Ask Slashdot: Best To-Do/Task List Software? 278

Albanach writes: Despite searching, I have not identified a good solution for managing to-do lists, a problem that can't be unique or unusual. For a variety of reasons, I need something I host myself, which allows me to organize tasks, give them due dates and/or priorities and to easily reorganize. I'd prefer a web interface so that I can access my list from home/work/mobile. My searches generally turned up hosted solutions that don't work for privacy reasons, or very old software that has shown no sign of updates in years. What are other Slashdotters using to manage their real-world task list?

GitHub Survived the Biggest DDoS Attack Ever Recorded ( 144

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.


Bad iPhone Notches Are Happening To Good Android Phones ( 260

The Verge's Vlad Savov argues that Android smartphone manufacturers are copying the iPhone's design (specifically, the iPhone X's notch) with more speed and cynicism than ever before: I've been coming to Mobile World Congress for close to a decade now, and I've never seen the iPhone copied quite so blatantly and cynically as I witnessed during this year's show. MWC 2018 will go down in history as the launch platform for a mass of iPhone X notch copycats, each of them more hastily and sloppily assembled than the next. No effort is being made to emulate the complex Face ID system that resides inside Apple's notch; companies like Noa and Ulefone are in such a hurry to get their iPhone lookalike on the market that they haven't even customized their software to account for the new shape of the screen. More than one of these notched handsets at MWC had the clock occluded by the curved corner of the display. Asus is one of the biggest consumer electronics companies in the world, and yet its copycat notch is probably the most galling of them all. The Zenfone 5 looks and feels like a promising phone, featuring loud speakers, the latest Sony imaging sensor with larger-than-average pixels, and a price somewhere south of $499. I should be celebrating it right now, but instead I'm turning away in disgust as Asus leans into its copying by calling Apple a "Fruit Company" repeatedly. If you're going to copy the iPhone, at least have the decency to avoid trying to mock it.

It would be stating the obvious to say that this trend is not a good one. I'm absolutely of the belief that everyone, Apple included, copies or borrows ideas from everyone else in the mobile industry. This is a great way to see technical improvements disseminated across the market. But the problem with these notched screens on Android phones is that they're purely cosmetic. Apple's notch at the top of the iPhone X allows the company to have a nearly borderless screen everywhere else, plus it accommodates the earpiece and TrueDepth camera for Face ID. Asus et al have a sizeable "chin" at the bottom of their phones, so the cutouts at the top are self-evidently motivated by the desire to just look -- not function, look -- like an iPhone X.


Google's Slack Competitor 'Hangouts Chat' Comes Out of Beta ( 52

Frederic Lardinois reports via TechCrunch: Hangouts Chat, Google's take on modern workplace communication, is now generally available and is becoming a core part of G Suite. Hangouts Chat was first announced at Google Cloud Next 2017, together with Hangouts Meet. While Meet went right into public availability, though, Chat went into an invite-only preview. Now, Google is rolling Chat out to all G Suite users over the course of the next seven days (so if you don't see it yet, don't despair). For all intents and purposes, Hangouts Chat is Google's take on Slack, Microsoft Teams and similar projects. Since Google first announced this project, Atlassian also joined the fray with the launch of Stride. Like its competitors, Chat is available on iOS, Android and the web.

Chat currently supports 28 languages and each room can have up to 8,000 members. What's maybe just as important, though, is that Google has already built an ecosystem of partners that are integrating with Chat by offering their own bots. They include the likes of Xero, RingCentral, UberConference, Salesforce, Zenefits,, Jira, Trello, Wrike and Kayak. There's even a Giphy bot. Developers can also build their own bots and integrate their own services with Chat.


Uber Challenges Study Suggesting Its Drivers Earn $3.37 Per Hour ( 271

An MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. But now Reuters reports: Uber Chief Executive Dara Khosrowshahi criticized the MIT study in a tweet on Friday as "Mathematically Incompetent Theories (at least as it pertains to ride-sharing)," and linked to a response by Uber chief economist Jonathan Hall that challenged the study's methodology. Hall's rebuttal to the study said the likely misinterpretation of a survey question and the study's "inconsistent logic" produced a wage result that was below similar studies elsewhere. He said the study used a "flawed methodology" compared with a survey that found drivers' average hour earnings were $15.68. "The earnings figures suggested in the paper are less than half the hourly earnings numbers reported in the very survey the paper derives its data from," wrote Hall.

The MIT study's lead author, Stephen Zoepf, told Reuters in an email on Saturday, "I can see how the question on revenue might have been interpreted differently by respondents" and called Hall's rebuttal thoughtful. "I'm re-running the analysis this weekend using Uber's more optimistic assumptions and should have new results and a public response acknowledging the discrepancy by Monday," he wrote.

Saturday Uber's CEO tweeted a thank-you to MIT, "for listening and revisiting this study and its findings. Right thing to do."

Diabetes Is Actually Five Separate Diseases, Research Suggests ( 114

An anonymous reader quotes a report from the BBC: Scientists say diabetes is five separate diseases, and treatment could be tailored to each form. Diabetes, or uncontrolled blood sugar levels, is normally split into type 1 and type 2. But researchers in Sweden and Finland think the more complicated picture they have uncovered will usher in an era of personalized medicine for diabetes. The study, by Lund University Diabetes Centre in Sweden and the Institute for Molecular Medicine Finland, looked at 14,775 patients including a detailed analysis of their blood. The results, published in The Lancet Diabetes and Endocrinology, showed the patients could be separated into five distinct clusters:

Cluster 1 - severe autoimmune diabetes is broadly the same as the classical type 1 -- it hit people when they were young, seemingly healthy and an immune disease left them unable to produce insulin
Cluster 2 - severe insulin-deficient diabetes patients initially looked very similar to those in cluster 1 -- they were young, had a healthy weight and struggled to make insulin, but the immune system was not at fault
Cluster 3 - severe insulin-resistant diabetes patients were generally overweight and making insulin but their body was no longer responding to it
Cluster 4 - mild obesity-related diabetes was mainly seen in people who were very overweight but metabolically much closer to normal than those in cluster 3
Cluster 5 - mild age-related diabetes patients developed symptoms when they were significantly older than in other groups and their disease tended to be milder

Portables (Apple)

Apple To Release a Cheaper MacBook Air Later This Year ( 149

According to Apple analyst Ming-Chi Kuo of KGI Securities, Apple doesn't appear to be axing its MacBook Air line, despite it being on the market for ten years. Kuo says Apple is planning to release a 13-inch MacBook Air "with a lower price tag" during the second quarter of 2018, which should help push MacBook shipments up by 10-15 percent this year. 9to5Mac reports: Details on the new MacBook Air are sparse, but this report from KGI corroborates a similarly vague report from Digitimes earlier this year. The MacBook Air line has been largely stagnate in recent years as Apple has shifted focus towards the 12-inch MacBook and MacBook Pro. Currently, Apple sells the 13-inch MacBook Air starting at $999, and KGI seems to think it will get even cheaper this year. Despite its neglect by Apple, the MacBook Air remains a popular choice for college students.

YouTube Hiring For Some Positions Excluded White and Asian Men, Lawsuit Says ( 448

Kirsten Grind and Douglas MacMillan report via The Wall Street Journal (Warning: source may be paywalled; alternative source): YouTube last year stopped hiring white and Asian males for technical positions because they didn't help the world's largest video site achieve its goals for improving diversity, according to a civil lawsuit filed by a former employee. The lawsuit, filed by Arne Wilberg, a white male who worked at Google for nine years, including four years as a recruiter at YouTube, alleges the division of Alphabet's Google set quotas for hiring minorities. Last spring, YouTube recruiters were allegedly instructed to cancel interviews with applicants who weren't female, black or Hispanic, and to "purge entirely" the applications of people who didn't fit those categories, the lawsuit claims.

A Google spokeswoman said the company will vigorously defend itself in the lawsuit. "We have a clear policy to hire candidates based on their merit, not their identity," she said in a statement. "At the same time, we unapologetically try to find a diverse pool of qualified candidates for open roles, as this helps us hire the best people, improve our culture, and build better products." People familiar with YouTube's and Google's hiring practices in interviews corroborated some of the lawsuit's allegations, including the hiring freeze of white and Asian technical employees, and YouTube's use of quotas.


Australia Considers Making It Illegal For ISPs To Advertise Inflated Speeds ( 70

The Australian government is currently considering a bill that would make it illegal for internet service providers to exaggerate speeds, or else face a fine of up to $1 million. "One constituent says he's being charged for a 25 megabit per second download speed and a five megabit per second upload and he's actually getting less than one tenth of that," said Andrew Wilkie, the Member of Parliament who introduced the bill. "In other words, people are getting worse than dial-up speed when they've been promised a whizz-bang, super-fast connection." Motherboard reports: Internet speeds can vary based on how many people are on the network and even the hardware you use, but while we can't expect ISPs to deliver maximum speed 100 percent of the time, previous probes into their performance have shown many ISPs in the U.S. aren't delivering even the minimum advertised speeds a majority of the time for the average user. Under the proposed Australian law, ISPs are simply required to be more transparent about what consumers can expect with a specific plan. Rather than advertising only the maximum speeds, they would have to include typical speeds for the average user, indicate busy periods, and clearly list any other factors that might impact service. The bill was only introduced this week, so it's yet to be seen if it will gain traction.

Amazon's Jeff Bezos Called Out On Counterfeit Products Problem ( 169

An anonymous reader quotes a report from CNET: Here's the scenario. A small company designs and creates a product and puts it up on Amazon. Things go well. People really like it. They post hundreds of positive reviews. Sales build -- and keep building. Everything is going great. And then, boom, things go south in a hurry. Another company has created a counterfeit version of the product and is selling it under the same name only it's selling it for less, stealing all the sales. That's exactly what happened to Portland-based Elevation Lab, its founder Casey Hopkins said, accusing Amazon of being "complicit with counterfeiting" in a blog post.

The Anchor, Elevation's popular under-desk headphone mount, has been getting flooded with counterfeits, Hopkins said, noting the situation certainly isn't unique to his company. "The current counterfeit seller, Suiningdonghanjiaju Co Ltd (yeah they sound legit), has been on there for the past 5 days and taken all the sales," Hopkins wrote. Adding further insult to injury, he said Elevation has paid Amazon a "boatload of money" to advertise the product that it has "built, invested in, and shipped." Amazon has now purged the Suiningdonghanjiaju listing, which is noted in our cart as "no longer available from the selected seller." It instead defaults to Elevation's own stock. Hopkins told CNET that counterfeiters have been purged at least five times in recent weeks only to return a week later under a different seller name "to hijack the listing." He said it takes Amazon 5 days to remove the seller.
"If you have a registered brand in the Brand Registry and don't sell the product wholesale, there could be one box to check for that," Hopkins wrote. "And anyone else would have to get approval or high vetting to sell the product, especially if they are sending large quantities to FBA [Fulfillment by Amazon]. I imagine there are some algorithmic solutions that could catch most of it too. And it wouldn't hurt to increase the size of the Brand Registry team so they can do their work faster." Hopkins took a final poke at Amazon CEO Jeff Bezos, saying: "If you're reading this, come on, this is Day 2 activity."

Videogame Lobbyists Join Scientists To Fight 'Gaming Disorder' Classification ( 72

Remember when the World Health Organization moved to define a new disease called "gaming disorder"? An anonymous reader quotes Motherboard: Multiple video game lobbying groups from around the world have banded together to push back against the classification, and 36 academics, scientists, doctors, and researchers have drafted a paper that called the WHO's methodology and motives into question. The professionals will publish the paper, titled "Weak Basis for Gaming Disorder," in an upcoming issue of Journal of Behavioral Addictions. The article is a collection of well reasoned arguments against classifying "gaming disorder" as a disease, complete with references to extant research...

"We agree that there are some people whose play of video games is related to life problems," said the article's abstract. "However, moving from research construct to formal disorder requires a much stronger evidence base than we currently have"... To be clear, the article doesn't argue that something isn't going on and that gaming addiction isn't real and isn't a problem. It just thinks that rushing to define it and put it in the the ICD is a bad idea.


2M Americans Lost Power After 'Bomb Cyclone' ( 129

An anonymous reader quotes the Associated Press: Tens of thousands of utility workers in the Northeast raced to restore power to more than 1.5 million homes and businesses just days after a powerful nor'easter caused flooding and wind damage from Virginia to Maine... Flood waters had receded in most areas, but Friday's storm had taken huge chunks out of the coastline in Massachusetts and other states... Residents in other areas, meanwhile, bailed out basements and surveyed the damage while waiting for power to be restored, a process that power companies warned could take days in some areas.

Power outages on the East Coast dipped by about 500,000 from a peak of 2 million earlier Saturday, but officials said lingering wind gusts were slowing repair efforts. The storm's aftermath also was still affecting travel, with airports from Washington, D.C. to Boston reporting dozens of delays and cancellations, while service was slowly returning to normal on rail systems throughout the region... The death toll from the storm increased by four, with authorities saying at least nine people had lost their lives.

Airlines canceled more than 2,800 flights, according to the Associated Press, while Amtrak suspended service along the northeast corridor (though it's saying they should all return to service on Sunday).

CNN reported roughly 1 in 4 Americans were in the storm's path, facing winds as high as 50 mph, while the Associated Press reports gusts up to 90 mph on Cape Cod.

23,000 HTTPS Certs Axed After CEO Emails Private Keys ( 72

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."

"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."

Slashdot Outage Update 513

Obviously Slashdot has had some issues the past couple days. For those wondering, we inherited an aging hardware setup in the acquisition that was located physically far away from us. We made a big investment in a new hardware set up, and ran into sizable issues including a massive DDOS during the migration process. Going forward we expect much better uptime. If we inconvenienced anyone, we're sorry. If it's any consolation, it wasn't fun for us either, and our team worked non-stop for days to get Slashdot back online. With our new infrastructure in place, we will be dedicating a lot of time and resources this year to improving Slashdot.

Amazon Will Soon Stop Selling Google's 'Nest' Smart Home Products ( 47

An anonymous reader quotes The Verge: Nest products won't be sold by any longer once current stock runs out, according to a report from Business Insider. Amazon last year declined to offer some of Nest's newer products like the Nest Cam IQ and latest-generation smart thermostat. After weeks of simply ignoring the products and being unresponsive to Nest, Amazon informed the company of its decision by phone late in the year and said the directive "came from the top," something Nest took to mean it had been handed down by CEO Jeff Bezos. There has been no direct confirmation of this, however.

As a result, Nest has decided to halt further restocks at Amazon once remaining product inventory is exhausted. It's unclear whether third-party sellers will continue selling Nest gadgets, but Amazon itself will not. In removing itself from Amazon, Nest's reasoning is that the powerful retailer should be selling its entire product family or nothing at all.

The Verge calls it a "dumb, anti-consumer feud."

Slashdot Top Deals