Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about one of those cases, and how a big company like Google might be able to lead the way in fixing it. This post is about the situation with Domain Keys Identified Mail (DKIM), a harmless little spam protocol that has somehow become a monster. My request is simple and can be summarized as follows: Dear Google: would you mind rotating and publishing your DKIM secret keys on a periodic basis? This would make the entire Internet quite a bit more secure, by removing a strong incentive for criminals to steal and leak emails. The fix would cost you basically nothing, and would remove a powerful tool from hands of thieves.

Wingsuits normally create a wide surface area of fabric between a skydiver's legs and from their legs to their arms, substantially slowing their fall.

But to create a buzz for the unveiling of BMW's new iX3 electric SUV, the company's creative consultancy Designworks "has partnered up with Austrian stuntman Peter Salzmann to unveil a wicked-cool new electric powered wingsuit that can propel a brave human being up to speeds nearing 200 miles-per-hour," reports Syfy Wire: Over the years since non-powered wingsuits first hit the extreme sports scene, Salzmann had pondered over how to infuse wingsuits with sustainable propulsion and the ability to climb. He teamed up with engineers and creative consultants at BMW's Designworks studio to create a pair of chest-mounted electric impellers and a special wingsuit that would utilize them. Realizing that the optimum airflow would exist in front of the suit, and not behind, Salzmann and the BMW crew pivoted to this front-end arrangement employing two 5-inch, 25,000 rpm impellers inside an aerodynamic, economical air-inlet package that mirrors the legendary German automotive firm's aesthetic sensibilities. For safety measures, there is a dedicated on/off switch to fire it up, a two-finger throttle device, a minimal steering component, and an instant cutoff switch for emergency situations, like encountering a flock of wild geese leisurely flying south for the winter.

While not built for extended flights, but short hops instead, the suit's propellers pump out approximately 20 horsepower for roughly five minutes, far superior than a standard wingsuit, whose horizontal glide rate falls one meter for every three meters traveled horizontally. Non-powered wingsuits max out at about 62 mph, but when Salzmann punches the electric boost, he can attain speeds over 186 mph, in addition to gaining altitude instead of gradually losing it.
BMW has released a terrific video with footage showing a trio of stuntment flying in formation in their powered wingsuits over the Austrian Alps.

"EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape," announces EFF.org: Over the course of 6 episodes, we'll consider how current tech policy isn't working well for users and invite experts to join us in imagining a better future... It's easy to see all the things wrong with the modern Internet, and how the reality of most peoples' experience online doesn't align with the dreams of its early creators. How did we go astray and what should we do now? And what would our world look like if we got it right...?

In each episode, we are joined by a guest to examine how the current system is failing, consider different possibilities for solutions, and imagine a better future. After all, we can't build a better world unless we can imagine it.

We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute's specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation's leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays.
Other topics to be covered by the podcast mini-series:

• The third-party doctrine [which asserts "no reasonable expectation of privacy"]
• Barriers to interoperable technology
• Law enforcement's use of face recognition technology
• Digital first sale and the resale of intellectual property

Programming columnist Mike Melanson assesses the news that Guido Van Rossum, the creator of the Python programming language, has come out of retirement to join Microsoft's developer division: The news brought a flurry of congratulations and feature requests, though a few of the suggested features indeed, already exist. Others still were met with informative responses that make the resulting threads worth a perusal, especially if you're looking for a quick "who's who" on Twitter for the world of programming languages. Microsoft's Miguel de Icaza pointed out that this addition adds to the company's now growing list of language designers and contributors:

"The developer division at Microsoft now employs the language designers and contributors to Python, Java, JavaScript, Typescript, F# C#, C++. We just need some PHP, Rust and Swift magic to complete the picture."

[Microsoft senior software engineer Kat Marchán added "We actually have some early ex-moz Rust people too!"]

So, what can we expect from all of this? Is it a corporate takeover of open source, as some further down in the long list of replies always seem to suggest? Or is Microsoft planning the Frankenstein of all languages, with a little bit of this, a little bit of that? In all likelihood, you Python developers using Microsoft products probably have some good features to look forward to in the near future, and that's that, but there's always lingering fears...especially when it comes to Microsoft. As van Rossum suggests, stay tuned.
After Slashdot's earlier story, long-time reader alexgieg posted his own theory: "Several months ago the Excel folk within Microsoft asked users whether they'd like to have Python as an alternative scripting language in Office. Support for that was overwhelming, but nothing more was said on the matter since then. I guess this is Microsoft's answer."

An anonymous reader quotes a report from Ars Technica: On Thursday, an Amazon AWS blogpost announced that the company has moved most of the cloud processing for its Alexa personal assistant off of Nvidia GPUs and onto its own Inferentia Application Specific Integrated Circuit (ASIC). Amazon dev Sebastien Stormacq describes the Inferentia's hardware design as follows: "AWS Inferentia is a custom chip, built by AWS, to accelerate machine learning inference workloads and optimize their cost. Each AWS Inferentia chip contains four NeuronCores. Each NeuronCore implements a high-performance systolic array matrix multiply engine, which massively speeds up typical deep learning operations such as convolution and transformers. NeuronCores are also equipped with a large on-chip cache, which helps cut down on external memory accesses, dramatically reducing latency and increasing throughput."

When an Amazon customer -- usually someone who owns an Echo or Echo dot -- makes use of the Alexa personal assistant, very little of the processing is done on the device itself. [...] According to Stormacq, shifting this inference workload from Nvidia GPU hardware to Amazon's own Inferentia chip resulted in 30-percent lower cost and 25-percent improvement in end-to-end latency on Alexa's text-to-speech workloads. Amazon isn't the only company using the Inferentia processor -- the chip powers Amazon AWS Inf1 instances, which are available to the general public and compete with Amazon's GPU-powered G4 instances. Amazon's AWS Neuron software development kit allows machine-learning developers to use Inferentia as a target for popular frameworks, including TensorFlow, PyTorch, and MXNet.

An anonymous reader quotes a report from Ars Technica : In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario. Now, Kaminsky's DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.

On Wednesday, researchers from Tsinghua University and the University of California, Riverside presented a technique that, once again, makes cache poisoning feasible. Their method exploits a side channel that identifies the port number used in a lookup request. Once the attackers know the number, they once again stand a high chance of successfully guessing the transaction ID. The side channel in this case is the rate limit for ICMP, the abbreviation for the Internet Control Message Protocol. To conserve bandwidth and computing resources, servers will respond to only a set number of requests from other servers. After that, servers will provide no response at all. Until recently, Linux always set this limit to 1,000 per second. To exploit this side channel, the new spoofing technique floods a DNS resolver with a high number of responses that are spoofed so they appear to come from the name server of the domain they want to impersonate. Each response is sent over a different port.

When an attacker sends a response over the wrong port, the server will send a response that the port is unreachable, which drains the global rate limit by one. When the attacker sends a request over the right port, the server will give no response at all, which doesn't change the rate limit counter. If the attacker probes 1,000 different ports with spoofed responses in one second and all of them are closed, the entire rate limit will be drained completely. If, on the other hand, one out of the 1,000 ports is open, then the limit will be drained to 999. Subsequently, the attacker can use its own non-spoofed IP address to measure the remaining rate limit. And if the server responds with one ICMP message, the attacker knows one of the previously probed 1,000 ports must be open and can further narrow down to the exact port number. Linux kernel developers responded by introducing a change that causes the rate limit to randomly fluctuate between 500 and 2,000 per second, preventing the new technique from working. Cloudflare also introduced a fix where its DNS service will fall back to TCP, "which is much more difficult to spoof," reports Ars.

The researchers' press release is available here.

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. From a report: The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term "tab-nabbing" refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario. This scenario refers to situations when users click on a link, and the link opens in a new tab (via the "target=_blank" attribute). These new tabs have access to the original page that opened the new link. Via the JavaScript "window.opener" function, the newly opened tabs can modify the original page and redirect users to malicious sites. This type of attack has powered quite a few phishing campaigns across the years. To mitigate this threat, browser makers like Apple, Google, and Mozilla have created the rel="noopener" attribute.

tlhIngan writes: Many years ago, Kojima Productions produced P.T., a "playable teaser" (rumored meaning to P.T.) for a now-cancelled Silent Hill survival-horror reboot. This was a popular teaser but when Kojima and Konami parted ways, it was swiftly removed from the Sony PlayStation Store. People who downloaded the trailer could still re-download it for a period but that was swiftly removed, leading to PS4s preloaded with the game spiking in price. Since the PS5 offers backwards compatibility, reviewers did test the PS5 playing back P.T. to find it still worked. However, this was short lived, as Sony removed the trailer from working in backwards compatible mode, as well as removing the ability to transfer the game to the PS5. Sony's response to the removal was "it was a publisher decision" to remove it from the backwards compatibility list.

In 1962 Sean Connery became the first actor to appear in movies as secret agent James Bond, and according to long-time Slashdot reader schwit1 was "The best of the many Bonds, by far."

An anonymous reader writes: Connery influenced the character deeply. The Huffington Post once wrote that James Bond wasn't Scottish until Sean Connery played the role. Ian Fleming was still writing his series of James Bond novels, and "After seeing Connery in Dr. No and thinking the actor did a superb job, Fleming wrote Connery's heritage into the character. In the book You Only Live Twice, Fleming wrote that James Bond's father was Scottish and was from the town of Glencoe. Coincidentally, Connery would film Highlander in Glencoe decades later."

Sir Sean Connery — he was also knighted in the year 2000 — performed many other iconic roles throught his long career, even playing the father of Harrison Ford's character in Indiana Jones and the Last Crusade. Leaving Bond behind, Connery appeared in many historical dramas, including the World War II movies The Longest Day and A Bridge Too Far, as well as The Man Who Would Be King, The Name of the Rose, and (in 2003) The League of Extraordinary Gentlemen. But throughout his life he was always in demand for high-quality action films, from The Hunt for Red October to The Rock, even co-starring with Catherine Zeta-Jones in the romantic caper film Entrapment at the age of 69.

And in Terry Gilliam's movie Time Bandits, Connery appears as more than one character, hinting that beneath the individual roles lay some timeless embodiment of strength and goodness itself.

The Wikimedia Foundation, the American non-profit organization that owns the internet domain names of many movement projects and hosts sites like Wikipedia, has decided to migrate their code repositories from Gerrit to Gitlab. Slashdot reader nfrankel shares the announcement: For the past two years, our developer satisfaction survey has shown that there is some level of dissatisfaction with Gerrit, our code review system. This dissatisfaction is particularly evident for our volunteer communities. The evident dissatisfaction with code review, coupled with an internal review of our CI tooling and practice makes this an opportune moment to revisit our code review choices. While Gerrit's workflow is in many respects best-in-class, its interface suffers from usability deficits, and its workflow differs from mainstream industry practices. This creates barriers to entry for the community and slows onboarding for WMF technical staff. In addition, there are a growing number of individuals and teams (both staff and non-staff) who are opting to forgo the use of Gerrit and instead use a third-party hosted option such as GitHub. Reasons vary for the choice to use third-party hosting but, based on informal communication, there are 3 main groupings: lower friction to create new repositories; easier setup and self-service of Continuous Integration configuration; and more familiarity with pull-request style workflows.

All these explanations point to friction in our existing code-review system slowing development rather than fostering it. The choice to use third-party code-hosting hurts our collaboration (both internal and external), adds to the confusion of onboarding, and makes it more difficult to maintain code standards across repositories. At the same time, there is a requirement that all software which is deployed to Wikimedia production is hosted and deployed from Gerrit. If we fail to address the real usability problems that users have with Gerrit, people will continue to launch and build projects on whatever system it is they prefer -- Wikimedia's GitHub already contains 152 projects, the Research team has 127 projects.

This raises the question: if Gerrit has identifiable problems, why can't we solve those problems in Gerrit? Gerrit is open source (Apache licensed) software; modifications are a simple matter of programming. [...] Upstream has improved the UI in recent releases, and releases have become more frequent; however, upgrade path documentation is often lacking. The migration from Gerrit 2 to Gerrit 3, for example, required several upstream patchsets to avoid the recommended path of several days of downtime. This is the effort required to maintain the status quo. Even small improvements require effort and time as, often, our use-case is very different from the remainder of the Gerrit community.

An anonymous reader quotes a report from Ars Technica: Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they're secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it's patching. The key may also allow parties other than Intel -- say a malicious hacker or a hobbyist -- to update chips with their own microcode, although that customized version wouldn't survive a reboot.

"At the moment, it is quite difficult to assess the security impact," independent researcher Maxim Goryachy said in a direct message. "But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates." Goryachy and two other researchers -- Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies -- worked jointly on the project. The key can be extracted for any chip -- be it a Celeron, Pentium, or Atom -- that's based on Intel's Goldmont architecture. In a statement, Intel officials wrote: "The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel's manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research. The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system."

Self-described "Java geek" nfrankel writes: At the beginning of 2019, I wrote about the state of Java modularization. I took a sample of widespread libraries, and for each of them, I checked whether:

- It supports the module system i.e. it provides an automatic module name in the manifest

- It's a full-fledged module i.e. it provides a module-info

The results were interesting. 14 out of those 29 libraries supported the module system, while 2 were modules in their own right.

Nearly 2 years later, and with Java 16 looming around the corner, it's time to update the report. I kept the same libraries and added Hazelcast and Hazelcast Jet. I've checked the latest version...

Three full years after that release, 10 out of 31 libraries still don't provide a module-compatible JAR. Granted, 3 of them didn't release a new version in the meantime. That's still 7 libraries that didn't add a simple line of text in their MANIFEST.MF
Meanwhile, long-time Slashdot reader AirHog argues that "Java is in a war for the browser. Can it regain the place it once held in its heyday?" All major browsers have disabled support for Java (and indeed most non-JavaScript technologies). Web-based front-ends are usually coded in JavaScript or some wrapper designed to make it less problematic (like TypeScript). Yes, you can still make websites using Java technology. There are plenty of 'official' technologies like JSP and JSF. Unfortunately, these technologies are entirely server-side. You can generate the page using Java libraries and business logic, but once it is sent to the browser it is static and lifeless... Java client-side innovation has all but stopped, at least via the official channels....

How can Java increase its relevance? How can Java win back client-side developers? How can Java prevent other technologies from leveraging front-end dominance to win the back-end, like Java once did to other technologies?

To win the war, Java needs a strong client-side option. One that lets developers make modern web applications using Java code. One that leverages web technologies. One that supports components. One that builds quickly. One that produces fast-downloading, high performance, 100-Lighthouse-scoring apps. One that plays nicely with other JVM languages. What does Java need?
Spoiler: The article concludes that "What Java needs Is TeaVM... an ahead-of-time transpiler that compiles Java classes to JavaScript."

emil (Slashdot reader #695) shares an article from Linux Journal re-visiting the saga of the btrfs file system (initially designed at Oracle in 2007): The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, [while] none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions.

Most of the intended goals of btrfs have been met. However, Red Hat famously cut continued btrfs support from their 7.4 release, and has allowed the code to stagnate in their backported kernel since that time. The Fedora project announced their intention to adopt btrfs as the default filesystem for variants of their distribution, in a seeming juxtaposition. SUSE has maintained btrfs support for their own distribution and the greater community for many years.

For users, the most desirable features of btrfs are transparent compression and snapshots; these features are stable, and relatively easy to add as a veneer to stock CentOS (and its peers). Administrators are further compelled by adjustable checksums, scrubs, and the ability to enlarge as well as (surprisingly) shrink filesystem images, while some advanced btrfs topics (i.e. deduplication, RAID, ext4 conversion) aren't really germane for minimal loopback usage. The systemd init package also has dependencies upon btrfs, among them machinectl and systemd-nspawn . Despite these features, there are many usage patterns that are not directly appropriate for use with btrfs. It is hostile to most databases and many other programs with incompatible I/O, and should be approached with some care.
The original submission drew reactions from three disgruntled btrfs users. But the article goes on to explore providers of CentOS-compatible btrfs-enabled kernels, ultimately opining that "There are many 'rough edges' that are uncovered above with btrfs capabilities and implementations, especially with the measures taken to enable it for CentOS. Still, this is far better than ext2/3/4 and XFS, discarding all the desirable btrfs features, in that errors can be known because all filesystem content is checksummed." It would be helpful if the developers of btrfs and ZFS could work together to create a single kernel module, with maximal sharing of "cleanroom" code, that implemented both filesystems... Oracle is itself unwilling to settle these questions with either a GPL or BSD license release of ZFS. Oracle also delivers a btrfs implementation that is lacking in features, with inapplicable documentation, and out-of-date support tools (for CentOS 8 conversion). Oracle is the impediment, and a community effort to purge ZFS source of Oracle's contributions and unify it with btrfs seems the most straightforward option... It would also be helpful if other parties refrained from new filesystem efforts that lack the extensive btrfs functionality and feature set (i.e. Microsoft ReFS).

Until such a day that an advanced filesystem becomes a ubiquitous commodity as Linux is as an OS, the user community will continue to be torn between questionable support, lack of features, and workarounds in a fragmented btrfs community. This is an uncomfortable place to be, and we would do well to remember the parties responsible for keeping us here.
So how do Slashdot's readers feel about btrfs?

Marketplace reports: Songwriter Tom Lehrer became a star in the 1950s and '60s writing and performing satirical songs that skewered just about everything... Lehrer, 92, announced Tuesday via his website that he's effectively putting everything he ever wrote into the public domain. That means his lyrics and sheet music are available for anyone to use or perform, without having to pay royalties or deal with lawyers... [Most of Lehrer's music "will be added gradually later with further disclaimers," according to Lehrer's web site.]

Lehrer's giving up those royalties. But in exchange, he's trying to give his work a new lease on life, said Siva Vaidhyanathan, a media studies professor at the University of Virginia. "Lehrer, in this case, is basically saying, 'Hey everybody, come revisit my material, come do with it what you want,'" he said... That could mean we'll be hearing more of Tom Lehrer's work, said Jennifer Jenkins, who runs the Center for the Study of the Public Domain at Duke Law School. "There is empirical research showing that when material enters the public domain, it actually gets used more," she said.
Lehrer's lyrics touched on geeky subjects including nuclear weapons, Wernher von Braun, and one song where he set the names of the chemical elements to a tune by Gilbert and Sullivan.

Wikipedia notes he "largely retired" in the 1970s to become a mathematics teacher at the University of California, Santa Cruz (also teaching the history of musical theatre). In the same decade he also wrote ten songs for The Electric Company, an educational TV show about reading broadcast on America's public television, singing two of the songs himself — L-Y and Silent E.

As part of efforts to stop the spread of false information about the coronavirus pandemic, Wikipedia and the World Health Organization announced a collaboration on Thursday: The health agency will grant the online encyclopedia free use of its published information, graphics and videos. The collaboration is the first between Wikipedia and a health agency. From a report: "We all consult just a few apps in our daily life, and this puts W.H.O. content right there in your language, in your town, in a way that relates to your geography," said Andrew Pattison, a digital content manager for the health agency who helped negotiate the contract. "Getting good content out quickly disarms the misinformation." Since its start in 2001, Wikipedia has become one of the world's 10 most consulted sites; it is frequently viewed for health information. The agreement puts much of the W.H.O.'s material into the Wikimedia "commons," meaning it can be reproduced or retranslated anywhere, without the need to seek permission -- as long as the material is identified as coming from the W.H.O. and a link to the original is included.

"Equitable access to trusted health information is critical to keeping people safe and informed," said Tedros Adhanom Ghebreyesus, the W.H.O.'s director general. His agency translates its work into six official languages, which do not include, for example, Hindi, Bengali, German or Portuguese, so billions of people cannot read its documents in their native or even second language. Wikipedia articles, by contrast, are translated into about 175 languages. The first W.H.O. items used under the agreement are its "Mythbusters" infographics, which debunk more than two dozen false notions about Covid-19. Future additions could include, for example, treatment guidelines for doctors, said Ryan Merkley, chief of staff at the Wikimedia Foundation, which produces Wikipedia. If the arrangement works out, it could be extended to counter misinformation regarding AIDS, Ebola, influenza, polio and dozens of other diseases, Mr. Merkley said, "But this was something that just had to happen now." Eventually, live links will be established that would, for example, update global case and death numbers on Wikipedia as soon as the W.H.O. posts them, Mr. Pattison said.

As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. ZDNet reports: The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft's own dialect of the ECMAScript standard (the JavaScript language). Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE. Across the years, threat actors realized they could attack the JScript engine, as Microsoft wasn't actively developing it and only rarely shipped security updates, usually only when attacked by threat actors. [...]

Now, 11 years after deprecating the component, Microsoft is finally giving system administrators a way to disable JScript execution by default. According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code. Details on how this can be done are available below, as taken from Microsoft's documentation.

Long-time Slashdot reader theodp writes: After near death, MOOCs are booming during the coronavirus pandemic, reported the NY Times in May. That news apparently wasn't lost on Google and EdX, who on Thursday announced they've teamed up and are asking $298 (temporarily reduced to $268.20!) for Google's Power Searching with Google XSeries Program (learn "how to create an effective search query to yield the most relevant results").

In case that seems familiar to some, Google offered a free 5-hour online course called Power Searching with Google with the same instructor way back in 2012 (followed by the free Advanced Power Searching with Google in 2013). But before dismissing the new program as tone-deaf pandemic price gouging, check out the $0 course audit option for yourself or your kids.

The instructor for both Power Searching with Google and Advanced Power Searching With Google is Google's Daniel Russell, author of The Joy of Search, who gives students an engaging lesson in how to conduct fast and effective online research. Sure beats card catalog, and Readers' Guide to Periodical Literature searches, kids!

Over a video call, Finnish start-up Soletair Power showed Ars Technica their machine that converts office-air carbon dioxide into fuel. Scott K. Johnson reports: The value proposition for the first part of the device is pretty straightforward. Carbon dioxide accumulates in buildings full of people, and higher CO2 concentrations may impact your ability to think clearly. The usual way to manage that is to introduce more outside air (which may need to be heated/cooled). Another could be to selectively filter out CO2. This device could do the latter for you. That CO2 could simply be vented outside or used to produce an unwieldy amount of seltzer. Instead, what makes Soletair's idea more interesting is that the rest of its device turns the CO2 into fuel. The configuration the company demonstrated makes methane but could be swapped for a liquid fuel process. Depending on the source of the energy running the machines, these fuels could be carbon-neutral since the carbon comes from the air. Whether it's economically viable is another question.

The CO2 capture technique they're using is a scaled-down version of those designed for combustion power plants. Air goes through a chamber full of small granules that contain amines -- compounds that bind with CO2 molecules. Periodically, the granules are cycled through a heating step. The temperature only needs to rise to shy of 120C, Soletair's Petri Laakso and Cyril Bajamundi told Ars, so steam from the local heat system and/or an electric heating element is sufficient. This makes the amine granules release the CO2 they're holding, which accumulates in a storage tank. The granules are then ready to absorb more CO2. The other two-thirds of the machine, which measures about 2 meters tall, 5 meters long, and 1 meter wide, deal with turning that CO2 into a usable fuel. First, there's an electrolyzer that splits water to make hydrogen gas. Then hydrogen is combined with CO2 in a methanation reactor to produce pure methane gas.

"The posts were appearing at a rate of about one per minute, and the posts were lengthy, most around six paragraphs long..." writes software engineer Philip Winston. I read through some of the posts. The quality was incredibly good, no machine could have written these even a few years ago. However there were some flaws and tells that suggested they were machine generated. The posts reminded me of text I'd seen from OpenAI's language model GPT-3, which is the newest and best language generator I had heard of... Several times I Googled clever sounding lines from the posts, assuming I'd find that they had been cribbed from the internet. Every time Google reported "zero results". The sentences were entirely novel, the machine had dreamed them up...

During the week, the bot answered questions on suicide, harassment, conspiracy theories, immigration, racism, and other weighty topics. Sometimes the human replies called out /u/thegentlemetre for being a bot. I was not the first one to suspect this, I was just the first one to post to the GPT-3 subreddit about it. Other times, however, the human was clearly unaware it was talking to a bot... What does it mean for online discourse when bots can pass for humans? How much bot traffic could thousands of computers generate? How can we ever hope to sort through it? Humanity is about to run that experiment.
The bot ultimately answered questions like "People who clicked on 'hot milfs in your area' ads, what happened?" and "What's the worst date you've experienced?" ("She said she had bought me a book. She showed it to me, wrapped up in fancy paper with a big bow on top of it. It was called 'How Not To Be An A**hole On Your Next Date'.") Other interesting responses?

Q: How would you describe 2020 in a single sentence?

Bot: In 2020, the human world will still be predominated by irrationality and tribalism...


Q: What happened to you that pissed you off so bad that you'll never get over it?

Bot: ...what happened to me that I'll never get over is that my human creators are going extinct.

Gizmodo argues the replies are "coherent, but we're not in doomsday mode, yet..." And you can wonder if a human ever traded places to write some of the posts themselves. But the whole experience left the software engineer asking what our future holds when bots become even better? Suppose we run bots like this on Amazon or Google's clouds, spewing out mountains of content twenty-four hours a day? They could create more text than Wikipedia contains in days, if not hours. What if we keep running them, to produce not one Wikipedia's worth of text, but 10,000 times more than that? Would they more or less "write everything"?

They'd take everything we've ever written as a mere seed, and from that seed, they would produce a nearly endless forest of new content. Even if only 0.01% of their output is useful, that's a Wikipedia's worth of good ideas. Then what is our job? To sort through it?

Except of course soon they will do that for us as well.

California's elections include grass roots propositions that change the law directly while bypassing legislators. Uber, Lyft, and Uber-owned Postmates (as well as DoorDash and Instacart) have spent $185 million — the most ever spent — pushing a proposition that would keep ride-hail and delivery drivers as independent contractors, reports SFGate. "If it passes...gig corporations won't have to contribute to Social Security, Medicare or unemployment insurance. They won't have to offer paid sick leave, workers compensation or unemployment benefits to drivers."

But the site also investigated what happened shortly after the Uber/Lyft PAC reported an $128,000 expenditure on mailers: Political mailers masquerading as progressive voter guides and endorsing Proposition 22, the initiative backed by Uber and Lyft, are showing up in Southern California voters' mailboxes. The fine print on one mailer says it was prepared by the "Feel the Bern, Progressive Voter Guide," which is not an actual organization. Neither are the "Council of Concerned Women Voters Guide" nor the "Our Voice, Latino Voter Guide," whose mailers make the same endorsements as Feel the Bern.

Mailed political fliers typically identify the organization that paid for the literature. But that information was conspicuously absent from Feel the Bern and the other two mailers...

The measure would allow ride-hail and delivery drivers to continue to be treated as independent contractors, although with some new benefit concessions. If it fails, these employees would likely be considered workers entitled to a minimum wage, overtime pay, workers' compensation, unemployment insurance and paid sick leave.

The California Democratic Party has endorsed a "no" vote for Prop. 22.