusive. It's seeing one reality, but knowing there's another reality. So you're becoming an observer of yourself. You're having tremendous insight into what it is to be human. And that's the basis of imagination." As usual xkcd has the final word. It would make the comments more informatively scannable if you include your perceived color pair in the title of any comments below.

First time accepted submitter Dadoo writes By now, everyone who reads Slashdot regularly has seen the XKCD comic discussing how to choose a more secure password, but at least one security researcher rejects that theory, asserting that password managers are the most important technology people can use to keep their accounts safe. He says, "In this post, I'm going to make the following arguments: 1) Choosing a password should be something you do very infrequently. 2) Our focus should be on protecting passwords against informed statistical attacks and not brute-force attacks. 3) When you do have to choose a password, one of the most important selection criteria should be how many other people have also chosen that same password. 4) One of the most impactful things that we can do as a security community is to change password strength meters and disallow the use of common passwords."

destinyland writes Tuesday is the official release date for the newest book from the geeky cartoonist behind XKCD — yet it's already become one of Amazon's best-selling books. Thanks to a hefty pre-order discount, one blogger notes that it's appeared on Amazon's list of hardcover best-sellers since the book was first announced in March, and this weekend it remains in the top 10. Randall Munroe recently announced personal appearances beginning this week throughout the U.S. (including Cambridge, New York, Seattle, and the San Francisco Bay Area) — as well as a Google Hangout on Friday, September 12. Just two weeks ago he was also awarded the Hugo Award for Best Graphic Story — and now many of his appearances are already sold out.

Dave Knott writes: WorldCon 2014 wrapped up in London this last weekend and this year's Hugo Award winners were announced. Notable award winners include:

Best Novel: Ancillary Justice by Ann Leckie
Best Novelette: "The Lady Astronaut of Mars" by Mary Robinette Kowal
Best Novella: "Equoid" by Charles Stross
Best Short Story: "The Water That Falls on You from Nowhere" by John Chu
Best Graphic Story: "Time" by Randall Munroe
Best Dramatic Presentation (Long Form): Gravity written by Alfonso Cuarón & Jonás Cuarón, directed by Alfonso Cuarón
Best Dramatic Presentation (Short Form): Game of Thrones: "The Rains of Castamere" written by David Benioff & D.B. Weiss, directed by David Nutter

The results of this year's awards were awaited with some some trepidation in the SF community, due to well-documented attempts by some controversial authors to game the voting system. These tactics appear to have been largely unsuccessful, as this is the fourth major award for the Leckie novel, which had already won the 2013 BSFA, 2013 Nebula and 2014 Clarke awards.

samzenpus (5) writes "Last week we told you about a group that was trying to recover the 36-year-old ISEE-3 spacecraft from deep space. Led by CEO and founder of Skycorp, Dennis Wingo, and astrobiologist and editor of NASA Watch, Keith Cowing, the crowdfunded project plans to steer ISEE-3 back into an Earth orbit and return it to scientific operations. Once in orbit, they hope to turn the spacecraft and its instruments over to the public by creating an app that allows anyone access to its data. The team has agreed to take some time from lassoing spacecraft from deep space in order to answer your questions. As usual, ask as many as you'd like, but please, one question per post. Hopefully the plan goes better than xkcd predicts."

squiggleslash writes: "One question arose almost immediately upon the exposure of Heartbleed, the now-infamous OpenSSL exploit that can leak confidential information and even private keys to the Internet: Did the NSA know about it, and did they exploit if so? The answer, according to Bloomberg, is 'Yes.' 'The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency's toolkit for stealing account passwords and other common tasks.'" The NSA has denied this report. Nobody will believe them, but it's still a good idea to take it with a grain of salt until actual evidence is provided. CloudFlare did some testing and found it extremely difficult to extract private SSL keys. In fact, they weren't able to do it, though they stop short of claiming it's impossible. Dan Kaminsky has a post explaining the circumstances that led to Heartbleed, and today's xkcd has the "for dummies" depiction of how it works. Reader Goonie argues that the whole situation was a failure of risk analysis by the OpenSSL developers.

dotancohen (1015143) writes "It is commonly said that open source software is preferable because if you need something changed, you can change it yourself. Well, I am not an Xorg developer and I cannot maintain a separate Xorg fork. Xorg version 1.13.1 introduced a bug which breaks the "Sticky Keys" accessibility option. Thus, handicapped users who rely on the feature cannot use Xorg-based systems with the affected versions and are stuck on older software versions. Though all pre-bug Linux distros are soon scheduled for retirement, there seems to be no fix in sight. Should disabled users stick with outdated, vulnerable, and unsupported Linux distros or should we move to OS-X / Windows?

The prospect of changing my OS, applications, and practices due to such an ostensibly small issue is frightening. Note that we are not discussing 'I don't like change' but rather 'this unintentional change is incompatible with my physical disability.' Thus this is not a case of every change breaks someone's workflow."

destinyland writes "Wednesday the geeky cartoonist behind XKCD announced that he'd publish a new book answering hypothetical science questions in September. And within 24 hours, his as-yet-unpublished work had become Amazon's #2 best-selling book. 'Ironically, this book is titled What If?,' jokes one blogger, noting it resembles an XKCD comic where 'In our yet-to-happen future, this book decides to travel backwards through time, stopping off in March of 2014 to inform Amazon's best-seller list that yes, in our coming timeline this book will be widely read...' Randall Munroe's new book will be collecting his favorite 'What If...' questions, but will also contain his never-before published answers to some questions that he'd found 'particularly neat.'"

Martin S. writes "The Register reports that 'Top UK e-commerce sites including Amazon, Tesco and Virgin Atlantic are not doing enough to safeguard users from their own password-related foibles, according to a new study by Dashlane ... 66% accept notoriously weak passwords such as '123456' or 'password,' putting users in danger as these are often the first passwords hackers use when trying to breach accounts. ... 66% make no attempt to block entry after 10 incorrect password entries (including Amazon UK, Next, Tesco and New Look). This simple policy prevents hackers from using malicious software that can run thousands of passwords during log-ins to breach accounts.'" xkcd has some insight about why this is bad for users generally, not just on any sites that happen to get compromised. Rules that require ever more complexity in passwords, though, probably backfire quite a bit, too.

First time accepted submitter Defenestrar writes "I've recently taken a job at a large state university where I manage the laboratories for a couple of departments. We have a good system to pro-rate costs for shared use of big ticket items, but don't have anything in place for small to medium expense pieces which don't require software control (i.e. AD user authentication logs). It is much more efficient to designate a common room for things like water purifiers and centrifuges, but log books have a history of poor compliance. Also, abuse or neglect of communal property has been an issue in the past (similar to the tragedy of the commons).

Do any of you know of good automatic systems to record user/group equipment usage which would allow for easy data processing down the line (i.e. I don't want to go through webcam archives). Systems which promote accountability and care are a bonus, but for safety reasons we don't want the room's door locked (i.e. no pin/badged access). Most of these systems also require continuous power — so electrical interlocks are not a good option either.

I call on you, my fellow Slashdotters, to do your best and get quickly sidetracked while still including the occasional gem in the comments."

Hugh Pickens DOT Com writes "Randall Munroe's XKCD cartoon on the ICE/ISEE-3 spacecraft inspired me to do a little research on why Nasa can no long communicate with the International Cometary Explorer. Launched in 1978 ISEE-3 was the first spacecraft to be placed in a halo orbit at one of Earth-Sun Lagrangian points (L1). It was later (as ICE) sent to visit Comet Giacobini-Zinner and became the first spacecraft to do so by flying through a comet's tail passing the nucleus at a distance of approximately 7800 km. ICE has been in a heliocentric orbit since then, traveling just slightly faster than Earth and it's finally catching up to us from behind, and will return to Earth in August. According to Emily Lakdawalla, it's still functioning, broadcasting a carrier signal that the Deep Space Network successfully detected in 2008 and twelve of its 13 instruments were working when we last checked on its condition, sometime prior to 1999.

Can we tell the spacecraft to turn back on its thrusters and science instruments after decades of silence and perform the intricate ballet needed to send it back to where it can again monitor the Sun? Unfortunately the answer to that question appears to be no. 'The transmitters of the Deep Space Network, the hardware to send signals out to the fleet of NASA spacecraft in deep space, no longer includes the equipment needed to talk to ISEE-3. These old-fashioned transmitters were removed in 1999.' Could new transmitters be built? Yes, but it would be at a price no one is willing to spend. 'So ISEE-3 will pass by us, ready to talk with us, but in the 30 years since it departed Earth we've lost the ability to speak its language,' concludes Lakdawalla. 'I wonder if ham radio operators will be able to pick up its carrier signal — it's meaningless, I guess, but it feels like an honorable thing to do, a kind of salute to the venerable ship as it passes by.'"

bmearns writes "The Voynich Manuscript is most geeks' favorite 'indecipherable' illuminated manuscript. Its bizarre depictions of strange plants and animals, astrological diagrams, and hordes of tiny naked women bathing in a system of interconnected tubs (which bear an uneasy resemblance to the human digestive system), have inspired numerous essays and doctoral theses', plus one XKCD comic. Now a team of botanists (yes, botanists) may have uncovered an important clue as to its origin and content by identifying several of the plants and animals depicted, and linking them to the Spanish territories in Central America."

mikejuk writes "A recent xkcd strip has started some deep academic thinking. When AI expert Peter Norvig gets involved you know the algorithms are going to fly. Code Golf is a reasonably well known sport of trying to write an algorithm in the shortest possible code. Regex Golf is similar, but in general the aim is to create a regular expression that accepts the strings in one list and rejects the strings in a second list. This started Peter Norvig, the well-known computer scientist and director of research at Google, thinking about the problem. Is it possible to write a program that would create a regular expression to solve the xkcd problem? The result is an NP hard problem that needs AI-like techniques to get an approximate answer. To find out more, read the complete description, including Python code, on Peter Norvig's blog. It ends with this challenge: 'I hope you found this interesting, and perhaps you can find ways to improve my algorithm, or more interesting lists to apply it to. I found it was fun to play with, and I hope this page gives you an idea of how to address problems like this.'"

vikingpower writes "Randall Munroe, the comic author best known as the creator of the xkcd webcomic, reveals the secret backstory of his epic, 3099-panel 'Time' strip in an interesting interview with Wired. He says, 'In my comic, our civilization is long gone. Every civilization with written records has existed for less than 5,000 years; it seems optimistic to hope that the current one will last for 10,000 more ... The Earth’s axis wobbles over the millennia, and some individual stars move visibly, so I used a few different pieces of astronomy software–with a lot of hand correction and tweaking–to render the future night sky. When the Sun sets in the night sequence, one of the first things you see is the gap where Antares should be, which was the first clue that this is taking place in the far future. Later in the night–which lasted for several days of real time–more astronomical details let readers pin down the date more precisely.' The comic can be seen as an animation on YouTube. There is also a complete click-through version available on geekwagon. This comic inspired a dedicated wiki and has its own glossary."

CaptSlaq writes "According to the current imagery, it looks like Randal Munroe has finished the story he was telling with the Time series. The long running series that has spanned over 3000 images and spawned multiple methods of viewing and comment appears to have come to an end."

schwit1 writes with a report on just how extensive always-on license plate logging has gotten. The article focuses on California; how different is your state? "In San Diego, 13 federal and local law enforcement agencies have compiled more than 36 million license-plate scans in a regional database since 2010 with the help of federal homeland security grants. The San Diego Association of Governments maintains the database. Unlike the Northern California database, which retains the data for between one and two years, the San Diego system retains license-plate information indefinitely. Can we get plate with code to delete the database?"

Fortran IV writes "Randall Munroe's xkcd webcomic has done some odd things before, but #1190, 'Time,' is something special. It's a time-lapse movie of two people building a sandcastle that's been updating just once an hour (twice an hour in the beginning) for well over a month (since March 25th), and after over a thousand frames shows no sign of ending; in a few days the number of frames will surpass the total number of xkcd comics. It's been mentioned in The Economist. Some of its readers have called it the One True Comic; others have called it a MMONS (Massively Multiplayer Online Nerd Sniping). It's sparked its own wiki, its own jargon (Timewaiters, newpix, Blitzgirling), and a thread on the xkcd user forum that runs to over 20,000 posts from 1100 distinct posters. Is 'Time' a fascinating work of art, a deep sociological experiment — or the longest-running shaggy-dog joke in history? Randall Munroe's not saying."

djl4570 writes "xkcd's 'What If' series consists of humorous takes on highly implausible but oddly interesting hypothetical physics questions, like how to cook a steak with heat from atmospheric re-entry. The most recent entry dealt with flying a Cessna on other planets and moons in the solar system. Mars: 'The tricky thing is that with so little atmosphere, to get any lift, you have to go fast. You need to approach Mach 1 just to get off the ground, and once you get moving, you have so much inertia that it’s hard to change course—if you turn, your plane rotates, but keeps moving in the original direction.' Venus: 'Unfortunately, X-Plane is not capable of simulating the hellish environment near the surface of Venus. But physics calculations give us an idea of what flight there would be like. The upshot is: Your plane would fly pretty well, except it would be on fire the whole time, and then it would stop flying, and then stop being a plane.' There are also a bunch of illustrations for flightpaths on various moons (crashpaths might be more apt), which drew the attention of physics professor Rhett Allain, who explained the math in further detail and provided more accurate paths."

djl4570 writes "xkcd's 'What If' series consists of humorous takes on highly implausible but oddly interesting hypothetical physics questions, like how to cook a steak with heat from atmospheric re-entry. The most recent entry dealt with flying a Cessna on other planets and moons in the solar system. Mars: 'The tricky thing is that with so little atmosphere, to get any lift, you have to go fast. You need to approach Mach 1 just to get off the ground, and once you get moving, you have so much inertia that it’s hard to change course—if you turn, your plane rotates, but keeps moving in the original direction.' Venus: 'Unfortunately, X-Plane is not capable of simulating the hellish environment near the surface of Venus. But physics calculations give us an idea of what flight there would be like. The upshot is: Your plane would fly pretty well, except it would be on fire the whole time, and then it would stop flying, and then stop being a plane.' There are also a bunch of illustrations for flightpaths on various moons (crashpaths might be more apt), which drew the attention of physics professor Rhett Allain, who explained the math in further detail and provided more accurate paths."

New submitter mrvan writes "Guido van Rossum, the proclaimed Python Benevolent Dictator For Life, has left Google to work for Dropbox. In their announcement, Dropbox says they relied heavily on Python from the beginning, citing a mix of simplicity, flexibility, and elegance, and are excited to have GvR on the team. While this is, without a doubt, good news for Dropbox, the big question is what this will mean for Python (and for Google)."

New submitter Nomen writes "Today's xkcd: Click and Drag (Google Maps version) is probably the world's biggest web comic at an RSI-inducing resolution of 165,888x79,872 pixels. It's made up of 225 different images that take up 5.52MB of space. Now, if only the mines were powered by nethack..."

First time accepted submitter eGuy writes "ZDNet sparked a debate about password policies when John Fontana wrote about my open source (LGPL) password policy project that rewards XKCD-like passwords. Steve Watts of SecurEnvoy replies that it is too little, too late. What think ye? Is there hope for passwords?"

New submitter Guppy writes "A previous story reported widely in the media, and appearing both on Slashdot and XKCD, described a novel cancer treatment, in which a patient's own T-cells were modified using an HIV-derived vector to recognize and kill leukemia cells. In a follow-up publication (PDF), a further development is described which allows for a nearly unlimited choice of target antigens, broadening the types of malignancies potentially treatable with the technique (abstract)."

New submitter Kjellander writes "Randall, of xkcd fame, and inventor of Geohashing, has commented on the recent successful expedition of a Globalhash less than 1 km from the Amundsen-Scott research station by 5 brave scientists staying there over winter. The last continent has been conquered and many records broken."

New submitter Kjellander writes "Randall, of xkcd fame, and inventor of Geohashing, has commented on the recent successful expedition of a Globalhash less than 1 km from the Amundsen-Scott research station by 5 brave scientists staying there over winter. The last continent has been conquered and many records broken."

New submitter Kjellander writes "Randall, of xkcd fame, and inventor of Geohashing, has commented on the recent successful expedition of a Globalhash less than 1 km from the Amundsen-Scott research station by 5 brave scientists staying there over winter. The last continent has been conquered and many records broken."

wiedzmin writes "A Colorado woman that was ordered by a federal judge to decrypt her laptop hard-drive for police last month, appears to have forgotten her password. If she does not remember the password by month's end, as ordered, she could be held in contempt and jailed until she complies. It appears that bad memory is now a federal offense." The article clarifies that her lawyer stated she may have forgotten the password; they haven't offered that as a defense in court yet.

mike_cardwell sends in a detailed writeup of how he went about protecting a Ubuntu laptop from attacks of varying levels of sophistication, covering disk encryption, defense against cold boot attacks, and even simple smash-and-grabs. (He also acknowledges that no defense is perfect, and the xkcd password extraction tool would still work.) Quoting: "An attacker with access to the online machine could simply hard reboot the machine from a USB stick or CD containing msramdmp to grab a copy of the RAM. You could password protect the BIOS and disable booting from anything other than the hard drive, but that still doesn't protect you. An attacker could cool the RAM, remove it from the running machine, place it in a second machine and boot from that instead. The first defense I used against this attack is procedure based. I shut down the machine when it's not in use. My old Macbook was hardly ever shut down, and lived in suspend to RAM mode when not in use. The second defense I used is far more interesting. I use something called TRESOR. TRESOR is an implementation of AES as a cipher kernel module which stores the keys in the CPU debug registers, and which handles all of the crypto operations directly on the CPU, in a way which prevents the key from ever entering RAM. The laptop I purchased works perfectly with TRESOR as it contains a Core i5 processor which has the AES-NI instruction set."

jfruhlinger writes "According to the American Customer Satisfaction Index, Facebook raises a lot of ire among its customers — more than Bank of America or AT&T Mobility. This bodes ill for the company — as blogger Chris Nerney points out, many of the others on the most-hated list are utilities and other companies with monopolies, which can hold customers despite bad service. At least Facebook edged out MySpace." Unsurprisingly, the most important thing about Google+ is that it's not Facebook.

An anonymous reader points out Randall Munroe's latest contribution to public health awareness, a "chart of how much ionizing radiation a person can absorb from various sources, compared visually. 1 Sievert will make you sick, many more will kill you, however, even small doses cumulatively increase cancer risk." It's a good way to think about the difference between Chernobyl and Fukushima.

jamie tips this mind-blowing data visualization concept from (naturally) data visualization researcher Michael Ogawa, who explains that it was inspired by "this XKCD comic. It represents characters as lines that converge in time as they share scenes. Could this technique be adapted for software developers who work on the same code?"

An anonymous reader writes "Oliver Drage, 19, of Liverpool has been convicted of 'failing to disclose an encryption key,' which is an offense under the Regulation of Investigatory Powers Act 2000 and as a result has been jailed for 16 weeks. Police seized his computer but could not get past the 50-character encrypted password that he refused to give up. And just to get it out of the way, obligatory XKCD."

tekgoblin writes "Joshua Walker spent the last few months creating a masterpiece. He created the Starship Enterprise 1701-D from Star Trek: The Next Generation in Minecraft using just blocks. He recorded a short video of him explaining how he did it and even gave us a sneak peek at the partially completed ship." He also posted on the Penny-Arcade forums about how he did it. If you aren't impressed by that, perhaps you should check out a 16-Bit ALU also implemented in Minecraft which totally reminded me of one of my favorite XKCD comics.

astroengine writes "After repeated calls from NASA to wake up Mars Exploration Rover Spirit from its low-energy hibernation mode, mission control is beginning to realize the ill-fated robot may never wake up again. After getting stuck in a sand trap in Gusev Crater and then switching into hibernation in March, rover operators were hopeful that the beached Spirit might yet be saved. Alas, this is looking more and more unlikely. In a statement, NASA said: 'Based on models of Mars' weather and its effect on available power, mission managers believe that if Spirit responds, it most likely will be in the next few months. However, there is a very distinct possibility Spirit may never respond.'" Related xkcd strip, in case the headline wasn't anthropomorphic enough for you.

ObsessiveMathsFreak writes "Today's xkcd comic introduced an unusual word — malamanteau — by giving its supposed definition on Wikipedia. The only trouble is that the word (as well as its supposed wiki page) did not in fact exist. Naturally, much ado ensued at the supposed wiki page, which was swiftly created in response to the comic. This article has more on how the comic and the confusion it caused have put the Net in a tizzy. It turns out that a malamanteau is a portmanteau of portmanteau and malapropism, but also a malapropism of portmanteau. All this puts Wikipedia in the confusing position of not allowing a page for an undefined word whose meaning is defined via the Wikipedia page for that word — and now I have to lie down for a moment."