RSS 생중계

'Pi VizuWall' Is a Beowulf Cluster Built With Raspberry Pi's

Slashdot - 1시간 50분 지남
Why would someone build their own Beowulf cluster -- a high-performance parallel computing prototype -- using 12 Raspberry Pi boards? It's using the standard Beowulf cluster architecture found in about 88% of the world's largest parallel computing systems, with an MPI (Message Passing Interface) system that distributes the load over all the nodes. Matt Trask, a long-time computer engineer now completing his undergraduate degree at Florida Atlantic University, explains how it grew out of his work on "virtual mainframes": In the world of parallel supercomputers (branded 'high-performance computing', or HPC), system manufacturers are motivated to sell their HPC products to industry, but industry has pushed back due to what they call the "Ninja Gap". MPI programming is hard. It is usually not learned until the programmer is in grad school at the earliest, and given that it takes a couple of years to achieve mastery of any particular discipline, most of the proficient MPI programmers are PhDs. And this, is the Ninja Gap -- industry understands that the academic system cannot and will not be able to generate enough 'ninjas' to meet the needs of industry if industry were to adopt HPC technology. As part of my research into parallel computing systems, I have studied the process of learning to program with MPI and have found that almost all current practitioners are self-taught, coming from disciplines other than computer science. Actual undergraduate CS programs rarely offer MPI programming. Thus my motivation for building a low-cost cluster system with Raspberry Pis, in order to drive down the entry-level costs. This parallel computing system, with a cost of under $1000, could be deployed at any college or community college rather than just at elite research institutions, as is done [for parallel computing systems] today. The system is entirely open source, using only standard Raspberry Pi 3B+ boards and Raspbian Linux. The version of MPI that is used is called MPICH, another open-source technology that is readily available. But there's an added visual flourish, explains long-time Slashdot reader iamacat. "To visualize computing, each node is equipped with a servo motor to position itself according to its current load -- lying flat when fully idle, standing up 90 degrees when fully utilized." Its data comes from the /proc filesystem, and the necessary hinges for this prototype were all generated with a 3D printer. "The first lesson is to use CNC'd aluminum for the motor housings instead of 3D-printed plastic," writes Trask. "We've seen some minor distortion of the printed plastic from the heat generated in the servos."

Read more of this story at Slashdot.

카테고리:

'How the Boeing 737 Max Disaster Looks to a Software Developer'

Slashdot - 4시간 50분 지남
Slashdot reader omfglearntoplay shared this article from IEEE's Spectrum. In "How the Boeing 737 Max Disaster Looks to a Software Developer," pilot (and software executive) Gregory Travis argues Boeing tried to avoid costly hardware changes to their 737s with a flawed software fix -- specifically, the Maneuvering Characteristics Augmentation System (or MCAS): It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs, including the opposite angle-of-attack sensor, in the computer's determination of an impending stall. As a lifetime member of the software development fraternity, I don't know what toxic combination of inexperience, hubris, or lack of cultural understanding led to this mistake. But I do know that it's indicative of a much deeper problem. The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it. So Boeing produced a dynamically unstable airframe, the 737 Max. That is big strike No. 1. Boeing then tried to mask the 737's dynamic instability with a software system. Big strike No. 2. Finally, the software relied on systems known for their propensity to fail (angle-of-attack indicators) and did not appear to include even rudimentary provisions to cross-check the outputs of the angle-of-attack sensor against other sensors, or even the other angle-of-attack sensor. Big strike No. 3... None of the above should have passed muster. None of the above should have passed the "OK" pencil of the most junior engineering staff... That's not a big strike. That's a political, social, economic, and technical sin... The 737 Max saga teaches us not only about the limits of technology and the risks of complexity, it teaches us about our real priorities. Today, safety doesn't come first -- money comes first, and safety's only utility in that regard is in helping to keep the money coming. The problem is getting worse because our devices are increasingly dominated by something that's all too easy to manipulate: software.... I believe the relative ease -- not to mention the lack of tangible cost -- of software updates has created a cultural laziness within the software engineering community. Moreover, because more and more of the hardware that we create is monitored and controlled by software, that cultural laziness is now creeping into hardware engineering -- like building airliners. Less thought is now given to getting a design correct and simple up front because it's so easy to fix what you didn't get right later. The article also points out that "not letting the pilot regain control by pulling back on the column was an explicit design decision. Because if the pilots could pull up the nose when MCAS said it should go down, why have MCAS at all? "MCAS is implemented in the flight management computer, even at times when the autopilot is turned off, when the pilots think they are flying the plane."

Read more of this story at Slashdot.

카테고리:

'Some Cheers, A Few Sneers For Google's URL Solution For AMP'

Slashdot - 6시간 50분 지남
The Verge explains what all the commotion is about: AMP stands for "Accelerated Mobile Pages," and you've probably noticed that those pages load super quickly and usually look much simpler than regular webpages. You may have also noticed that the URL at the top of your browser started with "www.google.com/somethingorother" instead of with the webpage you thought you were visiting. Google is trying to fix that by announcing support for something called "Signed Exchanges." What it should mean is that when you click on one of those links, your URL will be the original, correct URL for the story. Cloudflare is joining Google in supporting the standard for customers who use its services. In order for this thing to work, every step in the chain of technologies involved in loading the AMP format has to support Signed Exchanges, including your browser, the search engine, and the website that published the link. Right now, that means the URL will be fixed only when a Chrome browser loads a Google search link to a published article that has implemented support. Mozilla'a official position on signed exchanges is they're "harmful," arguing in a 51-page position paper that there's both security and privacy considerations. Pierre Far, a former Google employee, posted on Twitter that the change "breaks many assumptions about how the web works," and that in addition, "Google is acting too quickly. Other browsers and internet stakeholders have well-founded concerns, and the correct mechanism to address them is the standardization process. Google skipped all that. Naughty." Jeffrey Yaskin, from Chrome's web platform team, even acknowledged that criticism with a tweet of his own. "I think it's fair to say we're pushing it. The question is our motives, which I claim is to improve the web rather than to 'all your base' it, but I would say that either way." Search Engine Land cited both tweets, and shared some concerns of their own. "The compromise we have to consider before getting on board with Signed HTTP Exchanges is whether we're willing to allow a third party to serve up our content without users being able to tell the difference. "If we, as digital marketers, want to influence the conventions of our future work environment, we'll have to decide if the gains are enough to disrupt long-standing assumptions of how websites are delivered. If so, we'll also have to cede the ability to judge user intent over to Google and swallow the fact that it skipped over the standardization process to implement a process that one of its own created."

Read more of this story at Slashdot.

카테고리:

Smoke 'Seen For Miles' as SpaceX Crew Dragon Suffers Anomaly at Cape Canaveral

Slashdot - 7시간 43분 지남
An anonymous reader quotes Florida Today: A SpaceX Crew Dragon capsule suffered an anomaly during a routine test fire at Cape Canaveral Air Force Station Saturday afternoon, the 45th Space Wing confirmed today. "On April 20, 2019, an anomaly occurred at Cape Canaveral Air Force Station during the Dragon 2 static test fire," Wing Spokesman Jim Williams told FLORIDA TODAY. "The anomaly was contained and there were no injuries." SpaceX's Crew Dragon, also referred to as Dragon 2, is designed to take humans to the International Space Station and successfully flew for the first time in March. The company was planning to launch a crewed version of the spacecraft no earlier than July, but was also planning an in-flight abort test, or a demonstration of its life-saving abort capabilities, sometime before then. That reporter has now also tweeted an official statement from SpaceX. "Earlier today, SpaceX conducted a series of engine tests on a Crew Dragon test vehicle on our test stand at Landing Zone 1 in Cape Canaveral. The initial tests completed successfully but the final test resulted in an anomaly on the test stand. "Ensuring that our systems meet rigorous safety standards and detecting anomalies like this prior to flight are the main reasons why we test. Our teams are investigating and working closely with our NASA partners."

Read more of this story at Slashdot.

카테고리:

Erlang Creator Joe Armstrong Has Died

Slashdot - 8시간 50분 지남
Rogers Cadenhead (Slashdot reader #4,482) writes: Joe Armstrong, the computer scientist best known as one of the creators of the Erlang programming language, died Saturday. Erlang Solutions founder Francesco Cesarini shared the news on Twitter and said, "His work has laid the foundation which will be used by generations to come. RIP @joeerl, thank you for inspiring us all." Erlang was created by Armstrong, Robert Virding and Mike Williams at the Ericsson telecom company in 1986 and became open source 12 years later. It is known for functional programming, immutable data, code hot-swapping and systems that require insanely high levels of availability. In another Tweet, Cesarini asks people to share their own memories of Armstrong -- " funny, enlightening or plain silly." And Ulf Wiger, who describes himself as an Erlang old-timer, remembered giving a talk about how to avoid projects dominated by mediocrity. "I used Joe as an example of a 'brilliant developer, but hard to fit into a regular project.'" Joe had replied, "I am very EASY to fit into regular projects! It's just that so few projects are regular..."

Read more of this story at Slashdot.

카테고리:

The CIA Accuses Huawei Of Being Secretly Funded By China's State Intelligence

Slashdot - 9시간 50분 지남
"U.S. intelligence has accused Huawei Technologies of being funded by Chinese state security, The Times said on Saturday." Long-time Slashdot reader hackingbear shares a story from Reuters: The CIA accused Huawei of receiving funding from China's National Security Commission, the People's Liberation Army and a third branch of the Chinese state intelligence network, the British newspaper reported, citing a source. Earlier this year, U.S. intelligence shared its claims with other members of the Five Eyes intelligence-sharing group, which includes Britain, Australia, Canada and New Zealand, according to the report... The accusation comes at a time of trade tensions between Washington and Beijing and amid concerns in the United States that Huawei's equipment could be used for espionage. The company has said the concerns are unfounded... top educational institutions in the West have recently severed ties with Huawei to avoid losing federal funding.

Read more of this story at Slashdot.

카테고리:

An Interstellar Meteor May Have Hit Earth

Slashdot - 10시간 50분 지남
Two Harvard researchers believe a small meteor that struck earth in 2014 was from another solar system, saying it's "like getting a message in a bottle from a distant location." CNN reports: Dr. Abraham Loeb, the chair of the Department of Astronomy at Harvard University, and his co-author Amir Siraj, studied the velocity of objects entering the Earth's atmosphere, which can be used to predict whether the object was traveling in relation to our sun's orbit... Of the three fastest objects on record, the fastest was clearly bound to our sun. The third-fastest couldn't be clearly categorized. But the second-fastest, Loeb says, bore all the hallmarks of being literally out of this solar system. "At this speed, it takes tens of thousands of years for a object to move from one star to another," he says. Since they don't know exactly where it originated, they can't say exactly how old it is, but it could be downright ancient. "To cross the galaxy it would take hundreds of millions of years." Of all of the possibilities wrapped up in this relatively small object, perhaps the most exciting is the idea that, theoretically, interstellar objects could carry life from other solar systems. "Most importantly, there is a possibility that life could be transferred between stars," Loeb says. "In principle, life could survive in the core of a rock. Either bacteria, or tardigrades (a microscopic, water-dwelling animal); they can survive harsh conditions in space and arrive right to us..." [A]lthough the object detailed in this paper is the first recorded interstellar meteor to hit Earth, the study estimates such objects enter earth's atmosphere every ten years or so, which means there could be a million different interstellar objects floating around our solar system, just waiting to be examined.

Read more of this story at Slashdot.

카테고리:

Canada Civil Liberties Group Argues Toronto Shouldn't Be 'Google's Lab Rat'

Slashdot - 11시간 50분 지남
"A civil liberties group in Canada is suing three tiers of government over potential privacy issues posed by Sidewalk Labs's plan to develop a 12-acre smart city in Toronto, which will be approved or denied later this summer," reports Fast Company. The fight centers around a taxpayer-funded organization jointly created by the federal, provincial, and municipal governments: The Canadian Civil Liberties Association claims that Waterfront Toronto, let alone Sidewalk Labs, doesn't have the jurisdiction to make rules about people's privacy. The government "sold out our constitutional rights to freedom from surveillance and sold it to the global surveillance mammoth of behavioral data collection: Google," said Michael Bryant, the executive director and general counsel of the CCLA, in a press conference.... "Our job at the Canadian Civil Liberties Association is to say to all three levels of government that Canadians should not be Google's lab rat. This lab needs to be shut down and reset...." Ann Cavoukian, the former Information and Privacy Commissioner for the Canadian province of Ontario who joined the project early, quit in October 2018. The reason? Sidewalk Labs had decided not to require that all data collected by third parties in the development be instantly de-identified at the source, which would mean that sensitive data like people's faces or license plates could still potentially be used for corporate profit. "I knew the smart city of privacy wasn't going to happen," she says. "That's why I resigned: I said, I can't go along with it...." "If I was still involved, I'd want more decentralized models of data where the individual could truly retain control of the data," she says, citing a new, privacy-centric model from the web's father, Tim Berners-Lee, to decentralize the web and take back control from the corporations that run it. In a statement Sidewalk Labs said they favor a data trust run by an independent third party partnering with the government to benefit the community and "spur innovation and investment" while protecting privacy. "Sidewalk Labs fully supports a robust and healthy discussion regarding privacy, data ownership, and governance. But this debate must be rooted in fact, not fiction and fear-mongering." But the CCLA's web site argues that unlawful surveillance "is wrong whether done by data profiteers or the state." The article also quotes their general counsel's complaint that the government has "outsourced our privacy rights and the supervision of our privacy rights and our surveillance to the very company that's doing the surveillance."

Read more of this story at Slashdot.

카테고리:

Corporate Surveillance: When Employers Collect Data on Their Workers

Slashdot - 12시간 50분 지남
An anonymous reader quotes CNBC: The emergence of sensor and other technologies that let businesses track, listen to and even watch employees while on company time is raising concern about corporate levels of surveillance... Earlier this year, Amazon received a patent for an ultrasonic bracelet that can detect a warehouse worker's location and monitor their interaction with inventory bins by using ultrasonic sound pulses. The system can track when and where workers put in or remove items from the bins. An Amazon spokesperson said the company has "no plans to introduce this technology" but that, if implemented in the future, could free up associates' hands, which now hold scanners to check and fulfill orders. Walmart last year patented a system that lets the retail giant listen in on workers and customers. The system can track employee "performance metrics" and ensure that employees are performing their jobs efficiently and correctly by listening for sounds such as rustling of bags or beeps of scanners at the checkout line and can determine the number of items placed in bags and number of bags. Sensors can also capture sounds from guests talking while in line and determine whether employees are greeting guests. Walmart spokesman Kory Lundberg said the company doesn't have any immediate plans to implement the system. Logistics company UPS has been using sensors in their delivery trucks to track usage to make sure drivers are wearing seat belts and maintenance is up to date. Companies are also starting to analyze digital data, such as emails and calendar info, in the hopes of squeezing more productivity out of their workers. Microsoft's Workplace Analytics lets employers monitor data such as time spent on email, meeting time or time spent working after hours. Several enterprises, including Freddie Mac and CBRE, have tested the system. A senior staff attorney for the EFF argues that new consumer privacy laws may not apply to employees. The article also cites a recent survey by Accenture in which 62% of executives "said their companies are using new technologies to collect data on people -- from the quality of work to safety and well-being" -- even though "fewer than a third said they feel confident they are using the data responsibly." Yet the leader of Accenture's talent and organization practice argues that workforce data "could boost revenue by 6.4%. This has encouraged workers to be open to responsible use of data, but they want to know that they will get benefits and return on their time."

Read more of this story at Slashdot.

카테고리:

America Reports Its First Cases of A Fungus Resistant To All Major Drugs

Slashdot - 13시간 50분 지남
An anonymous reader quotes the New York Times: About 90 percent of C. auris strains are resistant to at least one drug, and 30 percent are resistant to two or more of the three major classes of antifungal drugs. However, on Tuesday, the C.D.C. confirmed that it has learned in the last month of the first known cases in the United States of so-called "pan-resistant" C. auris -- a strain resistant to all major antifungals, said Dr. Tom Chiller, head of the agency's fungal division, in an interview. Such cases have been seen in several countries, including India and South Africa, but the two new cases, from New York State, have not been reported previously. Dr. Chiller said that it appeared that, in each case, the germ evolved during treatment and became pan-resistant, confirming a fear that the infection will continue to develop more effective defenses. "It's happening and it's going to happen," Dr. Chiller said. "That's why we need to remain vigilant and rapidly identify and control these infections." It often has been hard to gather details about the path of C. auris because hospitals and nursing homes have been unwilling to publicly disclose outbreaks or discuss cases, creating a culture of secrecy around the infection. States have kept confidential the locations of hospitals where outbreaks have occurred, citing patient confidentiality and a risk of unnecessarily scaring the public. In an interview with CBS News, the reporter stressed that while this was a serious issue, especially in hospitals, it's not yet a threat to the general public: "The people who are susceptible are people with weakened immune systems, the infirm, older folks in hospitals," Matt Richtel said. "So let me put the finest possible point on this: the general public walking down the street [is] not going to be felled by this. You're not gonna get it walking to Walmart. You're not going to get it in your house."

Read more of this story at Slashdot.

카테고리:

New Device Treats Childhood ADHD With Electric Pulses To Their Foreheads While They Sleep

Slashdot - 14시간 50분 지남
An anonymous reader quotes CNN: The first medical device to treat childhood attention deficit hyperactivity disorder, or ADHD, was OK'd Friday by the U.S. Food and Drug Administration. Designated for children ages 7 to 12 who are not currently on medication for the disorder, the device delivers a low-level electrical pulse to the parts of the brain responsible for ADHD symptoms.... The pocket-sized device is connected by wire to a small adhesive patch placed on the child's forehead above the eyebrows. Designed to be used at home while sleeping, it delivers a "tingling" electrical stimulation to branches of the cranial nerve that delivers sensations from the face to the brain. A clinical trial of 62 children showed that the Monarch external Trigeminal Nerve Stimulation System increases activity in the regions of the brain that regulate attention, emotion and behavior, all key components of ADHD. Compared to a placebo, children using the device had statistically significant improvement in their ADHD symptoms, the FDA said, although it could take up to four weeks to see improvement. Authors of the clinical trial called for additional research to examine if the response to treatment will last over time, and its potential impact on brain development with prolonged use.... The device was previously approved for the treatment of epilepsy and depression in Europe and Canada. Studies at UCLA found the stimulation decreased seizure activity by inhibiting overactive neurons in one section of the brain, while stimulating blood flow in the areas that control mood, attention and executive function. CNN reports that the manufacturer's web site says the device costs around $1,000 -- and is not covered by insurance. The FDA added that common side effects could include headache, teeth clenching, and trouble sleeping (as well as fatigue and sleepiness).

Read more of this story at Slashdot.

카테고리:

CVE-2019-11378

Latest 7 days CVE Lists - 14시간 55분 지남
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.

CVE-2019-11372

Latest 7 days CVE Lists - 14시간 55분 지남
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

CVE-2019-11373

Latest 7 days CVE Lists - 14시간 55분 지남
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.

CVE-2019-11374

Latest 7 days CVE Lists - 14시간 55분 지남
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.

CVE-2019-11375

Latest 7 days CVE Lists - 14시간 55분 지남
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

CVE-2019-11376

Latest 7 days CVE Lists - 14시간 55분 지남
** DISPUTED ** SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own."

CVE-2019-11377

Latest 7 days CVE Lists - 14시간 55분 지남
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

Weekend stable kernel updates

lwn.net - 토, 2019/04/20 - 11:50오후
The 5.0.9, 4.19.36, 4.14.113, and 4.9.170 stable kernel updates have all been released. These moderately large updates contain yet another set of important fixes.
카테고리:

'Incognito Mode' Isn't Really Private. Try Browser Compartmentalization

Slashdot - 토, 2019/04/20 - 11:34오후
tedlistens writes: One of the most common techniques people think can help hide their activity is the use of an "incognito" mode in a browser," writes Michael Grothaus at Fast Company. But "despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer -- not the web. Just because you are using incognito mode, that doesn't mean your ISP and sites like Google, Facebook, and Amazon can't track your activity." However, there's still a way to brew your own, safer "incognito mode." It's called browser compartmentalization. Grothaus writes: "The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity. Specifically, the article recommends one browser for sites you need to log into, and another for random web surfing and any web searches. "By splitting up your web activity between two browsers, you'll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to." It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. "As for Chrome: It's made by Google, whose sole aim is to know everything you do online, so it's probably best to stay away from Chrome if you value your privacy." The article is part of a series titled "The Privacy Divide," which explores "misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society."

Read more of this story at Slashdot.

카테고리:

페이지

KLDP 수집기 구독하기