Work begins on Thirty Meter telescope despite criticism

in space on (#2TBQ)
When completed in 2022, the mammoth Thirty Meter Telescope will have eight times the light-gathering area of any other optical telescope. But many Hawaiians are opposed to it.

The ceremony demonstrated the combustible mix of science, local traditions, and politics that have dogged the summit's development for decades and the TMT project in particular. The ceremony was interrupted for several hours as local opponents staged a peaceful protest[3], using their cars to block the road leading to the summit. Some held signs using TMT to spell out "Too Many Telescopes."

Mauna Kea, often translated as "White Mountain" because it's sometimes capped with snow, rises 13,796 feet (4,205 m) from the Pacific Ocean and is sacred to native Hawaiians. The dormant volcano is known locally as wao akua ("realm of the gods"), and its slopes are dotted with shrines, altars, and hidden burial grounds.

According to the master plan drawn up in 1983 (extended in 2000) between state environmental officials and the University of Hawaii, which manages the summit, no more than the 13 domes can be built on the summit. This limitation ultimately led to cancellation of plans to add four small "outrigger" telescopes to Keck Observatory's existing giant twin domes.

Despite the protests, construction for the TMT has been approved and will move forward. When completed, perhaps as early as 2022, the telescope will leapfrog to the top ranking of the world's largest optical telescopes.

Each of the 492 mirror segments that comprise the Thirty Meter Telescope's f/1 primary mirror will be constantly adjusted for optimum alignment. An 11½-by-8-foot pickoff mirror protrudes through the central opening and directs light sideways to one of several planned instruments.

ICANN speaks: yes to radio, hotel, eco. No to gay, taxi, art, and hotel

in internet on (#2T89)
ICANN made its decision last week on a number of high-profile top-level domain names. And of 17 names, only 4 were attributed to a community-run group who will oversee them.
o pass the test, each dot-word applicant had to prove they represented a specific community related to the word. If successful, they would be given priority over anyone else that had applied for the same top-level domain name.

Considering the commercial possibilities of domains ending with "music", "tennis", "art" and others – with recent auctions for gTLDs reaching into the millions of dollars – the stakes are high. And with a high bar of 14 out of 16 points required to pass the test, most failed.

The dot-words that did not pass the community test will move forward to an auction some time next year, and those with the deepest pockets will be able to snap them up.
Two interesting conclusions: of those names rejected, the field is now open for them to be managed by commercial, not community interests. And secondly, the playing field is now open for just about any domain name on earth. Let the dollars flow, eh gentlemen?

Friday Distro: SliTaz Linux

in linux on (#2T2T)
story imageMy current fetish, if you can call it that, is lightweight distros. Once you decide you don't need a heavyweight desktop like Gnome or KDE, down the slope you go, asking, "How light a system can I really get?" Depending on how much you're willing to compromise, the answer is, "pretty far!" And well at the far end of lightweight is SliTaz Linux. It's a marvel of engineering. What you get is a full graphical desktop, web server, Firefox, and database tools, all configured to run in less than 256MB of memory with no need to even hit the hard drive when running! The whole distro fits easily on 30MB on a (small!) USB stick.

The compromises aren't that drastic, but you need to know them. But one is that the distro is built on busybox, which is a reduced set of basic *nix utilities. You get the JWM window manager, the lighttpd webserver, SQLite, Firefox and Midori. You don't get stuff like LibreOffice or much selection of graphical software. There's a packaging system, but it uses a custom format (TazPKG) with repositories that are a bit lean. But the idea isn't to be your new desktop. Put SliTaz on a USB stick and you can quickly get to a command prompt to shell into your servers, FTP some files around, set up quick HTTP access to some files somewhere, listen to some music (it's got ALSAplayer), or browse the web. And you can do so without much script fu: when the system boots you're sitting at a JWM desktop (or openbox, if you want). And not only does it boot quickly, but your machine is super-fast when running since the entire system can run in memory &emdash; and not much memory, at that!

Increasingly, this kind of system has huge appeal to me. All my stuff is on network storage, and my mail and calendar are on hosted internet services. I don't need much in a desktop box a lot of the time. Naturally, it runs on a Raspberry Pi. Want to check it out? Read another review at Dark Duck or check out the DistroWatch page. There are some screenshots at

What Linux users should know about open hardware

in hardware on (#2SZ5)
Over at Datamation, Bruce Byfield opines, "What Linux users don't know about manufacturing open hardware can lead them to disappointment." Interesting stuff.
Both the manufacturing and distribution of digital products is controlled by a relatively small number of companies, whose time can sometimes be booked months in advance. Profit margins can be tight, so like movie studios that buy the rights to an ancient sit-com, the manufacturers usually hope to clone the success of the latest hot product. As Aaron Seigo told me when talking about his efforts to develop the Vivaldi tablet, the manufacturers would much rather prefer someone else take the risk of doing anything new. Not only that, but they would prefer to deal with someone with an existing sales record who is likely to bring repeat business. Besides, the average newcomer is looking at a product run of a few thousand units. A chip manufacturer would much rather deal with Apple or Samsung, whose order is more likely in the hundreds of thousands.
Off hand, it sounds a bit like the same problem independent authors have with big publishing houses: no one wants to buy or publish anything other than a guaranteed best-seller by a proven author, making it hard for the independent guys to get noticed. The article has some interesting insights into what Aaron Seigo and the Vivaldi (Linux-based open tablet) experienced before they abandoned hope for the project.

Bash vulnerabilities got you down? Harvard researchers propose: "Shill"

in code on (#2SYV)
The worm and/or vulnerability they're now calling "Shellshock" has soured sysadmins on the Bash shell for the moment, and brought attention to a new point of entry for web-based server penetration attacks. Fortunately some researchers at Harvard have been thinking about problems like this and have come up with a solution.
It's a new scripting language called "Shill" and it's intended to limit the resources and privileges scripts have when running.
The language, called Shill, was designed to limit shell-based scripts so they can't access resources beyond what is specifically needed for the task at hand. "You want to give the script exactly the permissions it needs to get its job done," said Scott Moore, a computer science doctoral student at Harvard who is one of the contributors to the Shill research project, led by Stephen Chong, an associate professor of computer science.

The team is working on a version of Shill for the FreeBSD Unix operating system and is mulling the idea of porting it to Linux. The team will also present the technology next week at the USENIX Symposium on Operating Systems Design and Implementation conference, in Broomfield, Colorado. Shill follows the principle of least privilege, which stipulates that software shouldn't posses more authority than what it needs to complete its job, Moore said.
Sounds like this might be useful for more reasons than simple exploit prevention, too!

Friday distro: Grml Linux

in linux on (#2SYN)
story imageGrml Linux is a bit of a unique distro whose vision and focus have shifted over the past ten years. It represents the personalities of its developers, who prefer the zshell, focus on sysadmin tasks (deployment, disk cloning, backup, forensics, and rescuing borked systems). Lastly, one of the developers is visually handicapped. Thus: grml focuses on scripting, tools managed from the command prompt, and has chosen zsh as the basis for its innovations. Its Distrowatch page is here.

These days grml is a live CD or USB-stick based on Debian. You're not supposed to install it. It requires little more than 256MB of memory, and though it's intended to be mostly a command line environment, they've packaged Fluxbox and you can get there via startx. That's useful if you want to launch a browser to read up on a issue, but most of your day you'll be sitting at the command prompt in a zsh. Have a look at their zsh introduction page or their reference card then to get a sense of the shortcuts, command aliases, and scripts that help you administer your systems, or the dpkg package list showing installed packages.

I find the package list to be limited, and to my knowledge, there are no tools available that you can't find on other distros. But I find grml's advantage to be that they love and have put a lot of energy into the zshell, and if you're interested in the zsh this is a good place to see it showcased. It's also an easy distro to carry around on a USB stick if you're a command prompt warrior and want to quickly boot up to a useable command prompt from where you can do other things. For example, you simply run the grml-network script from the command prompt to discover, configure, and connect to a wireless network. And of course it's based on Debian's excellent hardware recognition and configuration system. This is a niche distro that won't appeal to everybody, but odds are better than average you'll soon find yourself at the ZSH Reference page looking into additional resources for using the amazing zshell (For starters, try the 429 and dense page ZSH Manual and this 14 page zshell reference card from the guys at bash2zsh. Have fun.

Soft robots and Kawaii Ball-bots

in robotics on (#2SYG)
What's new in robotics? Depends where you are. Scientists at Harvard are putting their time and energy into the newish field of soft-robotics, a field that uses elastomer – a type of polymer similar to rubber – to perform behaviors such as grasping a human hand or crawling across the ground. Eventually, researchers say that soft robots may be instrumental in things such as physical therapy, minimally invasive surgery, and search-and-rescue operations. By using soft robotics, engineers have created projects like a pneumatic glove for rehabilitating hand movement, a cardiac simulator that mimics the precise movements of a human heart, and a device for thumb rehabilitation.

In Japan, meanwhile, scientists are putting a happier spin on swarm robots – small robots that can communicate and interact to achieve common goals – by rolling out cheerleader robots that use swarm technology to animate and entertain.
The Murata Cheerleading robots ... look like dolls, have glowing eyes and balance on steel balls. Unveiled Thursday in Tokyo by components maker Murata Manufacturing, each bot looks like a cartoonish girl sporting a red skirt and short black hair. A series of rollers under the skirt keep the robot balanced on a ball or rotate it in a particular direction to move around. Under the afro, meanwhile, nestles an infrared sensor and ultrasonic microphones that help the robot detect objects nearby. Three gyro sensors control motion from front to back, side to side and in rotation. A wireless network is used to control a group of 10 cheerleader robots. They can perform precisely synchronized dance routines, moving into formations such as a heart while spinning on their balls.

It's all very kawaii, and of course intended to generate attention among Japanese audiences and visitors to trade shows. "We designed the cheerleader robots to cheer people up and make them smile," said Murata spokesman Koichi Yoshikawa. "Their features can be summed up as '3S': stability, synchronization and sensing and communication."
Now, what could we do if we combined those two technologies?

PostgreSQL goes after MongoDB; benchmarks show PostgreSQL in the lead

in science on (#2SXX)
story imagePostgreSQL, the much-loved opensource relational database, is ramping up its nosql game with a new developer kit that gives access to NoSQL features that beat MongoDB in benchmarks.
The PostgreSQL Project, which EnterpriseDB supports, added NoSQL-style JSON processing features back in 2012. Now, the company is encouraging further work around that feature set by providing a developer kit to make it easier for programmers to leverage PostgreSQL's JSON functions and build applications around them. ... The PGXDK (Postgres Extended Datatype Developer Kit) is designed to allow developers "to use Postgres for the kinds of applications that until recently required a specialized NoSQL-only solution," as EnterpriseDB describes it. A sample application is also included to make it easier for developers to get a leg up on working with the product. The whole package will be made available through AWS as a machine image (PostgreSQL has long been a staple Amazon offering).
Vibhar Kumar has published a set of benchmarks here that show PostgreSQL eating MongoDB's lunch when measured in use of diskspace, bulk loading, and INSERTs.

Vulnerability in Bash Shell widespread and serious

in security on (#2SWX)
Upgrade now, if you can. A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large.

From the Register:
It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.

The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts – are vulnerable to remote-code injection. OpenSSH and some DHCP clients are also affected on machines that use Bash.
Now is also a good time to wipe your servers and reinstall Minix or Plan9 as a precaution. ;)

Blackberry's new Passport is unlike any other

in mobile on (#2SWV)
story imageBlackberry has released a phone that either pushes the boundary of phone design in useful ways, or proposes a new and unusable form factor, according to your personal pre-inclination. The Register reviews it and calls it crazy, but full of great ideas. It's square, for one, a radical departure from the candy-bar form factor so prevalent in modern smartphones. It's also sporting improvements to its QNX-based new OS, a great screen, and reportedly a 30 hour battery life. It runs Android apps natively, with no apparent lag or problem. Lastly, the keyboard doubles as a trackpad - something you'll either love or hate. The Guardian takes a look at it here, and offers some other insights. There are some lovely pictures at The Verge, who conclude, by they way that they don't like it.

[Ed. note: Me, I want one.]