feed on feeds - 2021/04/03 - items 0 to 15

Slashdot reader quonset quotes Business Insider: A user in a low level hacking forum on Saturday published the phone numbers and personal data of hundreds of millions of Facebook users for free online. The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses. Insider reviewed a sample of the leaked data and verified several records by matching known Facebook users' phone numbers with the IDs listed in the data set. We also verified records by testing email addresses from the data set in Facebook's password reset feature, which can be used to partially reveal a user's phone number. A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

Read more of this story at Slashdot.

This week the lead consumer technology writer for The New York Times urged readers to switch their browser from Chrome, Safari, or Microsoft Edge to a private browser. "For about a week, I tested three of the most popular options — DuckDuckGo, Brave and Firefox Focus. Even I was surprised that I eventually switched to Brave as the default browser on my iPhone." Firefox Focus, available only for mobile devices like iPhones and Android smartphones, is bare-bones. You punch in a web address and, when done browsing, hit the trash icon to erase the session. Quitting the app automatically purges the history. When you load a website, the browser relies on a database of trackers to determine which to block. The DuckDuckGo browser, also available only for mobile devices, is more like a traditional browser. That means you can bookmark your favorite sites and open multiple browser tabs. When you use the search bar, the browser returns results from the DuckDuckGo search engine, which the company says is more focused on privacy because its ads do not track people's online behavior. DuckDuckGo also prevents ad trackers from loading. When done browsing, you can hit the flame icon at the bottom to erase the session. Brave is also more like a traditional web browser, with anti-tracking technology and features like bookmarks and tabs. It includes a private mode that must be turned on if you don't want people scrutinizing your web history. Brave is also so aggressive about blocking trackers that in the process, it almost always blocks ads entirely. The other private browsers blocked ads less frequently.... In the end, though, you probably would be happy using any of the private browsers... For me, Brave won by a hair. My favorite websites loaded flawlessly, and I enjoyed the clean look of ad-free sites, along with the flexibility of opting in to see ads whenever I felt like it. Brendan Eich, the chief executive of Brave, said the company's browser blocked tracking cookies "without mercy." "If everybody used Brave, it would wipe out the tracking-based ad economy," he said. Count me in.

Read more of this story at Slashdot.

I'm thinking about legal weed in Woodstock.

Long-time Slashdot reader xiando quotes the backstory from LinuxReviews.org: CentOS used to be the go-to alternative for those who wanted to use Red Hat Enterprise Linux (RHEL) without having to pay RedHat to use it. It was a almost 1:1 clone until RedHat took control of it and turned it into what is now a RHEL beta-version, not a stable RHEL release without the branding. Almalinux is one of several projects that have made their own RHEL forks in response. The first Almalinux version is now released. ZDNet notes that CentOS co-founder Gregory Kurtzer has announced his own RHEL clone and CentOS replacement named Rocky Linux. But they offer this report on AlmaLinux: CloudLinux — which was founded in 2009 to provide a customized, high-performance, lightweight RHEL/CentOS server clone for multitenancy web and server hosting companies — came ready to deliver. The new free AlmaLinux is now stable and ready for production workloads. The company also announced the formation of a non-profit organization: AlmaLinux Open Source Foundation. This group will take over managing the AlmaLinux project going forward. CloudLinux has committed a $1 million annual endowment to support the project. Jack Aboutboul, former Red Hat and Fedora engineer and architect, will be AlmaLinux's community manager. Altogether, Aboutboul brings over 20 years of experience in open-source communities as a participant, manager, and evangelist... "In an effort to fill the void soon to be left by the demise of CentOS as a stable release, AlmaLinux has been developed in close collaboration with the Linux community," said Aboutaboul in a statement. "These efforts resulted in a production-ready alternative to CentOS that is supported by community members...." In talking with CentOS business users, who deployed CentOS on web and host servers, I found many of them to be very hopeful about AlmaLinux. One from a mid-Atlantic-based Linux hosting company said, "What we want is a stable Linux that our customers can rely on from year to year. Since CentOS Stream can't deliver that, we think — hope — that AlmaLinux can do it for us and our users instead...." This first release of AlmaLinux is a one-to-one binary compatible fork of RHEL 8.3. Looking ahead, AlmaLinux will seek to keep step-in-step with future RHEL releases... The GitHub page has already been published and the completed source code has been published in the main download repository. The CloudLinux engineering team has also published FAQ on AlmaLinux Wiki. "The sudden shift in direction for CentOS that was announced in December created a big void for millions of CentOS users," said Simon Phipps, open source advocate and a former president of the Open Source Initiative who is on the governing board of the AlmaLinux project. In a statement, Phipps said that "As a drop-in open-source replacement, AlmaLinux provides those users with continuity and new opportunity to be part of a vibrant community built around creating and supporting this new Linux distribution under non-profit governance. "I give a lot of credit to CloudLinux for stepping in to offer CentOS users a lifeline to continue with AlmaLinux."

Read more of this story at Slashdot.

"You don't really believe the peeing in bottles thing, do you?" Amazon tweeted last week. But on Friday "The web giant fessed up that its delivery drivers have limited access to bathrooms, meaning that accusations of them urinating in bottles or elsewhere in public are likely to be true," reports the New York Post: "We know that drivers can and do have trouble finding restrooms because of traffic or sometimes rural routes," the online retail giant posted on its AboutAmazon portal. "And this has been especially the case during Covid when many public restrooms have been closed...." Amazon's mea culpa admits that the original response was wrong. "It did not contemplate our large driver population and instead wrongly focused only on our fulfillment centers..." Amazon's original tweet had been attempting to knock down criticism from U.S. congressman Mark Pocan, who'd tweeted that "Paying workers $15/hr doesn't make you a 'progressive workplace' when you union-bust & make workers urinate in water bottles." After Amazon's belated acknowledgement of his original criticism, Pocan responded, "Sigh. This is not about me, this is about your workers — who you don't treat with enough respect or dignity. Start by acknowledging the inadequate working conditions you've created for ALL your workers, then fix that for everyone & finally, let them unionize without interference." Ars Technica notes Amazon's turnabout follows an investigation by Vice which had indeed discovered a Reddit forum for Amazon drivers with "dozens of threads and hundreds of comments" on the issues around finding a bathroom. But Ars also notes the issue appears to extend beyond Amazon: "This is a long-standing, industry-wide issue and is not specific to Amazon," the company added. Amazon says it wants to solve the problem: "We don't yet know how, but will look for solutions." Amazon appears to be right about that. Drivers for Uber, Lyft, and food delivery services have reported trouble finding bathrooms while on the job. Drivers for UPS and FedEx have reported similar difficulties. The problem has gotten worse in the last year as the pandemic has closed a large number of stores and restaurants.

Read more of this story at Slashdot.

Volkswagen's early April Fool's Day prank (pretending to re-name the company "Voltswagen") "may have put the company at risk of running afoul of U.S. securities law by wading into the murky waters of potentially misleading investors," reports CNN: "This is not the sort of thing that a responsible global company should be doing," said Charles Whitehead, Myron C. Taylor Alumni Professor of Business Law at Cornell Law School... Volkswagen is indeed investing heavily in electric vehicles, but confusion over the name change could prompt scrutiny from the Securities and Exchange Commission or litigation from investors who feel misled by the joke. The Securities Exchange Act prohibits companies from making false or misleading statements to investors... Quipping about the status of a business that Volkswagen is positioning as more environmentally friendly also could irk investors, especially in light of the 2015 diesel emissions scandal the company has been trying to put behind it. "Will the SEC inquire? Well, of course they will," Whitehead said. "It's gotten enough publicity and people are concerned about it and there are issues about whether or not companies should be doing this that I'm sure [the SEC is] going to make a phone call." A representative from Volkswagen's headquarters said Wednesday afternoon the company had not been contacted by the SEC. The agency declined to comment on the matter. There is precedent for the SEC taking action against cheeky statements regarding big companies. In 2018, Tesla CEO Elon Musk settled with the SEC for $20 million after the agency said his tweet about securing funding to take the company private at $420 a share — an apparent joke about weed — misled investors... it didn't help that the statement announcing the purported name change included no reference to April Fools' Day — and it landed two days before the holiday... Volkswagen's stock fell nearly 4% on Wednesday in the wake of news of the debacle. And that's no joke. Whitehead doesn't think the SEC would ultimately consider a name change material to investors, though he adds that "These are all kind of gray areas, which is why a responsible company just doesn't go down this path...." But with some VW stock near a six-year high, a Bloomberg columnist calls the episode a reminder "that we now live in the meme-stock age where even bad jokes can add or subtract billions of dollars in market value." They also call it a lesson in just how difficult it is to "be Elon." "Charming young Redditors in an authentic way isn't an easy act to pull off..." Despite being one of the planet's richest people, Musk's counterculture savvy and feisty irreverence has made him a hero for Redditors. Tesla has weaponized its soaring share price to raise billions of dollars in cheap funding. That money pays for new factories and products and is a threat to established carmakers. VW must fund its investments via the cash it generates. Even after this year's blistering run its share price is less than 10 times the value of its earnings. It would be self-defeating if VW didn't try to be a bit "cooler." There's also a double-standard in play. We expect VW to be reliable, while Tesla gets to be quirky. Indeed, Musk gets away with things that others wouldn't. For years Tesla has marketed an autopilot system called "Full Self Driving" that can't yet drive entirely by itself — the timeline for when it will be able to do that always seems to be just around the corner.... Following VW's successful "Power Day" — a straight copy of Musk's "Battery Day" event — I quipped that it wouldn't be long before VW boss Herbert Diess was appointed "TechnoKaiser." Finance blog Zerohedge came up with the better punchline: "VW should go full Elon and file an 8K saying its new title is Voltswagen," it tweeted. VW appears to have taken that tongue-in-cheek advice rather too literally. More fool them. Bloomberg's columnist also acknowledges that Volkswagen "has an ambitious and convincing electric-vehicle plan and may soon leapfrog Tesla to become the world's largest battery-vehicle manufacturer. But being ploddingly German is an impediment in today's stock market."

Read more of this story at Slashdot.

Ashkan Soltani was the Chief Technologist of America's Federal Trade Commission in 2014 — and earlier was a staff technologist in its Division of Privacy and Identity Protection helping investigate tech companies including Google and Facebook Friday on Twitter he accused another group of privacy violations: the nonprofit rights organization, the American Civil Liberties Union. Yesterday, the ACLU updated their privacy statement to finally disclose that they share constituent information with 'service providers' like Facebook for targeted advertising, flying in the face of the org's public advocacy and statements. In fact, I was retained by the ACLU last summer to perform a privacy audit after concerns were raised internally regarding their data sharing practices. I only agreed to do this work on the promisee by ACLU's Executive Director that the findings would be made public. Unfortunately, after reviewing my findings, the ACLU decided against publishing my report and instead sat on it for ~6 months before quietly updating their terms of service and privacy policy without explanation for the context or motivations for doing so. While I'm bound by a nondisclosure agreement to not disclose the information I uncovered or my specific findings, I can say with confidence that the ACLU's updated privacy statements do not reflect the full picture of their practices. For example, public transparency data from Google shows that the ACLU has paid Google nearly half a million dollars to deliver targeted advertisements since 2018 (when the data first was made public). The ACLU also opted to only disclose its advertising relationship with Facebook only began in 2021, when in truth, the relationship spans back years totaling over $5 million in ad-spend. These relationships fly against the principles and public statements of the ACLU regarding transparency, control, and disclosure before use, even as the organization claims to be a strong advocate for privacy rights at the federal and state level. In fact, the NY Attorney General conducted an inquiry into whether the ACLU had violated its promises to protect the privacy of donors and members in 2004. The results of which many aren't aware of. And to be clear, the practices described would very much constitute a 'sale' of members' PII under the California Privacy Rights Act (CPRA). The irony is not lost on me that the ACLU vehemently opposed the CPRA — the toughest state privacy law in the country — when it was proposed. While I have tremendous respect for the work the ACLU and other NGOs do, it's important that nonprofits are bound by the same privacy standards they espouse for everyone else. (Full disclosure: I'm on the EFF advisory board and was recently invited to join EPIC's board.) My experience with the ACLU further amplifies the need to have strong legal privacy protections that apply to nonprofits as well as businesses — partially since many of the underlying practices, particularly in the area of fundraising and advocacy, are similar if not worse. Soltani also re-tweeted an interesting response from Alex Fowler, a former EFF VP who was also Mozilla's chief privacy officer for three years: I'm reminded of EFF co-founder John Gilmore telling me about the Coders' Code: If you find a bug or vulnerability, tell the coder. If coder ignores you or refuses to fix the issue, tell the users.

Read more of this story at Slashdot.

Richard Stallman's name has now been taken off official web page of the steering committee for GCC, reports IT Wire. But they also note new changes this week in the management team of the Free Software Foundation: A statement from [FSF executive director John] Sullivan, deputy director John Hsieh, and chief technology officer Ruben Rodriguez on 30 March said: "As members of FSF management, we have decided to resign, with specific end dates to be determined. We believe in the importance of the FSF's mission and feel a new team will be better placed to implement recent changes in governance..." The resignations come in the wake of FSF founder Richard Stallman announcing on 19 March, during the organisation's annual LibrePlanet conference this year that he was rejoining the board. "Some of our colleagues in the FSF have decided to resign," reads an official response from the FSF. "We are grateful for the good work they have done for so long, and we will miss them. We regret losing them; we regret the situation that has motivated them to leave." Another FSF board member also resigned last week. Meanwhile, Ars Technica reports the FSF has created a new seat on the board to be filled by someone from FSF union staff, with acting FSF President Geoffrey Knauth calling it "an important step in the FSF's effort to recognize and support new leadership, to connect that leadership to the community, to improve transparency and accountability, and to build trust. There is still considerable work to be done, and that work will continue." Ars Technica adds: The elephant in the room that the FSF's remaining board members seem determined to ignore is the continued presence of Stallman himself — who, along with the rest of the FSF board, will soon need to undergo its new "transparent, formal process for identifying [members] who are wise, capable, and committed to the FSF's mission."

Read more of this story at Slashdot.

Ruth: "Explain APIs to me like I’m 45 (and new to tech)."

An anonymous reader shares an excerpt from a Washington Post article, written by Matthew Cappucci and Jason Samenow: The National Weather Service experienced a major, systemwide Internet failure Tuesday morning, making its forecasts and warnings inaccessible to the public and limiting the data available to its meteorologists. The outage highlights systemic, long-standing issues with its information technology infrastructure, which the agency has struggled to address as demands for its services have only increased. In addition to Tuesday morning's outage, the Weather Service has encountered numerous, repeated problems with its Internet services in recent months, including: a bandwidth shortage that forced it to propose and implement limits to the amount of data its customers can download; the launch of a radar website that functioned inadequately and enraged users; a flood at its data center in Silver Spring, Md., that has stripped access to key ocean buoy observations; and multiple outages to NWS Chat, its program for conveying critical information to broadcasters and emergency managers, relied upon during severe weather events. The Weather Service is working to evaluate and implement solutions to these problems which are, in the meantime, impacting its ability to fulfill its mission of protecting life and property. [...] Problems with the Weather Service's Internet systems have persisted for years, in part because of increasing demand from users, which the agency has struggled to meet. In December, because of an escalating bandwidth shortage, the Weather Service proposed limiting users to 60 connections per minute on a large number of its websites. Constituents complained about the quota and, earlier this month, the Weather Service announced it would instead impose a data limit of 120 requests per minute and only on servers hosting model data, beginning April 20. Meanwhile, on March 9, the Weather Service's headquarters in Silver Spring "experienced a ruptured water pipe, which caused significant and widespread flooding," which affected a data center, the agency said in a statement. "Some NWS data stopped flowing, including data from ocean buoys," the statement said, noting some of the buoys are used "to detect and locate a seismic event that could cause a tsunami." Neil Jacobs, former acting head of the National Oceanic Atmospheric Administration, which oversees the Weather Service, said many of the agency's Internet infrastructure problems are tied to the fact they run on internal hardware rather than through cloud service providers such as Amazon Web Services, Microsoft and Google Cloud. "I've demanded in writing that NWS transition these applications to our Cloud partners. It's part of an internal strategy I've laid out," Jacobs, a Trump administration appointee, told the Capital Weather Gang in an email before he left office. In July, NOAA released its Cloud Strategy, which stated, "the volume and velocity of our data are expected to increase exponentially with the advent of new observing system and data-acquisition capabilities, placing a premium on our capacity and wherewithal to scale the IT infrastructure and services to support this growth. Modernizing our infrastructure requires leveraging cloud services as a solution to meet future demand."

Read more of this story at Slashdot.

Today's song: Chuck E's In Love.

A gathering for 50 people? Oy.

As you may know, Drummer is my new outliner-based scripting system for the web. Very much under development now.

The same way Frontier was designed around an object database and the Mac filesystem (and later Windows), Drummer works with public and private files on a server.

Frontier is a very broad and deep product, but it wasn't originally designed to be so big. The initial idea was to integrate it with the Finder, add a Scripts menu, and have it do things with the file system, and provide a way to program and connect scriptable apps. That was it. Simple.

I offered it to Apple. At the time, the early 90s, I knew all the decision-makers there, but I asked for too much money, they thought they could do it for less. So now I had tipped my hand, showed them my product, I figured to be competitive I'd have to add more stuff, which I did have available to me, since I always try out ideas that don't make it into the final product. The product got deeper, but it also got more complicated.

I always wondered if it would have worked better if we had started with the small product. We could have shipped sooner. It would have been more approachable, more immediately useful. I think there is a good chance it would have worked better, but it didn't go that way.

This time, I'm trying to keep Drummer small, focus on a few innovations, and make a lot of the parts replaceable.

I am creating a product, but as with Radio UserLand, I also want to try to create a new use for our computers. With Radio it was blogging and RSS. This time it's a richer, better connected working environment on the net for power users and devs.

PS: Power users is a concept that has fallen into disuse, but they still exist, and you can design for them. Some users are very skilled with the technology.

PPS: The key innovation in Drummer is JavaScript without the callbacks.

I've thought more about Making of Sgt Pepper. It's amazing to hear that perspective on the album, I had never really thought how it was created, yet as a creative person myself, I’m often surprised and even offended that people don’t consider my point of view about the things I created. But at one time, Sgt Pepper was their thing, their secret. That's why the final quote was so strong for me. "You just wait," says McCartney -- echoing the feeling in 1969 when he knew he had something great, that was going to shake the world (as it did) and no one but he and a few others knew what it was. And the lesson of the Making of Sgt Pepper is that you and I will never know Sgt Pepper the way McCartney does. And one more thought, if only John lennon could have been there, what would we have learned. BTW, I tried to upload the video to YouTube, but it was rejected, too much copyrighted material.