The new 1.14 release of the Go programming language "is dotted with performance and security improvements," reports the developer news site DevClass, "but also gives devs more flexibility when it comes to module use." And they also give a nice overview of Go's development process: Go is the language most containerization projects are built with. The wide adoption of this approach is one of the reasons that made the Go team implement a new feedback-based system for language enhancements. In it, only a limited number of new features are proposed for an upcoming release, giving the community room to weigh in on them. If they decide a change will do more good than harm the feature will make it into the new version. However, since alterations affect a quite wide range of people, they are often heavily disputed. This already led to the abandoning of a proposal thought to improve the language's often discussed error handling. Currently, a couple of new vet checks and minor adjustments are discussed for the 1.15 release. Updates in Go 1.14 mainly concern the toolchain, runtime, and libraries. The only change to the language allows for methods of embedded interfaces to have the same name and signature as those on the embedding interface. Supposedly to facilitate the creation of somewhat safer applications, version 1.14 includes a hash/maphash package. The hash functions on byte sequences contained in it are meant to help with the implementation of hash tables or similar data structures. The Go team warns though that "the hash functions are collision-resistant but not cryptographically secure...." Go 1.14 is the last release to run on macOS 10.11 and support 32-bit binaries on Apple's operating system. Meanwhile binaries for Windows come with data execution prevention enabled, experimental support for 64-bit RISC-V on Linux is included, and v1.14 should work with 64-bit ARM architecture on FreeBSD 12.0 or later.

Read more of this story at Slashdot.

Several pundits criticized Google for warning Edge users to switch to Chrome if they wanted to use Chrome extensions "securely". "In Chrome, a plugin can be remotely disabled by the Chrome team if it's considered unsafe for whatever reason," notes PC World. "Google lacks the ability to remotely disable the same plugin within Edge, prompting Google to recommend switching to Chrome, a source close to Google said." Though PC World notes that Google isn't giving the same warning to Opera users... Yet now when you try to add Chrome Extensions to Edge, Microsoft also gives you a warning of its own -- that extensions installed from sources other than the Microsoft Store "are unverified [by Microsoft], and may affect browser performance." And while Google.com is still displaying an ad for Chrome to web surfers using Edge, now if you search for "Chrome web store" on Bing, the first result is an ad ("promoted by Microsoft") for Microsoft's own Edge browser. ZDNet's Chris Matyszczyk asked both Google and Microsoft for a comment: [N]othing from Google. But suddenly, a confirmation from Microsoft that it wouldn't offer official comment. My sniffings around Google suggest the company may have been taken aback by the positive public reaction to Edge... My nasal probings around Redmond offer the reasoning that, well, Microsoft hasn't tested or verified extensions that arrive from places other than they Microsoft Edge add-ons website. Why, they're far too busy to do that. And, well, it's the Chrome web store. Who knows what you'll find over there? Oh, and Edge gives you more control over your data, so there. Could it be, then, that Google is being vacuously childish and trying to scare people into resisting the lures of Microsoft's browser handiwork? Could it also be that Microsoft is doing something rather similar in either retaliation or merely homage to the brutally competitive instincts of social activist Bill Gates? Could it be that both of these companies should pause to examine their consciences, go sit in a corner and embrace their customers' needs and choices a touch more fully?

Read more of this story at Slashdot.

Also in 2016 from Miguel de Icaza: "Most newcomers are only learning, and before they know what a font is, they need to learn what a certificate authority is."

This is kind of a milestone. "HTTPS is great, but it isn’t for everything. It shouldn’t be for personal sites." There's a bigger picture. Google shouldn't try to take control of HTTP. As I say in my FAQ, on the web, Google is a guest, as we all are, and guests don't make the rules. There are good reasons to keep HTTP simple, but none of us have the right to change it. It is what it is. Scripting News will never be forced to do anything by Google, I don't recognize their authority to force anyone to do anything on the web. If HTTPS were such a great idea, there would be no reason to force anyone to do it, we'd just do it because we want to. More here.

2016: "The problem of requiring HTTPs in less than 140 chars: 1.Few benefits for blog-like sites, and 2. The costs are prohibitive."

The New York Times reports: Some of Earth's plants have fallen in love with metal. With roots that act practically like magnets, these organisms -- about 700 are known -- flourish in metal-rich soils that make hundreds of thousands of other plant species flee or die.... The plants not only collect the soil's minerals into their bodies but seem to hoard them to "ridiculous" levels, said Alan Baker, a visiting botany professor at the University of Melbourne who has researched the relationship between plants and their soils since the 1970s. This vegetation could be the world's most efficient, solar-powered mineral smelters. What if, as a partial substitute to traditional, energy-intensive and environmentally costly mining and smelting, the world harvested nickel plants...? On a plot of land rented from a rural village on the Malaysian side of the island of Borneo, Dr. Baker and an international team of colleagues have proved it at small scale. Every six to 12 months, a farmer shaves off one foot of growth from these nickel-hyper-accumulating plants and either burns or squeezes the metal out. After a short purification, farmers could hold in their hands roughly 500 pounds of nickel citrate, potentially worth thousands of dollars on international markets. Now, as the team scales up to the world's largest trial at nearly 50 acres, their target audience is industry. In a decade, the researchers hope that a sizable portion of insatiable consumer demand for base metals and rare minerals could be filled by the same kind of farming that produces the world's coconuts and coffee... [T]he technology has the additional value of enabling areas with toxic soils to be made productive... Now, after decades behind the lock and key of patents, Dr. Baker said, "the brakes are off the system." Long-time Slashdot reader necro81 adds "This process, called phytomining, cannot supplant the scale of traditional mining, but could make a dent in the world's demand for nickel, cobalt, and zinc. "Small-holding farmers could earn more from phytomining than from coaxing food crops from metal-laden soils. Using these plants could also help clean brownfields left over from prior industrial use."

Read more of this story at Slashdot.

Nasa says major decreases in nitrogen dioxide levels are "at least partly" linked to the outbreak.

"Intel's security plans sound a lot like 'we're going to catch up to AMD,'" argues FOSS advocate and "mercenary sysadmin" Jim Salter at Ars Technica, citing a "present-and-future" presentation by Anil Rao and Scott Woodgate at Intel's Security Day that promised a future with Full Memory Encryption but began with Intel SGX (launched with the Skylake microarchitecture in 2015). Salter describes SGX as "one of the first hardware encryption technologies designed to protect areas of memory from unauthorized users, up to and including the system administrators themselves." SGX is a set of x86_64 CPU instructions which allows a process to create an "enclave" within memory which is hardware encrypted. Data stored in the encrypted enclave is only decrypted within the CPU -- and even then, it is only decrypted at the request of instructions executed from within the enclave itself. As a result, even someone with root (system administrator) access to the running system can't usefully read or alter SGX-protected enclaves. This is intended to allow confidential, high-stakes data processing to be safely possible on shared systems -- such as cloud VM hosts. Enabling this kind of workload to move out of locally owned-and-operated data centers and into massive-scale public clouds allows for less expensive operation as well as potentially better uptime, scalability, and even lower power consumption. Intel's SGX has several problems. The first and most obvious is that it is proprietary and vendor-specific -- if you design an application to utilize SGX to protect its memory, that application will only run on Intel processors... Finally, there are potentially severe performance impacts to utilization of SGX. IBM's Danny Harnik tested SGX performance fairly extensively in 2017, and he found that many common workloads could easily see a throughput decrease of 20 to 50 percent when executed inside SGX enclaves. Harnik's testing wasn't 100 percent perfect, as he himself made clear -- in particular, in some cases his compiler seemed to produce less-optimized code with SGX than it had without. Even if one decides to handwave those cases as "probably fixable," they serve to highlight an earlier complaint -- the need to carefully develop applications specifically for SGX use cases, not merely flip a hypothetical "yes, encrypt this please" switch.... After discussing real-world use of SGX, Rao moved on to future Intel technologies -- specifically, full-memory encryption. Intel refers to its version of full-memory encryption as TME (Total Memory Encryption) or MKTME (Multi-Key Total Memory Encryption). Unfortunately, those features are vaporware for the moment. Although Intel submitted an enormous Linux kernel patchset last May for enabling those features, there are still no real-world processors that offer them... This is probably a difficult time to give exciting presentations on Intel's security roadmap. Speculative prediction vulnerabilities have hurt Intel's processors considerably more than their competitors', and the company has been beaten significantly to market by faster, easier-to-use hardware memory encryption technologies as well. Rao and Woodgate put a brave face on things by talking up how SGX has been and is being used in Azure. But it seems apparent that the systemwide approach to memory encryption already implemented in AMD's Epyc CPUs -- and even in some of their desktop line -- will have a far greater lasting impact. Intel's slides about their own upcoming full memory encryption are labeled "innovations," but they look a lot more like catching up to their already-established competition.

Read more of this story at Slashdot.

"Mats Järlström's emotions were clearly visible Friday morning. After years of arguing red light traffic cameras are flawed, the official Journal of the Institute of Transportation Engineers said he was right," reports a local news station in Portland, Oregon: The ITE sets traffic policy recommendations for the United States — and they said cities should be using his formula. "It is a big deal," Järlström told KOIN 6 News. "It's the top." Six years ago he tried to tell the Beaverton City Council there's a problem with its red light cameras. Then there was the State of Oregon, which fined him for practicing engineering without a license. He had to file a federal lawsuit to continue his research to prove drivers making turns at intersections often get caught in a dilemma when they're slowing down to make a turn and the yellow light isn't long enough. Järlström said he used 8th-grade math skills to prove drivers have been getting tickets they can't avoid. "It didn't take an engineering license to realize that the formula for traffic light timing was flawed," Järlström says on the Institute for Justice site. "I'm just glad that the ITE and the professional engineering community were willing to listen to an outsider, consider my work, and finally update their formula." "The First Amendment protects Americans' right to speak regardless of whether they are right or wrong," said the Institute for Justice attorney who represented Järlström. "But in Mats's case, the ITE committee's decision suggests that he not only has a right to speak, but also, that he was right all along." The ITE's vote updates a 55-year-old equation, the site reports. Järlström added, "We will never know how many Americans have received red light tickets for making perfectly safe right-hand turns."

Read more of this story at Slashdot.

"Tesla will work with PG&E to build the world's largest battery facility able to store energy generated by both solar and wind power in Monterey, California," writes long-time Slashdot reader Okian Warrior. Clean Technica reports: "Certainly, combined, this is going to be the largest battery facility in the world, so it's a big boost to our community and our country," said Monterey County Supervisor John Phillips. Both projects will utilize hundreds of lithium-ion batteries to store clean and renewable energy. They will also use the existing power lines to transmit the energy around Monterey County and parts of Silicon Valley. Next month, Tesla and PG&E hope to break ground on their project with hopes that it will be completed by the end of this year.

Read more of this story at Slashdot.

The Boston Globe's Stat News site reports that the new coronavirus "may be spreading in parts of the Pacific Northwest, with California, Oregon, and Washington State reporting Friday that they have diagnosed cases with no travel history or known contact with another case...." Problems with a coronavirus test developed by the Centers for Disease Control and Prevention have meant that little testing for the new virus has been done in the U.S. Worried infectious diseases experts have warned that the lack of apparent cases in the country cannot be taken as a sign the virus isn't spreading, undetected in some places... The discovery that the virus may be spreading in the country should not come as a surprise, said Michael Osterholm, director of the University of Minnesota's Center for Infectious Diseases Research and Policy. "It just tells us where there is testing, there are cases. And that's what we have to understand," Osterholm said. "There is no such thing as a barrier containment to keep these out. It's going to happen. And what we have to do now is get on with how we're going to deal with them...." Dr. Sara Cody, health officer for Santa Clara County, said individuals need to start practicing good hand hygiene and learn to stop touching their faces -- people can infect themselves if they pick up viruses off a contaminated surface, then put a finger in their mouth or rub their eyes or nose.

Read more of this story at Slashdot.

Apache Tomcat servers released in the last 13 years are vulnerable to a bug named Ghostcat that can allow hackers to take over unpatched systems. From a report: Discovered by Chinese cybersecurity firm Chaitin Tech, Ghostcat is a flaw in the Tomcat AJP protocol. AJP stands for Apache JServ Protocol and is a performance-optimized version of the HTTP protocol in binary format. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances. Tomcat's AJP connector is enabled by default on all Tomcat servers and listens on the server's port 8009. Chaitin researchers say they discovered a bug in AJP that can be exploited to either read or write files to a Tomcat server.

Read more of this story at Slashdot.

The Federal Communications Commission announced Friday that it has proposed fining the nation's four largest wireless carriers $200 million for selling access to their customers' location information without taking reasonable measures to protect customers' real-time location information. From a report: The agency is proposing T-Mobile face a fine of more than $91 million. AT&T will be fined more than $57 million. It's fining Verizon more than $48 million. And Sprint's fine will be more than $12 million. FCC Chairman Ajit Pai said the proposed fines have put wireless carriers on notice that they need to do a better job protecting consumers' privacy. "This FCC will not tolerate phone companies putting Americans' privacy at risk," he said in a statement. Still, the amount of the fines is a drop in the bucket for the nation's carriers. For instance, Verizon reported fourth quarter revenue of $34.78 billion; AT&T reported revenue of $46.82 billion; and T-Mobile reported revenue of $11.88 billion.

Read more of this story at Slashdot.

With the next version of Windows 10, coming this spring, Microsoft's Cortana digital assistant will lose a number of consumer skills around music and connected homes, as well as some third-party skills. From a report: That's very much in line with Microsoft's new focus for Cortana, but it may still come as a surprise to the dozens of loyal Cortana fans. Microsoft is also turning off Cortana support in its Microsoft Launcher on Android by the end of April and on older versions of Windows that have reached their end-of-service date, which usually comes about 36 months after the original release. As the company explained last year, it now mostly thinks of Cortana as a service for business users. The new Cortana is all about productivity, with deep integrations into Microsoft's suite of Office tools, for example. In this context, consumer services are only a distraction, and Microsoft is leaving that market to the likes of Amazon and Google .

Read more of this story at Slashdot.

Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.