AMD

Intel Performance Hit 5x Harder Than AMD After Spectre, Meltdown Patches (extremetech.com) 170

Phoronix has conducted a series of tests to show just how much the Spectre and Meltdown patches have impacted the raw performance of Intel and AMD CPUs. While the patches have resulted in performance decreases across the board, ranging from virtually nothing to significant depending on the application, it appears that Intel received the short end of the stick as its CPUs have been hit five times harder than AMD, according to ExtremeTech. From the report: The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing to significant on an application-by-application level, the collective whack is about 15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).

The AMD CPUs are not tested with HT disabled, because disabling SMT isn't a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is (from fastest to slowest): 7980XE (288), 8700K (271), 2990WX (245), 2700X (219), 6800K. (200). With the full suite of mitigations enabled, the CPU performance ranking is (from fastest to slowest): 2990WX (238), 7980XE (231), 2700X (213), 8700K (204), 6800K (159).
In closing, ExtremeTech writes: "AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. This isn't the same as winning every test, and since the degree to which each test responds to these changes varies, you can't claim that the 2990WX is now across-the-board faster than the 7980XE in the Phoronix benchmark suite. It isn't. But the cumulative impact of these patches could result in more tests where Intel and AMD switch rankings as a result of performance impacts that only hit one vendor."
Programming

Are Trendy Developers Ignoring Tradeoffs and Over-Engineering Workplaces? (github.io) 211

An anonymous reader shares an article titled "Does IT Run on Java 8?"

"After more than ten years in tech, in a range of different environments, from Fortune 500 companies, to startups, I've finally come to realize that most businesss and developers simply don't revolve around whatever's trending on Hacker News," argues one Python/R/Spark data scientist: Most developers -- and companies -- are part of what [programmer] Scott Hanselman dubbed a while ago as the 99%... "They don't read a lot of blogs, they never write blogs, they don't go to user groups, they don't tweet or facebook, and you don't often see them at large conferences. Lots of technologies don't iterate at this speed, nor should they.

"Embedded developers are still doing their thing in C and C++. Both are deeply mature and well understood languages that don't require a lot of churn or panic on the social networks. Where are the dark matter developers? Probably getting work done. Maybe using ASP.NET 1.1 at a local municipality or small office. Maybe working at a bottling plant in Mexico in VB6. Perhaps they are writing PHP calendar applications at a large chip manufacturer."

While some companies are using Spark and Druid and Airflow, some are still using Coldfusion... Or telnet... Or Microsoft TFS... There are reasons updates are not made. In some cases, it's a matter of national security (like at NASA). In others, people get used to what they know. In some cases, the old tech is better... In some cases, it's both a matter of security, AND IT is not a priority. This is the reason many government agencies return data in PDF formats, or in XML... For all of this variety of reasons and more, the majority of companies that are at the pinnacle of succes in America are quietly running Windows Server 2012 behind the scenes.

And, not only are they running Java on Windows 2012, they're also not doing machine learning, or AI, or any of the sexy buzzwords you hear about. Most business rules are still just that: hardcoded case statements decided by the business, passed down to analysts, and done in Excel sheets, half because of bureacracy and intraction, and sometimes, because you just don't need machine learning. Finally, the third piece of this is the "dark matter" effect. Most developers are simply not talking about the mundane work they're doing. Who wants to share their C# code moving fractions of a cent transactions between banking systems when everyone is doing Tensorflow.js?

In a footnote to his essay, Hanselman had added that his examples weren't hypothetical. "These people and companies all exist, I've met them and spoken to them at length." (And the article includes several tweets from real-world developers, including one which claims Tesla's infotainment firmware and backend services were all run in a single-location datacenter "on the worst VMware deployment known to man.")

But the data scientist ultimately asks if our online filter bubbles are exposing us to "tech-forward biases" that are "overenthusiastic about the promises of new technology without talking about tradeoffs," leading us into over-engineered platforms "that our companies don't need, and that most other developers that pick up our work can't relate to, or can even work with...

"For better or worse, the world runs on Excel, Java 8, and Sharepoint, and I think it's important for us as technology professionals to remember and be empathetic of that."
Government

Critics Call White House Social Media Bias Survey A 'Data Collection Ploy' (sfgate.com) 199

An anonymous reader quotes the Washington Post: Venky Ganesan, a partner at technology investor Menlo Ventures, told The Washington Post that the White House's new survey about bias on social media is "pure kabuki theatre" and an attempt to curry political points with conservatives. He said the Trump administration's repeated accusations that tech companies censor conservative voices are unfounded because even though most Silicon Valley executives are liberal or libertarian, they wouldn't let politics get in the way of their primary goal: making money...

The Internet Association, a trade association representing Facebook, Google and other tech companies, also pushed back on President Trump's repeated accusations that their products are biased against conservatives. The association says the platforms are open and enable the speech of all Americans -- including the president himself. "That's why the president uses Twitter so much," said Michael Beckerman, the Internet Association's chief executive. "He actually used Twitter for this particular announcement, which is perhaps ironic."

The article adds that the Trump administration "declined to tell The Washington Post what it planned to do with the data it's amassing." But on Twitter the New York Times technology columnist Kevin Roose argued that the survey "is just going to be used to assemble a voter file, which Trump will then pay Facebook millions of dollars to target with ads about how biased Facebook is."

Vice also believes it's a "craven data collection ploy" and "an elaborate way of getting people to subscribe to the White House's email list," adding "If this whole enterprise feels shady, that's because it is... The site isn't even hosted on a government server, but was created with Typeform, a Spain-based web tool that lets anyone set up simple surveys." Mashable also notes that the site "also just so happens to have an absolutely bonkers privacy policy" which includes allowing the White House to edit everything that's submitted.

Click here to read even more reactions.
Java

Mozilla, Cloudflare, Facebook and Others Propose BinaryAST For Faster JavaScript Load Times 125

Developers at Mozilla, Facebook, Cloudflare, and elsewhere have been drafting "BinaryAST" as a new over-the-wire format for JavaScript. From a report: BinaryAST is a binary representation of the original JavaScript code and associated data structures to speed-up the parsing of the code at the page load time compared to the JavaScript source itself. The binary abstract syntax tree format should lead to faster script loading across all web devices. Numbers related today by CloudFlare range from a 4% to 13% drop in load times compared to parsing conventional JavaScript source. Or if taking a "lazified" approach to skip unused functions, it can be upwards of 98% less time necessary. You can read more about it here.
Security

WordPress Finally Gets the Security Features a Third of the Internet Deserves (zdnet.com) 47

The WordPress content management system (CMS) is set to receive an assortment of new security features today that will finally add the protection level that many of its users have desired for years. From a report: These features are expected to land with the official release of WordPress 5.2, expected for later today. Included are support for cryptographically-signed updates, support for a modern cryptography library, a Site Health section in the admin panel backend, and a feature that will act as a White-Screen-of-Death (WSOD) protection -- letting site admins access their backend in the case of catastrophic PHP errors. With WordPress being installed on around 33.8 percent of all internet sites, these features are set to put some fears at ease in regards to some attack vectors. Probably the biggest and the most important of today's new security features is WordPress' offline digital signatures system. Starting with WordPress 5.2, the WordPress team will digitally sign its update packages with the Ed25519 public-key signature system so that a local installation will be able to verify the update package's authenticity before applying it to a local site.
Facebook

Is Facebook's Suicide-Prevention Tool Doing Any Good? (sfgate.com) 99

"Facebook knew there was a problem when a string of people used the platform to publicly broadcast their suicides in real time," reports Business Insider, raising questions about what the company has done since: Facebook has a suicide-monitoring tool that uses machine learning to identify posts that may indicate someone is at risk of killing themselves. The tool was involved in sending emergency responders to locations more than 3,500 times as of last fall. A Harvard psychiatrist is worried the tool could worsen health problems by homing in on the wrong people or escalating mental-health crises... "We as the public are partaking in this grand experiment, but we don't know if it's useful or not," Harvard psychiatrist and tech consultant John Torous told Business Insider last week....

Without public information on the tool, Torous said big questions about Facebook's suicide-monitoring tool are impossible to answer... "It's one thing for an academic or a company to say this will or won't work. But you're not seeing any on-the-ground peer-reviewed evidence," Torous said. "It's concerning. It kind of has that Theranos feel...." Because of privacy issues, emergency responders can't tell Facebook what happened at the scene of a potential suicide, said Antigone Davis, Facebook's global head of safety. In other words, emergency responders can't tell Facebook if they reached the scene too late to stop a death, showed up to the wrong place, or arrived only to learn there was no real problem.

Torous, a psychiatrist who's familiar with the thorny issues in predicting suicide, is skeptical of how that will play out with regard to the suicide monitoring tool. He points to a review of 17 studies in which researchers analyzed 64 different suicide-prediction models and concluded that the models had almost no ability to successfully predict a suicide attempt. "We know Facebook built it and they're using it, but we don't really know if it's accurate, if it's flagging the right or wrong people, or if it's flagging things too early or too late," Torous said.

Software

Blender Developers Find Old Linux Drivers Are Better Maintained Than Windows (phoronix.com) 151

To not a lot of surprise compared to the world of proprietary graphics drivers on Windows where once the support is retired the driver releases stop, old open-source Linux OpenGL drivers are found to be better maintained. From a report: Blender developers working on shipping Blender 2.80 this July as the big update to this open-source 3D modeling software today rolled out the Linux GPU requirements for this next release. The requirements themselves aren't too surprising and cover NVIDIA GPUs released in the last ten years, AMD GCN for best support, and Intel Haswell graphics or newer. In the case of NVIDIA graphics they tend to do a good job maintaining their legacy driver branches. With the AMD Radeon and Intel graphics, Blender developers acknowledge older hardware may work better on Linux.
Facebook

The Dead May Outnumber the Living on Facebook Within 50 Years (eurekalert.org) 132

Researchers at the Oxford Internet Institute predict the dead may outnumber the living on Facebook within 50 years -- with as many as 4.9 billion no-longer-living users before the end of the century.

And then what? "These statistics give rise to new and difficult questions around who has the right to all this data, how should it be managed in the best interests of the families and friends of the deceased and its use by future historians to understand the past," said lead author Carl Ohman, a doctoral candidate at the OII.... "The management of our digital remains will eventually affect everyone who uses social media, since all of us will one day pass away and leave our data behind. But the totality of the deceased user profiles also amounts to something larger than the sum of its parts. It is, or will at least become, part of our global digital heritage."

Co-author David Watson, also a DPhil student at the OII, explained: "Never before in history has such a vast archive of human behaviour and culture been assembled in one place. Controlling this archive will, in a sense, be to control our history. It is therefore important that we ensure that access to these historical data is not limited to a single for-profit firm. It is also important to make sure that future generations can use our digital heritage to understand their history... Facebook should invite historians, archivists, archaeologists and ethicists to participate in the process of curating the vast volume of accumulated data that we leave behind as we pass away. This is not just about finding solutions that will be sustainable for the next couple of years, but possibly for many decades ahead."

Ohman adds that the issues don't end there, since Facebook "is merely an example of what awaits any platform with similar connectivity and global reach."
Amiga

A-EON Talks About The Future of The Amiga Platform (www.exec.pl) 156

Mike Bouma (Slashdot reader #85,252) tipped us off to "Amiga present and future," an interview with Trevor Dickinson of A-EON Technology, a group funding ongoing hardware and software development for the Amiga community. "Amongst the topics are the still in betatest Mini-ITX and quad-core PPC Amiga motherboards. Trevor regularly writes editorials for the Amiga Future print magazine [English-translated version here] and his company will be attending and is sponsoring the Amiga34 event in Neuss Germany on the 12th and 13th of October 2019."

A-EON now has about 50 part-time developers and beta-testers working on software projects for Classic and Next-Generation AmigaOS, Dickinson reveals: I've been a Commodore and Amiga enthusiast since the late 1970s but only really got involved in the business side of Amiga in 2007 when I provided funding to Michael Battilana of Cloanto to help fast track the development of 'Amiga Forever'. [An Amiga preservation, emulation and support package] The funding allowed Michael to hire Nicola Morocutti, the 'Bitplane' magazine Editor, to embark on a major project to catalogue the tens of thousands of Amiga games and software titles which lead to the development of the one-click 'Retro-Platform' player which made its debut in 'Amiga Forever 2008' and the subsequent development 'C64 Forever' in May 2009. But, if you discount my Hardware donation scheme, it was the 'AmigaOne X1000' project [a PowerPC-based personal computer from A-Eon Technology CVBA intended as a high-end platform for AmigaOS 4] that was my first Amiga next-generation funding...

I've always said as long as Amigans keep supporting A-EON by buying the hardware and software we develop, we will keep developing both for AmigaOS. The motherboards names, 'Nemo', 'Cyrus' and 'Tabor' are characters and place names from the Jules Verne novel, "The Mysterious Islands". There are plenty more names available in that book.

Dickinson also discusses various projects that are attempting to build a portable Amiga laptop -- and his own early efforts to fund hardware donations to encourage Amiga developers to write productivity software, games and applications for AmigaOS 4.0. ("I resorted to buying second hand AmigaOne machines from eBay and other online sources...")

He also describes ongoing efforts to bring Libre Office and better web browsers to the Amiga. "Anyone who has the coding skills and is interested in helping out on such projects should contact me."
China

NIH, FBI Accuse Scientists In US of Sending IP To China, Running Shadow Labs (arstechnica.com) 115

An anonymous reader quotes a report from Ars Technica: MD Anderson Cancer Center in Houston, Texas has forced out three senior researchers with ties to China. The move comes amid nationwide investigations by federal officials into whether researchers are pilfering intellectual property from U.S. research institutions and running "shadow laboratories" abroad, according to a joint report by Science magazine and the Houston Chronicle. The National Institutes of Health began sending letters to the elite cancer center last August regarding the conduct of five researchers there. The letters discussed "serious violations" of NIH policies, including leaking confidential NIH grant proposals under peer review to individuals in China, failing to disclose financial ties in China, and other conflicts of interest. MD Anderson moved to terminate three of those researchers, two of whom resigned during the termination process. The center cleared the fourth and is still investigation the fifth. MD Anderson isn't the only institution dealing with this issue. The NIH sent similar letters to at least three other institutions, according to reporting by Science and the Houston Chronicle. Some advocates expressed concern over what they considered racial profiling while other researchers worried that such efforts to protect intellectual property would actually backfire.

"These are the top talents foreign countries have been trying to recruit unsuccessfully," said Steven Pei, a University of Houston professor critical of the actions by MD Anderson. "We are now pushing them out of the Texas Medical Center, out of Houston, out of Texas, and out of the U.S. It seems we're helping foreign countries to accomplish what they could not do by themselves. We are hurting the American competitiveness."
Linux

Linux 5.2 Will Introduce The Fieldbus Subsystem (phoronix.com) 59

"The new Fieldbus system has been deemed ready to be released into the staging area of the Linux kernel," writes jwhyche (Slashdot reader #6,192).

Phoronix reports: This newest subsystem for the Linux kernel benefits industrial systems. Fieldbus is a set of network protocols for real-time distributed control of automated industrial systems. Fieldbus is used for connecting different systems/components/instruments within industrial environments. Fieldbus is used for connecting facilities ranging from manufacturing plants up to nuclear energy facilities. The Fieldbus specification has been around for decades while now seeing a formal subsystem within the Linux kernel.

The subsystem allows for devices to exchange data over a Fieldbus whether it be Profinet, FLNet, or one of the other implementations. The subsystem provides a generic framework for exposing switches, lights, actuators, motors, and other hardware... The Linux kernel's Fieldbus subsystem has gone through over ten rounds of public revisions in recent months and has been deemed ready to premiere with Linux 5.2 [which] should debut in July.

Social Networks

Global Attention Span Is Narrowing and Trends Don't Last As Long, Study Reveals (theguardian.com) 113

An anonymous reader quotes a report from The Guardian: It's just as you suspected; the information age has changed the general attention span. A recently published study from researchers at the Technical University of Denmark suggests the collective global attention span is narrowing due to the amount of information that is presented to the public. Released on Monday in the scientific journal Nature Communications, the study shows people now have more things to focus on -- but often focus on things for short periods of time.

The researchers studied several modes of media attention, gathered from several different sources, including (but not limited to): the past 40 years in movie ticket sales; Google books for 100 years; and more modernly, 2013 to 2016 Twitter data; 2010 to 2018 Google Trends; 2010 to 2015 Reddit trends; and 2012 to 2017 Wikipedia attention time. The researchers then created a mathematical model to predict three factors: the "hotness" of the topic, its progression throughout time in the public sphere and the desire for a new topic, said Dr Philipp Hovel, an applied mathematics professor of University College Cork in Ireland. The empirical data found periods where topics would sharply capture widespread attention and promptly lose it just as quickly, except in the cases of publications like Wikipedia and scientific journals. For example, a 2013 Twitter global trend would last for an average of 17.5 hours, contrasted with a 2016 Twitter trend, which would last for only 11.9 hours.

Programming

The Source Code For All Infocom Text Adventure Classics Has Been Released (arstechnica.com) 106

You can now download the source code of every Infocom text adventure game, thanks to archivist Jason Scott who uploaded the code to GitHub. "There are numerous repositories under the name historicalsource, each for a different game," reports Ars Technica. "Titles include, but are not limited to, The Hitchhiker's Guide to the Galaxy, Planetfall, Shogun, and several Zork games -- plus some more unusual inclusions like an incomplete version of Hitchhiker's sequel The Restaurant at the End of the Universe, Infocom samplers, and an unreleased adaptation of James Cameron's The Abyss." From the report: The code was uploaded by Jason Scott, an archivist who is the proprietor of textfiles.com. His website describes itself as "a glimpse into the history of writers and artists bound by the 128 characters that the American Standard Code for Information Interchange (ASCII) allowed them" -- in particular those of the 1980s. He announced the GitHub uploads on Twitter earlier this week. The games were written in the LISP-esque "Zork Implementation Language," or ZIL, which you could be forgiven for not being intimately familiar with already. Fortunately, Scott also tweeted a link to a helpful manual for the language on archive.org. Gamasutra, which first reported the news, notes that Activision still owns the rights to Infocom games and could request a takedown if it wanted.
Bug

New York City Has a Y2K-Like Problem, and It Doesn't Want You To Know About It (nytimes.com) 119

On April 6, something known as the GPS rollover, a cousin to the dreaded Y2K bug, mostly came and went, as businesses and government agencies around the world heeded warnings and made software or hardware updates in advance. But in New York, something went wrong -- and city officials seem to not want anyone to know. [Editor's note: the link may be paywalled; alternative source] New submitter RAYinNYC shares a report: At 7:59 p.m. E.D.T. on Saturday, the New York City Wireless Network, or NYCWiN, went dark, waylaying numerous city tasks and functions, including the collection and transmission of information from some Police Department license plate readers. The shutdown also interrupted the ability of the Department of Transportation to program traffic lights, and prevented agencies such as the sanitation and parks departments from staying connected with far-flung offices and work sites. The culprit was a long-anticipated calendar reset of the centralized Global Positioning System, which connects to devices and computer networks around the world. There has been no public disclosure that NYCWiN, a $500 million network built for the city by Northrop Grumman, was offline and remains so, even as workers are trying to restore it.

City officials tried to play down the shutdown when first asked about it on Monday, speaking of it as if it were a routine maintenance issue. "The city is in the process of upgrading some components of our private wireless network," Stephanie Raphael, a spokeswoman for the Department of Information Technology and Telecommunications, said in an email on Monday. She referred to the glitch as a "brief software installation period." By Tuesday, the agency acknowledged the network shutdown, but said in an emailed statement that "no critical public safety systems are affected." Ms. Raphael admitted that technicians have been unable to get the network back up and running, adding, "We're working overtime to update the network and bring all of it back online." The problem has raised questions about whether the city had taken appropriate measures to prepare the network for the GPS rollover.

NASA

Final Results of NASA Twins Study Show How Scott Kelly Changed After a Year In Space (gizmodo.com) 43

The final findings of the NASA Twins Study, which compared 50-year-old astronaut Scott Kelly, who spent a year aboard the International Space Station in 2015, and his identical twin brother, who stayed on Earth, were published in Science. Gizmodo reports: NASA found that Scott Kelly was about as mentally, physically, and genetically healthy as his brother during his trip to space, and that the vast majority of small changes spotted in Scott (relative to himself before the mission) went back to normal within six months time. But the differences seen in Scott while up in space and after his return home could provide NASA important leads on how to keep astronauts safe during longer missions to Mars and beyond.

Preliminary results from the study were released in 2017. But it was the second round of findings, released in January 2018, that really caught the attention of media outlets, some of which misrepresented what was found. In particular, outlets like Newsweek reported that a whopping "seven percent of [Scott Kelly's] genes did not return to normal after he landed." Others implied that Scott Kelly had become a different person from his twin brother. But the researchers were never talking about a seven percent difference between the twins' genes. They were saying that some of Scott Kelly's genes had changed in their expression -- the carrying out of instructions in a cell's genome -- during his time up in space. And that roughly 7 percent of this overall change in gene expression could still be seen six months after he returned home.
The remaining change in gene expression six months out was actually closer to 10 percent, but NASA clarified that this was still a relatively tiny change in his epigenetics. "Given that the majority of the biological and human health variables remained stable, or returned to baseline, these data suggest that human health can be mostly sustained over this duration of spaceflight," said NASA in a statement.
Businesses

Airbnb Guest Found Hidden Surveillance Camera By Scanning Wi-Fi Network (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: A New Zealand family that booked an Airbnb in Ireland recently discovered an undisclosed camera in the living room, and the family says that Airbnb initially cleared the host of any wrongdoing before finally banning the offender from its platform. "Once the family had unpacked, Andrew Barker, who works in IT security, scanned the house's Wi-Fi network," CNN reported today. "The scan unearthed a camera and subsequently a live feed. From the angle of the video, the family tracked down the camera, concealed in what appeared to be a smoke alarm or carbon monoxide detector." Nealie Barker posted an image on Facebook showing the location of the camera in the living room and a shot of the family from the sneaky video feed.

Based on the photo, the video of the Barkers seems to have been taken on March 3 and was viewable on the local Wi-Fi network at 192.168.0.4/video/livemb.asp. The family relocated to a hotel and contacted both Airbnb and the property host. The host initially hung up but later called back and told them, "The camera in the living room was the only one in the house," CNN wrote. It's not clear whether the host was recording the video, whether he was capturing audio, whether he was monitoring it remotely in real time, or whether he was using it for anything more than monitoring guests. [...] Airbnb temporarily suspended the listing and promised to investigate, CNN wrote. But when Barker contacted Airbnb again two weeks later, "the company told her that the host had been 'exonerated,' and the listing reinstated." Airbnb finally banned the host after Nealie Barker posted about the disturbing incident on Facebook on Monday this week. Barker's Facebook post said that Airbnb's "investigation which didn't include any follow-up with us exonerated the host, no explanation provided," and that "the listing (with hidden camera not mentioned) is still on Airbnb."
Airbnb said in a statement to Ars Technica: "Our original handling of this incident did not meet the high standards we set for ourselves, and we have apologized to the family and fully refunded their stay."

Airbnb's policy states that hosts must disclose "any type of surveillance device" in listings, "even if it's not turned on or hooked up." Cameras are allowed in certain spaces if they are disclosed, but Airbnb "prohibit[s] any surveillance devices that are in or that observe the interior of certain private spaces (such as bedrooms and bathrooms) regardless of whether they've been disclosed. [...] If a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. Host cancellation penalties may apply."
Businesses

Blockbuster Video Now Has Just One Store Left On Earth (apnews.com) 129

Cutting_Crew writes: After the last remaining Blockbuster Video store closed in Australia on March 31st, there is only one remaining left on earth. That location is in Bend, Oregon and seems to be a thriving location, where they write out membership cards by hand and the system is rebooted using floppy disks, apparently only something one person, the general manager, knows how to do. If you are wondering how there could be still blockbuster videos open since they went bankrupt back in 2010, the remaining stores left open were independent franchises and were separate from most of the other corporate stores, thus not part of the bankruptcy. There was also an Onion video before they even went bankrupt that's pretty funny. I remember getting a membership way back in late 90s and new releases were $8 per night. Even then, that seemed way too expensive. What are your most memorable (good or bad) memories of your local blockbuster?
Privacy

Tenants Outraged Over New York Landlord's Plan To Install Facial Recognition Technology (gothamist.com) 281

A Brooklyn landlord plans to install facial recognition technology at the entrance of a 700-unit building, according to Gothamist, "raising alarm among tenants and housing rights attorneys about what they say is a far-reaching and egregious form of digital surveillance." [Last] Sunday, several tenants told Gothamist that, unbeknownst to them, their landlord, Nelson Management, had sought state approval in July 2018 to install a facial recognition system known as StoneLock. Under state rules, landlords of rent-regulated apartments built before 1974 must seek permission from the state's Homes and Community Renewal (HCR) for any "modification in service." Tenants at the two buildings, located at 249 Thomas S. Boyland Street and 216 Rockaway Avenue, said they began receiving notices about the system in the fall. According to its website, Kansas-based company StoneLock offers a "frictionless" entry system that collects biometric data based on facial features. "We don't want to be tracked," said Icemae Downes, a longtime tenant. "We are not animals. This is like tagging us through our faces because they can't implant us with a chip."

It is not clear how many New York City apartments are using facial scanning software or how such technology is being regulated. But in a sign of the times, the city's Department of Housing Preservation and Development last June began marketing 107 affordable units at a new apartment complex in the South Bronx. Among the amenities listed was "State of the Art Facial Recognition Building Access...." Across the real estate industry, New York City landlords have increasingly been moving to keyless entry systems, citing convenience as well as a desire to offer enhanced security. Over the years, in response to appeals filed by tenants, HCR has ruled in favor of key fob and card entry systems, saying that such substitutions did not violate rent-stabilization and rent-control laws. But the latest technology has triggered even more concerns about the ethics of data collection....

Last month, the management company reached out to a group of tenants to assuage their concerns about StoneLock. But tenants said the presentation, if anything, only deepened their fears that they were being asked to submit to a technology that had very little research behind it.

"This was not something we asked for at any given time," one tenant complaint, while one of the attorneys representing the tenants said that, among other things, their landlord had "made no assurances to protect the data from being accessed by NYPD, ICE, or any other city, state, or federal agency."

"Citing concerns over the potential for privacy and civil liberties violations, tenants at Brownsville's Atlantic Plaza Towers filed an objection to the plan in January..."
Crime

French Gas Stations Robbed After Forgetting To Change Gas Pump PINs (zdnet.com) 102

An anonymous reader quotes a report from ZDNet: French authorities have arrested five men who stole over 120,000 liters (26,400 gallons) of fuel from gas stations around Paris by unlocking gas pumps using a special remote. The five-man team operated with the help of a special remote they bought online and which could unlock a particular brand of gas pumps installed at Total gas stations. The hack was possible because some gas station managers didn't change the gas pump's default lock code from the standard 0000. Hackers would use this simple PIN code to reset fuel prices and remove any fill-up limits.

Crooks would operate in small teams of two to three individuals who visited gas stations at night using two vehicles. A man in a first car would use the remote to unlock the gas station, and then a second car, usually a van, would come along seconds later to fill a giant tanker installed in the back of the vehicle with as much as 2,000 or 3,000 liters in one go. The group advertised the fuel they stole on social media, providing a time and place where customers could come and refuel their vehicles or pick up orders for gasoline and diesel at smaller prices.
Police uncovered the scheme in April 2018, when they arrested a suspect in possession of a remote used in the hack. "Five men, part of the same gang, were arrested on Monday, according to Le Parisien, who first reported the scheme last November," the report adds.
Programming

Which Programming Language Has The Most Security Vulnerabilities? (techrepublic.com) 330

A new report from the open source security company WhiteSource asks the question, "Is one programming language more secure than the rest?"

An anonymous reader quotes TechRepublic: To answer this question, the report compiled information from WhiteSource's database, which aggregates information on open source vulnerabilities from sources including the National Vulnerability Database, security advisories, GitHub issue trackers, and popular open source projects issue trackers. Researchers focused in on open source security vulnerabilities in the seven most widely-used languages of the past 10 years to learn which are most secure, and which vulnerability types are most common in each...

The most common vulnerabilities across most of these languages are Cross-SiteScripting (XSS); Input Validation; Permissions, Privileges, and Access Control; and Information Leak / Disclosure, according to the report.

Across the seven most widely-used programming languages, here's how the vulnerabilities were distributed:
  • C (47%)
  • PHP (17%)
  • Java (11%)
  • JavaScript (10%)
  • Python (5%)
  • C++ (5%)
  • Ruby (4%)

But the results are full of disclaimers -- for example, that C tops the list because it's the oldest language with "the highest volume of written code" and "is also one of the languages behind major infrastructure like Open SSL and the Linux kernel."

The report also notes a "substantial rise" across all languages for known open source security vulnerabilities over the last two years, attributing this to more awareness about vulnerable components -- thanks to more research, automated security tools, and "the growing investment in bug bounty programs" -- as well as the increasing popularity of open source software. And it also reports a drop in the percentage of critical vulnerabilities for most languages -- except JavaScript and PHP.

The report then concludes that "the Winner Of Most Secure Programming Language is...no one and everyone...! It is not about the language itself that makes it any more or less secure, but how you use it. If you are mitigating your vulnerabilities throughout the software development lifecycle with the proper management approach, then you are far more likely to stay secure."

Coincidentally, WhiteSource sells software which monitors open source components throughout the software development lifecycle to provide alerts about security (and licensing) issues.


Slashdot Top Deals