A New Website Backed By Al Gore Tracks Big Polluters By Name

A new global tracker created by the nonprofit Climate Trace is helping to make clear exactly where major greenhouse gas emissions are originating. According to NPR, the interactive map “uses a combination of satellites, sensors and machine learning to measure the top polluters worldwide.” From the report: It observes how much greenhouse gases — carbon dioxide, methane and nitrous oxide — are being emitted at specific locations, such as power plants and oil refineries. Former Vice President Al Gore, who is a founding member of the initiative, said it is meant to serve as a more reliable and accurate alternative to companies self-reporting their emissions estimates. “Cheating is impossible with this artificial intelligence method, because they would have to somehow falsify multiple sets of data,” he told NPR’s Michel Martin on All Things Considered.

The emissions tool employs over 300 satellites; sensors on land, planes and ships; as well as artificial intelligence to build models of emission estimates. Right now, it tracks about 72,000 of the highest emitting greenhouse gas sources. That includes every power plant, large ship and large plane in the entire world, Gore said. And that’s just the beginning. By next year, Gore hopes to be tracking millions of major emitting sites. “We will have essentially all of them,” he said. Gore said 75% of the world’s greenhouse emissions come from countries that have made pledges to become carbon-neutral by 2050. “Now that they know exactly where it’s coming from, they have tools that will enable them to reduce their emissions,” he told NPR.

He added that the database, which is free and accessible online, can help inform countries about how much pollution is being emitted by the companies they are working with or considering working with. It is not enough for companies to self-report, he said. For instance, Climate Trace found that the oil and gas industry has been significantly underreporting its emissions. That doesn’t mean companies were intentionally cheating, Gore added. However, he said underreporting prevents governments and the public from staying on track with their net-zero pledge. Six regional governments in Mexico, Europe and Africa have already entered into working agreements for using the tool, Gore said.

Read more of this story at Slashdot.

Seagate Announces Dual-Actuator MACH.2 Drive – and Star Wars, Black Panther Themed Drives

An anonymous reader writes that Seagate Technology has launched its second generation dual actuator MACH.2 series hard drives. “Computing power, storage capacities, and storage performance: all must continue moving forward in order for technology innovators to solve humanity’s greatest challenges,” boasts Seagate’s page for the drives:

MACH.2 is the world’s first multi-actuator hard drive technology, containing two independent actuators that transfer data concurrently. MACH.2 solves the need for increased performance by enabling parallelism of data flows in and out of a single hard drive. By allowing the data center host computer to request and receive data from two areas of the drive simultaneously, MACH.2 doubles the IOPS performance of each individual hard drive…. MACH.2 provides up to 2x performance — with two independent actuators and data paths, it enables concurrent I/O streams to and from the host.
Seagate claims it offers “optimal latency” by improving sequential peformance to double data transfer rates over single-actuator drives.
And in other news, Seagate is selling hard drives with commemorative Star Wars themes, including the Mandalorian drive, the Grogu drive, and the Boba Fett drive. (It’s in addition to Seagate’s officially licensed external drive for God of War Ragnarök — optimised for PS4 and PS5, delivering “the ability to play PS4 games directly from the drive.”) Seagate also made drives commemorating Marvel’s Avengers and Spider-Man, and now has new drives for Marvel’s Black Panther: Wakanda Forever .

Read more of this story at Slashdot.

Douglas Adams was Right. Science Journal Proves 42 Is the Address of the Universe

Slashdot reader Informativity writes: First published in Jan. ’21, a new publication entitled Measurement Quantization affirms the #42 is the address of our universe (Appx. AC), a distinguishing feature of our construct that ultimately answers the question to life, the universe and everything – from a physicist’s point-of-view. Importantly, the International Journal of Geometric Methods in Modern Physics – is a top-tier journal indexed to NASA’s Astronomical Data System (ADS), the after peer review version of arXiv.org. With just over 500 equations, the paper resolves a comprehensive physical description of dark energy, dark matter, discrete gravity, and unification. Resolving over 30 outstanding problems in modern physics, the paper derives the physical constants from first principles, demonstrates the physical significance of Planck’s units, resolves discrete versions of SR and GR, derives the equivalence principle, presents a parameter free description of early universe events, discovers a new form of length contraction not related to Einstein’s relativity and identifies the discrete state of our universe – 42. Forty-two is what defines our universe from any other version of a universe. It also determines the rate of expansion and the ground state orbital of an atom, thus reducing the number of stable universes as we understand them to just a few. So, while Douglas Adams may have just been randomly picking numbers when writing Hitchhiker’s Guide to the Galaxy, perhaps we also live in a universe that likes to humor itself.

Read more of this story at Slashdot.

Survey of 26K Developers Finds Java, Python, Kotlin, and Rust Growing Rapidly

While the popularity of jQuery is decreasing, React.JS “is currently the most widely used client-side framework,” reports ZDNet, citing SlashData’s 23rd State of the Developer Nation report (compiled from more than 26,000 developers last summer from 163 countries).

ZDNet believe it shows developers “experimenting less and sticking with what they know and what works.”

JavaScript remains the largest programming language community, SlashData found. According to its research, there are an estimated 19.6 million developers worldwide using JavaScript every day in everything from web development and mobile apps to backend coding, cloud and game design. Java, meanwhile, is growing rapidly. In the last two years, the size of the Java community has more than doubled from 8.3 million to 16.5 million, SlashData found. For perspective, the global developer population grew about half as fast over the same period….

Python also continued to grow strongly, adding about eight million new developers over the last two years, according to SlashData. It accredited the rise of data science and machine learning as “a clear factor in Python’s growing popularity”. Approximately 63% of machine-learning developers and data scientists report using Python, whereas less than 15% use R, another programming language often associated with data science.

Both the Kotlin and Rust communities doubled in size in the past two years, the article points out. But according to the survey, only 9% of developers were involved in blockchain technologies.

Yet 27% of respondents reported they were learning about (if not currently working on) cryptocurrency-based projects. ZDNet summarizes the findings:

Of the three blockchain technologies covered in the report, non-fungible tokens (NFTs) were found to be of least interest to developers: 58% showed “no interest” in NFTs, which SlashData said was “likely due to its perception as a novelty”.

The report found that one-quarter (25%) of developers currently work on, or are learning about, blockchain applications other than cryptocurrencies.

Read more of this story at Slashdot.

Aaron Swartz Day Commemorated With International Hackathon

Long-time Slashdot reader destinyland shares this announcement from the EFF’s DeepLinks blog:

This weekend, EFF is celebrating the life and work of programmer, activist, and entrepreneur Aaron Swartz by participating in the 2022 Aaron Swartz Day and Hackathon. This year, the event will be held in person at the Internet Archive in San Francisco on Nov. 12 and Nov. 13. It will also be livestreamed; links to the livestream will be posted each morning.

Those interested in attending in-person or remotely can register for the event here.

Aaron Swartz was a digital rights champion who believed deeply in keeping the internet open. His life was cut short in 2013, after federal prosecutors charged him under the Computer Fraud and Abuse Act (CFAA) for systematically downloading academic journal articles from the online database JSTOR. Facing the prospect of a long and unjust sentence, Aaron died by suicide at the age of 26….

Those interested in working on projects in Aaron’s honor can also contribute to the annual hackathon, which this year includes several projects: SecureDrop, Bad Apple, the Disability Technology Project (Sat. only), and EFF’s own Atlas of Surveillance. In addition to the hackathon in San Francisco, there will also be concurrent hackathons in Ecuador, Argentina, and Brazil. For more information on the hackathon and for a full list of speakers, check out the official page for the 2022 Aaron Swartz Day and Hackathon.
Speakers this year include Chelsea Manning and Cory Doctorow, as well as Internet Archive founder Brewster Kahle, EFF executive director Cindy Cohn, and Creative Commons co-founder Lisa Rein.

Read more of this story at Slashdot.

How Close Was America’s FBI to Deploying Pegasus Spyware?

In a statement in February, America’s Federal Bureau of Investigation “confirmed that it obtained NSO Group’s powerful Pegasus spyware” back in 2019, reported the Guardian. At the time the FBI added that “There was no operational use in support of any investigation, the FBI procured a limited licence for product testing and evaluation only.”

“But dozens of internal F.B.I. documents and court records tell a different story,” the New York Times reported today:
The documents, produced in response to a Freedom of Information Act lawsuit brought by The New York Times against the bureau, show that F.B.I. officials made a push in late 2020 and the first half of 2021 to deploy the hacking tools — made by the Israeli spyware firm NSO — in its own criminal investigations. The officials developed advanced plans to brief the bureau’s leadership, and drew up guidelines for federal prosecutors about how the F.B.I.’s use of hacking tools would need to be disclosed during criminal proceedings. It is unclear how the bureau was contemplating using Pegasus, and whether it was considering hacking the phones of American citizens, foreigners or both. In January, The Times revealed that F.B.I. officials had also tested the NSO tool Phantom, a version of Pegasus capable of hacking phones with U.S. numbers.

The F.B.I. eventually decided not to deploy Pegasus in criminal investigations in July 2021, amid a flurry of stories about how the hacking tool had been abused by governments across the globe. But the documents offer a glimpse at how the U.S. government — over two presidential administrations — wrestled with the promise and peril of a powerful cyberweapon. And, despite the F.B.I. decision not to use Pegasus, court documents indicate the bureau remains interested in potentially using spyware in future investigations. “Just because the F.B.I. ultimately decided not to deploy the tool in support of criminal investigations does not mean it would not test, evaluate and potentially deploy other similar tools for gaining access to encrypted communications used by criminals,” stated a legal brief submitted on behalf of the F.B.I. late last month….

The specifics of why the bureau chose not to use Pegasus remain a mystery, but American officials have said that it was in large part because of mounting negative publicity about how the tool had been used by governments around the world.

The Times also notes two responses to their latest report. U.S. Senator Ron Wyden complained the FBI’s earlier testimony about Pegasus was incomplete and misleading, and that the agency “owes Americans a clear explanation as to whether the future operational use of NSO tools is still on the table.”

But an F.B.I. spokeswoman said “the director’s testimony was accurate when given and remains true today — there has been no operational use of the NSO product to support any FBI investigation.”

Thanks to long-time Slashdot reader crazyvas for suggesting the story.

Read more of this story at Slashdot.

Stack Overflow CEO Shares Plans for Certification Programs, Opinions on No-Code Programming

“We serve about 100 million monthly visitors worldwide,” says the CEO of Stack Overflow, “making us one of the most popular websites in the world. I think we are in the top 50 of all websites in the world by traffic.”

In a new interview, he says the site’s been accessed about 50 billion times over the past 14 years — and then shares his thoughts on the notion that programmers could be replaced by no-code, low-code, or AI-driven pair programming:

A: Over the years, there have many, many tools, trying to democratize software development. That’s a very positive thing. I actually love the fact that programming is becoming easier to do with these onramps. I was speaking at Salesforce recently, and they’ve got people in sales organizations writing workflows, and that’s low code. You’ve got all these folks who are not software engineers that are creating their own automations and applications.

However, there is this trade-off. If you’re making software easier to build, you’re sacrificing things like customizability and a deeper understanding of how this code actually works. Back in the day, you might remember Microsoft FrontPage [an early HTML web page editor] as an example of that. You were limited to certain basic things, but you could get web work done. So similarly, these tools will work for general use cases. But, if they do that, without learning the fundamental principles of code, they will inevitably have some sort of a limit. For example, having to fix something that broke, I think they’re going to be really dumbfounded.

Still, I think it’s important, and I’m a believer. It’s a great way to get people engaged, excited, and started. But you got to know what you’re building. Access to sites like Stack Overflow help, but with more people learning as they’re building, it’s essential to make learning resources accessible at every stage of their journey….

Q: Is Stack Overflow considering any kind of certification? Particularly, as you just mentioned, since it’s so easy now for people to step in and start programming. But then there’s that big step from “Yes, I got it to work,” but now “I have to maintain it for users using it in ways I never dreamed of.”

A: “It’s very much part of our vision for our company. We see Stack Overflow going from collective knowledge to collective learning. Having all the information is fine and dandy, but are you learning? Now, that we’re part of Prosus’s edtech division, we’re very much looking forward to offering educational opportunities. Just as today, we can get knowledge to developers at the right place and time, we think we can deliver learning at just the right place and time. We believe we can make a huge impact with education and by potentially getting into the certification game.

Q: Some of the open-source nonprofits are moving into education as well. The Linux Foundation, in particular, has been moving here with the LF Training and Certification programs. Are you exploring that?

A: This is very much part of our vision….

Stack Overflow’s CEO adds that the site’s hot topics now include blockchain, machine learning, but especially technical cloud questions, “rising probably about 50% year over year over the past 10 years…. Related to this is an increase in interest in containerization and cloud-native services.”

Read more of this story at Slashdot.

Wired Hails Rust as ‘the Viral Secure Programming Language That’s Taking Over Tech’

A new article from Wired calls Rust “the ‘viral’ secure programming language that’s taking over tech.”
“Rust makes it impossible to introduce some of the most common security vulnerabilities. And its adoption can’t come soon enough….”

[A] growing movement to write software in a language called Rust is gaining momentum because the code is goof-proof in an important way. By design, developers can’t accidentally create the most common types of exploitable security vulnerabilities when they’re coding in Rust, a distinction that could make a huge difference in the daily patch parade and ultimately the world’s baseline cybersecurity….

[B]ecause Rust produces more secure code [than C] and, crucially, doesn’t worsen performance to do it, the language has been steadily gaining adherents and now is at a turning point. Microsoft, Google, and Amazon Web Services have all been utilizing Rust since 2019, and the three companies formed the nonprofit Rust Foundation with Mozilla and Huawei in 2020 to sustain and grow the language. And after a couple of years of intensive work, the Linux kernel took its first steps last month to implement Rust support. “It’s going viral as a language,” says Dave Kleidermacher, vice president of engineering for Android security and privacy. “We’ve been investing in Rust on Android and across Google, and so many engineers are like, ‘How do I start doing this? This is great’….”

By writing new software in Rust instead, even amateur programmers can be confident that they haven’t introduced any memory-safety bugs into their code…. These types of vulnerabilities aren’t just esoteric software bugs. Research and auditing have repeatedly found that they make up the majority of all software vulnerabilities. So while you can still make mistakes and create security flaws while programming in Rust, the opportunity to eliminate memory-safety vulnerabilities is significant….

“Yes, it’s a lot of work, it will be a lot of work, but the tech industry has how many trillions of dollars, plus how many talented programmers? We have the resources,” says Josh Aas, executive director of the Internet Security Research Group, which runs the memory-safety initiative Prossimo as well as the free certificate authority Let’s Encrypt. “Problems that are merely a lot of work are great.”

Here’s how Dan Lorenc, CEO of the software supply-chain security company Chainguard, explains it to Wired. “Over the decades that people have been writing code in memory-unsafe languages, we’ve tried to improve and build better tooling and teach people how to not make these mistakes, but there are just limits to how much telling people to try harder can actually work.

“So you need a new technology that just makes that entire class of vulnerabilities impossible, and that’s what Rust is finally bringing to the table.”

Read more of this story at Slashdot.

NSA Urges Organizations To Shift To Memory Safe Programming Languages

In an press release published earlier today, the National Security Agency (NSA) says it will be making a strategic shift to memory safe programming languages. The agency is advising organizations explore such changes themselves by utilizing languages such as C#, Go, Java, Ruby, or Swift. From the report: The “Software Memory Safety” Cybersecurity Information Sheet (PDF) highlights how malicious cyber actors can exploit poor memory management issues to access sensitive information, promulgate unauthorized code execution, and cause other negative impacts. “Memory management issues have been exploited for decades and are still entirely too common today,” said Neal Ziring, Cybersecurity Technical Director. “We have to consistently use memory safe languages and other protections when developing software to eliminate these weaknesses from malicious cyber actors.”

Microsoft and Google have each stated that software memory safety issues are behind around 70 percent of their vulnerabilities. Poor memory management can lead to technical issues as well, such as incorrect program results, degradation of the program’s performance over time, and program crashes. NSA recommends that organizations use memory safe languages when possible and bolster protection through code-hardening defenses such as compiler options, tool options, and operating system configurations. The full report is available here (PDF).

Read more of this story at Slashdot.