Mozilla recently fixed a bug that was first reported 18 years ago in Firebox 1.0, reports How-to Geek: Bug 290125 was first reported on April 12, 2005, only a few days before the release of Firefox 1.0.3, and outlined an issue with how Firefox rendered text with the ::first-letter CSS pseudo-element. The author said, "when floating left a :first-letter (to produce a dropcap), Gecko ignores any declared line-height and inherits the line-height of the parent box. [...] Both Opera 7.5+ and Safari 1.0+ correctly handle this."

The initial problem was that the Mac version of Firefox handled line heights differently than Firefox on other platforms, which was fixed in time for Firefox 3.0 in 2007. The issue was then re-opened in 2014, when it was decided in a CSS Working Group meeting that Firefox's special handling of line heights didn't meet CSS specifications and was causing compatibility problems. It led to some sites with a large first letter in blocks of text, like The Verge and The Guardian, render incorrectly in Firefox compared to other browsers.

The issue was still marked as low priority, so progress continued slowly, until it was finally marked as fixed on December 20, 2022. Firefox 110 should include the updated code, which is expected to roll out to everyone in February 2023.

Subscribers to "NFL Sunday Ticket" can watch broadcasts of every Sunday game of American football. But for access next season, "fans will have to Google it..." warns the Associated Press — because Thursday the football league announced plans to distribute their game package on YouTube TV and YouTube Primetime Channels.

Google beat out both Apple and Amazon by offering over $2 billion a year for 7 years — but Yahoo Finance believes it's more about drawing attention to YouTube's streaming TV services. "Don't expect the package to be profitable, one analyst warned." "They're not making money on this — this is a loss leader," Michael Pachter, managing director of equity research at Wedbush, told Yahoo Finance Live, referencing YouTube TV's current price point of $64.99. "I don't think they make a penny at that level...."

"It's an extremely expensive package of content," Tim Nollen, analyst at Macquarie Group, previously told Yahoo Finance Live, noting the Sunday Ticket package was not a profitable service for DirecTV [which since 1994 has held the exclusive broadcast rights in the U.S.]

[...] YouTube TV has more than 5 million subscribers and trial users as of July. "Five million subscribers is just not enough," Pachter stressed. "Even if all 5 million pay the $400 bucks a year...they're going to barely cover their costs." Still, despite the lack of profitability and sky-high price tag, Pachter noted YouTube might be best positioned to take advantage of the package, especially as the demand for live sports escalates. "I think they can be smart about how they carve up the content," Pachter said, suggesting the platform could more easily sell games to bars and restaurants.

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

"A Microsoft employee appears to have accidentally announced that Windows 11's Notepad app is getting a tabs feature," reports the Verge: The employee, a senior product manager at Microsoft, posted a photo of a version of Notepad with tabs, enthusiastically announcing "Notepad in Windows 11 now has tabs!" with a loudspeaker emoji.

The tweet was deleted minutes later, but not before Windows Central and several Windows enthusiast Twitter accounts had spotted the mistake. The Notepad screenshot includes a Microsoft internal warning: "Confidential Don't discuss features or take screenshots...."

The addition of tabs in Notepad could signal a shift towards tabs appearing in more built-in Windows apps.

Ars Technica reports on a dangerously "wormable" Windows vulnerability that allowed attackers to execute malicious code with no authentication required — a vulnerability that was present "in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability." Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue....

One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA's highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there's reason for optimism but also for risk: "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time," said Palmiotti.
There's still some risk, Palmiotti tells Ars Technica. "As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether."

Thanks to Slashdot reader joshuark for sharing the article.

Meanwhile, over in the Microsoft ecosystem, CNET reports: You can ditch the subscription (with recurring charges) and snag a lifetime license of access to Microsoft's Word, Excel, PowerPoint, Outlook, Teams, OneNote, Publisher and Access for just $30...

That's back at the lowest price we've ever seen, and a whopping 91% off the usual price of $349.

However, this deal expires in just a few days, so be sure to get your order in soon.The offer, from StackSocial, applies to both the Windows and Mac version of the software.

Now, you can always opt to use the free online version of Microsoft Office (which has far fewer features). But compared to the online Microsoft 365 subscription suite that costs $10 per month or $100 per year, this downloadable version is a phenomenal bargain.
The Mac deal ends today, but the Windows deal extends through December 28th, according to CNET's article. "The two big caveats: You get a single key — which only works on a single computer — and there's no Microsoft OneDrive Cloud Storage included."

Friday America's Federal Trade Commission issued an announcement on what it called "illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network," saying the FTC is now requiring Mastercard "to stop blocking the use of competing debit payment networks." The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet. Payment card networks play a critical role in those debit card transactions....

Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments. Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks....

Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged. Specifically, Mastercard used its control over a process called "tokenization" to block the use of competing payment card networks, the agency alleged. Transactions commonly are "tokenized" by replacing the cardholder's primary account number with a different number to protect the account number during some stages of a debit transaction. Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder's account number....

According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions...thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:

• Windows: 48.82%
• Linux-based: 39.89%
• MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."

Like a visit from an old friend, it's Donald Knuth's annual Christmas tree lecture for 2022. "Because of the pandemic, it's been three years since Knuth has been able to honor this tradition," notes The New Stack: 2022 marks the 60th anniversary of that fateful day in 1962 when a 24-year-old Donald Knuth started writing " The Art of Computer Programming." Now approaching his 85th birthday, Knuth has become almost a legend in the world of computer programming — and he's still writing additional volumes for his massive analysis of algorithms. But every year, right around Christmas time, there's another tradition. Knuth gives a special lecture "pitched at non-specialists" for a small audience at Stanford University (where Knuth is a professor emeritus) and a larger audience online...

Hunched over a notepad (which was projected onto a screen behind him), Knuth began the 26th annual Christmas lecture by pointing out that the evening's topic had been hiding in plain sight for two decades. For the first 20 years, they'd called them the "Christmas tree" lectures, since "trees are one of the most important things to a computer scientist. And every year I learned at least two new cool things about trees..."

About five years ago they'd changed the name to just "Christmas lectures" — but the problem wasn't that trees stopped being interesting. "I still learn cool things about trees every year. But they're getting harder and harder to explain to a general audience!"

So this year's triumphant "homecoming" lecture would indeed include trees — specifically a phenomenon Knuth describes as "twintrees," along with Baxter permutations, and Floorplans. Knuth noted they're all topics touched on in the latest volume of The Art of Computer Programming, before jokingly reminding the audience that his book makes an excellent Christmas present.
By the end of the lecture, Knuth had written algorithms for all three mathematical concepts — then connected all three algorithms with Linux pipes to show what happens when you convert one kind of sequence into the other and then into the other.

"I get back, of course, the one I started with!"

CNN shares the historic close-up snowflake photos of Wilson Bentley, the first person to capture the details of the individual "snow crystal" ice that makes up snowflakes.

It was 1885, just 69 years after the invention of the camera, and after years of trial and error, "He went on to photograph more than 5,000 of these "ice flowers" during his lifetime — never finding any duplicates — and the images still mesmerize to this day." Every snow crystal shares a common six-sided or six-pointed structure — it's how frozen water molecules arrange themselves — but they will always vary from one another because each falls from the sky in its own unique way and experiences slightly different atmospheric conditions on its travel down to earth. Some of their arms may look long and skinny. Others may appear short and flat or somewhere in between. The possibilities are endless and fascinating....

"He had the mind of a scientist and the soul of a poet, and you can see that in his writings," said Sue Richardson, Bentley's great-grandniece who is vice president of the board for the Jericho Historical Society. "He wrote many, many articles over the years for scientific publications and for other magazines like Harper's Bazaar and National Geographic. "He also kept very detailed weather records and very detailed journals of every photograph that he took of a snow crystal — the temperature, the humidity, what part of the storm it came from. He kept very detailed information, and then these weather records that he kept and the theories that he developed about how snow crystals formed in the atmosphere, those were proven true...."

It wasn't easy, however, to get those snow crystals on camera. It took almost three years, Richardson said, for Bentley to figure out how to successfully photograph one — which he did just a month shy of his 20th birthday. The first obstacle was figuring out how to attach the microscope to the camera. And then there was the challenge of getting each crystal photographed before it could melt away. "He worked in an unheated woodshed at the back of the house. He had to," Richardson said. "And the microscope slides, everything, had to be an ambient temperature or they'd melt" the crystal....

A children's book about him won the Caldecott Medal in 1999.
Bentley never had formal education, according to his grandniece (who grew up hearing stories about this famous ancestor). One says that when Wilson Bentley was given an old microscope at age 15, "The first time he looked at a snow crystal under it, he was hooked. Just the beauty, the intricate detail. He was totally hooked."

®Yahoo co-founder Jerry Yang (through his AME Cloud Ventures) contributed to $6 million in seed funding in November for startup Caden, which plans to pay users to share their personal data -- including what they buy or watch on mobile apps.

The Wall Street Journal reports: The startup, Caden Inc., operates an app by the same name that helps users download their data from apps and servicesâ"whether thatâ(TM)s Amazon.com Inc. or Airbnb Inc. â"into a personal âoevault.â Users who consent to share that data for advertising purposes can earn a cut of the revenue that the app generates from it. They also can access personal analytics based on that data....

Caden, which has been testing with a limited group of users, plans to begin a public beta test of 10,000 users early next year.... One option in the public beta test will anonymize and pool the data before sharing it with outside parties in exchange for $5 to $20 a month, according to Caden founder and Chief Executive John Roa. The amount of compensation will be determined by a âoedata scoreâ reflecting factors such as whether consumers answer demographic survey questions and which apps and servicesâ(TM) data consumers are sharing. Consumers will eventually be given the option to share more specific information for more tailored advertising. A marketer could then form audience segments and tailor their ad targeting and messaging to those groups. For instance, a user could consent to sharing his ride-share history so advertisers could create segments of people who ride a certain amount. That would eventually pay consumers up to $50 a month, Caden said.

A third option would let advertisers take a direct action based on the data that Caden understands about a specific user. If a consumer were part of a department storeâ(TM)s loyalty program, for example, the store might reward her for sharing her individual Amazon shopping history and use it to provide more personalized offers.ÂThat could generate thousands of dollars a year for participating users, the company said.

 Caden also hopes that the data it can aggregate will be compelling for consumers. Users could search for restaurants theyâ(TM)ve eaten at in a certain city, for instance, or how much they spent in certain categories across different apps, executives said. âoeItâ(TM)s like Spotify Wrapped for your whole life,â said Amarachi Miller, Cadenâ(TM)s head of product, referring to the streaming music serviceâ(TM)s year-end distillation of each userâ(TM)s listening....

Caden said it will initially sell only anonymized and aggregated data that doesnâ(TM)t tie back to individuals. As it starts to let brands do more personal promotions for users, it said it will let users see which brands and partners itâ(TM)s working with, and will let users control which brands can access their information.
The digital ad industry has been seeking new marketing-guiding data, the article points out, especially since Apple began require apps to ask for permission before tracking users.

Thanks to Slashdot reader guest reader for sharing the article.

Neal Stephenson coined the phrase "metaverse" in his 1992 book Snow Crash. 30 years later, Stephenson is part of a blockchain startup "optimized for the Open Metaverse" called Lamina1. This week they announced their "first-of-its-kind fund" for investing in early stage Layer 1 blockchain projects ("largely focused" on the Open Metaverse). .

The goal is "to provide broad economic access to global accredited investors looking to support the next era of the internet," according to the announcement — and to also provide Web3 builders "a vehicle for raising capital for their Open Metaverse ventures." The fund will be led by Lamina1's co-founder Peter Vessenes (who, among other things, was the first Chairman of the Bitcoin foundation), "offering investors a chance to join him at the forefront of the emerging Open Metaverse economy..."

"Investors and builders can both apply to participate immediately." The fund launch will be closely followed by the much-anticipated launch of Lamina1's testnet.... The L1EF fund works by allowing accredited investors to access and co-invest in companies and entrepreneurs through quarterly subscriptions.

Investments will be largely focused on the technology and experiences users can access in the Open Metaverse, ranging from immersive computing to open AI at scale. To support the rapid advancement and expansion of the Open Metaverse, L1EF is simultaneously focused on investing in builders and creators who will foster the quality tech and infrastructure necessary to support the protocol, and create immersive experiences that bring Lamina1's vision of an Open Metaverse to life. Some of these early stage projects include layer 2 protocols, DeFi, GameFi, marketplaces, bridges, and many more.

"We're thrilled to introduce L1EF to serve both creators and investors who are actively promoting the development of an Open Metaverse," said Rebecca Barkin, President of Lamina1. "Peter has a deep understanding and demonstrated success of growing economies around a chain, and his approach to grant builders early access to capital — right as we're preparing to place testnet in their hands — is in perfect alignment with our mission to build the open infrastructure that brings together the most powerful creative community on the planet...."

In addition to capital, projects that are part of L1EF will receive early access and support for Lamina1 developer tooling through the forthcoming Lamina1 Early Access Program.
"The team has a front row seat to all happening in the ecosystem," Vessenes said this week, "and essentially gets a 'first look' at what many of the most compelling creators and storytellers of our time are doing, building, making, and producing around the world.

"We want to share that front row seat with as many people as possible."


In 2004 Neal Stephenson answered questions from Slashdot's readers.

The North American Aerospace Defense Command is a US/Canada organization protecting the air sovereignty of the two nations.

But every year on December 24th, they also tell you where Santa is. From NORADSanta.org: The modern tradition of tracking Santa began in 1955 when a young child accidentally dialed the unlisted phone number of the Continental Air Defense Command Operations Center upon seeing an newspaper advertisement telling kids to call Santa. The Director of Operations, Colonel Harry Shoup, answered the phone and instructed his staff to check the radar for indications of Santa making his way south from the North Pole.... Each year since, NORAD has dutifully reported Santa's location on Dec. 24 to millions of children and families across the globe. NORAD receives calls from around the world on Dec. 24 asking for Santa's location. Children, families and fans also keep track of Santa's location on the NORAD Tracks Santa® website and our social media platforms.
The page lists the NORAD technologies involved in tracking Santa — including 47 radar installations and geo-synchronous satellites with infrared heat sensors. ("Rudolph's nose gives off an infrared signature similar to a missile launch...")

And this year NORAD also produced a special video highlighting the various military fleets protecting Santa. ("He may know when you're sleeping, he may know when you're awake... " it tells viewers. "But for 67 years now, when he takes flight, we'll know.")

More from NORADSanta.org: Canadian NORAD fighter pilots, flying the CF-18, take off out of Newfoundland and welcome Santa to North America. Then at numerous locations in Canada other CF-18 fighter pilots escort Santa. While in the United States, American NORAD fighter pilots in either the F-15s, F16s or F-22s get the thrill of flying with Santa and the famous Reindeer...

Q: How can Santa travel the world within 24 hours?

A: NORAD intelligence reports indicate that Santa does not experience time the way we do. His trip seems to take 24 hours to us, but to Santa it might last days, weeks or even months. Santa would not want to rush the important job of delivering presents to children and spreading joy to everyone, so the only logical conclusion is that Santa somehow functions within his own time-space continuum....

How does Santa get down chimneys?

Although NORAD has different hypotheses and theories as to how Santa actually gets down the chimneys, we don't have definitive information to explain the magical phenomenon.

Do your planes ever intercept Santa?

Over the past 65 years, our fighter jets (F-16s, F-15s, F-22s and CF-18s) have intercepted Santa many, many times. When the jets intercept Santa, they tip their wings to say, "Hello Santa! NORAD is tracking you again this year!" Santa always waves. He loves to see the pilots...!

How many people support this effort, and are they active duty military personnel?

More than 1,250 Canadian and American uniformed personnel and DOD civilians volunteer their time on December 24th to answer the thousands of phone calls and emails that flood in from around the world. In addition to the support provided by our corporate contributors to make this program possible, NORAD has two lead project officers who manage the program.

How much money is spent on this project?

The NORAD Tracks Santa program is made possible by volunteers and through the generous support of corporate licensees who bear virtually all of the costs.
Corporate contributors include Microsoft (with separate contributions from Microsoft's search engine Bing and from Microsoft Azure), AWS (and Amazon's Alexa), Verizon, and HP.

NORADSanta.org also boasts extra features like an "arcade" of online games, a jukebox of Christmas tunes, and a library of online books about Santa. And the site even provides some technical data on the weight of Santa's sleigh — although the unit of measurement used is gumdrops.

ByteDance confirmed it used TikTok to monitor three journalists' physical location using their IP addresses, reports Forbes, "to unearth the source of leaks inside the company following a drumbeat of stories exposing the company's ongoing links to China." As a result of the investigation into the surveillance tactics, ByteDance fired Chris Lepitak, its chief internal auditor who led the team responsible for them. The China-based executive Song Ye, who Lepitak reported to and who reports directly to ByteDance CEO Rubo Liang, resigned.... "It is standard practice for companies to have an internal audit group authorized to investigate code of conduct violations," TikTok General Counsel Erich Andersen wrote in a second internal email shared with Forbes. "However, in this case individuals misused their authority to obtain access to TikTok user data...."

"This new development reinforces serious concerns that the social media platform has permitted TikTok engineers and executives in the People's Republic of China to repeatedly access private data of U.S. users despite repeated claims to lawmakers and users that this data was protected," Senator Mark Warner told Forbes....

ByteDance is not the first tech giant to use an app to monitor specific users. In 2017, the New York Times reported that Uber had identified various local politicians and regulators and served them a separate, misleading version of the Uber app to avoid regulatory penalties.... Both Uber and Facebook also reportedly tracked the location of journalists reporting on their apps.
Ironically, TikTok's journalist-tracking project involved the company's Chief Security and Privacy Office, according to Forbes, and targeted three Forbes journalists who had formerly worked at BuzzFeed News.

It was back in October that Forbes first reported ByteDance had discussed tracking journallists. ByteDance had immediately denied the charges on Twitter, saying "TikTok has never been used to 'target' any members of the U.S. government, activists, public figures or journalists," and that "TikTok could not monitor U.S. users in the way the article suggested."

Forbes also notes that in 2021, TikTok became the most visited website in the world.

Thanks to long-time Slashdot reader newbie_fantod for submitting the story!

Reason.com notes NASA's successful completion of its Artemis I mission, calling it "part of NASA's ambitious program to bring American astronauts back to the moon for the first time in half a century. And then on to Mars."

But then they ask if the project is worth the money, with the transportation policy director at the libertarian "Reason Foundation" think tank, Robert W. Poole, arguing instead that NASA "isn't particularly interested in cost savings, and its decision making is overly driven by politics." NASA would have been better off replacing the costly and dated Space Launch System used in the Artemis program. But it didn't. This probably has a lot to do with the fact that it was largely constructed and engineered in Alabama, the home state of Senate Appropriations Committee Chair Richard Shelby, who has a history of strong-arming NASA to preserve jobs for his constituents.
Long-time Slashdot reader SonicSpike shared the article, which ultimately asks whether it'd be faster and cheaper to just rely on private companies: In 2009, the private sector saw one of its biggest champions ascend to become the number two person at NASA. Lori Garver pushed to scrap the Constellation program as a way to entice the private sector to fill in the gaps. She also spearheaded the Commercial Crew Program, which continues to employ commercial contractors to ferry astronauts to the International Space Station. Today, companies like Elon Musk's SpaceX are launching rockets at a faster pace and for a fraction of what NASA spends. In 2022, the company successfully launched 61 rockets, each with a price tag between $100 million and 150 million.

Private companies already design and lease NASA much of its hardware. Poole says there's no reason NASA can't take it a step further and just use the SpaceX starship to cover the entire journey from Earth to the moon and eventually to Mars. "If the current NASA plan goes ahead to have the SpaceX Starship actually deliver the astronauts from the lunar outpost orbit to the surface of the moon and bring them back, that would be an even more dramatic refutation of the idea that only NASA should be doing space transportation," he says.

Poole says that instead of flying its own missions, NASA should play a more limited and supportive role. "The future NASA role that makes the most sense is research and development to advance science," he says.
But for a contrary opinion, Slashdot reader youn counters that "You can bash NASA all you want but a big reason the private sector is where it is at is because it funded research 12 years ago." They share a CNET article noting the $6 billion NASA budgeted over five years "to kick-start development of a new commercial manned spaceflight capability."

And Slashdot reader sg_oneill argues that "Its gonna be a century before we're really colonizing the moon and/or Mars... because we have a lot of science to do first. How do you do a civilization with zero energy inputs from the rest of humanity? How do we deal with radiation? How do bodies work in low G? (Mars is about 1/3 the gravbity of earth). This needs science, and to get science we need NASA, even if private enterprise is building the rockets."