Microsoft

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com) 5

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

United States

Trump Administration Prohibits CDC Policy Analysts From Using the Words 'Science-Based' (washingtonpost.com) 115

Long-time Slashdot reader hey! writes: On Friday the Washington Post reported that the Trump Administration has forbidden the Centers for Disease Control from using seven terms in certain documents: "science-based", "evidence-based", "vulnerable," "entitlement," "diversity," "transgender," and "fetus".

It's important to note that the precise scope and intent of the ban is unknown at present. Scientific and medical personnel as of now have not been affected, only policy analysts preparing budgetary proposals and supporting data that is being sent to Congress. So it is unclear the degree to which the language mandates represent a change in agency priorities vs. a change in how it presents itself to Congress. However banning the scientifically precise term "fetus" will certainly complicate budgeting for things like Zika research and monitoring.

According to the Post's article, "Instead of 'science-based' or 'evidence-based,' the suggested phrase is 'CDC bases its recommendations on science in consideration with community standards and wishes."

The New York Times confirmed the story with several officials, although "a few suggested that the proposal was not so much a ban on words but recommendations to avoid some language to ease the path toward budget approval by Republicans."
Microsoft

Windows 10 Bundled a Password Manager with a Security Flaw (bleepingcomputer.com) 32

An anonymous reader writes: A Google security researcher has found and helped patch a severe vulnerability in Keeper, a password manager application that Microsoft has been bundling with some Windows 10 distributions this year... "This is a complete compromise of Keeper security, allowing any website to steal any password," Tavis Ormandy, the Google security researcher said, pointing out that the password manager was still vulnerable to a same vulnerability he reported in August 2016, which had apparently been reintroduced in the code.

Based on user reports, Microsoft appears to have been bundling Keeper as part of Windows 10 Pro distributions since this past summer.

The article reports that Keeper issued a fix -- browser extension version 11.4 -- within less than 24 hours.
Microsoft

Do More People Use Firefox Than Edge and IE Combined? (computerworld.com) 88

A funny thing happened when Net Applications' statistics began excluding fake traffic from ad-defrauding bots. Computerworld reports: Microsoft's Edge browser is less popular with Windows 10 users than earlier thought, if revised data from a U.S. analytics vendor can be believed. According to Net Applications of Aliso Viejo, Calif., Edge has been designated the primary browser by fewer than one in six Windows 10 users for more than a year and a half. That's a significant downgrading of Edge's user share statistics from the browser's portrayal before this month...

By comparing Edge's old and new shares, it was evident that as much as half of the earlier Edge traffic had been faked by bots. The portion of Edge's share credited to bots fluctuated month to month, but fell below 30% in only 4 of the 19 months for which Net Applications provided data... Microsoft's legacy browser, Internet Explorer (IE) also was revealed as a Potemkin village. Under the old data regime, which included bots, IE's user share was overblown, at times more than double the no-bots reality. Take May 2016 as an example. With bots, Net Applications pegged IE at 33.7%; without bots, IE's user share dwindled to just 14.9%. Together, IE and Edge - in other words, Microsoft's browsers - accounted for only 16.3% of the global user share last month using Net Applications' new calculations... In fact, the combined IE and Edge now face a once unthinkable fate: falling beneath Mozilla's Firefox.

StatCounter's stats on browser usage already show more people have already been using Firefox than both of Microsoft's browsers combined -- in 12 of the last 13 months.
AI

Artificial Intelligence Is Killing the Uncanny Valley and Our Grasp On Reality (wired.com) 116

rickih02 writes: In 2018, we will enter a new era of machine learning -- one in which AI-generated media looks and sounds completely real. The technologies underlying this shift will push us into new creative realms. But this boom will have a dark side, too. For Backchannel's 2018 predictions edition, Sandra Upson delves into the future of artificial intelligence and the double edged sword its increasing sophistication will present. "A world awash in AI-generated content is a classic case of a utopia that is also a dystopia," she writes. "It's messy, it's beautiful, and it's already here."
"The algorithms powering style transfer are gaining precision, signalling the end of the Uncanny Valley -- the sense of unease that realistic computer-generated humans typically elicit..." the article argues.

"But it's not hard to see how this creative explosion could all go very wrong."
Programming

Ask Slashdot: How Can Programmers Explain Their Work To Non-Programmers? 237

Slashdot reader Grady Martin writes: I disrespect people who describe their work in highfalutin terms... However, describing my own work as "programming solutions to problems" is little more than codifying what just about anyone can perceive through intuition. Case in point: Home for the holidays, I was asked about recent accomplishments and attempted to explain the process of producing compact visualizations of branched undo/redo histories.

Responses ranged from, "Well, duh," to, "I can already do that in Word"...

It's the "duh" that I want to address, because of course an elegant solution seem obvious after the fact: Such is the nature of elegance itself. Does anyone have advice on making elegance sound impressive?

An anonymous Slashdot reader left this suggestion for explaining your work to non-programmers. "Don't. I get sick when I hear the bullshit artists spew crap out of their mouth when they have no idea wtf they're talking about. Especially managers..."

But how about the rest of you? How can programmers explain their work to non-programmers?
The Almighty Buck

Bitcoin Jumps Another 10% in 24 Hours, Sets New Record at $19,000 (arstechnica.com) 178

An anonymous reader quotes Ars Technica: Bitcoin's price set a new record on Saturday as the virtual currency rose above $19,000 for the first time on the Bitstamp exchange. The gains came just hours after the currency crossed the $18,000 mark. Bitcoin's value has doubled over the last three weeks, and it's up more than 20-fold over the last year.

Bitcoin's value keeps rising despite a growing chorus of experts who say the currency value is an unsustainable bubble. One CNBC survey this week found that 80 percent of Wall Street economists and market strategists saw bitcoin's rise as a bubble, compared to just two percent who said the currency's value was justified. Another survey reported by The Wall Street Journal this week found that 51 out of 53 economists surveyed thought bitcoin's price was an unsustainable bubble.

Less than a month ago, Bitcoin was selling for $8,000.
Stats

'State of JavaScript' Survey Results: Good News for React and TypeScript (sdtimes.com) 73

"The JavaScript world is richer and messier than ever," reports this year's annual "State of JavaScript" survey, which collected data from over 28,000 developers on everything from favorite frameworks to flavors of JavaScript. SD Times reports: "A few years back, a JavaScript survey would've been a simple matter. Question 1: are you using jQuery? Question 2: any comments? Boom, done!," the developers wrote. "But as we all know, things have changed. The JavaScript ecosystem is richer than ever, and even the most experienced developer can start to hesitate when considering the multitude of options available at every stage"...

On the front end, React remains the dominant framework. However, the survey found interest in Vue is steadily increasing, while Angular is losing steam. Developers are at a 3.8 [on a scale up to 5] when it comes to their overall happiness with front-end tools. On the back end, Express is by far the most popular contender with Koa, Meteor and Hapi slowly making their way behind Express. For testing, Jest and Enzyme stand out with high satisfaction ratings.

In 2016 only 9,000 developers responded for the survey, which had ultimately announced that "Depending on who you ask, right now JavaScript is either turning into a modern, reliable language, or a bloated, overly complex dependency hell. Or maybe both?"

InfoWorld notes that this year more than 28% of the survey's respondent's said they'd used TypeScript, Microsoft's typed superset of JavaScript, and that they'd use it again. And while React was the most popular framework, the second most-popular framework was "none," with 9,493 JavaScript developers saying they didn't use one.
The Military

The US Military Admits It Spent $22 Million Investigating UFOs (boston.com) 125

Long-time Slashdot reader Joosy writes, "Until 2012 the Pentagon had a program, the 'Advanced Aerospace Threat Identification Program', that tracked unidentified flying objects." An anonymous reader writes: The Pentagon finally acknowledged the existence of the $22 million program today to the New York Times, while also claiming that they closed the program five years ago. "But its backers say that, while the Pentagon ended funding for the effort at that time, the program remains in existence. For the past five years, they say, officials with the program have continued to investigate episodes brought to them by service members, while also carrying out their other Defense Department duties."

Over the years the program "produced documents that describe sightings of aircraft that seemed to move at very high velocities with no visible signs of propulsion, or that hovered with no apparent means of lift. Officials with the program have also studied videos of encounters between unknown objects and U.S. military aircraft." But ultimately, a Pentagon spokesman said, "It was determined that there were other, higher priority issues that merited funding, and it was in the best interest of the DoD to make a change."

AI

Predictive Keyboard Tries To Write a New Harry Potter Chapter (cnet.com) 60

Long-time Slashdot reader Baron_Yam writes, "Some AI news items are amusing. This is one of those." ProKras reports: What do you get when a predictive keyboard app tries to write a new Harry Potter story? Apparently, you get Chapter 13 from Harry Potter and the Portrait of What Looked Like a Large Pile of Ash.

The folks at Botnik Studios trained their keyboard using all 7 Harry Potter novels by J.K. Rowling. They used one set of training data for narration and another for dialogue. Then a bunch of team members got together in a chat room and pitched the best (worst?) lines created using the keyboard, and Botnik editors assembled them into a cohesive(ish) chapter of a story.

The results are about as ridiculous as you might imagine. For example, at one point Ron Weasley "saw Harry and immediately began to eat Hermione's family. Ron's Ron shirt was just as bad as Ron himself." It is never explained how Hermonie knew that the password to a certain locked door was "BEEF WOMEN," nor why "the pig of Hufflepuff pulsed like a large bullfrog." Maybe that was covered in Chapter 12.

Google

Google News Will Purge Sites Masking Their Country of Origin (bloomberg.com) 127

An anonymous reader quotes Bloomberg: Google moved to strip from its news search results publications that mask their country of origin or intentionally mislead readers, a further step to curb the spread of fake news that has plagued internet companies this year. To appear in Google News results, websites must meet broad criteria set out by the company, including accurately representing their owners or primary purposes. In an update to its guidelines released Friday, the search giant added language stipulating that publications not "engage in coordinated activity to mislead users."

Additionally the new rules read: "This includes, but isn't limited to, sites that misrepresent or conceal their country of origin or are directed at users in another country under false premises." A popular tactic for misinformation campaigns is to pose as a credible U.S. news outlet. Russian Internet Research Agency, a Kremlin-backed organization, used that technique to reach an audience of nearly 500,000 people, spread primarily through Twitter accounts, Bloomberg reported earlier.

China

Facial Recognition Algorithms -- Plus 1.8 Billion Photos -- Leads to 567 Arrests in China (scmp.com) 145

"Our machines can very easily recognise you among at least 2 billion people in a matter of seconds," says the chief executive and co-founder of Yitu. The South China Morning Post reports: Yitu's Dragonfly Eye generic portrait platform already has 1.8 billion photographs to work with: those logged in the national database and you, if you have visited China recently... 320 million of the photos have come from China's borders, including ports and airports, where pictures are taken of everyone who enters and leaves the country. According to Yitu, its platform is also in service with more than 20 provincial public security departments, and is used as part of more than 150 municipal public security systems across the country, and Dragonfly Eye has already proved its worth. On its very first day of operation on the Shanghai Metro, in January, the system identified a wanted man when he entered a station. After matching his face against the database, Dragonfly Eye sent his photo to a policeman, who made an arrest. In the following three months, 567 suspected lawbreakers were caught on the city's underground network. The system has also been hooked up to security cameras at various events; at the Qingdao International Beer Festival, for example, 22 wanted people were apprehended.

Whole cities in which the algorithms are working say they have seen a decrease in crime. According to Yitu, which says it gets its figures directly from the local authorities, since the system has been implemented, pickpocketing on Xiamen's city buses has fallen by 30 per cent; 500 criminal cases have been resolved by AI in Suzhou since June 2015; and police arrested nine suspects identified by algorithms during the 2016 G20 summit in Hangzhou. Dragonfly Eye has even identified the skull of a victim five years after his murder, in Zhejiang province.

The company's CEO says it's impossible for police to patrol large cities like Shanghai (population: 24,000,000) without using technology.

And one Chinese bank is already testing facial-recognition algorithms hoping to develop ATMs that let customers withdraw money just by showing their faces.
DRM

Why Linux HDCP Isn't the End of the World (collabora.com) 121

"There is no reason for the open-source community to worry..." writes Daniel Stone, who heads the graphics team at open-source consultancy Collabora. mfilion quotes Collabora.com: Recently, Sean Paul from Google's ChromeOS team, submitted a patch series to enable HDCP support for the Intel display driver. HDCP is used to encrypt content over HDMI and DisplayPort links, which can only be decoded by trusted devices... However, if you already run your own code on a free device, HDCP is an irrelevance and does not reduce freedom in any way....

HDCP support is implemented almost entirely in the hardware. Rather than adding a mandatory encryption layer for content, the HDCP kernel support is dormant unless userspace explicitly requests an encrypted link. It then attempts to enable encryption in the hardware and informs userspace of the result. So there's the first out: if you don't want to use HDCP, then don't enable it! The kernel doesn't force anything on an unwilling userspace.... HDCP is only downstream facing: it allows your computer to trust that the device it has been plugged into is trusted by the HDCP certification authority, and nothing more. It does not reduce user freedom, or impose any additional limitations on device usage.

China

China Will Spend $3.3 Billion to Research Molten Salt Nuclear-Powered Drones (scmp.com) 174

Long-time Slashdot reader WindBourne tipped us off to some news from The South China Morning Post: China is to spend 22 billion yuan (US$3.3 billion) trying to perfect a form of technology largely discarded in the cold war which could produce a safer but more powerful form of nuclear energy. The cash is to develop two "molten salt" reactors in the Gobi Desert in northern China. Researchers hope that if they can solve a number of technical problems the reactors will lead to a range of applications, including nuclear-powered warships and drones. The technology, in theory, can create more heat and power than existing forms of nuclear reactors that use uranium, while producing only one thousandth of the radioactive waste. It also has the advantage for China of using thorium as its main fuel. China has some of the world's largest reserves of the metal...

The reactors use molten salt rather than water as a coolant, allowing them to create temperatures of over 800 degrees Celsius, nearly three times the heat produced by a commercial nuclear plant fuelled with uranium. The superhot air has the potential to drive turbines and jet engines and in theory keep a bomber flying at supersonic speed for days.

One Beijing researcher says these drones "would serve as a platform for surveillance, communication or weapon delivery to deter nuclear and other threats from hostile countries." He asked not to be named, but provided one more advantage for a nuclear-powered drone flying at high-altitudes over the ocean.

"It will also have more public acceptance. If an accident happens, it crashes into the sea."
NASA

NASA Uses Its First Recycled SpaceX Rocket For a Re-Supply Mission (nypost.com) 89

An anonymous reader quotes the New York Post: SpaceX racked up another first on Friday, launching a recycled rocket with a recycled capsule on a grocery run for NASA. The unmanned Falcon rocket blasted off with a just-in-time-for-Christmas delivery for the International Space Station, taking flight again after a six-month turnaround. On board was a Dragon supply ship, also a second-time flier. It was NASA's first use of a reused Falcon rocket and only the second of a previously flown Dragon.

Within 10 minutes of liftoff, the first-stage booster was back at Cape Canaveral Air Force Station, standing upright on the giant X at SpaceX's landing zone. That's where it landed back in June following its first launch. Double sonic booms thundered across the area. At SpaceX headquarters in Hawthorne, California, cheers erupted outside the company's glassed-in Mission Control, where chief executive Elon Musk joined his employees.

The Dragon reaches the space station Sunday. The capsule last visited the 250-mile-high outpost in 2015. This time, the capsule is hauling nearly 5,000 pounds of goods, including 40 mice for a muscle-wasting study, a first-of-its-kind impact sensor for measuring space debris as minuscule as a grain of sand and barley seeds for a germination experiment by Budweiser, already angling to serve the first beer on Mars.

Also onboard were several hundred Star Wars mission patches created by a partnership between Lucasfilm and the Center for the Advancement of Science in Space (the non-profit organization managing the ISS National Lab). Space.com reports that Elon Musk named the Falcon X after the original Millennium Falcon in Star Wars.

Slashdot Top Deals