Debian

Does Systemd Makes Linux Complex, Error-Prone, and Unstable? (ungleich.ch) 112

"Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value." So argues Nico Schottelius, talking about his experiences as the CEO of a Swiss company providing VM hosting, datacenters, and high-speed fiber internet. Long-time Slashdot reader walterbyrd quotes Nico's essay: While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope...

[W]hat the Devuan developers are doing is creating stability. Think about it not in a few repeating systemd bugs or about the insecurity caused by a huge, monolithic piece of software running with root privileges. Why do people favor Linux on servers over Windows? It is very easy: people don't use Windows, because it is too complex, too error prone and not suitable as a stable basis. Read it again. This is exactly what systemd introduces into Linux: error prone complexity and instability. With systemd the main advantage to using Linux is obsolete.

The essay argues that while Devuan foisted another choice into the community, "it is not their fault. Creating Devuan is simply a counteraction to ensure Linux stays stable. which is of high importance for a lot of people."
Robotics

After Automating Order-Taking, Fast Food Chains Had to Hire More Workers (theatlantic.com) 105

An anonymous reader quotes the Atlantic: Blaine Hurst, the CEO and president of Panera, told me that because of its new [self-service] kiosks, and an app that allows online ordering, the chain is now processing more orders overall, which means it needs more total workers to fulfill customer demand. Starbucks patrons who use the chain's app return more frequently than those who don't, the company has said, and the greater efficiency that online ordering allows has boosted sales at busy stores during peak hours. Starbucks employed 8 percent more people in the U.S. in 2016 than it did in 2015, the year it launched the app...

James Bessen, an economist at Boston University School of Law, found that as the number of ATMs in America increased fivefold from 1990 to 2010, the number of bank tellers also grew. Bessen believes that ATMs drove demand for consumer banking: No longer constrained by a branch's limited hours, consumers used banking services more frequently, and people who were unbanked opened accounts to take advantage of the new technology. Although each branch employed fewer tellers, banks added more branches, so the number of tellers grew overall. And as machines took over many basic cash-handling tasks, the nature of the tellers' job changed. They were now tasked with talking to customers about products -- a certificate of deposit, an auto loan -- which in turn made them more valuable to their employers. "It's not clear that automation in the restaurant industry will lead to job losses," Bessen told me.

Medicine

Researchers Say Human Lifespans Have Already Hit Their Peak (newsweek.com) 150

An anonymous reader quotes Newsweek: We have reached our peak in terms of lifespan, athletic performance and height, according to a new survey of research and historical records... "These traits no longer increase, despite further continuous nutritional, medical, and scientific progress," said Jean-FranÃois Toussaint, a physiologist at Paris Descartes University, France, in a press release... For the study, published in the journal Frontiers in Physiology, a team of French scientists, including Toussaint, from a range of fields analyzed 120 years' worth of historical records and previous research to gauge the varying pace of changes seen in human athletic performance, human lifespan and human height. While, as they observe, the 20th century saw a surge in improvements in all three areas that mirrored industrial, medical and scientific advances, the pace of those advances has slowed significantly in recent years.

The team looked at world records in a variety of sports, including running, swimming, skating, cycling and weight-lifting. Olympic athletes in those sports continually toppled records by impressive margins from the early 1900s to the end of the 20th century, according the study. But since then, Olympic records have shown just incremental improvements. We have stopped not only getting faster and stronger, according to the study, but also growing taller... [D]ata from the last three decades suggest that heights have plateaued among high-income countries in North America and Europe... As for our human lifespan, life expectancy in high-income countries rose by about 30 years from 1900 to 2000, according to a National Institutes of Health study cited by the authors, thanks to better nutrition, hygiene, vaccines and other medical improvements. But we may have maxed out our biological limit for longevity. The researchers found that in many human populations, says Toussaint, "it's more and more difficult to show progress in lifespan despite the advances of science."

The Almighty Buck

Launch of Bitcoin Futures Trading Crashes CBOE Site (thestreet.com) 61

"5PM CT is the start of Bitcoin futures trading and the $CBOE website appears to be down," one market watcher posted on Twitter (and his observation was quickly confirmed by other cryptocurrency-watching accounts and confirmed by CBOE). "I'm guessing watching Bitcoin futures start trading is a more popular spectator sport than anticipated."

Bitcoin futures will also begin trading on the Chicago Mercantile Exchange in eight days. The Street report that the anticipation of that "has triggered wild swings in bitcoin prices over the last week." Overall, trading bitcoin futures is a positive development for the cryptocurrency says the research team at Fundstrat... The introduction of derivatives lays the necessary market structure for institutions to allocate cash towards cryptocurrencies, points out Fundstrat... Short sellers may now express negative views on bitcoin, which could lead to short-term pricing pressure. But the ability for short sellers to hate on bitcoin could be viewed as a longer term positive, Fundstrat says. Shorting essentially creates true price discovery and means that hedge funds could take bitcoin more seriously. This should improve the long-term prospects of bitcoin as it broadens sponsorship, Fundstrat believes.
IOS

Top iOS Apps of 2017: Bitmoji Beats Snapchat, YouTube, and Facebook Messenger (cnn.com) 26

An anonymous reader quotes CNN: Apple has unveiled its list of most downloaded iOS apps of the year, and topping the list is free custom emoji app Bitmoji... Bitmoji soared to the top of the list, thanks to an integration with Snapchat. (Snapchat's parent company acquired Bitmoji last year for an unknown amount)... Users must download the Bitmoji app to use it with Snapchat.

Fittingly, the main Snapchat app took second place, despite a tough year on Wall Street that was attributed to slow user growth. Snapchat was the most downloaded app of 2016. Google's YouTube took the number three spot this year, while Facebook's Messenger and Instagram placed fourth and fifth, respectively.

The Almighty Buck

Coinbase Warns During Times of High Volatility, Access Could Become 'Unavailable' (cityam.com) 78

An anonymous reader quotes City AM: A leading bitcoin exchange has warned that customers may be unable to get their money out quickly in the event of a crash in the cryptocurrency's price. Writing in a blog post last week, Coinbase's co-founder and chief executive Brian Armstrong, said despite "sizeable and ongoing" increases in the firm's technical infrastructure and engineering staff, access to Coinbase services could become "degraded or unavailable during times of significant volatility or volume. This could result in the inability to buy or sell for period of time," he said.

Armstrong added that there would be restrictions on how much customers could sell, or sell limits, to "protect client accounts and assets"... Bitcoin's market capitalisation rose above $300 billion for the first time earlier this week when its price rocketed to an all-time high of just over $17,000. Many analysts have warned that bitcoin represents an unsustainable bubble, though no one is quite sure when it will burst.

Businesses

Exhausted Amazon Drivers Are Working 11-Hour Shifts For Less Than Minimum Wage (mirror.co.uk) 221

schwit1 quotes the Daily Mirror: Drivers are being asked to deliver up to 200 parcels a day for Amazon while earning less than the minimum wage, a Sunday Mirror investigation reveals today... Many routinely exceed the legal maximum shift of 11 hours and finish their days dead on their feet. Yet they have so little time for food or toilet stops they snatch hurried meals on the run and urinate into plastic bottles they keep in their vans. They say they often break speed limits to meet targets that take no account of delays such as ice, traffic jams or road closures.

Many claim they are employed in a way that means they have no rights to holiday or sickness pay. And some say they take home as little as £160 for a five-day week amid conditions described by one lawyer as "almost Dickensian"... The Driving and Vehicle Standards Agency has vowed to investigate after drivers contacted them to complain about conditions.

Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 76

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

United States

FCC Refuses Records For Investigation Into Fake Net Neutrality Comments (variety.com) 124

"FCC general counsel Tom Johnson has told the New York State attorney general that the FCC is not providing information for his investigation into fake net-neutrality comments, saying those comments did not affect the review, and challenging the state's ability to investigate the feds." Variety has more: The FCC's general counsel, in a letter to New York Attorney General Eric Schneiderman, also dismissed his concerns that the volume of fake comments or those made with stolen identities have "corrupted" the rule-making process... He added that Schneiderman's request for logs of IP addresses would be "unduly burdensome" to the commission, and would "raise significant personal privacy concerns."

Amy Spitalnick, Schneiderman's press secretary, said in a statement that the FCC "made clear that it will continue to obstruct a law enforcement investigation. It's easy for the FCC to claim that there's no problem with the process, when they're hiding the very information that would allow us to determine if there was a problem. To be clear, impersonation is a violation of New York law," she said... "The only privacy jeopardized by the FCC's continued obstruction of this investigation is that of the perpetrators who impersonated real Americans."

One of the FCC's Democratic commissioners claimed that this response "shows the FCC's sheer contempt for public input and unreasonable failure to support integrity in its process... Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources."
Bug

Microsoft's 'Malware Protection Engine' Had A Remote Code Execution Flaw (theregister.co.uk) 41

Slashdot reader Trax3001BBS shares an article from The Register: Microsoft posted an out-of-band security update Thursday to address a remote code execution flaw in its Malware Protection Engine. Redmond says the flaw, dubbed CVE-2017-11937, has not yet been exploited in the wild. Because it is an out-of-band critical fix, however, it should be installed as soon as possible. For most users, this will happen automatically.

The security hole is present in Windows Defender and Microsoft Security Essentials, as well as Endpoint Protection, Forefront Endpoint Protection, and Exchange Server 2013 and 2016... According to Microsoft, the vulnerability can be triggered when the Malware Protection Engine scans a downloaded file to check for threats. In many systems this is set to happen automatically for all new files. By exploiting a memory corruption error in the malware scanning tool, the attack file would be able to execute code on the target machine with LocalSystem privileges.

Space

New Satellite Experiment Helps Confirm Einstein's Equivalence Principle (presse.cnes.fr) 67

Part of Einstein's theory of general relativity posits that gravity equals inertial mass -- and for the first time in 10 years, there's new evidence that he's right. Slashdot reader orsayman reports: Most stories around space today seem to revolve around SpaceX, but let's not forget that space is also a place for cool physics experiments. One such experiment currently running into low orbit is the MICROSCOPE satellite launched in 2016 to test the (weak) Equivalence Principle (also knows as the universality of free fall) a central hypothesis in General Relativity.

The first results confirm the principle with a precision ten times better than previous experiments. And it's just the beginning since they hope to increase the precision by another factor of 10. If the Equivalence Principle is still verified at this precision, this could constrain or invalidate some quantum gravity theories. For those of you who are more satellite-science oriented, the satellite also features an innovative "self destruct" mechanism (meant to limit orbit pollution) based on inflatable structures described in this paper.

"The science phase of the mission began in December 2016," reports France's space agency, "and has already collected data from 1,900 orbits, the equivalent of a free fall of 85 million kilometres or half the Earth-Sun distance."
Security

Touting Government/Industry 'Partnership' on Security Practices, NIST Drafts Cybersecurity Framework Update (scmagazine.com) 13

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.

Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."
Toys

Ask Slashdot: Are There Any Good Smartwatches Or Fitness Trackers? 224

"What's your opinion on the current state of smartwatches?" asks long-time Slashdot reader rodrigoandrade. He's been researching both smartwatches and fitness trackers, and shares his own opinions: - Manufacturers have learnt from Moto 360 that people want round smartwatches that actually look like traditional watches, with a couple of glaring exceptions....

- Android Wear 2.0 is a thing, not vaporware. It's still pretty raw (think of early Android phones) but it works well. The LG Sport Watch is the highest-end device that supports it.

- LTE-enabled smartwatches finally allow you to ditch your smartphone, if you wish. Just pop you nano SIM in it and party on. The availability is still limited to a few SKUs in some countries, and they're ludicrously expensive, but it's getting there.

Keep reading for his assessment of four high-end choices -- and share your own opinions in the comments.
Idle

'Cards Against Humanity' Gives Out $1000 Checks (nbcchicago.com) 327

An anonymous reader writes: In November "Cards Against Humanity" announced "a complicated holiday promotion" where people paid $15 for six surprises in December. (For the first surprise in the Cards Against Humanity Saves America promotion, "we purchased a plot of vacant land on the border and retained a law firm specializing in eminent domain to make it as time-consuming and expensive as possible for Trump to build his wall.") The second surprise was the launch of a new podcast filled with positive news, and for the third surprise, they're redistributing the money people paid to join the event. "Most of our subscribers (about 140,000 people) got nothing today — they could have it worse. The next 10,000 subscribers received a full $15 refund of their Cards Against Humanity Saves America purchase. Finally, the poorest 100 people received a check for $1,000, paid for by everyone else."

A new web page shares stories from the grateful participants, and explains the site's careful methodology for determining who needed the $1,000 checks the most. ("We excluded all Canadians. They already have universal healthcare. They'll be fine.") It argues that wealth inequality is the biggest issue in the world, but "Our lawyers advised against our first choice — a campaign to eat all the rich people and live in their houses — so we settled for something more achievable."

Intel

Intel's ME May Be Massively Infringing on Minix3's Free Software License (ipwatchdog.com) 235

Software engineer (and IP Watchdog contributor) Fredrik Ohrstrom (a.k.a. Slashdot reader anjara) writes: Almost all Free Software licenses (BSD, MIT, GPL...) require some sort of legal notice (legal attribution) given to the recipient of the software, both when the software is distributed in source and in binary forms. The legal notice usually contains the copyright holder's name and the license text. This means that it's not possible to hide and keep secret the existence of Free Software that you have stuck into your product that you distribute. If you do so, then you are not complying with the Free Software license and you are committing a copyright infringement!

This is exactly what Intel seems to have done with the Intel ME. The Minix3 operating system license requires a legal notice, but so far it seems like Intel has not given the necessary legal notices. (Probably because they want to keep the inside of the ME secret.) Thus not only is Minix3 the most installed OS on our recent x86 CPUs -- but it might also the most pirated OS on our recent x86 CPUs!

Slashdot Top Deals