How Reliable Are Modern CPUs? Slashdotby EditorDavid on google at January 1, 1970, 1:00 am (cached at June 5, 2021, 11:05 pm)

Slashdot reader ochinko (user #19,311) shares The Register's report about a recent presentation by Google engineer Peter Hochschild. His team discovered machines with higher-than-expected hardware errors that "showed themselves sporadically, long after installation, and on specific, individual CPU cores rather than entire chips or a family of parts." The Google researchers examining these silent corrupt execution errors (CEEs) concluded "mercurial cores" were to blame CPUs that miscalculated occasionally, under different circumstances, in a way that defied prediction...The errors were not the result of chip architecture design missteps, and they're not detected during manufacturing tests. Rather, Google engineers theorize, the errors have arisen because we've pushed semiconductor manufacturing to a point where failures have become more frequent and we lack the tools to identify them in advance. In a paper titled "Cores that don't count" [PDF], Hochschild and colleagues Paul Turner, Jeffrey Mogul, Rama Govindaraju, Parthasarathy Ranganathan, David Culler, and Amin Vahdat cite several plausible reasons why the unreliability of computer cores is only now receiving attention, including larger server fleets that make rare problems more visible, increased attention to overall reliability, and software development improvements that reduce the rate of software bugs. "But we believe there is a more fundamental cause: ever-smaller feature sizes that push closer to the limits of CMOS scaling, coupled with ever-increasing complexity in architectural design," the researchers state, noting that existing verification methods are ill-suited for spotting flaws that occur sporadically or as a result of physical deterioration after deployment. Facebook has noticed the errors, too. In February, the social ad biz published a related paper, "Silent Data Corruption at Scale," that states, "Silent data corruptions are becoming a more common phenomena in data centers than previously observed...." The risks posed by misbehaving cores include not only crashes, which the existing fail-stop model for error handling can accommodate, but also incorrect calculations and data loss, which may go unnoticed and pose a particular risk at scale. Hochschild recounted an instance where Google's errant hardware conducted what might be described as an auto-erratic ransomware attack. "One of our mercurial cores corrupted encryption," he explained. "It did it in such a way that only it could decrypt what it had wrongly encrypted." How common is the problem? The Register notes that Google's researchers shared a ballpark figure "on the order of a few mercurial cores per several thousand machines similar to the rate reported by Facebook."

Read more of this story at Slashdot.

Giant Diamonds May Hold the Key To Superdeep Earthquakes Slashdotby EditorDavid on earth at January 1, 1970, 1:00 am (cached at June 5, 2021, 9:34 pm)

"Earthquakes shouldn't occur more than 300 kilometers below Earth's surface, according to most geophysical models," reports Science magazine. "Yet they commonly do — a phenomenon that has mystified seismologists for decades." Slashdot reader sciencehabit shares their report on one possible explanation: that water carried by the tectonic plates shoved beneath continents "could be triggering these deep temblors." The find may also explain another marvel: why a huge number of fist-size diamonds form at this depth... Steven Shirey, a geochemist at the Carnegie Institution for Science...and his team took a closer look at how water might make its way down deep... Regardless of depth, Shirey and his team found that once rocks in the slabs reached temperatures above 580 degrees C, they were less able to hold water. As that water flooded out of the slab, it weakened the surrounding rocks and triggered quakes, Shirey and his colleagues report in AGU Advances. This water, typically chock-full of dissolved minerals, would also be available to fuel diamond formation... "The temperature tells the story," says Douglas Wiens, a seismologist at Washington University in St. Louis who was not involved in the new study. If the tectonic slab starts out hot, as it would if the rocks are relatively young, he says, the plate will dehydrate at depths between 100 and 250 kilometers and thus won't carry water far enough down to generate deep quakes. But if rocks in the sinking slab are old and relatively cool, water will stay locked inside the sinking slab for a longer time, persisting there until it is released at depths of 300 to 500 kilometers or more. Further work in both the lab and the field will be needed to fully understand the relationships between water released from sinking slabs and deep earthquakes, Wiens says. In the meantime, he says, it's clear that diamonds that form at those depths, imperfections and all, will be critical to teasing out the details of the story.

Read more of this story at Slashdot.

Google Releases 'Open Source Insights' Dependency Visualization Tool Slashdotby EditorDavid on opensource at January 1, 1970, 1:00 am (cached at June 5, 2021, 8:35 pm)

From today's edition of Mike Melanson's "This Week in Programming" column: If you've been using open source software for any amount of time, then you're well aware of the tangled web of dependencies often involved in such projects. If not, there's any number of tools out there that explore just how interconnected everything is, and this week Google has jumped into the game with its own offering — an exploratory visualization site called Open Source Insights that gives users an interactive view of dependencies of open source projects. Now, Google isn't the first to get into the game of trying to uncover and perhaps untangle the dizzying dependency graph of the open source world, but the company argues that it is more so trying to lay everything out in a way that developers can see, visually, just how, well, hopelessly screwed they really are. "There are tools to help, of course: vulnerability scanners and dependency audits that can help identify when a package is exposed to a vulnerability. But it can still be difficult to visualize the big picture, to understand what you depend on, and what that implies," they write. The Open Source Insights tool — currently "experimental" — gives users either a table or graphical visualization of how a project is composed, allowing them to explore the dependency graph and examine how using different versions of certain projects might actually affect that dependency graph. One of the benefits, Google notes, is that it allows users to see all this information "without asking you to install the package first. You can see instantly what installing a package — or an updated version — might mean for your project, how popular it is, find links to source code and other information, and then decide whether it should be installed." Currently, the tool supports npm, Maven, Go modules, and Cargo, with more packaging systems on the way soon...

Read more of this story at Slashdot.

GCC Will No Longer Require Copyrights Be Assigned to the FSF Slashdotby EditorDavid on gnu at January 1, 1970, 1:00 am (cached at June 5, 2021, 7:34 pm)

Version 9.4 of the GNU Compiler Collection "encompasses more than 190 bug fixes for GCC 9.3, which has been available since March 2020," reports DevClass. But they add that in addition, "Developers who want to contribute to the GNU Compiler Collection but don't feel like signing over copyright to the Free Software Foundation can get busy committing now." GCC Steering Committee member David Edelsohn informed contributors via the mailing list that the committee "decided to relax the requirement to assign copyright for all changes" to the FSF. Speaking for the committee, he wrote that the GCC project "will now accept contributions with or without an FSF copyright assignment", a practice thought of as consistent with that "of many other major Free Software projects, such as the Linux kernel". GCC "will continue to be developed, distributed and licensed" under the GPLv3, so nothing should change for those adding to the project under the old assumptions. There are those who have had troubles with that arrangement before, with Apple often cited as a popular example. They are now free to contribute utilising the Developer Certificate of Origin instead of agreeing to an FSF Copyright Assignment. A reason was not given, though the last sentence of the statement, which affirms the principles of Free Software, might give a clue. In March 2021, the committee commented on the removal of Richard Stallman from the project's steering committee website with a similar declaration... [T]hey felt like an association with Stallman was not serving the best interests of the GCC developers and user community, given that the "GCC Steering Committee is committed to providing a friendly, safe and welcoming environment for all." The Register notes that Red Hat senior principal engineer Mark Wielaard asked why there was no public discussion before making the change.

Read more of this story at Slashdot.

FBI Demands IP Addresses for Readers of a Newspaper's Story During a 35-Minute Windo Slashdotby EditorDavid on themedia at January 1, 1970, 1:00 am (cached at June 5, 2021, 6:34 pm)

The newspaper USA Today reports that it's "fighting a subpoena from the FBI demanding records that would identify readers of a February story" about a Southern Florida shooting that killed two of the investigative agency's agents and wounded three others. Long-time Slashdot reader schwit1 shares their report: In a motion filed in federal district court in Washington, D.C. asking a judge to quash the subpoena, Gannett, USA TODAY's parent company, said the effort is not only unconstitutional but also violates the Justice Department's own rules... The subpoena, issued in April, demands the production of records containing IP addresses and other identifying information "for computers and other electronic devices" that accessed the story during a 35-minute time frame starting at 8:03 p.m. on the day of the shooting. "Being forced to tell the government who reads what on our websites is a clear violation of the First Amendment," Maribel Perez Wadsworth, USA TODAY's publisher, said in a statement. "The FBI's subpoena asks for private information about readers of our journalism...." The subpoena, signed by an FBI agent in Maryland, said the records relate to a criminal investigation. But it's unclear how USA TODAY's readership records are related to the investigation of the Florida shooting, or why the FBI is focusing on the time frame. Wadsworth said Gannett's attorneys tried to contact the FBI before and after the company fought the subpoena in court, but she said the FBI has yet to provide any meaningful explanation of the basis for the subpoena. The FBI and the Justice Department declined to comment.

Read more of this story at Slashdot.

GitHub Honors Class of 2021 with 'GitHub Yearbook' and 'GitHub Graduation' Ceremony Slashdotby EditorDavid on programming at January 1, 1970, 1:00 am (cached at June 5, 2021, 5:35 pm)

An anonymous reader writes: This week the GitHub Yearbook went live, with 6794 "graduates" featured on a special web page showcasing "any student who has graduated, or plans to graduate, in 2021... This includes bootcamps, code camps, high school graduates, Master's graduates, Ph. D. Graduates, etc." (Students were added by submitting a pull request — as long as they'd also signed up for the GitHub Student Developer Pack.) The first 5,000 graduates received "swag," including a custom holographic card with their GitHub stats. But Saturday sees a special ceremony where these students will "walk" the stage at GitHub Graduation (starting at 9 a.m. PST). "We'll be hearing from special guests, giving out exclusive swag, and highlighting student stories and projects from around the world," explains the event's web page. Calling it "a day to celebrate our craft, our community, and how technology moves the world forward," a post on GitHub's blog invites viewers "to welcome them to a global community of innovative thinkers and impactful builders." It acknowledges the special challenges of 2021, saying "This year, thousands of students from around the world came together and redefined the world we live in, how we learn, and how we move forward," adding "We are honored to be part of the experience and eager to celebrate this milestone...." "During a devastating year, these graduates shined a light on what is possible. We saw project after project showcasing not only their skills, but also their passion and perseverance. This class is unstoppable!"

Read more of this story at Slashdot.

[no title] Scripting News(cached at June 5, 2021, 5:03 pm)

I don't hate the Nets for any reason other than they are (I hope) the last instance of a superteam, a concept pioneered by LeBron James, whose career as a superteam founder is now over, btw, as of this week. Basketball is a sport. I know it's also a business, but I don't give my heart to businesses. Sorry.
[no title] Scripting News(cached at June 5, 2021, 5:03 pm)

I think I'm going to have to write a this.how piece about breaking users, and all the times people have learned the hard way that breaking users or developers is total misery for everyone, so don't do it. Examples: Python, Font-Awesome.
Florida's Government May Have Ignored and Withheld Data About Covid-19 Cases Slashdotby EditorDavid on stats at January 1, 1970, 1:00 am (cached at June 5, 2021, 4:34 pm)

Slashdot reader DevNull127 writes: Documents filed by Florida's health department now "confirm two of the core aspects" of a whistleblower complaint filed by fired data manager Rebekah Jones, the Miami Herald reported Friday. "Sworn affidavits from Department of Health leaders acknowledge Jones' often-denied claim that she was told to remove data from public access after questions from the Miami Herald." And they also report a position statement from the department (filed August 17th) acknowledging something even morning damning. While a team of epidemiologists at the Department of Health had developed data for the state's plan to re-open — their findings were never actually incorporated into that plan. Reached for comment, a spokesperson for governor Ron DeSantis still insisted to the Herald that "every action taken by Governor DeSantis was data-driven and deliberate." From the article: But when the Herald requested the data, data analysis, or data model related to reopening under Florida's open records law, the governor's office responded that there were no responsive records... Secrecy was a policy. Staffers were told not to put anything about the pandemic response into writing, according to four Department of Health employees who spoke on the condition of anonymity... Emails and texts reviewed by the Herald show the governor's office worked in coordination with Department of Health "executive leadership" to micromanage everything about the department's public response to the pandemic, from information requests from the press to specific wording and color choice on the Department of Health website and data dashboard. They slow-walked responses to questions on important data points and public records, initially withholding information and data on deaths and infections at nursing homes, state prisons and schools, forcing media organizations to file or threaten lawsuits. Important information that had previously been made public was redacted from medical examiner accounts of COVID-19 fatalities. At one point the state mischaracterized the extent of Florida's testing backlog by over 50 percent — skewing the information about how many people were getting sick each day — by excluding data from private labs, a fact that was only disclosed in response to questions from the press. Emails show that amid questions about early community spread, data on Florida's earliest potential cases — which dated back to late December 2019 — were hidden from the public by changing "date range of data that was available on the dashboard." Department of Health staffers interviewed by the Herald described a "hyper-politicized" communications department that often seemed to be trying to match the narrative coming from Washington. The Herald's article also "delved into the details of the department's operation," writes DevNull127 : For example, the whistleblower complaint of Rebekah Jones quotes the state's deputy health secretary as telling her pointedly that "I once had a data person who said to me, 'you tell me what you want the numbers to be, and I'll make it happen.'" Or, as Jones later described that interaction to her mother, "They want me to put misleading data up to support that dumb f***'s plan to reopen. And more people are gonna die because [of] this and that's not what I agreed to." Last Friday the health department's Office of the Inspector General announced they'd found "reasonable cause" to open an investigation into decisions and actions by Department of Health leadership that could "represent an immediate injury to public health." Meanwhile, Florida officials confirmed Friday night that their health department "will no longer update its Covid-19 dashboard and will suspend daily case and vaccine reports," according to the New York Times. "Officials will instead post weekly updates, becoming the first U.S. state to move to such an infrequent publishing schedule." Jones had been using that data to continue running her own online dashboard, and posted Friday in lieu of data that the dashboard's operation would now be interrupted "as I work to reformat the website to adjust for these changes...." But she promised to keep trying to help the people of Florida "in whatever capacity I can with the limitations the Department of Health is now putting on public access to this vital health information."

Read more of this story at Slashdot.

[no title] Scripting News(cached at June 5, 2021, 4:02 pm)

Today is the day I was dreaming of when winter just. Would. Not. End. Life is good!
Denmark Parliament Approves Giant Artificial Island Off Copenhagen Slashdotby BeauHD on earth at January 1, 1970, 1:00 am (cached at June 5, 2021, 3:05 pm)

Plans for an artificial island to house 35,000 people and protect the port of Copenhagen from rising sea levels have been approved by Danish MPs. The BBC reports: The giant island, named Lynetteholm, would be connected to the mainland via a ring road, tunnels and a metro line. The approval by Denmark's parliament paves the way for the 1 sq mile (2.6 sq km) project to begin later this year. But it faces opposition from environmentalists who have concerns over the impact of its construction. Plans for Lynetteholm include a dam system around its perimeter, with the aim of protecting the harbour from rising sea levels and storm surges. If construction goes ahead as planned, the majority of the foundations for the island off Denmark's capital should be in place by 2035, with an aim to fully complete the project by 2070. Some of the environmental concerns include the transportation of materials by road, which will involve large numbers of vehicles to move the 80 million tons of soil required to create the peninsula alone. "There are also concerns among environmentalists about the movement of sediment at sea and the possible impact on ecosystems and water quality," the report adds.

Read more of this story at Slashdot.

Apple, Mozilla, Google, Microsoft Form Group To Standardize Browser Plug-Ins Slashdotby BeauHD on internet at January 1, 1970, 1:00 am (cached at June 5, 2021, 12:05 pm)

An anonymous reader quotes a report from AppleInsider: The new WebExtensions Community Group will try to forge a common architecture for future web extensions, and is inviting developers to join the effort. The new group, shortened WECG, consists of members from each of the major browser developers. Member chairs are held by Timothy Hatcher of Apple and Simeon Vincent of Google. Current participants include employees from Apple, Mozilla, and Microsoft. The WebExtensions Community Group has two goals: Make extension creation easier for developers by specifying a consistent model and common core of functionality, APIs, and permissions; and Outline an architecture that enhances performance and is even more secure and resistant to abuse. The group doesn't want to specify every aspect of the web extensions platform or stifle innovation. Each browser vendor will continue to operate independently with their own policies. Developers and browser vendors interested in contributing to the group can join via the W3C website. The WECG has a dedicated GitHub repository with the community charter and work.

Read more of this story at Slashdot.

NASA's Juno To Get a Close Look At Jupiter's Moon Ganymede Slashdotby BeauHD on space at January 1, 1970, 1:00 am (cached at June 5, 2021, 11:05 am)

On Monday, NASA's Juno spacecraft will come within 645 miles of the surface of Jupiter's largest moon, Ganymede. "The flyby will be the closest a spacecraft has come to the solar system's largest natural satellite since NASA's Galileo spacecraft made its penultimate close approach back on May 20, 2000," reports Phys.Org. From the report: Along with striking imagery, the solar-powered spacecraft's flyby will yield insights into the moon's composition, ionosphere, magnetosphere, and ice shell. Juno's measurements of the radiation environment near the moon will also benefit future missions to the Jovian system. Ganymede is bigger than the planet Mercury and is the only moon in the solar system with its own magnetosphere -- a bubble-shaped region of charged particles surrounding the celestial body. Juno's science instruments will begin collecting data about three hours before the spacecraft's closest approach. Along with the Ultraviolet Spectrograph (UVS) and Jovian Infrared Auroral Mapper (JIRAM) instruments, Juno's Microwave Radiometer's (MWR) will peer into Ganymede's water-ice crust, obtaining data on its composition and temperature. Signals from Juno's X-band and Ka-band radio wavelengths will be used to perform a radio occultation experiment to probe the moon's tenuous ionosphere (the outer layer of an atmosphere where gases are excited by solar radiation to form ions, which have an electrical charge).

Read more of this story at Slashdot.

Comic for June 04, 2021 Dilbert Daily Strip(cached at June 5, 2021, 11:01 am)

Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.
Hackers Breached Colonial Pipeline Using Compromised Password Slashdotby BeauHD on security at January 1, 1970, 1:00 am (cached at June 5, 2021, 5:35 am)

An anonymous reader quotes a report from Bloomberg: The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack. Hackers gained entry into the networks ofColonial Pipeline Co.on April 29 through a virtual private network account, which allowed employees to remotely access the company's computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial's network, he said. The account's password has since been discovered inside a batch of leaked passwords on the dark web. That means a Colonial employee may have used the same password on another account that was previously hacked, he said. However, Carmakal said he isn't certain that's how hackers obtained the password, and he said investigators may never know for certain how the credential was obtained. The VPN account, which has since been deactivated, didn't use multifactor authentication, a basic cybersecurity tool, allowing the hackers to breach Colonial's network using just a compromised username and password. It's not known how the hackers obtained the correct username or if they were able to determine it on their own. "We did a pretty exhaustive search of the environment to try and determine how they actually got those credentials," Carmakal said. "We don't see any evidence of phishing for the employee whose credentials were used. We have not seen any other evidence of attacker activity before April 29." A little more than one week later, on May 7, an employee in Colonial's control room saw a ransom note demanding cryptocurrency appear on a computer just before 5 a.m. The employee notified an operations supervisor who immediately began to start the process of shutting down the pipeline, Colonial Chief Executive Officer Joseph Blount said in an interview. By 6:10 a.m., the entire pipeline had been shut down, Blount said. It was the first time Colonial had shut down the entirety of its gasoline pipeline system in its 57-year history, Blount said. "We had no choice at that point," he said. "It was absolutely the right thing to do. At that time, we had no idea who was attacking us or what their motives were."

Read more of this story at Slashdot.