By EditorDavid from Slashdot's some-good-Knuth department
In 1962, 24-year-old Donald Knuth began writing The Art of Computer Programming -- and 55 years later, he's still working on it. An anonymous reader quotes Knuth's web site at Stanford:
Volume 4B will begin with a special section called 'Mathematical Preliminaries Redux', which extends the 'Mathematical Preliminaries' of Section 1.2 in Volume 1 to things that I didn't know about in the 1960s. Most of this new material deals with probabilities and expectations of random events; there's also an introduction to the theory of martingales.
You can have a sneak preview by looking at the current draft of pre-fascicle 5a (52 pages), last updated 18 January 2017. As usual, rewards will be given to whoever is first to find and report errors or to make valuable suggestions. I'm particularly interested in receiving feedback about the exercises (of which there are 125) and their answers (of which there are 125).
Over the years Knuth gave out over $20,000 in rewards, though most people didn't cash his highly-coveted "hexadecimal checks", and in 2008 Knuth switched to honorary "hexadecimal certificates". In 2014 Knuth complained about the "dumbing down" of computer science history, and his standards remain high. In his most-recent update, 79-year-old Knuth reminds readers that "There's stuff in here that isn't in Wikipedia yet!"Read Replies (0)
By EditorDavid from Slashdot's war-on-wind department
An anonymous reader quotes a Christian Science Monitor report on "a bill that would essentially ban large-scale renewable energy" in Wyoming.
The new Wyoming bill would forbid utilities from using solar or wind sources for their electricity by 2019, according to Inside Climate News... The bill would require utilities to use "eligible resources" to meet 95 percent of Wyoming's electricity needs in 2018, and all of its electricity needs in 2019. Those "eligible resources" are defined solely as coal, hydroelectric, natural gas, nuclear, oil, and individual net metering... Utility-scale wind and solar farms are not included in the bill's list of "eligible resources," making it illegal for Wyoming utilities to use them in any way if the legislation passes. The bill calls for a fine of $10 per megawatt-hour of electricity from a renewable source to be slapped on Wyoming utilities that provide power from unapproved sources to in-state customers.
The bill also prohibits utilities from raising rates to cover the cost of those penalties, though utilities wouldn't be penalized if they exported that energy to other states. But one local activist described it as 'talking-point' legislation, and even the bill's sponsor gives it only a 50% chance of passing.Read Replies (0)
By EditorDavid from Slashdot's uncertain-certificates department
"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain."
Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...
Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and CloudflareRead Replies (0)
Raspberry Pi Gets Competitors
Posted by News Fetcher on January 21 '17 at 02:51 PM
By EditorDavid from Slashdot's Pi-fight department
Hackaday reports that Asus has "quietly released their Tinker board that follows the Pi form factor very closely, and packs a 1.8 GHz quad-core ARM Cortes A17 alongside an impressive spec At £55 (about $68) where this is being written it's more expensive than the Pi, but Asus go to great lengths to demonstrate that it is significantly faster." And though the Raspberry Pi foundation upgraded their Compute Module, Pine64 has just unveiled their new SOPINE A64 64-bit computing module, a smaller version of the $15 Pine64 computer. An anonymous reader quotes ComputerWorld:
At $29, the SOPINE A64 roughly matches the price of the Raspberry Pi Compute Module 3, which ranges from $25 to $30. The new SOPINE will ship in February, according to the website. The SOPINE A64 can't operate as a standalone computer like the Pine64. It needs to be plugged in as a memory slot inside a computer. But if you want a full-blown computer, Pine64 also sells the $15 SOPINE Baseboard Model-A, which "complements the SOPINE A64 Compute Module and turns it into a full single board computer," according to the company...
The original Pine64 was crowdsourced and also became popular for its high-end components like a 64-bit chip and DDR3 memory... It has 2GB RAM, which is twice that of Raspberry Pi's compute module. SOPINE also has faster DDR3 memory, superior to DDR2 memory in Raspberry Pi Compute Module 3 board.Read Replies (0)
By EditorDavid from Slashdot's Autopilot-is-my-copilot department
There's a surprise in the data from an investigation into Tesla safety by the U.S. National Highway Traffic Safety Administration.
An anonymous reader quotes Bloomberg:
[W]hile all Tesla vehicles come with the hardware necessary for Autopilot, you need a software upgrade that costs thousands of dollars to make it work. Since buyers can add Autopilot features after purchase, this provides a perfect before-and-after comparison. It turns out that, according to the data Tesla gave investigators, installing Autopilot prevents crashes -- by an astonishing 40 percent...
Now -- thanks to an investigation that initially hurt the company -- there is finally some real data, and it's good news for Tesla... As the software matures to match the new hardware, Musk said on Thursday via a Tweet, Tesla is targeting a 90 percent reduction in car crashes.Read Replies (0)
By EditorDavid from Slashdot's runtime-says-you're-running-out-of-time department
An anonymous reader quotes BleepingComputer:
Oracle says that starting with April 18, 2017, Java (JRE) will treat all JAR files signed with the MD5 algorithm as unsigned, meaning they'll be considered insecure and blocked from running. Oracle originally planned MD5's deprecation for the current Critical Patch Update, released this week, which included a whopping 270 security fixes, one of the biggest security updates to date. The company decided to give developers and companies more time to prepare and delayed MD5's deprecation for the release of Oracle Java SE 8u131 and the next Java CPU, scheduled for release in April...
Oracle removed MD5 as a default code signing option from Java SE 6, released in 2006. Despite this, there will be thousands of Java apps that will never be resigned. For this, Oracle will allow system administrators to set up custom deployment rule sets and exception site lists to allow Java applets and Java Web Start applications signed with MD5 to run. Sometimes in the second half of 2017, Oracle also plans to change the minimum key length for Diffie-Hellman algorithms to 1024 bits. These updates are part of Oracle's long-standing plan for changes to the security algorithms in the Oracle Java Runtime Environment and Java SE Development Kit.Read Replies (0)
By EditorDavid from Slashdot's big-bug-bounties department
Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March.
Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
$100,000 for escaping a virtualization hypervisor$80,000 for a Microsoft Edge or Google Chrome exploit$50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint$50,000 for an Apple Safari exploit$30,000 for a Firefox exploit$30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)$200,000 for an Apache Web Server exploitRead Replies (0)
By EditorDavid from Slashdot's walled-garden-guardians department
An anonymous reader quotes PCWorld:
Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps... In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.
100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.Read Replies (0)
By EditorDavid from Slashdot's language-of-languages department
An anonymous reader writes:
"Nim compiles and runs fast, delivers tiny executables on several platforms, and borrows great ideas from numerous other languages," according to InfoWorld. After six years, they write, Nim is finally "making a case as a mix of the best of many worlds: The compilation speed and cross-platform targeting of Go, the safe-by-default behaviors of Rust, the readability and ease of development of Python, and even the metaprogramming facilities of the Lisp family..."
There's an improved output system in the newest release, and both its compiler and library are MIT licensed. Share your thoughts and opinions in the comments. Is anybody excited about writing code in Nim?Read Replies (0)
By BeauHD from Slashdot's study-learn-and-repeat department
An anonymous reader quotes a report from Reuters: Six scientists have entered a dome perched atop a remote volcano in Hawaii where they will spend the next eight months in isolation to simulate life for astronauts traveling to Mars, the University of Hawaii said. The study is designed to help NASA better understand human behavior and performance during long space missions as the U.S. space agency explores plans for a manned mission to the Red Planet. The crew will perform geological field work and basic daily tasks in the 1,200-square-foot (365 m) dome, located in an abandoned quarry 8,000 feet (2.5 km) above sea level on the Mauna Loa volcano on Hawaii's Big Island. There is little vegetation and the scientists will have no contact with the outside world, said the university, which operates the dome. Communications with a mission control team will be time-delayed to match the 20-minute travel time of radio waves passing between Earth and Mars. "Daily routines include food preparation from only shelf-stable ingredients, exercise, research and fieldwork aligned with NASA's planetary exploration expectations," the university said. The project is intended to create guidelines for future missions to Mars, some 35 million miles (56 million km) away, a long-term goal of the U.S. human space program. The NASA-funded study, known as the Hawaii Space Exploration Analog and Simulation (Hi-SEAS), is the fifth of its kind.Read Replies (0)
By BeauHD from Slashdot's logical-decision-making department
An anonymous reader quotes a report from Hollywood Reporter: Stand down from battle stations. Star Trek rights holders CBS and Paramount have seen the logic of settling a copyright suit against Alec Peters, who solicited money on crowdfunding sites and hired professionals to make a YouTube short and a script of a planned feature film focused on a fictional event -- a Starfleet captain's victory in a war with the Klingon Empire -- referenced in the original 1960s Gene Roddenberry television series. Thanks to the settlement, CBS and Paramount won't be going to trial on Stardate 47634.44, known to most as Jan. 31, 2017. According to a joint statement, "Paramount Pictures Corporation, CBS Studios Inc., Axanar Productions, Inc. and Alec Peters are pleased to announce that the litigation regarding Axanar's film Prelude to Axanar and its proposed film Axanar has been resolved. Axanar and Mr. Peters acknowledge that both films were not approved by Paramount or CBS, and that both works crossed boundaries acceptable to CBS and Paramount relating to copyright law." Peters' Axanar video and script, which feature such arguably copyrighted elements as Vulcan ears, the Klingon language and an obscure character from a 1969 episode, sparked a lawsuit in December 2015. The litigation then proceeded at warp speed with the case almost making it to trial in just 13 months, an amazingly brisk pace by typical standards. When Axanar comes out, it will look different. "Axanar and Mr. Peters have agreed to make substantial changes to Axanar to resolve this litigation, and have also assured the copyright holders that any future Star Trek fan films produced by Axanar or Mr. Peters will be in accordance with the 'Guidelines for Fan Films' distributed by CBS and Paramount in June 2016," states the parties' joint announcement of a settlement.Read Replies (0)
By BeauHD from Slashdot's here-we-go-again department
For the second time in 9 months, ATT is raising its activation and upgrade fee. In April 2016, the fee for non-contract customers was raised from $15 to $20. Today, it has been raised another $5, from $20 to $25, according to PhoneScoop. Ars Technica reports: As the mobile carrier switched from contracts to device payment plans, ATT initially did not charge an activation and upgrade fee for customers who brought their own phone or bought one from ATT on an installment plan. But in July 2015, ATT started charging a $15 activation fee to customers who don't sign two-year contracts. (ATT also raised the activation/upgrade fee for contract customers from $40 to $45 in July 2015.) The $25 fee is charged for new activations or upgrades when customers purchase devices on installment agreements, ATT says. Customers who bring their own phone to the network are charged the $25 fee when they activate a new line of service, but not when they upgrade phones on an existing line. "We are making a minor adjustment to our activation and upgrade fees. The change is effective today," ATT told Ars. ATT also still charges the $45 activation and upgrade fee on two-year contracts, but those contracts are "available only on select devices."Read Replies (0)
By BeauHD from Slashdot's drastic-times-call-for-drastic-measures department
A new report published by Markus Tobiassen and Kjetil Saeter of Norwegian publication Dagens Naeringsliv is accusing Jay Z's Tidal music streaming service of fabricating their subscriber numbers by creating fake accounts and lying to the media and partners. The company claims to have more than 3 million paying subscribers with more than half of those paying $20-a-month. Digital News Music reports: Tobiassen and Saeter interviewed staffers at TIDAL, as well as partners and confidential sources. And the information that came back was pretty damning. "When 16 of the world's biggest pop stars, one a convicted cocaine smuggler and a former Israeli intelligence officer was not able to obtain enough customers to Jay Z's Tidal, the company began to inflate subscription numbers," the report alleges. DMN spoke this morning with Tobiassen, who offered a translation of the report. "On March 30th of last year, Tidal issued a press release stating that the company had reached 'three million members,'" the report states. "The news story reported worldwide was that Tidal had three million paying subscribers. Tidal also specified to online newspaper The Verge that this figure did not include trial subscribers. This was the last time Tidal reported a total number of subscribers to the public." The only problem with that? "In April 2016, one month after the press release issued by the company claiming three million members, Tidal made payments to the record labels for around 850,000 subscribers. The figure reported internally by Tidal in April is 1.2 million subscribers." The report further states that Tidal itself reported a figure of 1.1 million to the major record labels in late 2016. In other words, nowhere near the numbers reported to media outlets like Digital Music News and Verge.Read Replies (0)
By BeauHD from Slashdot's point-A-to-point-B department
The former Senior Vice President of Search and employee number 176 at Google has joined the ride-hailing company Uber as SVP of Engineering. TechCrunch is reporting that "Singhal will be heading up the Maps and Marketplace departments at Uber, while also advising CEO Travis Kalanick and Uber VP of Engineering and Otto co-founder Anthony Levandowski on their efforts to build out the company's self-driving technology." From the report: The last time we in tech news circles heard from Singhal, he was saying goodbye after a 15-year career at Google, in a farewell letter that felt a lot like a retirement announcement. Singhal wrote that he was leaving to "see what kind of impact [he could] make philanthropically" and to"spend more time with [his] family," in an effort to "define [his] next fifteen years." Now, a little under a year later, Singhal is back in an executive role -- this time at a much younger company, but still at one of the most influential technology firms in the world. So how did Singhal get from there to here? Well, for starters, Singhal did throw himself into philanthropic pursuits, focusing on the Singhal Foundation established by him and his wife Shipa, which aims to deliver access to high quality education for kids who normally wouldn't be able to attend top schools, and which began with a focus on the city of Jodhpur, in India. Singhal met Travis Kalanick through a mutual friend, which sparked a series of conversations between the search expert and the famous founder about Uber, its goals and its technical challenges. The combination of the scope of both Uber's potential impact, and the extent of the engineering hurdles it faces in achieving its aims were what drew Singhal in; he is, after all, a true engineer at heart, and mountainous technical challenges attract skilled engineers like nothing else. "This company is not only doing things that are amazing, this company also has some of the toughest computer science challenges that I have seen in my career of 25 years," Singhal told me. "Those computer science challenges for a computer science geek are just intriguing -- you give a geek a puzzle, they can't drop it; they need to solve the puzzle. That's how it felt to me."Read Replies (0)
By BeauHD from Slashdot's special-treatment department
dcblogs quotes a report from Computerworld: A new bill in Congress would give foreign students who graduate from U.S. schools priority in getting an H-1B visa. The legislation also "explicitly prohibits" the replacement of American workers by visa holders. This bill, the H-1B and L-1 Visa Reform Act, was announced Thursday by its co-sponsors, U.S. Senators Chuck Grassley (R-Iowa) and Sen. Dick Durbin (D-Ill.), longtime allies on H-1B reform. Grassley is chairman of the Senate Judiciary Committee, which gives this bill an immediate big leg up in the legislative process. This legislation would end the annual random distribution, via a lottery, of H-1B visas, and replace it with a system to give priority to certain types of students. Foreign nationals in the best position to get one of the 85,000 H-1B visas issued annually will have earned an advanced degree from a U.S. school, have a well-paying job offer, and have preferred skills. The specific skills weren't identified, but will likely be STEM-related. "Congress created these programs to complement America's high-skilled workforce, not replace it," said Grassley, in a statement. "Unfortunately, some companies are trying to exploit the programs by cutting American workers for cheaper labor."Read Replies (0)