Shared posts

15 May 17:07

Quantum Flow Engineering Newsletter #9

by ehsan
It’s been 10 weeks since I have started writing these newsletters (the number in the title isn’t an off by one error, there was a one week hiatus due to a work week!). We still have quite a bit of work ahead of us, but we have also accomplished a good amount. Finding a good metric for progress is hard, but we live and breathe in Bugzilla, so we use a bug-based burn-down chart. As you can see, we are starting to see a decrease in the number of open bugs, and this is as we are actively adding tens of new bugs to the pool in the weekly triage meetings.
The other thing that this burn-down chart shows is that we need help! Very recently Kan-Ru came up with the great idea of creating the qf-bugs-upforgrabs tracker bug. These are reasonably self-contained bugs that require less specific domain knowledge and can be worked on by anyone in a reasonable time frame. Please consider taking a look at the dependency list of that bug to see if something interests you! (The similarity of this tacker bug to photon-perf-upforgrabs isn’t an accident!)
On the telemetry hang reports data collection, the new data from hangs of 128ms or longer have been coming in, but there have been some wrinkles in actually receiving this data, and also in receiving the hang data correlated to user interactivity. Michael Layzell has been tirelessly at work on the BHR backend to make it suit our needs, and has been discovering the edges of computation limits in order to symbolicate the BHR reports on people.mozilla.org (now moved to AWS!).
I realized we haven’t had a performance mini-story for a while — I sort of dropped the ball on that. Running over this bug made me want to talk about a pretty well known sort of slowness in C++ code, virtual functions. The cost of virtual functions comes from several different aspects, firstly they effectively prevent the compiler from doing inlining the function which enables a host of compiler optimizations, essentially by enabling the compiler to see more of the code and optimize more effectively based on that. But then there is the runtime cost of the function, which mostly comes from the indirect call. The majority of the performance penalty here on modern hardware is due to branch midpredictions when different implementations of a virtual function get called at a call site. You should remember that on modern desktop processors, the cost of a branch misprediction can be around 15-20 cycles (depending on the processor) so if what your function does is very trivial and it has many overrides that can be called in hot code chances are that you are spending a considerable amount of time waiting for the instruction cache misses on the calls to the virtual function in question. Of course, finding which virtual functions in your program are these expensive ones requires profiling the workloads you care about improving, but always keep an eye for this problem as unfortunately the object-oriented programming model in C++ really encourages writing code like this. This is the kind of issue that a native profiler is probably more suitable for discovering, for example if you are using a simple native sampling profiler these issues typically show up as a long amount of time being spent on the first instruction of the virtual function being called (which is typically an inexpensive instruction otherwise.)
Now it’s time to acknowledge the work of all of you who have helped in improving the performance of the browser in the last week. As always, I hope I’m not forgetting anyone:
12 May 18:46

Twitter Favorites: [shawnmicallef] Disloyalty Programs

Shawn Micallef @shawnmicallef
Disloyalty Programs
12 May 18:45

Twitter Favorites: [JodiesJumpsuit] The Neverending Story (showing the last weekend of May at The Revue): a movie so epic it was an early Simpsons refe… https://t.co/cPwmjMz6wj

Jumpsuit Empress @JodiesJumpsuit
The Neverending Story (showing the last weekend of May at The Revue): a movie so epic it was an early Simpsons refe… twitter.com/i/web/status/8…
12 May 18:45

Apple Releases How-To Videos on iPhone 7 Photography

by John Voorhees

The iPhone 7 and 7 Plus include Apple's most sophisticated cameras. Most of the time you see people out and about snapping quick shots that don’t necessarily take advantage of all the camera hardware and app have to offer. A series of 30-40 second videos released by Apple provide mini how-to tutorials on how to take iPhone 7 photography to the next level.

The videos are available on a new Apple website called ‘How to Shoot on iPhone 7’ and include videos on taking:

  • Portraits with the Portrait feature that’s exclusive to the iPhone 7 Plus;
  • Closeups using tap to focus and slide to adjust exposure;
  • Vertical panoramic photos;
  • Shots without using the flash;
  • Action photos with burst mode;
  • Selfies using the timer;
  • Photos framed with a unique angle;
  • Stills while filming video; and
  • Night time photos using street light.

Five of the videos are also on YouTube, and you can watch them after the break.


Support MacStories Directly

Club MacStories offers exclusive access to extra MacStories content, delivered every week; it’s also a way to support us directly.

Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, it’s made in Italy.

Join Now
12 May 18:45

Jennifer Senior reviews Amy Goldstein’s ‘Janesville’

by Stowe Boyd

Is retraining those dispossessed by economic disruption doomed?

Amy Goldstein was part of a reporting team at the Washington Post that won a Pultizer for 9/11 coverage, and she’s done the hard work of chronicling the downfall of Janesville, Wisconsin after the GM plant was closed in 2008:

Jennifer Senior, In ‘Janesville,’ When the G.M. Plant Closed, Havoc Followed
“Janesville” joins a growing family of books about the evisceration of the working class in the United States. What sets it apart is the sophistication of its storytelling and analysis.
[…]
Readers will also finish “Janesville” with an extremely sobering takeaway: There’s scant evidence that job retraining, possibly the sole item on the menu of policy options upon which Democrats and Republicans can agree, is at all effective.
In the case of the many laid-off workers in the Janesville area, the outcomes are decidedly worse for those who have attended the local technical college to learn a new trade. (Goldstein arrives at this conclusion, outlined in detail, by enlisting the help of local labor economists and poring over multiple data sets.) A striking number of dislocated G.M. employees don’t even know how to use a computer when they first show up for classes at Blackhawk Technical College. “Some students dropped out as soon as they found out that their instructors would not accept course papers written out longhand,” Goldstein writes.

I’ve not yet read the book, but I’m unsurprised to discover that job retraining hasn’t worked. Midlife transitions are incredibly difficult, especially when those involved have little experience in anything but bending metal or screwing on lug nuts.

The larger questions are those that you wouldn’t expect to be answered by the residents of Janesville, though. How can we avoid the continued hollowing out of the US, and the creation of Left Behinds?

Originally published at stoweboyd.com.


Jennifer Senior reviews Amy Goldstein’s ‘Janesville’ was originally published in Work Futures on Medium, where people are continuing the conversation by highlighting and responding to this story.

12 May 18:45

The Annotation Layer As a Marketplace for Context: A Proposal

by mikecaulfield

A lot of our thinking about giving articles a “fact-checking” context has been about automated, centralized, closed approaches — Facebook algorithms that flag things, plugins that provide context, etc. Some of these things are deep in proprietary plumbing of platforms. Others are service-based real-time overlays of information. All of them require you opt-in to some particular company’s product, approach, extension, or algorithm. This leads to a real problem for a couple reasons:

  1. We’re going to end up putting all the eggs in one solution basket. Do you use AI or SNA or flagging? My 108-variable algorithm or your 52-variable one? And once there’s lock-in to that approach — once browsers or platforms or whatever have selected a solution, competition disappears — it’s winner take all. We’re already seeing everybody jockeying for position here, trying to be *the* solution. Things like this don’t end well.
  2. Centralizing this sort of stuff is attractive, yet problematic. I’m a believer in smart defaults. But without ability to select from multiple context providers the centralization will eliminate broad swaths of valuable perspective. Worse — we won’t notice those perspectives have become invisible.

In the relatively short time since the election, I’ve met so many intelligent people working on these issues. T. S. Waterman wants to look at issues around time and place and credibility, in a way more people should be thinking about. The Hoaxy people are looking at propagation networks. Others are coming up with crowdsourcing approaches, or domain credibility signals.

So much good work. This community feels alive, and vibrant, and energized. These are some of the smartest people I’ve met in my life, and if we keep working together, we can truly make the web better. And yet I can feel the pressure here — who is going to get funded? Whose approach is going to win? The vibrancy and creativity of the community is unfortunately being undermined by the race of funders and platforms to find the solution.

Annotation As a Marketplace for Context

Here’s my thought: before we lock in to this approach or that one, maybe we should think about an approach that allows the sort of creative experimentation we need to foster in this area. And if we do that, annotation is the obvious marketplace we could use.

How does this work? Well, say you have a document — a web page.

slinky

Now, different researchers and tool providers may have different insights about this page:

  • Researcher A has compiled a list of all major newspapers that meet a certain standard of legitimacy, and can test “Tulsa World” against that.
  • Researcher B has a kickass social network analysis which shows the networks this article is flowing through, and can identify with reasonable confidence whether this article is favored by conspiracy theorists.
  • Researcher C  has a kickass social network that also looks for conspiracy and hoaxes but with different strengths than Researcher B.
  • Researcher D has an NLP tool which can identify if this is Op-Ed content or a news story, or somewhere in-between.
  • Tool maker A has a program which looks for a “credibility signal” from the domain, and publishes it on a scale of 1-10
  • Tool maker B has a tool that looks up all the organizations in the article to see if they are Front Groups, and all the experts cited to see if they are recognized by Google Scholar
  • Organization A (say, Politifact) has information about certain claims in the article.
  • Organization B (say, Factcheck.org) has information about certain claims in the article.

And so on. Now we could go through eight different tools to benefit from those different insights. Or we could take these multiple insights, hand them to someone, and say “use these insights to make the best possible tool to help people evaluate this article.” Or the Facebook of the industry could hire Researcher A, use the work of Researchers B & C, ignore Researcher D, and decide whether to partner with organization A or B.

None of these seem right to me. They all lead to the single platform invisible algorithm nonsense that got us into this mess. They all shut down the vibrant conversation and collaborative experimentation that has developed in this space. If a new approach to article contextualization isn’t up-and-running when the big checks are cut, its insights get lost to history.

So what to do? I’d suggest we do what we often do when we want to move more quickly: separate the data layer from the interface layer. And I’d suggest that the best way for everyone to work together is to use the newly W3C-approved annotation layer as that data layer.

Screen-Shot-2017-02-27-at-7.26.06-AM

How would this work in practice? Let’s say I have some idea for contextualizing articles on the web. I’ll choose here a little thing I’ve been working on — looking at news stories and scanning them for astroturf industry groups,  e.g. coalitions of coal industry groups posing as Scientists for Progressive Energy Policy or the like. I’ve developed a database of these groups and links to wiki pages summarizing the the funding and governance of these groups and their history. I want to get that to the user.

One method — the method many people seem to want to use — is to make an extension that looks at pages and highlights these organizations and links to the research. But of course I’ve already got half a dozen extensions, and the cost of marketing to get people to adopt yet another extension far exceeds the cost of funding the design of the tool (and takes away funds from improving identification of claims, lies, and context). It balkanizes effort, leading to dozens of tools all which do a fraction of the job required.

Another method is to go to a big provider like Facebook and say you should provide this front group research as context to your users. Maybe they say yes, and maybe they say no. But in choosing what they want to choose they centrally determine the approaches that will be use. It’s OK for them to do that, certainly. But if you have a tool or approach that works, do you really want to move it into the sealed vault of Facebook code?

The annotation alternative is more attractive. Instead of creating an extension to show my generated context or playing the zero-sum Facebook game, I run my tool as a bot on web pages, generating machine-and-human readable context in the annotation layer. For example, in this scenario, our bot spots the phrase “Americans for Medical Progress” …

bot

…and tags that as the name of a known industry front group:

botanno.PNG

You’ll note we have a human readable note here. But we also have some machine readable tags that identify this issue, and a link to information on the front group.

Doing it this way, some other process can come in and tag the page with additional information. A hoax bot can look at a social network analysis of how this page is moving through the net and determine that it’s got a viral hoax rating of zero:

hoaxish

Because annotation is just a data layer, you can add as many of these as you want, stored with reference to the URL and anchored to specific text on the page.

This allows anyone that has a piece of the solution to spin up an annotation bot with a few lines of Python code and push their information out to the reader endpoints. For example, we can imagine that Politifact could not only debunk claims, but send bots out that look for those claims and link to those claim analyses on the Politifact site. Here, we imagine that Politifact has done a treatment of the claim referenced here (they haven’t — this is just an example):

politifact

As you can see, various amounts of signal and context can be layered on here. And since this is all retrievable by API, front end services can decide what sorts of signal and context they want to look at (and from whom) when they make different display decisions. A front-end extension could pull information from 20 or 30 separate annotation providers in giving context to a page. A service such as Facebook could pull from hundreds if they wanted to. But the data — the listing of what we know about the pages from all different approaches and veins of research — is open to anyone to build and innovate on top of.  And crucially, it makes entry into the marketplace of analysis extraordinarily cheap.

Concerns

The first concern that people will come up with is whether botting is inefficient compared to centralized management of this process, or the just-in-time approach you can do with an extension. The tagging of hundreds of thousands of pages and the associated management of things stored in the annotation layer just seems exhausting. Won’t you have to bot the whole internet? Doesn’t that make everyone have to run their own Googlebot?

In practice, no. The thing is if you have an analysis that you want to share, you most likely have identified a set of pages already, and that set is likely relatively small. So, for instance, if I’m the hoaxish bot above, I’m not looking at every page on the internet — I’m just looking at higher sharecount pages moving across Facebook. Even if I’m looking at the top 50,000 Facebook pages of the day, tagging those pages is still the sort of thing that could batched overnight.  But even there, if 99% of those pages are not new you’re tagging 500 pages a day, which is similar to what I did last night from Starbucks on a laptop while they were making my cappuccino. There’s a power law to this stuff, and it favors botting.

The second but more serious question is about the transparency. One of the advantages that Facebook has is it hides it’s signal. You don’t know you’re being discriminated against as a site or a sharer, and you don’t know how it was computed. Facebook’s take on your content is like a credit score that you can never look up, and that’s good for Facebook, because it makes it harder to game or contest.

On the whole, though, I think this is more feature than bug. Yes, being able to look at your page ratings over 100 signals from different providers will make it easy to game the system and also let you know who is ranking you down or highlighting your use of bad sources. But ultimately, while we need to protect the researchers who produce these tools we also need to give people more transparency into why their pages are suddenly not drawing traffic. Not only is that fair, but it might also put some pressure on legitimate entities to clean their act up: if my front group bot keeps finding quotes from front groups in my local paper, maybe they’ll be a bit more diligent about source checking.

Future

So how do we make this distributed, open approach to this happen? How do we make the annotation layer a marketplace for context? And how do we make sure that market is functional, navigable, and useful both to tool makers and end-users? I leave that all to you. But let’s think about this — let’s not put all our eggs in another sealed basket. Let’s keep the energy around this issue and invite all comers to add their piece of insight.  The other path — closed, single platform, invisible solutions? We’ve been through that already. It’s how we got here. Let’s not repeat that mistake again.

Credit

I apologize that crediting this set of realizations is such a mess, actually: it goes back to conversations at Hewlett Open Educational Tools conference about annotation as the universal bus in January (which was based on prototypes of citing capability I had built with Jon Udell in November). And then at iAnnotate I ended up having the same conversation with people throughout the three days of the conference, and pulling insights from previous conversations into the next conversation until who knows what came from where in the end. It came to a head in a conversation over sliders with Jon, T.S. Waterman, Peg Fowler, and Tom Gillespie on Friday night, but others I talked to will see their conversations in here too, particularly the unconference group on Day One where we came up with a “stub articles” proposal (great unconference group, or greatest unconference group of all time?). Apologies all around about the credit, really.


12 May 18:45

To Thread Or Not To Thread

by Richard Millington

Spend 20 minutes reading this paper.

“Using interrupted time series analysis and regression discontinuity design, we observe an abrupt and significant increase in social reciprocity after the adoption of a threaded interface.”

In short, adding threaded discussions (expanded all the way, i.e. you could have comments indented significantly as people respond to middle comments in the discussion), yielded an increase in responses.

Almost all community platforms today offer threaded discussions. Your mileage will vary, but testing flat, threaded, one-deep, and full branch structures of discussions is a low-cost and potentially high-reward endeavour.

12 May 18:44

Book Review: iWoz

by Martin

Moving on from the ‘Home Computer Wars’, I bought a copy of ‘iWoz’, Steve Wozniack’s autobiography written in 2006 to find out more about the early computer industry during the 1970’s and 80’s. You can find a good synopsis of the book on Wikipedia so I won’t repeat the exercise here. Instead, as with previous books, I’ve decided to write down some personal impressions.

A lot has been written about Apple and Steve Jobs and the more I read about him, the less likable as a character he becomes to me. Proportionately, only little has been written about the hardware genius behind Apple’s early success, Steve Wozniak. Never wanting to be a manager but remain an engineer who invents things, he managed to do just that throughout his life. In the book he says that this was the reason he was so reluctant to join Apple because until he was assured that he can remain an engineer. I guess there are a lot of people out there with the same desire and his autobiography will perhaps be an encouragement for them to do so.

Another thing I very much liked about the book is that he also describes some technical details, how things were connected and how one thing led to another and then another and then another. For example, for the Apple I, he reused his non-CPU design of a mainframe terminal he built for use at home. Instead of an area in RAM that represents the screen content and a character ROM, he used shift registers to store the screen content. Also the computer didn’t send its output to the TV as an RF signal but instead, it interfaced with the analog electronics that drove the electron beam directly. In other words, the Apple I was basically an extension of the terminal with a CPU, RAM and a ROM.

I very much liked the balance of his personal story, technical details about the Apple I and II, the evolution of computer companies in the 1970’s and 80′ in what is called Silicon Valley today, how Apple the company evolved in the early years, what prompted him to leave Apple and what he did afterwards. A recommended read!

12 May 18:44

Gerrymandering game shows you how it works

by Nathan Yau

Gerrymandering is the practice of manipulating boundaries in such a way that favors a political party. If you slice and group in various ways, you can end up with different election results.

How many different ways can you draw boundaries though? And can results really change that much, depending on you draw the boundaries? District, by Christopher Walker, is a puzzle game that shows you how it works. The goal: Group circles in such a way that favors your color.

Give it a go.

Tags: game, gerrymandering, government

12 May 18:43

iPhone keyboard as trackpad

by Volker Weber

If your iPhone has force touch, it also has a trackpad

12 May 18:42

Toronto requires more collaboration between government, startups to become a smart city, says report

by Amira Zubairi
Toronto smart city

A recent report by the Toronto Region Board of Trade (TBOT) suggests there is a lot of work that still needs to be done to establish Toronto as a global smart city.

The report, ‘Framework for a Smarter Toronto: A Call for Collaborative Action’ was released at Toronto’s Smart Cities Summit 2017 on May 10th. It highlights some of Toronto’s accomplishments in the smart solutions space, and pointed to ways the city can further embrace smart solutions.

The report was produced following a survey that was conducted with five divisions in Toronto: Energy and Environment, Toronto Water, Transportation Services, Toronto Public Health, and Solid Waste Management. It also showed how Toronto ranks against other cities like Boston and London when it comes to smart solutions.

The report ranked Toronto third out of 10 as the best tech hub to live and work in, and it ranked eight out of 500, as among the world’s most innovative cities.

When it comes to working towards building a smart city, the report highlighted some innovative smart projects that are currently underway at Toronto’s various divisions. Among these projects is MyWaterToronto, an online water use tool that provides customers with on-demand water use information on desktop or mobile; and the Transportation Service’s Big Data Innovation Team, which aims to leverage emerging transportation datasets to better understand transportation issues across the city.

While TBOT’s report highlighted several smart projects, it also pointed to common challenges Toronto faces when striving to become a smarter city. These include the digital transformation of “classic” public services, sharing and accessing data, and procurement flexibility.

“Smart city standards are required to ensure the interoperability of systems and platforms across the city,” the report reads. It also says that “data should be better shared between the city divisions and agencies to increase efficiency and improve decision-making.”

“The big thing is nurturing this partnership mentality.” – Kristina Verner

To address some of these challenges, TBOT’s report makes a number of key recommendations that can make Toronto a smarter city. Specifically, the report suggests that a smarter Toronto is possible with greater collaboration between divisions to produce a unified smart solutions strategy.

“A unified smart city strategy has, among other things, the power to enhance value from infrastructure investments, reduce traffic congestion, improve the movement of goods and people, create new jobs, attract and retain talent, grow the local economy and increase social equity,” said Jan De Silva, president and CEO of Toronto Region Board of Trade.

The report also recommends that Toronto catalyzes and builds upon its Open Data initiative, pursues more smart funding opportunities, develops flexible procurement policies to ensure access to innovative solutions, and enhance partnerships with industry, universities, and incubators. The report points to examples like Boston, which developed MONUM, a civic innovation group that focuses on building partnerships to carry out innovative projects like autonomous vehicles and innovative housing models.

TBOT’s report is the product of the Smart Cities Working Group, a joint initiative launched in 2016 between the City of Toronto and TBOT, to raise awareness of both local and international smart city developments, and define Toronto’s vision as a smart city through several initiatives.

One of these initiatives was the Smart Cities Summit 2017 (SCS 2017), where a number of panels addressed the issue of Toronto’s potential to be a leading global smart city.

At SCS 2017, Kristina Verner, vice-president of innovation, sustainability and prosperity at Waterfront Toronto, talked about the role of Toronto’s incubators and the Canadian government in supporting smart solutions beyond simply providing tech companies with funding.

Verner believes there is a need to encourage more partnerships between the city and tech companies that have “fantastic ideas” to tackle Toronto’s challenges.

“The big thing is nurturing this partnership mentality,” said Verner. “One of the challenges that I typically see in the smart cities space is…[we] bring in these great companies that have wonderful ideas and they’re thinking them through with you…and then you get to a certain point and you have to either walk away from that discussion or they’ll find themselves conflicted. So…how do you actually manage that so that you don’t have to walk away from people that are helping you think about the great challenges the city is facing?”

While Toronto may need to encourage greater collaboration between divisions, tech companies, and the government, the city seems to be heading in the direction of supporting greater adoption of smart solutions.

On Tuesday, a report from Bloomberg indicated that Alphabet is considering setting up Sidewalk Labs in Toronto. Sidewalk Labs has spoken publicly about creating a micro-city or district that could demonstrate its ideas for urban planning, which includes autonomous transit, high-speed internet, embedded sensors, and ride-sharing services.

View the full report here.

This story was originally published by BetaKit.

The post Toronto requires more collaboration between government, startups to become a smart city, says report appeared first on MobileSyrup.

12 May 18:42

I So Want Try a Docker/Kitematic ContainerBook…

files/images/kitematic_2.png

Tony Hirst, OUseful Info, May 15, 2017


Icon

We move one step closer to personal cloud-based environments. Here's Tony Hirst: "it seems as if VMWare’s  Workspace ONE  product, which is at the heart of the announcement, provides a secure online environment for launching managed, personally contextualised, virtualised services." But Hirst wants more. "What I  keep  thinking I’d like to have is a  containerbook, rather than  netbook. Think:  Docker + Kitematic + Docker Compose + a browser." [Link] [Comment]

12 May 18:42

Some thoughts on Keybase, online security, and verification of identity

by Doug Belshaw

I’m going to stick my neck out a bit and say that, online, identity is the most important factor in any conversation or transaction. That’s not to say I’m a believer in tying these things to real-world, offline identities. Not at all.

Trust models change when verification is involved. For example, if I show up at your door claiming to be Doug Belshaw, how can I prove that’s the case? The easiest thing to do would be to use government-issued identification such as my passport or driving license. But what if I haven’t got any, or I’m unwilling to use it? (see the use case for CheapID) In those kinds of scenarios, you’re looking for multiple, lower-bar verification touchstones.

As human beings, we do this all of the time. When we meet someone new, we look for points of overlapping interest, often based around human relationships. This helps situate the ‘other’ in terms of our networks, and people can inherit trust based on existing relationships and interactions.

Online, it’s different. Sometimes we want to be anonymous, or at least pseudo-anonymous. There’s no reason, for example, why someone should be able to track all of my purchases just because I’m participating in a digital transaction. Hence Bitcoin and other cryptocurrencies.

When it comes to communication, we’ve got encrypted messengers, the best of which is widely regarded to be Signal from Open Whisper Systems. For years, we’ve tried (and failed) to use PGP/GPG to encrypt and verify email transactions, meaning that trusted interactions are increasingly taking place in locations other than your inbox.

On the one hand, we’ve got purist techies who constantly question whether a security/identity approach is the best way forward, while on the other end of the spectrum there’s people using the same password (without two-factor authentication) for every app or service. Sometimes, you need a pragmatic solution.

keybase

I remember being convinced to sign up for Keybase.io when it launched thanks to this Hacker News thread, and particularly this comment from sgentle:

Keybase asks: who are you on the internet if not the sum of your public identities? The fact that those identities all make a certain claim is a proof of trust. In fact, for someone who knows me only online, it’s likely the best kind of trust possible. If you meet me in person and I say “I’m sgentle”, that’s a weaker proof than if I post a comment from this account. Ratchet that up to include my Twitter, Facebook, GitHub, personal website and so forth, and you’re looking at a pretty solid claim.

And if you’re thinking “but A Scary Adversary could compromise all those services and Keybase itself”, consider that an adversary with that much power would also probably have the resources to compromise highly-connected nodes in the web of trust, compromise PKS servers, and falsify real-world identity documents.

I think absolutism in security is counterproductive. Keybase is definitionally less secure than, say, meeting in person and checking that the person has access to all the accounts you expect, which is itself less secure than all of the above and using several forms of biometric identification to rule out what is known as the Face/Off attack.

The fight isn’t “people use Keybase” vs “people go to key-signing parties”, the fight is “people use Keybase” vs “fuck it crypto is too hard”. Those who need the level of security provided by in-person key exchanges still have that option available to them. In fact, it would be nice to see PKS as one of the identity proof backends. But for practical purposes, anything that raises the crypto floor is going to do a lot more good than dickering with the ceiling.

Since the Trump inauguration, I’ve seen more notifications that people are using Keybase. My profile is here: https://keybase.io/dajbelshaw. Recently, cross-platform apps for desktop and mobile devices have been added, mearning not only can you verify your identity across the web, but you can chat and share files securely.

It’s a great solution. The only word of warning I’d give is don’t upload your private key. If you don’t know how public and private keys work, then please read this article. You should never share your private key with anyone. Keep it to yourself, even if Keybase claim it will make your life easier.

To my mind, all of this fits into my wider work around Open Badges. Showing who you are and what you can do on the web is a multi-faceted affair, and I like the fact that I can choose to verify who I am. What I opt to keep separate from this profile (e.g. my gamertag, other identities) is entirely my choice. But verification of identity on the internet is kind of a big deal. We should all spend longer thinking about it, I reckon.

Main image: Blondinrikard Fröberg

12 May 18:42

Apple releases new iPhone camera how-to series

by Igor Bonifacic
iPhone 7 camera

Apple has released a new set of YouTube videos that detail how to get the most out of the iPhone 7’s back-facing camera.

Each of the seven videos is under one minute in duration and usually explains in three easy steps how to take advantage of a particular facet of the iPhone’s camera functionality. Apple covers everything from how to take a portrait to how to capture a vertical panorama. All the videos are presented vertically, making it easy to view the content on a smartphone.

Moreover, even those who don’t own an iPhone 7 can still get something out of the videos; the majority of what Apple is showcasing here apply to older iPhones as much as they do to the company’s newest one.

Source: Apple

The post Apple releases new iPhone camera how-to series appeared first on MobileSyrup.

12 May 18:42

Canvas, Episode 35: Outlining

by Federico Viticci

This week Fraser and Federico look at two options for outlining on iOS.

This week's Canvas is all about outlining and what we look for in a good outliner. You can listen here.

Sponsored by:

  • Pingdom: Start monitoring your websites and servers today. Use offer CANVAS to get 20% off.

→ Source: relay.fm

12 May 18:41

An Algorithm Summarizes Lengthy Text Surprisingly Well

files/images/summarizer.PNG

Will Knight, MIT Technology Review, May 15, 2017


Icon

The day I started work at NRC I was told of our efforts to summarize documents using artificial intelligence. NRC has moved on to other things but document summarization has remained the subject of sustained research elsewhere ever since. Even humans have difficulty summarizing documents (so my years of teaching critical thinking can attest) and so it's not surprising machines struggle as well. But progress is being made, and yes, I would trust a machine to summarize documents for me (especially if I don't have legions of humans to do the work for me). [Link] [Comment]

12 May 18:36

Julia language for Raspberry Pi

by Ben Nuttall

Julia is a free and open-source general purpose programming language made specifically for scientific computing. It combines the ease of writing in high-level languages like Python and Ruby with the technical power of MATLAB and Mathematica and the speed of C. Julia is ideal for university-level scientific programming and it’s used in research.

Julia language logo

Some time ago Viral Shah, one of the language’s co-creators, got in touch with us at the Raspberry Pi Foundation to say his team was working on a port of Julia to the ARM platform, specifically for the Raspberry Pi. Since then, they’ve done sterling work to add support for ARM. We’re happy to announce that we’ve now added Julia to the Raspbian repository, and that all Raspberry Pi models are supported!

Not only did the Julia team port the language itself to the Pi, but they also added support for GPIO, the Sense HAT and Minecraft. What I find really interesting is that when they came to visit and show us a demo, they took a completely different approach to the Sense HAT than I’d seen before: Simon, one of the Julia developers, started by loading the Julia logo into a matrix within the Jupyter notebook and then displayed it on the Sense HAT LED matrix. He then did some matrix transformations and the Sense HAT showed the effect of these manipulations.

Viral says:

The combination of Julia’s performance and Pi’s hardware unlocks new possibilities. Julia on the Pi will attract new communities and drive applications in universities, research labs and compute modules. Instead of shipping the data elsewhere for advanced analytics, it can simply be processed on the Pi itself in Julia.

Our port to ARM took a while, since we started at a time when LLVM on ARM was not fully mature. We had a bunch of people contributing to it – chipping away for a long time. Yichao did a bunch of the hard work, since he was using it for his experiments. The folks at the Berkeley Race car project also put Julia and JUMP on their self-driving cars, giving a pretty compelling application. We think we will see many more applications.

I organised an Intro to Julia session for the Cambridge Python user group earlier this week, and rather than everyone having to install Julia, Jupyter and all the additional modules on their own laptops, we just set up a room full of Raspberry Pis and prepared an SD card image. This was much easier and also meant we could use the Sense HAT to display output.

Intro to Julia language session at Raspberry Pi Foundation Getting started with Julia language on Raspbian Julia language logo on the Sense HAT LED array

Simon kindly led the session, and before long we were using Julia to generate the Mandelbrot fractal and display it on the Sense HAT:

Ben Nuttall on Twitter

@richwareham’s Sense HAT Mandelbrot fractal with @JuliaLanguage at @campython https://t.co/8FK7Vrpwwf

Naturally, one of the attendees, Rich Wareham, progressed to the Julia set – find his code here: gist.github.com/bennuttall/…

Last year at JuliaCon, there were two talks about Julia on the Pi. You can watch them on YouTube:

Install Julia on your Raspberry Pi with:

sudo apt update
sudo apt install julia

You can install the Jupyter notebook for Julia with:

sudo apt install julia libzmq3-dev python3-zmq
sudo pip3 install jupyter
julia -e 'Pkg.add("IJulia");'

And you can easily install extra packages from the Julia console:

Pkg.add("SenseHat")

The Julia team have also created a resources website for getting started with Julia on the Pi: juliaberry.github.io

Julia team visiting Pi Towers

There never was a story of more joy / Than this of Julia and her Raspberry Pi

Many thanks to Viral Shah, Yichao Yu, Tim Besard, Valentin Churavy, Jameson Nash, Tony Kelman, Avik Sengupta, Simon Byrne and Elliott Saba for their work on the port. We’re all really excited to see what people do with Julia on Raspberry Pi, and we look forward to welcoming Julia programmers to the Raspberry Pi community.

The post Julia language for Raspberry Pi appeared first on Raspberry Pi.

12 May 18:35

Android Pay showing up on devices, still not functional in Canada

by Sameer Chhabra
android pay Canada

Android Pay apps are showing up on devices, but it seems like Google’s NFC payment application still isn’t registering Canadian users.

MobileSyrup tried to register multiple debit and credits cards from BMO, TD, Scotiabank, RBC, and CIBC on Nexus 5X, 6P and Pixel devices.

Android-Pay-Failed-Registration

While Android Pay was able to register account details, the app shows a screen claiming “This card can’t be used with Android Pay.”

When trying to download the Android Pay app from the Google Play store, the store claims “This app is incompatible with your device,” even though the app is already installed on my Nexus 5X.

Android-Pay-Google-Play-Store-Incompatibility

Android Pay was first launched in the U.S. on September 11th, 2015. The NFC payment app is currently available in 10 countries, including the UK, Australia, and Japan.

MobileSyrup reached out for comment, in which Google said “[We’re] excited to bring Android Pay to Canadians, however it’s currently not available in Canada”

The post Android Pay showing up on devices, still not functional in Canada appeared first on MobileSyrup.

12 May 18:35

New battery that fully charges smartphones in just five minutes may arrive in 2018

by Bradly Shankar
storedot rapid charge battery

A new battery that can fully charge smartphones in only five minutes may be coming as early as 2018.

Doron Myersdorf, chief executive for Israeli startup StoreDot, told the BBC that his company’s rapid-charging FlashBattery is expected to begin production in early 2018.

StoreDot first demonstrated the tech back at the Consumer Electronics Show in January 2015.

The battery contains materials that allow for “non-traditional” reactions, as well as the unusually fast transfer of ions from an anode to a cathode, which is the electrical process that charges a battery.

Ben Wood, a tech analyst at CCS Insight, told the BBC that while these fast-charging batteries could have a major impact on the smartphone industry, it may be too soon to introduce them. “Taking risks with battery technology can bite you,” he told the BBC. “I would say that experience has taught me to always remain sceptical. Let’s see if it happens would be my view.”

He didn’t mention any specific examples of this, but perhaps the most infamous case would be with the Samsung Galaxy Note 7, which suffered from overheating due to battery issues.

Source: The BBC

The post New battery that fully charges smartphones in just five minutes may arrive in 2018 appeared first on MobileSyrup.

12 May 18:35

Air Canada Rouge to offer high-speed internet to passengers

by Dean Daley
Air Canada Rouge plane

Air Canada has announced that Air Canada Rouge will soon offer high-speed, satellite internet on Airbus A319. Passengers now have access to internet, allowing them to email, stream video, play music and surf the web while flying.

The Canadian airline plans on installing high-speed internet on all A319 and  Boeing 767-300ER by the end of 2018. According to the Air Canada press release, Air Canada Rouge pricing packages will be available so passengers can pick a level of service that suits what the individual wants.

“Air Canada was the first Canadian carrier to offer customers in-flight connectivity and today, we are pleased to extend this service on Air Canada Rouge. High-speed internet is another great onboard entertainment option for our customers and strengthens Air Canada Rouge’s promise to provide a wonderful beginning and ending to any vacation,” said Benjamin Smith, president of passenger Airlines at Air Canada.

Air Canada’s leisure airline includes 48 aircraft in its fleet and offers customers over 100 routes on five continents. With over 1,600 employees Air Canada Rouge says its purpose is to “create wonderful beginnings and endings to customer’s vacations, every day, on every flight.”

Image credit: Air Canada Rouge

Source: Air Canada

The post Air Canada Rouge to offer high-speed internet to passengers appeared first on MobileSyrup.

12 May 18:35

Apple to invest $200 million in glass manufacturer Corning to create jobs

by Bradly Shankar
Apple banner with logo - apple investment

Apple is awarding Corning with $200 million USD, the Cupertino-based tech giant has announced.

The money comes from Apple’s new Advanced Manufacturing Fund, which CEO Tim Cook said is part of a $1 billion initiative to foster technological innovation to create more jobs in the U.S.

Corning factory

For the past 10 years, Corning has manufactured the touchscreens used in Apple’s iPhones. The $200 million investment will support Corning’s R&D, capital equipment needs and state-of-the-art glass processing.

“Corning is a great example of a supplier that has continued to innovate and they are one of Apple’s long-standing suppliers,” said Jeff Williams, Apple’s chief operating officer, in a press release. “We’re extremely proud of our collaboration over the years and we are investing further with Corning who has such a rich legacy of innovative manufacturing practices.”

Corning factory

“Corning’s longstanding relationship with Apple has not only led to significant glass innovations that have enabled new capabilities for consumers, it has also helped create nearly 1,000 American jobs and allowed us to continue growing and expanding in the U.S.,” said Wendell P. Weeks, Corning’s chairman, chief executive officer and president. “This investment will ensure our plant in Harrodsburg remains a global center of excellence for glass technology.”

Source: Apple

The post Apple to invest $200 million in glass manufacturer Corning to create jobs appeared first on MobileSyrup.

12 May 18:33

http://www.achydad.com/2017/05/family-electric-...

by jared madsen
12 May 18:33

Spotify might forgo IPO and list directly on NYSE this year

by Rachel Kaser

New reports say that Spotify is choosing to forgo an initial public offering in favor of a direct listing on the New York Stock Exchange. According to CNBC, Spotify will register its shares on the public exchange. This move has been rumored for weeks. According to the Wall Street Journal, it could save Spotify millions in fees. Due to there being no IPO, the shares will not have a pre-determined price, though CNBC’s sources value Spotify at a cool $13 billion. As of March 2017, the service has over 50 million paid subscribers. Spotify is expected to list by the fourth quarter of this year or early…

This story continues at The Next Web

Or just read more coverage about: Spotify
12 May 18:31

Google Maps Now Shows Street View for Turns in Navigation

by Evan Selleck
Google Maps is making a few changes that might make it easier to navigate in an unknown place. Continue reading →
12 May 18:30

So, nachdem die Heise-Security-Tour jetzt vorbei ist, ...

mkalus shared this story from Fefes Blog.

So, nachdem die Heise-Security-Tour jetzt vorbei ist, dachte ich mir, ich tue meine Folien mal ins Netz. Weil Animationen mit pdflatex schwierig sind, und Powerpoint nicht ordentlich exportieren kann, habe ich das mal manuell nach HTML gewandelt. Navigation über Pfeiltasten, und es hakt noch hie und da (html5, css und js ist nicht so meine Welt, Patches welcome), aber wenn das Browserfenster grob 16:9 ist, dann sollte das gehen.

Ich bemühe mich immer, alle angesprochenen Punkte auch explizit in den Folien zu haben, damit man die Folien auch ohne das Audio genießen kann. Das ist in diesem Fall weniger gut gelungen als sonst, an zwei drei Stellen fehlt Erläuterung. Der Punkt mit dem ISP bezieht sich darauf, dass einige Leute vorgeschlagen haben, die ISPs könnten ja Verantwortung für freidrehende IoT-Geräte ihrer Kunden übernehmen.

Aber ich denke mal, die wichtigen Punkte werden klar. Viel Spaß beim Durchklicken!

12 May 18:30

Manipulating forensic evidence the easy way

mkalus shared this story from SEC Consult.

When it comes to computer forensics, or for that matter forensics in general, one of the main challenges is to ensure that evidence that is collected is not tampered with. To achieve this, computer forensic experts adhere to a strict protocol and use many specialized hardware and software tools.


As we have shown

time and time again

, specialized security software is not immune to security vulnerabilities. Knowing this, we sometimes audit software products used for our core processes to achieve the best level of security for our customer's data. One of these software products is

EnCase Forensic Imager

.


EnCase Forensic Imager is a free tool that allows a forensic investigator to gather evidence from storage media. This evidence can then later be analyzed using the commercial EnCase Forensic suite. To efficiently gather evidence, EnCase Forensic Imager is able to process many different formats commonly used on storage media. However, parsing untrusted data from a suspect's storage device can be dangerous. There's always the risk that a suspect has manipulated his storage device so that forensic software fails to read any data, ignores incriminating data, or even takes over the investigator's machine. The latter is exactly what SEC Consult demonstrated to be possible with EnCase Forensic Imager in the

latest advisory

.




The attack

By writing a manipulated LVM2 partition (a hard disk format commonly used for Linux servers) on a storage device, an attacker could - if the device were ever to be analysed using EnCase Forensic Imager - take over an investigator's machine. When the investigator tries to read the device, EnCase Forensic Imager crashes - unbeknownst to the investigator, however, a lot more is happening. Through a buffer overflow security flaw, EnCase Forensic Imager can be tricked into executing data read from the storage device. Afterwards the code provided by the attacker has full control of the investigator's machine and can be used by the suspect to manipulate evidence.


The video below demonstrates a scenario where someone prepared a malicious USB storage medium for the case that it got analyzed by e.g. the authorities. When the investigator analyzes it using EnCase Forensic Imager, without their knowledge their machine connects to a remote server controlled by the suspect (arbitrary malicious code can be executed). The server can then access the investigator's machine to manipulate or delete evidence.



For technical details please refer to the

advisory

.



Who's affected?

We found that this issue to not affect a version of the full EnCase Forensic Suite we had available for testing. We did not verify whether this issue exists in other versions of EnCase Forensic (apparently EnCase Forensic and EnCase Forensic Imager share the same code base).


According to Guidance Software their products are used by

many law enforcement and government agencies

such as

  • the FBI
  • the CIA,
  • the US Department of Justice
  • the US Department of Homeland Security
  • and the London Metropolitan Police Service

as well as several major companies such as


  • Microsoft
  • Facebook,
  • and Oracle.

It is unclear whether these organisations use the EnCase Forensic Imager tool.



How to avoid attacks?

Some organisations use special machines without network or internet access to handle evidence data. While this is a very good security measure, it does not protect against this attack. Since this vulnerability allows a suspect to execute arbitrary code on these machines, the attacker could create malware that manipulates or deletes evidence based on predefined rules (e.g. delete all Excel files with a specific name pattern).


We provided details for this vulnerability to the vendor back in March 2017. Unfortunately, Guidance Software neither provided a fixed version nor communicated a schedule for fixing this vulnerability within 50 days. As per our responsible disclosure policy we therefore publicly released the advisory. The vendor does

not provide a version of EnCase Forensic Imager without known vulnerabilities.


This is already the second security vulnerability in EnCase Forensic Imager that the SEC Consult Vulnerability Lab communicated to Guidance Software in the past few months.

Back then

, the vendor did not fix the security flaws as well (they also have not been resolved yet). This begs the question whether Guidance Software should rethink their security approach given the amount of trivial vulnerabilities, the high-profile customer base and the displayed handling of vulnerability reports.

We received the following statement on 11th May from Guidance Software which we will leave uncommented as we are still bewildered about it:

"We are aware and appreciate the issues raised by SEC Consult. The exploit SEC Consult claims to have found is an extreme edge case, much like the theoretical alerts they tried to promote in November. As always, we continue to examine alerts when they are submitted and apply changes to our systems as necessary.
Our products give investigators access to raw data on a disk so they can have complete access to all the information.  Dealing with raw data means there are times when malformed code can cause a crash or other issue on an investigator’s machine. We train users for the possibility of potential events like this and always recommend that they isolate their examination computers. After almost 20 years building forensic investigation software that is field-tested and court-proven, we find that the benefits of complete, bit-level visibility far outweigh the inconvenience of a very limited number of scenarios like this. If an issue does arise, it is something we work directly with the customer to resolve.
The nature of our business is dealing with raw data, and that has risk. We will continue to modify our software as necessary to deal with the continually changing environment. If necessary, we will take action and inform our customers. We do not consider this claim to be serious and it will not impact the performance of our products."

*****



This research was done by Wolfgang Ettlinger (@ettisan) on behalf of SEC Consult Vulnerability Lab. SEC Consult is always searching for talented security professionals to work in our team. More information can be found at: https://www.sec-consult.com/en/Career.htm

TO STAY UPDATED FOLLOW US ON 

TWITTER

.




12 May 00:13

Green Cleaning

by Ken Ohrn

The astute and prolific Gary Mason writes in the Globe and Mail about political financing, the biggest opportunity he sees the Greens’ balance of power representing.  He is clear and caustic about the current state of BC political financing — so if you are a certain party’s operative, maybe you want to shield yourself from this one.

Ms. Clark led arguably the most arrogant and entitled government in the country. Cronyism has thrived under hers and previous Liberal administrations. The corrosive effect it has had on B.C. politics can’t be understated and it needs to be brought to an end.

Mr. Weaver has said that banning union and corporate donations is at the top of his list of measures he would request in exchange for his backing. This is good. Big money has to be taken out of politics in British Columbia. Right now, corporations (and to a much lesser extent, unions) and the province’s wealthiest citizens, through their donations, are getting an outsized say in the outcome of elections. . .

. . .   Earlier this year, a Globe and Mail investigation shed some light on the murky world of campaign donations in B.C., and revealed how lobbyists were not only donating tens of thousands of dollars to the very governing party they are lobbying, but also donating on behalf of unnamed clients, something that is illegal. The RCMP is now investigating. The Liberals, meantime, have returned more than $200,000 they since “discovered” was donated illegally.

The lobbyist industry in B.C. is a cesspool that has deep, deep roots in the Liberal party. Influence buying is not done in the backrooms in B.C., it is done in the open.


12 May 00:12

Visual Studio for Mac Released

by Rui Carmo

I linked to the preview earlier, but this week’s release together with Xamarin Live turned out to be surprising on many levels.

(The same could probably be said of Build 2017 as a whole, but I’ve been too busy to keep track of everything except the data and AI stuff.)

12 May 00:12

Coming up at vowe's magic flying circus :: Huawei

by Volker Weber

p10

Huawei is a company I have been ignoring for too long. They are cranking out new devices at an astonishing pace, both under the Huawei and the Honor brands. I want to know how they can keep up on the software side of things and I will put them on an extended watch. I should have one of their phones soon.

12 May 00:12

Let me speculate about Nougat updates for BlackBerry

by Volker Weber

ZZ33E2EB81

Let me speculate about the Nougat update for older BlackBerry Android devices. So far BlackBerry has not announced that they are going to upgrade any of the existing devices to Nougat. So the question is, will they, and if they do which ones. Before TCL took over I would have said that it is very likely that all devices are carried forward. Since TCL is focusing on the KEYone, I have changed my mind. There is not enough incentive for BlackBerry to upgrade all versions.

By and large, the PRIV has been a failure. There just aren't that many in the market. Things changed with the DTEK50, which was well received due to its much lower price. By the time DTEK60 was announced, and very quietly so, interest had faded. No carrier in Germany attempted to sell it. Without access to hard data, I would think it was an even bigger flop than PRIV.

I think that only the DTEK50 stands a chance to receive a Nougat update. The PRIV already had a major upgrade and for DTEK60 there aren't that many customers who would be disappointed. It's just not worth the effort.

Advice: if you want Nougat, sell PRIV or DTEK60, but keep DTEK50.