Rolandt

Another intriguing one from Maps on the Web:

Have you ever wondered what the world’s richest people studied in college?

If you guessed that many of them have degrees in business or economics, you’re right. But there is actually a surprising amount of diversity in the types of degrees that today’s wealthiest individuals hold.

We dug into the data in order to create these maps to show the college degrees of each country’s richest person: 

Silvia Rosenthal Tolisano, LangWitches, Jan 13, 2020

Silvia Rosenthal Tolisano has completed a seven part series on blogging in education. Here are the segments:

1. Reading Blog
2. Writing Blogs
3. Commenting on Blogs
4. Connecting Blogs
5. The Reciprocation Factor
6. The Consistency Factor
7. The Quality Factor

What caught my eye was the discussion of quality blogging in part seven. Of course, you could tell students about what counts for quality, but it is far better to show them by blogging yourself. Any teacher that wants students to write, in my view, should model what is expected by writing themselves.

Web: [Direct Link] [This Post]

We’re in a weird place right now, those of us who make a living from thinking. Even writing it out, feels like a fantastic fantasy of privilege. We get paid to think and share those “thinks” with othe...

The ‘Father of the iPod’ has gone into detail about the making of Apple’s iconic portable music player.

Speaking to Stripe CEO Patrick Collison, former senior vice president of Apple’s iPod division Tony Fadell outlined the original device’s specific production process. Notably, the product’s conception, production and release all took place within 2001.

In a tweet, Collison broke down the specific iPod production timeline, as recounted by Fadell.

According to Fadell, Apple’s initial discussions about making a portable music player took place throughout January 2001. By the fourth week, Apple hired him as a consultant on the project, although little had been outlined beyond the general idea for a music player.

It wasn’t until late March when Fadell pitched a clearer idea for the iPod to then-Apple CEO Steve Jobs, who greenlit the project at the end of their meeting.

For the next two months, Fadell was then responsible for finding an Asian contract manufacturer, as well as recruiting members to the team.

From May to October, the teams got to work actually developing the iPod before officially unveiling it in late October. Finally, the iPod began shipping worldwide at the start of November.

Of course, Apple has grown significantly in the near-20 years since, so quick turnaround times like this simply wouldn’t be feasible with Apple’s modern massive production scale. Nonetheless, it’s an interesting look at Apple’s earlier years.

Source: Patrick Collison

The post Former Apple exec recounts how original iPod was made and released in the same year appeared first on MobileSyrup.

Time is up for Windows 7, as Microsoft has officially ended support and security updates for the operating system.

This means that users who are still using the OS will be vulnerable to bugs. Any problems that may arise also won’t be fixed. However, some companies have paid for extended support that will keep them in the clear until 2023.

Users who want to protect their computers should upgrade to Windows 10. It’s also important to note that some older devices might not be compatible with Windows 10, which may require some users to buy a new computer.

A basic home version of Windows 10 starts at $189 in Canada, while a pro version costs $259.99. Windows 10 has regular updates and security features.

Microsoft announced on January 14th, 2019 that it would be ending support for Windows 7 in exactly a year, and that time has finally come.

Source: Microsoft 

The post Microsoft officially ends support for Windows 7 appeared first on MobileSyrup.

Right time, right light, right place.

iPhone XS Max, applied a Kodachrome 64 pre-set afterwards.

I have updated my blogroll / OPML file, as linked to in the right hand sidebar.

Vancouver-based national telecom company Telus and its flanker brand Koodo will waive long distance fees and text charges for customers contacting family in Australia.

In an email to MobileSyrup, Telus said it knows “how critical it is for customers to stay connected with loved ones” during disasters like the Australian wildfires. It also noted that the fires may impact customers currently roaming in Australia or customers who need to contact friends and family there.

With that in mind, the carrier announced it would waive all long distance charges for customers contacting family and friends in Australia. It will waive charges for both home phone and mobile from January 1st through 31st, 2020. Additionally, Telus will waive text message charges to Australia.

Koodo followed suit, announcing via a post on its Twitter page that it would waive postpaid long distance and text charges to the region until the end of January.

To support customers reaching out to loved ones in Australia, we will be waiving postpaid long distance and text charges to the region until the end of January. Your families, and all those affected, are in our thoughts during this difficult time. #AustraliaFires #NSWfires

— Koodo (@koodo) January 11, 2020

On top of waiving fees, Telus said it launched a text-to-donate program. Canadians can support relief efforts by texting DONATE to 41010 with their mobile device to donate $20. Donations go to Telus’ Friendly Future Foundation to support communities in Australia affected by the fires.

Telus says it also raised almost $50,000 already through the program.

The post Telus and Koodo waive long distance, text fees to Australia due to wildfires appeared first on MobileSyrup.

“For one human being to love another; that is perhaps the most difficult of all our tasks, the...

Just before the break, I came across a rather entrancing visualisation of Jean Michel Jarre’s Oxygene album in the form of an animated spectrogram.

Time is along the horizontal x-axis, and frequency along the vertical y-axis. The bright colours show the presence, and volume, of each frequency as the track plays out.

Such visualisations can help you hear-by-seeing the structure of the sound as the music plays. So I wondered… could I get something like that working in a Jupyter notebook….?

And it seems I can, using the rather handy jp_proxy_widget that provides a way of easily loading jQueryUI components as well as the requests.js module to load and run Javascript widgets.

Via this StackOverflow answer, which shows how to embed a simple audio visualisation into a Jupyter notebook using the Wavesurfer.js package, I note that Wavesurfer.js also supports spectrograms. The example page docs are a bit ropey, but a look at the source code and the plugin docs revealed what I needed to know…

#%pip install --upgrade ipywidgets
#!jupyter nbextension enable --py widgetsnbextension

#%pip install jp_proxy_widget

import jp_proxy_widget

widget = jp_proxy_widget.JSProxyWidget()

js = "https://unpkg.com/wavesurfer.js"
js2="https://unpkg.com/wavesurfer.js/dist/plugin/wavesurfer.spectrogram.min.js"
url = "https://ia902606.us.archive.org/35/items/shortpoetry_047_librivox/song_cjrg_teasdale_64kb.mp3"

widget.load_js_files([js, js2])

widget.js_init("""
element.empty();

element.wavesurfer = WaveSurfer.create({
    container: element[0],
    waveColor: 'violet',
        progressColor: 'purple',
        loaderColor: 'purple',
        cursorColor: 'navy',
        minPxPerSec: 100,
        scrollParent: true,
        plugins: [
        WaveSurfer.spectrogram.create({
            wavesurfer: element.wavesurfer,
            container: element[0],
            fftSamples:512,
            labels: true
        })
    ]
});

element.wavesurfer.load(url);

element.wavesurfer.on('ready', function () {
    element.wavesurfer.play();
});
""", url=url)

widget

#It would probably make sense to wire up these commands to upywidgets buttons...
#widget.element.wavesurfer.pause()
#widget.element.wavesurfer.play(0)

The code is also saved as a gist here and can be run on MyBinder (the dependencies should be automatically installed):

Here’s what it looks like (It may take a moment or two to load when you run the code cell…)

It doesn’t seem to work in JupyterLab though…

It looks like the full ipywidgets machinery is supported, so we can issue start and stop commands from the Python notebook envioronment that control the widget Javascript.

So now I’m wondering what other Javascript apps are out there that might be interesting in a Jupyter notebook context, and how easy it’d be to get them running…?

It might also be interesting to try to construct an audio file within the notebook and then visualise it using the widget.

The strange, haunting, and very sad story of a young couple. Strongly reminiscent of On Chesil Beach, though the problem here isn’t sex. Or, maybe, it is.

Mild winter, definitely.

The fat balls to help the birds over the winter are sprouting…
…and so are the sunflower seeds we left on the living room balcony.

mkalus shared this story from bellingcat.

---

Who we are:

Bellingcat is an independent international collective of researchers, investigators and citizen journalists using open source and social media investigation to probe a variety of subjects: crime, conflicts, corruption, secret operations, mis- and disinformation, extremist groups and many others. We have received multiple awards for our groundbreaking research and publications that shine a light on crimes and help bring perpetrators to account. Our people, which include paid staff, contributors and volunteers in more than 20 countries, work in a unique field where advanced technology, forensic research, journalism, investigations, transparency and accountability come together. Do you want to join this exciting adventure?

Who we are looking for:

We are looking for a data scientist with web development skills who will help us discover openly accessible online information to turn it into a wide range of digital investigations. The primary focus will be to develop open source investigation tools, based on needs identified by our staff researchers and the global community of our contributors and volunteers. Additionally, the candidate should have experience in analyzing, researching and building machine-learning tools that will simplify the process of complex investigations. 

Who you are:

The ideal candidate is enthusiastic about working for an international nonprofit organization that uses publicly available data and citizen journalist analysis to investigate various topics of public interest that advance transparency and brings perpetrators to account. Proven track record of working in the field of digital investigations is a must.

Responsibilities:

• Support Bellingcat researchers during a wide range of open source investigations
• Develop open source investigation tools for Bellingcat based on researchers’ needs and help build a new tools section on the organization’s website
• Collaborate with tech partners on projects related to open source investigations
• Enhancing data collection procedures to include information that is relevant for building analytic systems

Qualifications & Skills:

• Excellent knowledge (experience) with several programming languages. Python or R are required, plus additional languages
• Proven track record of data mining, social network/data set analysis, web scraping and/or automating open source investigations through the use of data models and custom scripts
• Background in building web based prototypes, designing experiments and evaluating results with cloud platform services like AWS
• Experience with using machine learning models and frameworks (e.g, tensorflow and other ML libraries)
• Strong interest in and experience with open source investigations
• Strong mathematical background
• Ability to process and verify integrity of data used for analysis
• Experimental and inquiring mindset, a team-oriented working style and the ability to closely work with non-technical colleagues but at the same time to independently develop technical solutions for research challenges
• English proficiency
• The candidate must be able and ready to relocate to the Netherlands. For one or two days per week, home-office might be negotiated (except during full-week workshops/events)

Additional (preferred):

• Willingness to support Bellingcat international workshops as a trainer (and willingness to travel)
• Cyber security awareness.

Bellingcat is committed to a diverse working environment. All qualified candidates will receive consideration without regard to race, color, origin, religion, age, gender or sexual orientation. Your formal education is less important to us than your previous work experience in the field.

We offer a competitive salary for this position (within the range of the nonprofit sector).

Please apply until 19 February 2020 by answering the following questionnaire directly in an email to: jobs@bellingcat.com. Short-listed candidates will be invited for the next selection round in February or the first half of March. Due to the expected high volume of applications it is unfortunately not possible for us to provide individual feedback.

The post Bellingcat is Hiring: Data Scientist (Full-Time) appeared first on bellingcat.

You live in an ecosystem where your members might ask a question in your community or on a dozen or more other channels.

It makes far more sense to connect and support that ecosystem than fight it.

The Microsoft Azure community (below) is a great example.

Don’t compete with your customers, support them wherever they will go.

Encourage your members to ask and answer questions on different platforms.

Automatically complete the tags for them to ask questions on each platform.

Assign badges and offer congratulations for members who answer questions on any platform which suits them.

You get far more value from supporting and integrating with your ecosystem than fighting against it. Consider designing a similar homepage for your community.

Snowpack

Really interesting new twist on build systems for JavaScript. Modern browsers (everything since IE11) support JavaScript modules, but actually working with them is tricky since so much of the JavaScript ecosystem expects you to be using a bundler like Webpack. Snowpack is a tool for converting npm dependencies into JavaScript modules which can then be loaded directly by the browser, taking advantage of HTTP/2 to efficiently load the resulting larger number of files.

Via Hacker News

The NetNewsWire team continues to rock — there’s a new TestFlight build up.

Note the change notes — they represent just three days of work. We’ve got the best team. 🎸

CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of the Online Certificate Status Protocol (OCSP) while avoiding a need for some administrative decisions on the relative value of one revocation versus another. For details on the background of CRLite, see our first post, Introducing CRLite: All of the Web PKI’s revocations, compressed.

To discuss CRLite’s design, let’s first discuss the input data, and from that we can discuss how the system is made reliable.

Designing CRLite

When Firefox securely connects to a website, the browser validates that the website’s certificate has a chain of trust back to a Certificate Authority (CA) in the Mozilla Root CA Program, including whether any of the CAs in the chain of trust are themselves revoked. At this time Firefox knows the issuing certificate’s identity and public key, as well as the website’s certificate’s identity and public key.

To determine whether the website’s certificate is trusted, Firefox verifies that the chain of trust is unbroken, and then determines whether the website’s certificate is revoked. Normally that’s done via OCSP, but with CRLite Firefox simply has to answer the following questions:

1. Is this website’s certificate older than my local CRLite Filter, e.g., is my filter fresh enough?
2. Is the CA that issued this website’s certificate included in my local CRLite Filter, e.g. is that CA participating?
3. If “yes” to the above, and Firefox queries the local CRLite Filter, does it indicate the website’s certificate is revoked?

That’s a lot of moving parts, but let’s inspect them one by one.

Freshness of CRLite Filter Data

Mozilla’s infrastructure continually monitors all of the known Certificate Transparency logs for new certificates using our CRLite tooling; the details of how that works will be in a later blog post about the infrastructure. Since multiple browsers now require that all website certificates are disclosed to Certificate Transparency logs to be trusted, in effect the tooling has total knowledge of the certificates in the public Web PKI.

Four times per day, all website certificates that haven’t reached their expiration date are processed, drawing out lists of their Certificate Authorities, their serial numbers, and the web URLs where they might be mentioned in a Certificate Revocation List (CRL).

All of the referenced CRLs are downloaded, verified, processed, and correlated against the lists of unexpired website certificates.

At the end, we have a set of all known issuers that publish CRLs we could use, the identification numbers of every certificate they issued that is still unexpired, and the identification numbers of every certificate they issued that hasn’t expired but was revoked.

With this knowledge, we can build a CRLite Filter.

Structure of A CRLite Filter

CRLite data comes in the form of a series of cascading Bloom filters, with each filter layer adding data to the one before it. Individual Bloom filters have a certain chance of false-positives, but using Certificate Transparency as an oracle, the whole Web PKI’s certificate corpus is verified through the filter. When a false-positive is discovered, the algorithm adds it to another filter layer to resolve the false positive.

The certificate’s identifier is defined as shown in Figure 4:

For complete details of this construction see Section III.B of the CRLite paper.

After construction, the included Web PKI’s certificate corpus is again verified through the filter, ensuring accuracy at that point-in-time.

Ensuring Filter Accuracy

A CRLite filter is accurate at a given point-in-time, and should only be used for the certificates that were both known to the filter generator, and for which there is revocation information.

We can know whether a certificate could be included in the filter if that certificate has delivered with it a Signed Certificate Timestamp from a participating Certificate Transparency log that is at least one Maximum Merge Delay older than our CRLite filter date.

If that is true, we also determine whether the certificate’s issuer is included in the CRLite filter, by referencing our preloaded Intermediate data for a boolean flag reporting whether CRLite includes its data. Specifically, the CA must be publishing accessible, fresh, verified CRL files at a URL included within their certificates’ Authority Information Access data. This flag is updated with the same cadence as CRLite itself, and generally remains constant.

Firefox’s Revocation Checking Algorithm Today

Today, Firefox Nightly is using CRLite in telemetry-only mode, meaning that Firefox will continue to rely on OCSP to determine whether a website’s certificate is valid. If an OCSP response is provided by the webserver itself — via OCSP Stapling — that is used. However, at the same time, CRLite is evaluated, and that result is reported via Firefox Telemetry but not used for revocation.

At a future date, we will prefer to use CRLite for revocation checks, and only if the website cannot be validated via CRLite would we use OCSP, either live or stapled.

Firefox Nightly has a preference security.pki.crlite_mode which controls CRLite; set to 1 it gathers telemetry as stated above. Set to 2, CRLite will enforce revocations in the CRLite filter, but still use OCSP if the CRLite filter does not indicate a revocation.  A future mode will permit CRLite-eligible certificates to bypass OCSP entirely, which is our ultimate goal.

Participating Certificate Authorities

Only public CAs within the Mozilla Root Program are eligible to be included, and CAs are automatically enrolled when they publish CRLs. If a CA stops publishing CRLs, or problems arise with their CRLs, they will be automatically excluded from CRLite filters until the situation is resolved.

As mentioned earlier, if a CA chooses not to log a certificate to a known Certificate Transparency log, then CRLite will not be used to perform revocation checking for that certificate.

Ultimately, we expect CAs to be very interested in participating in CRLite, as it could significantly reduce the cost of operating their OCSP infrastructure.

Listing Enrolled Certificate Authorities

The list of CAs currently enrolled is in our Intermediate Preloading data served via Firefox Remote Settings. In the FAQ for CRLite on Github, there’s information on how to download and process that data yourself to see what CAs revocations are included in the CRLite state.

Notably, Let’s Encrypt currently does not publish CRLs, and as such their revocations are not included in CRLite. The CRLite filters will increase in size as more CAs become enrolled, but the size increase is modeled to be modest.

Portion of the Web PKI Enrolled

Currently CRLite covers only a portion of the Web PKI as a whole, though a sizable portion: As-generated through roughly a period covering December 2019, CRLite covered approximately 100M certificates in the WebPKI, of which about 750k were revoked.

The whole size of the WebPKI trusted by Mozilla with any CRL distribution point listed is 152M certificates, so CRLite today includes 66% of the potentially-compatible WebPKI  [Censys.io]. The missing portion is mostly due to CRL downloading or processing errors which are being addressed. That said, approximately 300M additional trusted certificates do not include CRL revocation information, and are not currently eligible to be included in CRLite.

Data Sizes, Update Frequency, and the Future

CRLite promises substantial compression of the dataset; the binary form of all unexpired certificate serial numbers comprises about 16 GB of memory in Redis; the hexadecimal form of all enrolled and unexpired certificate serial numbers comprises about 6.7 GB on disk, while the resulting binary Bloom filter compresses to approximately 1.3 MB.

To ensure freshness, our initial target was to produce new filters four times per day, with Firefox users generally downloading small delta difference files to catch-up to the current filter. At present, we are not shipping delta files, as we’re still working toward an efficient delta-expression format.

Filter generation is a reasonably fast process even on modest hardware, with the majority of time being spent aggregating together all unexpired certificate serial numbers, all revoked serial numbers, and producing a final set of known-revoked and known-not-revoked certificate issuer-serial numbers (mean of 35 minutes). These aggregated lists are then fed into the CRLite bloom filter generator, which follows the process in Figure 2 (mean of 20 minutes).

 

For the most part, faster disks and more efficient (but not human-readable) file formats would speed this process up, but the current speeds are more than sufficient to meet our initial goals, particularly while we continue improving other aspects of the system.

Our next blog post in this series, Part 3, will discuss the telemetry results that our current users of Firefox Nightly are seeing, while Part 4 will discuss the design of the infrastructure.

The post The End-to-End Design of CRLite appeared first on Mozilla Security Blog.

Welcome to using WebMention, Jeremy. Still figuring out how to best use it myself with regard to how they get displayed on my site.

Like you I use WordPress, and I would love for mentions to display more like the old pingbacks, where you’d get a snippet from the mentioning site from around where it links to you. Now it mostly is ‘site x mentioned this.’ which makes me click to get a notion if it’s relevant.

On Webmention tweaks I documented some of the things I tried. The issue is that because the tweaks are in the Semantic Linkbacks plugin, not in the WP theme, you can only make those tweaks a permanent option if it gets rolled into the plugin (no such things as a child-plugin like with themes). And I’m not confident enough of my changes to figure out and try submitting them to the maintainers of the plugin.

Replied to Now supporting Webmention by Jeremy Felt

I think? If you know how to send a Webmention, please do so that I know it works!....I’ll need to do some spelunking to figure out how I want to display and style them

Foto Mercedes Benz

Ich habe mich selten so gut über die CES informiert gefühlt wie dieses Jahr, und dabei war ich noch nicht mal da. Ich meide Las Vegas und solche Monsterveranstaltung. Ich bin schlicht überfordert, den Wald zu erkennen, wenn ich zwischen den Bäumen stehe.

Wie jedes Jahr gab es jede Menge Science Fiction. Träume, die nicht wahr werden, Prototypen, die niemals zu Produkten werden und Ankündigungen, denen nichts folgt. Der große Star 2019, das aufrollende OLED-TV von LG, kam nie auf den Markt. Dieses Jahr gab es jede Menge biegsame Laptops als Konzept-Studien.

Unter all den Studien war auch ein richtiges Produkt, der ThinkPad X1 Fold, der tatsächlich Mitte des Jahres auf den Markt kommen soll. Und man kann sicher sein, dass Microsoft dann die Software noch nicht fertig hat, die man für solche Geräte braucht. Lenovo wird also irgendwas mit Windows 10 zaubern müssen, bis Microsoft sein Ei gelegt hat.

Software wird immer mehr zum Hemmschuh. Das iPhone 11 war fertig, weit bevor iOS 13 brauchbar war. Volkswagen produziert fließig ID.3 und schieb sie "dumm" auf den Hof. Wenn dann in ein paar Monaten die Software so weit fertig ist, dass man sie auf Kunden loslassen kann, dann werden Update-Trupps ausrücken, um die schon fertigen Autos mit Software nachzurüsten. Und es werden sicher viele Updates folgen, bis das alles ordentlich funktioniert.

Und das ist bereits ein großer Sprung vom jetzigen Stückwerk unserer Qualitätshersteller, die so viele verschiedene Systeme integrieren müssen. So sehr Tesla von Produktionsproblemen geplagt war, haben sie dennoch als einziger Hersteller eine voll integrierte Software-Plattform, die man "over the air" updaten kann.

Und Updates werden sehr schnell zum wichtigsten Thema überhaupt werden. Software ist viel liederlicher als Hardware. Einstürzende Brücken sind relativ selten. Passiert das doch mal, dann liegt es an fehlender Wartung oder massiver Überbelastung. Versagende Software aber kennen wir alle.

Ich habe es längst aufgegeben, mir Android-Hardware von Lenovo anzuschauen, weil man binnen einem oder maximal zwei Jahren von allen Updates abgeschnitten ist, während die gleiche Hardware mit Windows locker zehn Jahre weitergepflegt wird.

Und selbst dann hakt es auch dort oft an der Software. Lenovo macht nicht nur Studien, sondern baut auch innovative Produkte. Das Yoga Book zum Beispiel vereinte einen Bildschirm mit einem Wacom Digitizer, der auch eine Tastatur darstellen kann. Dummerweise verschluckt die auch Jahre später stets den ersten Tastaturanschlag. Das Yoga Book C930, nicht zu verwechseln mit dem Yoga C930, ergänzte den Digitizer um ein E-Ink-Display. Das wandert beim ThinkBook Plus auf die Außenseite. Damit hat man zwar innen eine sehr gute Hardware-Tastatur, aber man wird sehen müssen, wie gut die Software dieses E-Ink-Display versorgt. Ich bin neugierig, aber nicht optimistisch.

Man kann sehr viel bauen, aber man wird immer wieder durch die Software gebremst. Zwei neue Designs haben sich bei PCs in den letzten Jahren bewährt und wurden von vielen Herstellern nachgebaut: Das Lenovo Yoga Convertible mit 360-Grad-Scharnier und das Microsoft Surface Pro Detachable. So nützlich sie sind, so werden sie dennoch von Windows ausgebremst, das für die Tablet-Nutzung ohne Tastatur nicht viel taugt.

Es hängt immer an der Software.

Yes, I’m the geek at the cafe with a MacBook Pro, iPad, and iPhone out on the table and using all of ’em at once.

 

It’s nice to be able to see convergence. This time it is different lines of theatre, singing and music-making that come together in a Christmas story for the family gathering. We do have a long history of performances in the house and at group gatherings, but this time there was a qualitative jump that I’d like to capture.

The kids took several songs from the Christmas repertoire of their choir and made a story around them. They mixed cultural traditions from the Netherlands and Russia, acting as Father Christmas, his grandaughter Snegurochka and her daughter Snowflake, who was travelling with them for the first time to bring the presents. The storyline was of a problem-solving journey: their characters were trapped by the storm and to fly their carriage again little Snowflake had to learn how to sing. The kids made a script, prepared and packed the decorations and thought of what had to be adapted to perform in the house of their grandparents. After the end Alexander made round asking all members of the public for “tips and tops”.

Next to the performance I enjoyed seeing the traces of various things that our kids did over the years:

• Preparing countless group performances in the homeschooling group – small shows of different genres on the spot, shadow theatre, music and story videos – and having improvisation theatre intro with the adults.
• Singing in the choir, which comes not only with the repertoire of songs to use for the story, but also with the experience of repetitions, backstage and on stage together with adults and general public next to their parents. Last year Alexander had a chance to sing with a symphonic orchestra and the girls had an experience of singing for an evening Christmas concert for the first time, learning to deal with all that this entails.
• Working on the ins and outs of musical, acting practice and experience of improving in a group in their musical class.
• The culture of “making” in our (extended) family, where singing is part of life and something you share with friends, stories are made on the fly and performance can well be a present instead of a material object.

The post Musical in the making appeared first on Mathemagenic.

A brilliant small restaurant that explores the intersections of the Korean-American kitchen. Exquisite tempura rolls, superb stuffed mussels, Spanish mackerel that was at once smoky and charred and yet moist and succulent, and then a dish wonderfully rich beef. We lingered and loved it.

Cory Doctorow, BoingBoing, Jan 10, 2020

I don't know how much this is overstated and how much is awful truth. However, given everything a browser can do today, I would say that even without being locked out by vendors, it would be very difficult to create a new independent browser (thank goodness for Firefox). Anyhow, the culprit in the present story is the Encrypted Media Extensions, or EME, which is what enables companies like Netflix to offer secure videos. We covered EME in 2017. Though these are proprietary, the W3C agreed to make them a web standard three years ago. Fast-forward today and " Samuel Maddock has been trying to create a rival 'indie' browser, and has been to each of the EME DRM vendors and has been sent away by all of them."

Web: [Direct Link] [This Post]

Andreas Evers, InfoQ, Jan 10, 2020

I'm not (necessarily) going to recommend you view this presentation. It's here because reading it made my eyes roll - I recognized almost nothing in the title. I'd heard of 'continuous delivery' - that's where you continuously update your application or service using automation. But the rest? OK (takes breath). Spring is a framework for building applications in Java (Java is a programming language). Spinnaker is software that deploys applications to cloud services. Canary Analysis is a Google-supported system that evaluates prformance metrics to make sure the update was safe. You can use Spinnaker for automated Canary Analysis. And that's what this presentation is about.

Web: [Direct Link] [This Post]

U.S. Secretary of Transportation Elaine L. Chao to Deliver Keynote at CES 2020  Asian Journal News

David Wiley, iterating toward openness, Jan 10, 2020

David Wiley offers what appears at first to be a point of contact between his and my philosophy of open: "I am more interested in insuring that other people are able to do whatever they want or need to do with my content than I am concerned about making sure  they can only do what I want them to do with it." Yes, for me it has always been about enabling other people. The difference is that Wiley sees this as a relation between himself and the person reusing the content, while I see this as a relation between myself and all potential users of the content. I cannot give (say) one person the right to commercialize my content without harming everyone else who would use my content. If you allow something you could have prevented, then you are endorsing it - whether it be the freedom to express a view different from your own, or the freedom to take your content and prevent anyone else from viewing it.

Web: [Direct Link] [This Post]

A new Firefox update just rolled out, but you’ll want to check for updates again.

Mozilla has pushed out another update to patch a critical vulnerability in the desktop browser, and the company is urging users to upgrade as soon as possible.

However, Mozilla isn’t alone in the warning; the Canadian and U.S. governments have issued a warning about the flaw as well.

The Canadian Centre for Cyber Security posted an advisory noting that Mozilla released Firefox version 72.01 (or ESR 68.4.1 for some enterprise users), which addresses a critical ‘type confusion vulnerability.’ That vulnerability, according to the advisory, may allow for ‘out-of-bounds memory access’ that could lead to the execution of arbitrary code.

Further, the advisory states that Mozilla has detected that the vulnerability was exploited. It urges users and system administrators to review Mozilla’s security advisory and apply the necessary updates. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) echoed the concern in its advisory. CISA also warned that the exploit could allow attackers to take control of an affected system.

The Next Web reports that Chinese cybersecurity firm Qihoo 360 disclosed the zero-day exploit. Despite Mozilla acknowledging that attackers have exploited the vulnerability, it didn’t explain how attackers were doing so.

Unfortunately, Mozilla has had to deal with several exploits uncovered in Firefox this year. The Next Web notes that this is the third zero-day vulnerability in Firefox this year. Further, in November, the company rushed to patch a Firefox flaw that allowed attackers to lock up the browser with a frightening message that could be used to defraud users.

If you’re a Firefox user, you should definitely update your browser right away. The patch is available through version 72.0.1, or ESR 68.4.1 for some enterprise users. To update, click the three-line menu button in the top right corner of the browser, then click ‘Help’ > ‘About Firefox.’ That should open a window that will tell you which Firefox version you’re running and give you an option to restart the browser to apply the latest update.

Source: The Next Web

The post Canada, U.S. governments issue advisory for Firefox security flaw, urge update appeared first on MobileSyrup.

The iPhone 11 and the iPhone 11 Pro were the first smartphones to launch with ‘Ultra Wideband’ technology. Now, it seems that Android handsets will follow suit later this year, according to Barclays analysts, as first reported by MacRumors.

In a note reported by MacRumors, an analyst said that Android smartphones will get equipped with an all-in-one Ultra Wideband, NFC and Secure Element chip made by the Netherland-based company NXP Semiconductors. It’s unclear which Android smartphones will be the first to adopt this technology, but Samsung previously joined a consortium with NXP in order to help make the technology.

NXP’s tech is capable of unlocking doors when a device comes in proximity, and with the iPhone, it supports directional AirDrop allowing users to point their iPhone 11 at another iPhone to instantly share files.

Additionally, MacRumors previously uncovered details that indicated Apple is working on a Tile-like tracker in the iOS 13 coding. This device would support Ultra Wideband, according to well-known analyst Ming-Chi Kuo.

Source: MacRumors

The post Android smartphones to use Ultra Wideband chip later this year appeared first on MobileSyrup.

No. Usually. I get these requests all the time. And I am generous with free advice. Even so, how I respond is based on on where you land on two separate scales. How specific are you? “Can you help me with x?” is a lot different from “Can I pick your brain?” The more specific … Continued

The post “Can I pick your brain?” appeared first on without bullshit.