Slashdot Mirror

Nerval's Lobster writes: WebAssembly is the next stage in the evolution of client-side scripting. In theory, it will improve on JavaScript's speed. That's not to say that JavaScript is a slowpoke: Incremental speed improvements have included the rollout of asm.js (an optimized subset) in 2013. But WebAssembly—while not a replacement for JavaScript—is intended as a "cure" for a variety of issues where JavaScript isn't always a perfect fit, including video editing, encryption, peer-to-peer, and more. (Here's a full list of the Web applications that WebAssembly could maybe improve.) If WebAssembly is not there to replace JavaScript but to complement it, the key to the integration rests with the DOM and Garbage Collected Objects such as JavaScript strings, functions (as callable closures), Typed Arrays and Typed objects. The bigger question is, will WebAssembly actually become something big, or is it ultimately doomed to suffer the fate of other hyped JavaScript-related platforms such as Dart (a Google-only venture), which attracted buzz ahead of a Minimum Viable Product release, only to quickly fade away afterward?

bmearns writes: Amazon has announced a new library called "s2n," an open source implementation of SSL/TLS, the cryptographic security protocols behind HTTPS, SSH, SFTP, secure SMTP, and many others. Weighing in at about 6k lines of code, it's just a little more than 1% the size of OpenSSL, which is really good news in terms of security auditing and testing. OpenSSL isn't going away, and Amazon has made clear that they will continue to support it. Notably, s2n does not provide all the additional cryptographic functions that OpenSSL provides in libcrypto, it only provides the SSL/TLS functions. Further more, it implements a relatively small subset of SSL/TLS features compared to OpenSSL.

Nerval's Lobster writes: Despite legislation making it overtly illegal, ageism persists in the IT industry. If you're 40 or older, you've probably seen cases where younger developers were picked over older ones. At times we're told there's a staffing crisis, that companies need to import more developers via H-1B, but the truth is that outsourcing and downsizing eliminated a subset of viable developers from the market. Those developers, in turn, had to figure out if they wanted to land another job, freelance, or leave the technology industry entirely. But older developers still have a lot to offer, developer David Bolton writes in a new column: They have decades of experience (and specialist knowledge), they have a healthy disregard for office politics (but can still manage, when necessary), they're available, and they're (generally) stable.

An anonymous reader writes: Malcolm Gladwell has an article in The New Yorker about how automotive engineers handle issues of safety. There have been tons of car-related recalls lately, and even before that, we'd often hear about how some piece of engineering on a car was leading to a bunch of deaths. Sometimes it was a mistake, and sometimes it was an intentional design. But we hear about these issues through the lens of sensationalized media and public outrage — the engineers working on these problems understand better that it's how you drive that gets you into trouble far more than what you drive.

For example, the Ford Pinto became infamous for catching fire in crashes back in the 1970s. Gladwell says, "That's a rare event—it happens once in every hundred crashes. In 1975-76, 1.9 per cent of all cars on the road were Pintos, and Pintos were involved in 1.9 per cent of all fatal fires. Let's try again. About fifteen per cent of fatal fires resulted from rear collisions. If we look just at that subset of the subset, Schwartz shows, we finally see a pattern. Pintos were involved in 4.1 per cent of all rear-collision fire fatalities—which is to say that they may have been as safe as or safer than other cars in most respects but less safe in this one. ... You and I would feel safer in a car that met the 301 standard. But the engineer, whose aim is to maximize safety within a series of material constraints, cannot be distracted by how you and I feel."

New submitter netelder sends this excerpt from the Project Zero blog: 'Rowhammer' is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access (PDF) to all of physical memory.

StartsWithABang (3485481) writes "Ever since quantum mechanics first came along, we've recognized how tenuous our perception of reality is, and how — in many ways — what we perceive is just a very small subset of what's going on at the quantum level in our Universe. Then, along came cosmic inflation, teaching us that our observable Universe is just a tiny, tiny fraction of the matter-and-radiation filled space out there, with possibilities including Universes with different fundamental laws and constants, differing quantum outcomes existing in disconnected regions of space, and even the fantastic one of parallel Universes and alternate versions of you and me. But is that last one really admissible? The best modern evidence teaches us that even with all the Universes that inflation creates, it's still a finite number, and an insufficiently large number to contain all the possibilities that a 13.8 billion year old Universe with 10^90 particles admits."

Nerval's Lobster writes A funny thing happened to the iPod Classic on its way to the dustbin of history: people seemed unwilling to actually give it up. Apple quietly removed the iPod Classic from its online storefront in early September, on the same day CEO Tim Cook revealed the latest iPhones and the upcoming Apple Watch. At 12 years old, the device was ancient by technology-industry standards, but its design was iconic, and a subset of diehard music fans seemed to appreciate its considerable storage capacity. At least some of those diehard fans are now paying four times the iPod Classic's original selling price for units still in the box. The blog 9to5Mac mentions Amazon selling some last-generation iPod Classics for $500 and above. Clearly, some people haven't gotten the memo that touch-screens and streaming music were supposed to be the way of the future.

New submitter I will be back writes: Microsoft's Immo Landwerth has provided more details on the open source .NET Core. Taking a page from the Mono cookbook, .NET Core was built to be modular with unified Base Class Library (BCL), so you can install only the necessary packages for Core and ship it with applications using NuGet. Thus, NuGet becomes a first-class citizen and the default tool to deliver .NET Core packages.

As a smaller and cross-platform subset of the .NET Framework, it will have its own update schedule, updating multiple times a year, while .NET will be updated once a year. At the release of .NET 4.6, Core will be a clear subset of the .NET Framework. With future iterations it will be ahead of the .NET Framework. "The .NET Core platform is a new .NET stack that is optimized for open source development and agile delivery on NuGet. We're working with the Mono community to make it great on Windows, Linux and Mac, and Microsoft will support it on all three platforms."

An anonymous reader writes: Anyone with even a passing interest in the sciences must have wondered what it's like to work at the European Organization for Nuclear Research, better known as CERN. What's it like working in the midst of such concentrated brain power? South African physicist Claire Lee, who works right on ATLAS – one of the two elements of the LHC project that confirmed the existence of the Higgs boson in 2012 — explains what a day in the life of a CERN worker entails. She says, "My standard day is usually comprised of some mix of coding and attending meetings ... There are many different types of work one can do, since I am mostly on analysis this means coding, in C++ or Python — for example, to select a particular subset of events that I am interested in from the full set of data. This usually takes a couple of iterations, where we slim down the dataset at each step and calculate extra quantities we may want to use for our selections.

The amount of data we have is huge – petabytes of data per year stored around the world at various high performance computing centers and clusters. It’s impossible to have anything but the smallest subset available locally – hence the iterations – and so we use the LHC Computing Grid (a specialized worldwide computer network) to send our analysis code to where the data is, and the code runs at these different clusters worldwide (most often in a number of different places, for different datasets and depending on which clusters are the least busy at the time)."

New submitter ddtmm writes The Syrian Electronic Army is claiming responsibility for the hacking of multiple news websites, including CBC News. Some users trying to access the CBC website reported seeing a pop-up message reading: "You've been hacked by the Syrian Electronic Army (SEA)." It appears the hack targeted a network used by many news organizations and businesses. A tweet from an account appearing to belong to the Syrian Electronic Army suggested the attacks were meant to coincide with the U.S. Thanksgiving on Thursday. The group claimed to have used the domain Gigya.com, a company that offers businesses a customer identity management platform, to hack into other sites via GoDaddy, its domain registrar. Gigya is "trusted by more than 700 leading brands," according to its website. The hacker or hackers redirected sites to the Syrian Electronic Army image that users saw. Gigya's operations team released a statement Thursday morning saying that it identified an issue with its domai registrar at 6:45 a.m. ET. The breach "resulted in the redirect of the Gigya.com domain for a subset of users," the company said. Among the websites known to be hacked so far are New York Times, Chicago Tribune, CNBC, PC World, Forbes, The Telegraph, Walmart and Facebook.

mrspoonsi tips news of further research into updating the Turing test. As computer scientists have expanded their knowledge about the true domain of artificial intelligence, it has become clear that the Turing test is somewhat lacking. A replacement, the Lovelace test, was proposed in 2001 to strike a clearer line between true AI and an abundance of if-statements. Now, professor Mark Reidl of Georgia Tech has updated the test further (PDF). He said, "For the test, the artificial agent passes if it develops a creative artifact from a subset of artistic genres deemed to require human-level intelligence and the artifact meets certain creative constraints given by a human evaluator. Creativity is not unique to human intelligence, but it is one of the hallmarks of human intelligence."

ub3r n3u7r4l1st writes with this story of endemic cheating in Indian Universities and the students who see it as a right. "Students are often keen to exercise their rights but recently there has been an interesting twist - some in India are talking about their right to cheat in university exams. 'It is our democratic right!' a thin, addled-looking man named Pratap Singh once said to me as he stood, chai in hand, outside his university in the northern state of Uttar Pradesh. 'Cheating is our birthright.' Corruption in the university exam system is common in this part of India. The rich can bribe their way to examination success. There's even a whole subset of the youth population who are brokers between desperate students and avaricious administrators. Then there's another class of student altogether, who are so well known locally - so renowned for their political links - invigilators dare not touch them. I've heard that these local thugs sometimes leave daggers on their desk in the exam hall. It's a sign to invigilators: 'Leave me alone... or else.' So if those with money or political influence can cheat, poorer students ask, why shouldn't they?"

Nerval's Lobster writes Apple design chief Jony Ive has spent the past several weeks talking up how the Apple Watch is an evolution on many of the principles that guided the evolution of timepieces over the past several hundred years. But the need to recharge the device on a nightly basis, now confirmed by Apple CEO Tim Cook, is a throwback to ye olden days, when a lady or gentleman needed to keep winding her or his pocket-watch in order to keep it running. Watch batteries were supposed to bring "winding" to a decisive end, except for that subset of people who insist on carrying around a mechanical timepiece. But with Apple Watch's requirement that the user constantly monitor its energy, what's old is new again. Will millions of people really want to charge and fuss with their watch at least once a day?

Chipmunk100 writes In a research article in the journal Cell scientists report that there is a subset of neurons that are vital in social interest of female mice for males during estrus, the sexually receptive phase of their cycle. They say that these neurons are responsive to oxytocin. The level of oxytocin rise when we hug or kiss a loved one. The BBC has an article on the findings as well, and reports that Without [oxytocin], female mice were no more attracted to a mate than to a block of Lego ... [The affected] neurons are situated in the prefrontal cortex, an area of the brain important for personality, learning and social behaviour. Both when the hormone was withheld and when the cells were silenced, the females lost interest in mating during oestrous, which is when female mice are sexually active.

New submitter MrWHO (68268) writes A while ago we switched for monitoring our systems to the ELK (ElasticSearch, LogStash and Kibana) stack. Our management wanted to keep the reports they got — and possibly never read — flowing in at the beginning of every week with statistics like sites traffic, servers downtime, security alerts and the works. As we migrated some of our clients to the same stack they kept all asking for the same thing: reporting. There was no way for us to create and schedule reports from ElasticSearch — searches for ElasticSearch and Jasper Reports returned nothing apart from people asking how to do it — so we created our own Jasper Reports plugin to create reports from ElasticSearch data, which we released on GitHub a while ago, and we promptly moved along.

None of our clients were easily convinced that a dashboard — Kibana — was a substitute for mail delivered PDFs, even if all the information was there, with custom created panels and selectable date ranges. On the other hand, on the ElasticSearch mailing list when questions were asked about "how do I do reports?" the answer was, and I sum it up here, "Why would you want reports when you have a dashboard?" Are reports still relevant — the PDF, templated, straight in to your mail kind — or the subset of my clients — we operate mainly in Italy — is a skewed sample of what's the actual reality of access to summary data? Are dashboards — management targeted ones — the current accepted solution or — in your experience — reports are still a hot item for management?

New submitter Nocturrne writes: The FOSS project Lantern is having great success in unblocking the internet for many users in oppressive regimes, like China and Iran. Much like Tor and BitTorrent, Lantern is using peer-to-peer networking to overcome firewalls, but with the additional security of a trusted network of friends. "If you download Lantern in an uncensored region, you can connect with someone in a censored region, who can then access whatever content they want through you. What makes the system so unique is that it operates on the basis of trust. ... Through a process called consistent routing, the amount of information any single Lantern user can learn about other users is limited to a small subset, making infiltration significantly more difficult." The network of peers is growing, but we need more friends in uncensored countries to join us.

MojoKid (1002251) writes Ever since Nvidia unveiled its 64-bit Project Denver CPU at CES last year, there's been discussion over what the core might be and what kind of performance it would offer. Visibly, the chip is huge, more than 2x the size of the Cortex-A15 that powers the 32-bit version of Tegra K1. Now we know a bit more about the core, and it's like nothing you'd expect. It is, however, somewhat similar to the designs we've seen in the past from the vanished CPU manufacturer Transmeta. When it designed Project Denver, Nvidia chose to step away from the out-of-order execution engine that typifies virtually all high-end ARM and x86 processors. In an OoOE design, the CPU itself is responsible for deciding which code should be executed at any given cycle. OoOE chips tend to be much faster than their in-order counterparts, but the additional silicon burns power and takes up die area. What Nvidia has developed is an in-order architecture that relies on a dynamic optimization program (running on one of the two CPUs) to calculate and optimize the most efficient way to execute code. This data is then stored inside a special 128MB buffer of main memory. The advantage of decoding and storing the most optimized execution method is that the chip doesn't have to decode the data again; it can simply grab that information from memory. Furthermore, this kind of approach may pay dividends on tablets, where users tend to use a small subset of applications. Once Denver sees you run Facebook or Candy Crush a few times, it's got the code optimized and waiting. There's no need to keep decoding it for execution over and over.

The Atlantic reports that two years ago, Facebook briefly conducted an experiment on a subset of its users, altering the mix of content shown to them to emphasize content sorted by tone, negative or positive, and observe the results. From the Atlantic article: For one week in January 2012, data scientists skewed what almost 700,000 Facebook users saw when they logged into its service. Some people were shown content with a preponderance of happy and positive words; some were shown content analyzed as sadder than average. And when the week was over, these manipulated users were more likely to post either especially positive or negative words themselves. This tinkering was just revealed as part of a new study, published in the prestigious Proceedings of the National Academy of Sciences. Many previous studies have used Facebook data to examine “emotional contagion,” as this one did. This study is different because, while other studies have observed Facebook user data, this one set out to manipulate it. At least they showed their work.

An anonymous reader writes Two months after OpenBSD's LibReSSL was announced, Adam Langley introduces Google's own fork of OpenSSL, called BoringSSL. "[As] Android, Chrome and other products have started to need some subset of these [OpenSSL] patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much. So we're switching models to one where we import changes from OpenSSL rather than rebasing on top of them. The result of that will start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too." First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."

Vigile (99919) writes "Since the introduction of Intel's Ivy Bridge processors there was a subset of users that complained about the company's change of thermal interface material between the die and the heat spreader. With the release of the Core i7-4790K, Intel is moving to a polymer thermal interface material that claims to improve cooling on the Haswell architecture, along with the help of some added capacitors on the back of the CPU. Code named Devil's Canyon, this processor boosts stock clocks by 500 MHz over the i7-4770K all for the same price ($339) and lowers load temperatures as well. Unfortunately, in this first review at PC Perspective, overclocking doesn't appear to be improved much."