Slashdot Mirror

Coisiche shared this story from the Guardian: Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava -- more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

However, over the weekend military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service... In locations like Afghanistan, Djibouti and Syria, the users of Strava seem to be almost exclusively foreign military personnel, meaning that bases stand out brightly. In Helmand province, Afghanistan, for instance, the locations of forward operating bases can be clearly seen, glowing white against the black map.
One analyst analyst predicted that after this discovery, "A lot of people are going to have to sit through lectures come Monday morning."

Another military analyst told the Guardian "U.S bases are clearly identifiable" -- though he added that the map "looks very pretty."

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

Slashdot reader Beeftopia shares "a detailed history of WebAssembly...from one of the developers." IEEE Spectrum reports that "Like a lot of stories about tech innovation, this one started with video games." [Mozilla's Alon Zakai] wanted to take a game he had helped write in C++ and convert it to JavaScript code that would run well on the Web. This was in 2010, and back then, converting C++ to JavaScript was unthinkable... so he started working to adapt an open-source tool that could translate C++ code into JavaScript automatically. He called his project Emscripten... we were able to formalize the permitted JavaScript patterns, to make the contract between Emscripten and the browser completely clear. We named the resulting subset of JavaScript asm.js... I would optimize the JavaScript engine in Firefox to run the resulting code even faster...

This brings us to the present... Emscripten can take code written in C++ and convert it directly into WebAssembly. And there will be ways in time to run other languages as well, including Rust, Lua, Python, Java, and C#. With WebAssembly, multimillion-line code bases can now load in a few seconds and then run at 80 percent of the speed of native programs. And both load time and execution speed are expected to improve as the browser engines that run the code are made better.
They'd started with a C++ game because "If we could make games run well on the Web, other computationally intensive applications would soon follow."

The article -- by Mozilla software engineer Luke Wagner -- remembers that the name Emscripten was a "a mash-up of 'script' from JavaScript and 'embiggen' from the TV show The Simpsons."

"In the absence of physical evidence, scientists are employing powerful computational tools to attempt to solve the greatest aviation mystery of our time: the disappearance of flight MH370." Slashdot reader Esther Schindler shared this article from HPE Insights: Satellite communications provider Inmarsat announced it had found recorded signals in its archives that MH370 had sent for another six hours after it disappeared. The plane had been aloft and flying for that whole time -- but where had it gone? As Inmarsat scientists examined the signals, they saw that what they had was not data such as text messages or location information. Rather, the signals contained metadata: information about the signal itself. This was recorded as the satellite automatically contacted the plane's communications system every hour to see if it was still logged on. Bafflingly, whoever had taken the plane hadn't used the satcom system to communicate with the outside world, but had switched it off and then on again, leaving it able to exchange hourly "pings" with the satellite. Some of the metadata related to extremely subtle variations in the frequency of the signal. "We're talking about changes as big as one part in a billion," says Inmarsat scientist Chris Ashton.

Nobody had tried to use this kind of data to try to locate an airplane before. At first, Ashton's team didn't know if the attempt would work. But painstakingly, over the course of weeks, the team figured out how the movement of the plane, the orbital wobble of the satellite, and the electronics within the satcom system all interacted to create the data values that had been received. "We had to create the model from scratch," Ashton says. Their work revealed that the plane had flown into the remote southern Indian Ocean. They didn't know where exactly. But since there are no islands in that part of the world, it was impossible that anyone could have survived. For the first time in history, hundreds of people were declared legally dead based on mathematics alone.
Then mathematician Dr. Neil Gordon led a team from the Defense Science and Technology Group "to extract a path from a subset of the Inmarsat data called the Burst Timing Offset. This measured how quickly the aircraft responded each time the satellite pinged it, and was used to determine the distance between the satellite and the plane." They ultimately generate "a probabilistic 'heat map' of the plane's most likely resting places using a technique called Bayesian analysis. These calculations allowed the DSTG team to draw a box 400 miles long and 70 miles across, which contained about 90 percent of the total probability distribution.

The latest version of iOS fixes several bugs, including one that caused a loss of touch functionality on a small subset of phones that had been repaired with certain third-party screens and had been updated to iOS 11. "Addresses an issue where touch input was unresponsive on some iPhone 6S displays because they were not serviced with genuine Apple parts," the update reads. "Note: Non-genuine replacement displays may have compromised visual quality and may fail to work correctly. Apple-certified screen repairs are performed by trusted experts who use genuine Apple parts. See support.apple.com for more information." Jason Koebler writes via Motherboard: "This is a reminder that Apple seems to have the ability to push out software updates that can kill hardware and replacement parts it did not sell iPhone customers itself, and that it can fix those same issues remotely." From the report: So let's consider what actually happened here. iPhones that had been repaired and were in perfect working order suddenly stopped working after Apple updated its software. Apple was then able to fix the problem remotely. Apple then put out a warning blaming the parts that were used to do the repair. Poof -- phone doesn't work. Poof -- phone works again. In this case, not all phones that used third party parts were affected, and there's no reason to think that, in this case, Apple broke these particular phones on purpose. But there is currently nothing stopping the company from using software to control unauthorized repair: For instance, you cannot replace the home button on an iPhone 7 without Apple's proprietary "Horizon Machine" that re-syncs a new home button with the repaired phone. This software update is concerning because it not only undermines the reputation of independent repair among Apple customers, but because it shows that phones that don't use "genuine" parts could potentially one day be bricked remotely.

Andy Greenberg, writing for Wired:At today's Ekoparty security conference, security firm Duo plans to present research on how it delved into the guts of tens of thousands of computers to measure the real-world state of Apple's so-called extensible firmware interface, or EFI. This is the firmware that runs before your PC's operating system boots and has the potential to corrupt practically everything else that happens on your machine. Duo found that even Macs with perfectly updated operating systems often have much older EFI code, due to either Apple's neglecting to push out EFI updates to those machines or failing to warn users when their firmware update hits a technical glitch and silently fails. For certain models of Apple laptops and desktop computers, close to a third or half of machines have EFI versions that haven't kept pace with their operating system system updates. And for many models, Apple hasn't released new firmware updates at all, leaving a subset of Apple machines vulnerable to known years-old EFI attacks that could gain deep and persistent control of a victim's machine.

New submitter cdreimer writes: According a report from The Wall Street Journal (Warning: source may be paywalled, alternative source), corporations looking to hire new employees are opening offices in cities with high concentration of workers in dead-end jobs who are reluctant to locate but are cheaper to hire than competing locally in tight labor markets. From the report: "Pressed for workers, a New Jersey-based software company went hunting for a U.S. city with a surplus of talented employees stuck in dead-end jobs. Brian Brown, chief operating officer at AvePoint, Inc., struck gold in Richmond. Despite the city's low unemployment rate, the company had no trouble filling 70 jobs there, some at 20% below what it paid in New Jersey. New hires, meanwhile, got more interesting work and healthy raises. Irvine, Calif.-based mortgage lender Network Capital Funding Corp. opened an office in Miami to scoop up an attractive subset of college graduates -- those who settled for tolerable jobs in exchange for living in a city they loved. 'They were not in real careers,' said Tri Nguyen, Network Capital chief executive. He now plans a similar expansion in Philadelphia. Americans have traditionally moved to find jobs. But with a growing reluctance by workers to relocate, some companies have decided to move closer to potential hires. Firms are expanding to cities with a bounty of underemployed, retrieving men and women from freelance gigs, manual labor and part-time jobs with duties that, one worker said, required only a heartbeat to perform. With the national jobless rate near a 16-year low, these pockets of underemployment are a wellspring for companies that recognize most new hires already have jobs but can be poached with better pay and room for advancement. That's preferable to competing for higher-priced workers at home in a tight labor market."

Numerous Slashdot readers are reporting that they are facing issues access Google Drive, the productivity suite from the Mountain View-based company. Google's dashboard confirms that Drive is facing outage. Third-party web monitoring tool DownDetector also reports thousands of similar complaints from users. The company said, "Google Drive service has already been restored for some users, and we expect a resolution for all users in the near future. Please note this time frame is an estimate and may change. Google Drive is not loading files and results in a failures for a subset of users."

Update: 09/07 17:13 GMT: Google says it has resolved the issue.

An anonymous reader writes: "Google engineers have added two new features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page," reports Bleeping Computer. Google has been testing these two techniques sparingly with a small subset of users for more than a year, but they have now landed in Google Canary. The techniques are used by malicious Chrome extensions to hijack traffic and insert ads, or to redirect search traffic to affiliate search engine programs. The addition of these popup alerts are part of Google's plan to fight malicious Chrome extensions that have been starting to plague the Web Store.

The race to make computers smarter and more human-like continued this week with IBM claiming it has developed technology that dramatically cuts the time it takes to crunch massive amounts of data and then come up with useful insights. From a report: Deep learning, the technique used by IBM, is a subset of artificial intelligence (AI) that mimics how the human brain works. IBM's stated goal is to reduce the time it takes for deep learning systems to digest data from days to hours. The improvements could help radiologists get faster, more accurate reads of anomalies and masses on medical images, according to Hillery Hunter, an IBM Fellow and director of systems acceleration and memory at IBM Research. Until now, deep learning has largely run on single server because of the complexity of moving huge amounts of data between different computers. The problem is in keeping data synchronized between lots of different servers and processors In it announcement early Tuesday, IBM says it has come up with software that can divvy those tasks among 64 servers running up to 256 processors total, and still reap huge benefits in speed. The company is making that technology available to customers using IBM Power System servers and to other techies who want to test it.

On Monday, Intel took the wraps of final details of its Core i9 microprocessors. From a report: Remember that Intel's Core X-series family (also called the Core i9) was announced with several key omissions: namely the clock speeds of the 12-core Core i9-7920X and above, as well as the thermal design power, or TDP. On Monday, Intel filled those in. The 12-core Core i9-7920X launches Aug. 28 while the 14-, 16-, and 18-core Core i9 chips ship on Sept. 25. Perhaps most important, though, is that we now know how fast Intel's Core i9s will run. When Intel inadvertently revealed that its 12-core Core i9-7920X was 2.9-GHz -- slower than the comparable AMD Threadripper -- a subset of the internet had a small freakout. We now know that that will be true for the remaining Core i9s as well, but with a big caveat. Here are the remaining speeds and feeds for the high-end Core i9 chips:
Core i9-7980XE (18 cores, 36 threads): 2.6GHz; Boost, 4.2GHz to 4.4 GHz.
Core i9-7960X (16 cores, 32 threads): 2.8GHz; Boost, 4.2GHz to 4.4 GHz.
Core i9-7940X 14 cores, 28 threads: 3.1GHz; Boost: 4.3GHz to 4.4GHz.
Core i9-7920X (12 cores, 24 threads): 2.9-GHz; Boost: 4.3-GHz to 4.4GHz.

Note that the boost speeds refer to both Intel's Turbo Boost Technology 2.0 and 3.0. [...] Essentially, both Intel and AMD can claim the title of fastest processor. Threadripper's base clock speeds are faster, but Intel's boost speeds climb higher than Threadripper can. It's also important to note that while Threadripper consumes 180 watts, even the fastest Core i9 chips Intel has announced have a lower TDP of 165 watts.

According to Bloomberg, Apple is planning to release a version of the Apple Watch later this year that can connect directly to cellular networks, a move designed to reduce the device's reliance on the iPhone. From the report: Currently, Apple requires its smartwatch to be connected wirelessly to an iPhone to stream music, download directions in maps, and send messages while on the go. Equipped with LTE chips, at least some new Apple Watch models, planned for release by the end of the year, will be able to conduct many tasks without an iPhone in range, the people said. For example, a user would be able to download new songs and use apps and leave their smartphone at home. Intel Corp. will supply the LTE modems for the new Watch, according to another person familiar with the situation. Apple is already in talks with carriers in the U.S. and Europe about offering the cellular version, the people added. The carriers supporting the LTE Apple Watch, at least at launch, may be a limited subset of those that carry the iPhone, one of the people said.

Research suggests that people who drink coffee have a lower risk of dying from a host of causes, including heart disease, stroke and liver disease. "The connection, revealed in two large studies, was found to hold regardless of whether the coffee was caffeinated or not, with the higher among those who drank more cups of coffee a day," reports The Guardian. From the report: The first study looked at coffee consumption among more than 185,000 white and non-white participants, recruited in the early 1990s and followed up for an average of over 16 years. The results revealed that drinking one cup of coffee a day was linked to a 12% lower risk of death at any age, from any cause while those drinking two or three cups a day had an 18% lower risk, with the association not linked to ethnicity.

The second study -- the largest of its kind -- involved more than 450,000 participants, recruited between 1992 and 2000 across ten European countries, who were again followed for just over 16 years on average. After a range of factors including age, smoking status, physical activity and education were taken into account, those who drank three or more cups a day were found to have a 18% lower risk of death for men, and a 8% lower risk of death for women at any age, compared with those who didn't drink the brew. The benefits were found to hold regardless of the country, although coffee drinking was not linked to a lower risk of death for all types of cancer. The study also looked at a subset of 14,800 participants, finding that coffee-drinkers had better results on many biological markers including liver enzymes and glucose control. But experts warn that the two studies, both published in the Annals of Internal Medicine, do not show that drinking coffee was behind the overall lower risk, pointing out that it could be that coffee drinkers are healthier in various ways or that those who are unwell drink less coffee.

Sidney Fussell from Gizmodo summarizes a report from ProPublica, which brings to light dozens of training documents used by Facebook to train moderators on hate speech: As the trove of slides and quizzes reveals, Facebook uses a warped, one-sided reasoning to balance policing hate speech against users' freedom of expression on the platform. This is perhaps best summarized by the above image from one of its training slideshows, wherein Facebook instructs moderators to protect "White Men," but not "Female Drivers" or "Black Children." Facebook only blocks inflammatory remarks if they're used against members of a "protected class." But Facebook itself decides who makes up a protected class, with lots of clear opportunities for moderation to be applied arbitrarily at best and against minoritized people critiquing those in power (particularly white men) at worst -- as Facebook has been routinely accused of. According to the leaked documents, here are the group identifiers Facebook protects: Sex, Religious affiliation, National origin, Gender identity, Race, Ethnicity, Sexual Orientation, Serious disability or disease. And here are those Facebook won't protect: Social class, continental origin, appearance, age, occupation, political ideology, religions, countries. Subsets of groups -- female drivers, Jewish professors, gay liberals -- aren't protected either, as ProPublica explains: White men are considered a group because both traits are protected, while female drivers and black children, like radicalized Muslims, are subsets, because one of their characteristics is not protected.

Web developer Alex Kras on Monday listed a number of reasons why he dislikes Google's AMP project, and why he pulled support for it on his website. From his post: Back in the day we used to have WAP pages -- specific web pages that were presented only to mobile devices. Opting into AMP, for publishers, is kind of like going back to those days. Instead of using responsive design (making sure that one version of the site works well on all devices) publishers are forced to maintain two versions of each page -- their regular version for larger devices and mobile phones that don't use Google and the AMP version. The benefit of AMP is that it imposes tough restrictions on content, making it load fast. The issue with this approach is that AMP becomes a subset of the original content. For example, user comments are often removed. I also find the way images load in AMP to be buggy. AMP tries to load an image only when it becomes visible to the user, rendering a white square instead of the image. In my experience I've seen it fail fairly regularly, leaving the article with an empty white square instead of the image. [...] It's up to publishers to decide if they want to add AMP support on their site. Users, however, don't have an option to turn AMP off. It would be nice if Google provided a user level setting to turn results rendered as AMP off. Unfortunately, even if they were to add this option, it wouldn't help much when Twitter of Facebook would decide to server AMP. Further reading: Kill Google AMP before it KILLS the web - The Register, The Problem With Google AMP, 2 Billion Pages On Web Now Use Google's AMP, Pages Now Load Twice As Fast. John Gruber on open web: Fuck Facebook.

An anonymous reader quotes Tom's Hardware Google announced that its Portable Native Client (PNaCl) solution for making native code run inside the browser will be replaced by the new cross-browser web standard called WebAssembly... Even though Google open sourced PNaCl, as part of the Chromium project, Mozilla ended up creating its own alternative called "asm.js," an optimized subset of JavaScript that could also compile to the assembly language. Mozilla thought that asm.js was far simpler to implement and required no API compatibility, as PNaCl did. As these projects seemed to go nowhere, with everyone promoting their own standard, the major browser vendors seem to have eventually decided on creating WebAssembly. WebAssembly can give web apps near-native performance, offers support for more CPU features, and is simpler to implement in browsers and use by developers.

An anonymous reader shares a Scientific American article: Programming has changed. In first generation languages like FORTRAN and C, the burden was on programmers to translate high-level concepts into code. With modern programming languages -- I'll use Python as an example -- we use functions, objects, modules, and libraries to extend the language, and that doesn't just make programs better, it changes what programming is. Programming used to be about translation: expressing ideas in natural language, working with them in math notation, then writing flowcharts and pseudocode, and finally writing a program. Translation was necessary because each language offers different capabilities. Natural language is expressive and readable, pseudocode is more precise, math notation is concise, and code is executable. But the price of translation is that we are limited to the subset of ideas we can express effectively in each language. Some ideas that are easy to express computationally are awkward to write in math notation, and the symbolic manipulations we do in math are impossible in most programming languages. The power of modern programming languages is that they are expressive, readable, concise, precise, and executable. That means we can eliminate middleman languages and use one language to explore, learn, teach, and think.

Windows Phone has less than a 1 percent market share in the mobile industry, but it is not completely dead, yet. In fact, if you own a relatively new Windows Phone, it may receive a new update that will give new life to it. Microsoft has confirmed today that only a subset of Windows Phone handsets will be getting the Windows 10 Creators Update when it begins rolling out on April 25. ZDNet reports: [Here's] Microsoft's list of supported phones: Alcatel IDOL 4S; Alcatel OneTouch Fierce XL; HP Elite x3; Lenovo Softbank 503LV; MCJ Madosma Q601; Microsoft Lumia 550; Microsoft Lumia 640/640XL; Microsoft; Lumia 650; Microsoft Lumia 950/950 XL; Trinity NuAns Neo; VAIO VPB051. "Devices not on this list will not officially receive the Windows 10 Creators Update nor will they receive any future builds from our Development Branch that we release as part of the Windows Insider Program. However, Windows Insiders who have devices not on this list can still keep these devices on the Windows 10 Creators Update at their own risk knowing that it's unsupported," said Windows Insider chief Dona Sarkar in today's blog post. Microsoft attributed the short list of support phones to Insider feedback that indicated older phones might not be providing "the best possible experience" for customers. Microsoft also released a Fast Ring test build of Windows 10 Mobile for phones to Fast Ring Insiders today. That build number is 15204 and it includes a number of bug fixes. This is the first Redstone 3 build for Windows Phones. It's only available to Insider phone users of handsets that are on the list above.

schwit1 quotes a report from IEEE Spectrum: The IBM 1460, which went on sale in 1963, was an upgrade of the 1401 [which was one of the first transistorized computers ever sold commercially]. Twice as fast, with a 6-microsecond cycle time, it came with a high-speed 1403 Model 3 line printer. The 1403 printer was incredibly fast. It had five identical sets of 48 embossed metal characters like the kind you'd find on a typewriter, all connected together on a horizontal chain loop that revolved at 5.2 meters per second behind the face of a continuous ream of paper. Between the paper and the character chain was a strip of ink tape, again just like a typewriter's. But rather than pressing the character to the paper through the ink tape, the 1403 did it backward, pressing the paper against the high-speed character chain through the ink tape with the aid of tiny hammers. Over the years, IBM came out with eight models of the 1403. Some versions had 132 hammers, one for each printable column, and each was individually actuated with an electromagnet. When a character on the character chain aligned with a column that was supposed to contain that character, the electromagnetic hammer for that column would actuate, pounding the paper through the ink tape and into the character in 11 microseconds. With all 132 hammers actuating and the chain blasting along, the 1403 was stupendously noisy [...] The Model 3, which replaced the character chain with slugs sliding in a track driven by gears, took just 55 milliseconds to print a single line. When printing a subset of characters, its speed rose from 1,100 lines per minute to 1,400 lines per minute.

Developer David Timothy Strauss is publishing a call to code "straightforward, easy-to-reason-about approaches" -- in an essay titled "Choosing 'Some C++' Over C". (Alternate title: "C++ for Lovers of C." The problem with just picking C++ is that most criticism of it is legitimate. Whether it's the '90s-era obsession with object orientation and exceptions or the template errors that take up an entire terminal window, there have been -- and remain -- rough edges to C++. But, these rough edges are avoidable, unlike the problems in C that get worse with modern event and library programming. The opinionated essay calls for "adopting a subset of C++ to smooth out C's rough edges," arguing that C++ offer a better, type-safe approach for event-driven design (as well as destructors to avoid memory allocation leaks). Are there any readers who'd like to weigh in on the advantages of C versus C++?