couchslug writes: Mozilla's Firefox once commanded a large chunk of the browser market share, but now it stands under a pitiful 5 percent. Google money removes need to compete from a management POV as they'll get paid either way but they're still leaving money on the table.

What should Mozilla do to help Firefox regain its lost market share? Not so long ago Internet Explorer was only used to download Firefox when geeks reloaded Windows machines for others. Today, Edge, however pathetic, still outranks Firefox. Were FF not arguably the best available browser for Linux, share would be even less.

Were you the king for a day what would you do to make Firefox great again? If you dropped or deprecated Firefox what shooed you off? This is not about Firefox being good or bad but about regaining casually discarded market share.

Long-time Slashdot reader shanen has a question: What makes a decent social web site? If you don't like the original form of the subjective question, how about something like "What is the best social site you know of?" or "What criteria would you use to recognize a good social site?" or even "How could a good social media website even survive...?"
Their original submission lists their own criteria for a good social site:

• Efficient to use (without wasting your time)

• Has educational value, "perhaps measured by questions like 'How frequently has this website justified changing my mind about something?'"

• The size and permeability of filter bubbles formed by people using the site

But if you have different priorities for a social site -- what are they? Share your own best thoughts in the comments.

What makes a good social media site?

New submitter cj9er writes: Considering all the privacy issues in today's online climate (all the issues with Meta right now), what is the best high-end smartphone to select?

Apple: No way they don't sell your data... Sure, they have privacy for third-party apps, but what about the data they collect from the phone itself? Consider what the revenue is on a single smartphone (say $150), how do you think they have all that cash on hand?

Google: Yeah right, Pixel is probably collecting [data] 24/7 considering their main business is selling ads on Search. They have developed the Pixel line because they probably realized they were missing out on the direct collection of data from their own hardware (cut out the middle players using Android).

Samsung: Their TVs even collect and sell data on you. I don't really understand the price premium on Galaxy phones anyways.

I have kept my data and Wi-Fi turned off on my phones for years. Initially it was for battery reasons but now add in data collection. Ultimately, if we could turn off the GPS feature at will on our phones, maybe we could prevent all tracking (except for cellular triangulation). If we then think about safety, GPS is great and now with satellite-tracking on Apple phones, even better. But then what is going on behind the scenes 99.99% of the rest of the time when you don't require those options for safety reasons?

What phone manufacturer can be trusted?

An anonymous reader writes: Haven't seen recommendation threads on Slashdot of late. Was curious what my fellow readers have watched and read this year that you enjoyed?

Google is still useful for many, but the harder question is why its results feel more sterile than they did five years ago. From a report: SEO expert Marie Haynes's theory is that this is the result of Google trying to crack down on misinformation and low-quality content -- especially around consequential search topics. In 2017, the company started talking publicly about a Search initiative called EAT, which stands for "expertise, authoritativeness, and trustworthiness." The company has rolled out numerous quality rater guidelines, which help judge content to determine authenticity. One such effort, titled Your Money or Your Life, applies rigorous standards to any pages that show up when users search for medical or financial information.

"Take crypto," Haynes explained. "It's an area with a lot of fraud, so unless a site has a big presence around the web and Google gets the sense they're known for expertise on that topic, it'll be difficult to get them to rank." What this means, though, is that Google's results on any topic deemed sensitive enough will likely be from established sources. Medical queries are far more likely to return WebMD or Mayo Clinic pages, instead of personal testimonials. This, Haynes said, is especially challenging for people looking for homeopathic or alternative-medicine remedies.

There's a strange irony to all of this. For years, researchers, technologists, politicians, and journalists have agonized and cautioned against the wildness of the internet and its penchant for amplifying conspiracy theories, divisive subject matter, and flat-out false information. Many people, myself included, have argued for platforms to surface quality, authoritative information above all else, even at the expense of profit. And it's possible that Google has, in some sense, listened (albeit after far too much inaction) and, maybe, partly succeeded in showing higher-quality results in a number of contentious categories. But instead of ushering in an era of perfect information, the changes might be behind the complainers' sense that Google Search has stopped delivering interesting results.

"Email system are quite capable of sending and receiving large attachments," writes long-term Slashdot reader Stonefish "However, size limits are generally tiny."

And then he tells a story... In the late 1990s I worked for a research organisation maintaining their mail system, and had recently introduced mail size constraints. Within the first day it had blocked a number of emails — including a 700MB attachment.

Being a master of all thing Internet I called up the sender to tell him firstly how such a large email would cause problems for the receiver, and secondly how there were far more efficient ways of sending things. Given that he was on the same campus he invited me down to his lab to discuss this further. (After showing me round his lab, which was pretty impressive apart from the large "Biohazard" and "Radioactive" materials labels on the doors.) He told me that the facility he was sending the attachments to was a supercomputing hub with similar "Fat" pipes to the Internet so the large emails weren't a problem. I then spoke about the "efficiency" of the mail protocol and he said that he'd show me what efficient was and did a quick, "drag, drop and send" of another 700MB file of his latest research results.

He was right, I was wrong, it was efficient from his perspective and all his previous emails were easily available demonstrating when and where they were sent. As a result of this we changed our architecture and bought bulk cheap storage for email as it was a cheap, searchable and business focused approach to communications.

However 20 years plus later, even though networks are tens of thousands of times faster and storage is tens of thousands of times cheaper — email size limits remain about the same. Email remains cheap, efficient and ubiquitous — but we expect people to upload a file to a site and generate a link and embed in a manner that means we lose control of our data or it disappears in 12 months.
What's missing from this analysis? (Wikipedia's page on email attachments notes the intermediate "mail transfer agents" that store and forward email "and may therefore also impose size limits.") But even that page admits some attachment limits are arbitrary.

I always assumed it was an anti-piracy measure. Anyone know the real answer? Share your own thoughts in the comments.

Why haven't they increased size limits for email attachments?

Long-time Slashdot reader united_notions is trying to envision "the 'human-machine era', a time when the tech has moved out of our hands and into our ears, eyes, and brains." Real-time captioning of conversation. Highly accurate instant translation. Auto voice mimicry making it sound like you speaking the translation. Real-time AR facial augmentation making it also look like you speaking the translation. Meanwhile, super-intelligent Turing-passing chatbots that look real and can talk tirelessly about any topic, in different languages, in anyone's voice. Then, a little further into the future, brain-machine interfaces that turn your thoughts into language, saving you the effort of talking at all...

Slashdot has long reported on the development of all these technologies. They are coming.

When these are not futuristic but widespread everyday devices, what will language and interaction actually be like?

Would you trust instant auto-translation while shopping? On a date? At a hospital? How much would you interact with virtual characters? Debate with them? Learn a new language from them? Socialise with them, or more? Would you wear a device that lets you communicate without talking?

And with all this new tech, would you trust tech companies with the bountiful new data they gather?

Meanwhile, what about the people who get left behind as these shiny new gadgets spread? As always with new tech, they will be prohibitively expensive for many. And despite rapid improvements, still for some years progress will be slower for smaller languages around the world – and much slower still for sign language – despite the hype.

"Language in the Human-Machine Era" is an EU-funded research network putting together all these pieces. Watch our animations setting out future scenarios, read our open access forecast report, and contribute to our big survey!

DidgetMaster writes: Hard drive costs now hover around $20 per terabyte (TB). Drives bigger than 20TB are now available. Fast SSDs are more expensive, but the average user can now afford these in TB capacities as well. Yet, we are still using antiquated file systems that were designed decades ago when the biggest drives were much less than a single gigabyte (GB). Their oversized file records and slow directory traversal search algorithms make finding files on volumes that can hold more than 100 million files a nightmare. Rather than flexible tagging systems that could make searches quick and easy, they have things like "extended attributes" that are painfully slow to search on. Indexing services can be built on top of them, but these are not an integral part of the file system so they can be bypassed and become out of sync with the file system itself.

It is time to replace file systems with something better. A local object store that can effectively manage hundreds of millions of files and find things in seconds based on file type and/or tags attached is possible. File systems are usually free and come with your operating system, so there seems to be little incentive for someone to build a new system from scratch, but just like we needed the internet to come along and change everything we need a better data storage manager.

See Didgets for an example of what is possible. In a Substack article, Didgets developer Andy Lawrence argues his system solves many of the problems associated with the antiquated file systems still in use today. "With Didgets, each record is only 64 bytes which means a table with 200 million records is less than 13GB total, which is much more manageable," writes Lawrence. Didgets also has "a small field in its metadata record that tells whether the file is a photo or a document or a video or some other type," helping to dramatically speed up searches.

Do you think it's time to replace file systems with an alternative system, such as Didgets? Why or why not?

Long-time Slashdot reader olddoc and his wife have three frequently-used credit cards, stored at many online businesses for easy checkout.

"In the past 6 months we have received fraud notices from the card companies three times." Typically there is a $1 charge in a far away location. Once there was a charge for thousands of dollars at a bar. The card companies seem to pick up the fact that they are fraudulent even though once it was described as "chip present".

What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?
The original submission acknowledges that "We have never lost money to fraud, just time." But is the problem storing the card numbers with online businesses? Long-time Slashdot reader Z00L00K argues "Never ever do this. Never ever have your card stored at an online business even if it's more inconvenient to enter it every time. You NEVER know how your number is stored, it can be stored in a database that's not secure enough or it can be stored in an encrypted cookie on your computer in which case that cookie might be read and decrypted by just about any web site out there if they have figured out how to access cookies for another site. There are a lot of ways that your card details can leak."

That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?

Share your own thoughts in the comments. How can you keep your credit card numbers from being stolen?

t0qer writes: So, I recently got an email that my [free edition G Suite subscription] will be going away soon (July 2022) and I'll have to subscribe for $6 per user per month. My domain is just my family last name and I have a few accounts for my immediate wife and kids. I'm not really sure if that's worth spending the money on for hosted email. I do use other parts of the suite (Drive, Sheets, and Docs) but I can happily use other products for that.

Just wondering if any /.'ers are in the same boat and what they're thinking of moving to? As a recap, Google announced in mid-January that all "G Suite Legacy Free Edition" (now formally called Google Workspace) users will be required to start paying for Workspace this year. This decision generated a ton of backlash, even prompting a potential class-action lawsuit. Now, the company appears to be backing down from most of the harsher terms of the initial announcement by allowing legacy G Suite users the ability to migrate to free accounts. They're also "promising a data-migration option (including your content purchases) to a consumer account before the shutdown hits," reports Ars Technica.

Still, it may be time to switch to a different service... Some alternatives include Office 365 Business, Zoho Workplace, Bitrix24, and Rackspace. Do you have a favorite?

`Long-time Slashdot reader shanen writes: If you're doing any web page programming for money, then I'm pretty sure you're paid to support Edge, too. Probably even required to test it. So this question is really directed to the relative amateur programmers among us.

As I think about the topic from my overly philosophic perspective, I even considered asking "Do you feel pressured or even blackmailed to support MS Edge?"
The original submission tells the story of a homegrown app involving "moderately complicated data structures embedded in JavaScript files that are loaded on the fly..." that might grow into an 800K re-write. "Since it's mostly for my own use, I don't care at all about Edge, but it got me to thinking and led to this question." So do others uses Edge to test their web pages? Long-time Slashdot reader Z00L00K has already answered, "I don't. If I test I avoid the quite erratic variations that Javascript can create as much as possible and resort to HTML and CSS Validators."

How about the rest of you? Use the comments to share your own thoughts, opinions, and experiences.

Do you test your web pages with Microsoft Edge?

A technical question occurred to Slashdot reader OneHundredAndTen when filling out forms online. "Are the programmers responsible for them stupid, incompetent, lazy, or all rolled into one?"

They provided two real-world examples that inspired the question:

- "I made up a company name that happened to contain a digit. When I submitted the information I got a big fat error diagnostic about this box, to the effect that numerals are not allowed in a company name. So you know, people â" no digits allowed in your company's name, or else!"

- "In a free text box limited to 1,000 characters (already stupid, arguably) the caption explicitly banned the following characters in the "free text" because they can interfere with the correct processing of input..."

~!@#$%^&*()|'

This prompted a response from UnknownSoldier (Slashdot reader #67,820), who shared the humorous "Murphy's Computer Law" aphorisms from 1984, calling them "sadly still appropriate" and referring to one in particular: "There's never time to do it right, but always time to do it over." In general Web programmers tend to be extremely lazy (undisciplined.) They don't value correctness because that would take "work". I'm not just singling out web programmers here, look at how many programmers fuck up the TRIVIAL example of FizzBuzz.

For example, here are two examples where incompetent programmers make tons of assumptions.

* Falsehoods programmers believe about names
* Falsehoods programmers believe about time

As they say the devil is in the details, or edge case, as it may be. Programming is littered with edge cases so bad programmers "stick their head in the sand and ignore the problem hoping it will go away."

Doing it right costs time, money, and skill. Management is partially to blame. Bad programmers are to blame. Schools are to blame. There are many factors why we end up with shit software like the use case you just described.

And now you know why old programmers become grumpy. Modern software is slow, bloated, with layers of abstraction piled upon abstraction, library upon library. You spend more time "decoding" code and reverse engineering what was done because no one ever took the time to comment it properly for the next guy.

Use these examples of "stupid shit" to be a better programmer.
Agree? Disagree? Share your own thoughts in the comments.

Why do programmers make so many mistakes?

theodp writes: Slashdot has surveyed personal New Year's resolutions in the past. So this year, how about coming up with a list of New Year's resolutions you'd like to see tech companies keep in 2022?

As for me, I'd like to see the tech giants resolve to making their desktop software work in the Cloud (and not just for Business), include a programming language with their desktop and mobile OS, provide the capability to share 'meaningful' file names, and allow developers to cap their Cloud charges. Is that too much to ask for in 2022?

What are some books that you read this year that you enjoyed reading? Doesn't have to be those that released this year -- though if possible, mention any recently published books.

Further reading: Ask Slashdot: What's a 2021 Movie or TV Show That You Enjoyed Watching?

An anonymous reader writes: Given the widespread understanding that sophisticated hackers are regularly using zero-day vulnerabilities to break into high-value systems, why is it that when I search for "zero day" on Australia's most popular job search engine only one "real" job comes up? Is the security of the Internet totally dependent on dedicated hobbyists, part-time showboats, and people willing to take meagre bug bounties (on average paying $3,650 for a critical vulnerability) instead of selling their findings (sometimes for millions of dollars) to dubious buyers?
Are they all in-house security people hunting for zero-days as part of their regular responsibilities? Share your own thoughts in the comments.

Where are all the jobs preventing zero-day exploits?

An anonymous reader writes: Haven't seen discussion on movie and TV shows recommendations on Slashdot of late. Could the fellow readers share some movies and TV shows and documentaries from this year that they really liked watching?

Long-time Slashdot reader Pieroxy is working on a new open source project, a web-based version of the system-monitoring software Conky.

The ultimate goal is send the data to an HTML interface "to find some use for the old iPads/tablets/laptops we all have lying around. You can put them next to your screen and have your metrics displayed there...!"

There's just one problem: "I had to come up with a way for users to format a number." I needed a small string the user could write to describe exactly what they want to do with their number. Some examples can be: write it as a 3-digit number suffixed by SI prefixes when the numbers are too big or too small, display a timestamp as HH:MM string, or just the day of week, eventually cut to the first three characters, do the same with a timestamp in milliseconds, or nanoseconds, display a nice string out of a number of seconds to express a duration ("3h 12mn 17s"), pad the number with spaces so that all numbers are aligned (left or right), force a fixed number of digits after the decimal point, etc.

In other words, I was looking for a "universal" way of formatting numbers and failed to find any kind of standard online.

Do Slashdot readers know of such a thing or should I create my own?

A few months ago PC Magazine explained eSIMs: You almost certainly have a SIM card: a thumbnail-sized chip that sits in your mobile phone, telling it which carrier and what phone number you use. Now those SIMs are going digital (or "e") and moving your information to a reprogrammable, embedded chip.

A SIM card is a "subscriber identity module." Required in all GSM, LTE, and 5G devices, it's a chip that holds your customer ID and details of how your phone can connect to its mobile network... An eSIM takes the circuitry of a SIM, solders it directly to a device's board, and makes it remotely reprogrammable through software... There are some minor consumer downsides, though. With eSIMs, it's harder to switch one plan between devices — you can't just swap the physical card around — and they can make it harder for you to temporarily remove your SIM if you don't want to be tracked by a carrier.

Google's Pixels have had eSIMs since 2017, and Apple's iPhones have had them since 2018...
Now let's see how long-time Slashdot reader shanen feels about them: Shopping for a new smartphone due to premature battery swelling of a cheapie, but surprised to find out I can't just plug the SIM into a new phone. There ain't no SIM here, but rather the dying phone has an eSIM.... Quick research indicated it's only software, so my obvious question is "How secure can an eSIM be?" (The obvious search results also fail to produce "fresh" results.)

But the black hats have already had a couple of years to work on the problem, and it seems intrinsically difficult to do anything securely if you're only using software. My probably obsolete understanding is that part of the basis of SIM security is that you'd have to destroy the SIM to save its data, but is there an actual security expert in the house?

Related question based on my surprise. How would you even know if you're using an eSIM? Especially since it appears to be possible to use an eSIM on a phone with a SIM.
Share your own thoughts and opinions in the comments.

How secure is an eSIM?

tiltowait writes: My organization has an acceptable use policy which forbids sending out spam. Every few months, however, the central IT office exempts itself from this rule by delivering deceptive e-mails to all employees as a test of their ability to ignore phishing scams. For those who simply delete the messages, they are a small annoyance, comparable to the overhead of having to regularly change passwords -- also done largely unnecessarily, perhaps even to the point of being another bad practice. As someone working in a departmental systems office, I can also attest that these campaigns generate a fair amount of workload from inquiries about their legitimacy. Aside from the "gotcha" angle, which perpetuates some ill will amongst staff, I can't help but think that these exercises are of questionable net value, especially with other countermeasures, such as MFA and Safelinks, already in place. Is it worth spreading misinformation to experiment on your colleagues in such a fashion?

Artem S. Tashkinov writes: Over the past ten years, Firefox market share has decreased substantially and the web browser has lost its appeal and coolness. Seeing that, someone at Mozilla probably decided that the best way to entice people back is by changing its UI, thus Firefox has already seen quite a huge number of changes despite other major web browsers staying relatively the same in terms of their visuals; i.e. Google Chrome and Apple Safari look almost the same as they did a decade ago. The most substantial redesign, which is being prepared for the next release, called Proton, promises to drive most power users away because it's broken on a number of levels and makes using the browser a very unpleasant experience.

So, what has changed:
- The compact density option for the address bar is now gone, and not only that, the title bar is now a lot taller than before. Overall, vertically, the title bar and address bar now take almost a dozen pixels more than previous Firefox releases, which steals very precious vertical space.
- The floating tabs. The active tab is now totally disconnected from the active web page and it looks out of place.
- The inactive tabs now completely lack a delimiter between them; and in the case of websites lacking a favicon, all inactive tabs look like one, which makes understanding what's open and what to click very difficult and time consuming.
- Mozilla has removed icons from menus, which makes navigating them slower and more difficult. Human beings can easily recognize and memorize icons, and now instead you have to read 20 menu items and try to understand what you actually need to click. Just to illustrate it, check how Firefox 88 looks and what is up and coming.

It surely looks like whatever UX studies Mozilla has done were either not run properly, or the data being collected was not properly understood. Mozilla has disabled feedback for Firefox, they've made it abundantly clear that you cannot leave comments in their Bugzilla, and considering they want to deprecate userChrome.css, it makes it impossible to restore the semblance of a good web browser experience. The Slashdot crowd loves free and open-source web browsers, so the question is, how can we make the company stop maiming and destroying their most important product?