Linus Torvalds Calls Intel Patches 'Complete and Utter Garbage'

Found on Slashdot on Monday, 22 January 2018
Browse Software

Linus calls it "very much part of the whole 'this is complete garbage' issue. The whole IBRS_ALL feature to me very clearly says 'Intel is not serious about this, we'll have a ugly hack that will be so expensive that we don't want to enable it by default, because that would look bad in benchmarks'."

"The whole point of having cpuid and flags from the microarchitecture is that we can use those to make decisions. But since we already know that the IBRS overhead is huge on existing hardware, all those hardware capability bits are just complete and utter garbage. Nobody sane will use them, since the cost is too damn high."

Luckily Linus does not simply buy everything Intel's PR department releases. He would not make a good diplomat, but at least he knows what he is talking about.

Germany coalition talks: SPD backs talks with Merkel

Found on BBC News on Sunday, 21 January 2018
Browse Politics

Mrs Merkel's centre-right CDU and its Bavarian CSU ally have been unable to form a government since September's inconclusive election.

Initially the SPD ruled out governing with Mrs Merkel in charge again. But leader Martin Schulz changed his mind after CDU/CSU coalition talks with the liberal Free Democrats (FDP) and Greens broke down.

At least the politicians are not completely unable to act: NRW has decided to increase the parliamentary allowance by 90%.

Facebook shirks responsibility, says experts can't be trusted

Found on CNet News on Saturday, 20 January 2018
Browse Censorship

The man whose mission it is, this year, to fix Facebook would prefer you to do it for him.

Facebook will ask some questions about whether you think a certain publication is trustworthy, and then it will look at all the data it's collected from respondents.

Zuckerberg prefers to cede responsibility to Facebook's so-called community because it means the company itself doesn't have to take a meaningful stance.

Here is Zuckerberg saying that, well, we could have appointed a panel of experts who might have actual knowledge of this misinformation stuff but, nah, we'll ask anyone who'll answer our surveys.

It's simply cheaper to crowdsource it and let the "community" censor itself. Not only can FB save money, but in case anything goes wrong, it can blame the users.

Linking Is Not Copyright Infringement, Boing Boing Tells Court

Found on Torrentfreak on Friday, 19 January 2018
Browse Legal-Issues

With help from the EFF, Boing Boing argues that its article linking to an archive of hundreds of centerfold playmates is clearly fair use. Or else it will be "the end of the web as we know it," the blog warns.

“We’re asking the court to dismiss this deeply flawed lawsuit. Journalists, scientists, researchers, and everyday people on the web have the right to link to material, even copyrighted material, without having to worry about getting sued.”

Links are the basis of the Internet; if you are not happy with what they are pointing at, talk to the one hosting the target, not to whoever is just linking to it.

Google to Use Page Speed as Ranking Factor for Mobile Search

Found on eWEEK on Thursday, 18 January 2018
Browse Internet

Generally, websites with fast loading pages will get a higher ranking in search results than those of the same quality content but with slower page speeds. Google will apply the speed-ranking factor to all mobile pages regardless of the technology used to build the page.

More recently, the company began rolling out mobile-first indexing under which it has begun using the mobile version of a website's content first when indexing pages for search. Prior to the shift, Google's search engine crawlers looked at the desktop content first for site indexing.

Google needs to treat all versions of a website equally; websites need to load fast on mobile and desktop devices. That should make webmasters think before adding tons of external resources; some websites come with several dozens of trackers, and once you turn off Javascript those pages load an order of magnitude faster.

HTML5 may as well stand for Hey, Track Me Longtime 5. Ads can use it to fingerprint netizens

Found on The Register on Wednesday, 17 January 2018
Browse Internet

HTML5 is a boon for unscrupulous web advertising networks, which can use the markup language's features to build up detailed fingerprints of individual netizens without their knowledge or consent.

But what’s needed is a fundamental rethink, with features that ensure tracking-free browsing, just as private browsing doesn’t record session data on a local workstation. Some kind of warning, similar to the HTTPS icon, would also be useful.

Leaving tracking unpatched will end up as a risk for every Internet user.

Watching live TV can be hard, Amazon wants to make it easier

Found on CNet News on Tuesday, 16 January 2018
Browse Technology

Owners of Fire TV streaming devices can discover live programming on a new row called On Now that displays on their home page.

As Amazon points out, you have to subscribe to those services via Amazon Channels, a Prime benefit.

Sadly there will be lots of people who fall for this; not that one should feel sorry for them though.

Mozilla Tests Firefox "Tab Warming"

Found on Bleeping Computer on Monday, 15 January 2018
Browse Software

According to a description of the feature, Tab Warming will watch the user's mouse cursor and start "painting" content inside a tab whenever the user hovers his mouse over one.

Firefox will do this on the assumption the user wants to click and switch to view that tab and will want to keep a pre-rendered tab on hand if this occurs.

"For many cases, I don’t actually think tab warming will be very noticeable," Conley said. "In my experience, we’re able to render and upload the layers for most sites quickly enough for the difference to be negligible."

As the expert said, the gain is measured in milliseconds, but in some cases this will prevent users from viewing a blank or incompletely rendered page when switching tabs.

So Mozilla has decided to bloat its already vanishing browser with another useless feature that is they don't even consider noticeable. Great way to put another nail into the coffin of a once promising browser.

The Brutal Lifecycle of JavaScript Frameworks

Found on Stackoverflow on Sunday, 14 January 2018
Browse Software

JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development.

There was a time when jQuery was the darling of JavaScript tags on Stack Overflow, accounting for almost 8% of new questions. This picture quickly changed as AngularJS and later React were released, cannibalizing jQuery’s mindshare amongst the community. Then starting around 2016, there is a quick shift from AngularJS to Angular, which represents the subsequent versions (Angular 2+), as developers began to migrate to the latest and greatest flavors of the popular framework from Google.

So you develop your new shiney project with the latest hyped framework, only to get stuck next year when everybody moved on and (if you are really unlucky) the framework you picked has dropped dead. That means you have to spend extra time migrating to the now latest framework what usually leaves a lot of cruft behind. Rinse and repeat every year, and your code turns into a nightmare. The Javascript scene seems to be exceptionally good at taking the wrongest turns.

Incident report: npm, Inc. operations incident of January 6, 2018

Found on The npm Blog on Saturday, 13 January 2018
Browse Software

On Saturday, January 6, 2018, we incorrectly removed the user floatdrop and blocked the discovery and download of all 102 of their packages on the public npm Registry. Some of those packages were highly depended on, such as require-from-string, and removal disrupted many users’ installations.

However, during the time between discovery and restoration, other npm users published a number of new packages that used the names of deleted packages.

Seriously, relying on nm is the worst you can do. You open your software, and all the system it gets installed on, to extra attack vectors. Developing software does not mean that you copy and paste libraries from others together, along with some lines of glue which you picked up on some random forum; and if you need to include stupid deps like left-pad, you should be fired right on the spot. If you still think the npm idea is not that bad, this guy should help you understand how bad npm is.