An anonymous reader quotes a report from Ars Technica: Google has given the boot to nine Android apps downloaded more than 5.8 million times from the company's Play marketplace after researchers said these apps used a sneaky way to steal users' Facebook login credentials. In a bid to win users' trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices, according to a post published by security firm Dr. Web. All of the identified apps offered users an option to disable in-app ads by logging into their Facebook accounts. Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords.

Then, as Dr. Web researchers wrote: "These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login... into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers' C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals. Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans' settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service."

The majority of the downloads were for an app called PIP Photo, which was accessed more than 5.8 million times. The app with the next greatest reach was Processing Photo, with more than 500,000 downloads. The remaining apps were: Rubbish Cleaner: more than 100,000 downloads; Inwell Fitness: more than 100,000 downloads; Horoscope Daily: more than 100,000 downloads; App Lock Keep: more than 50,000 downloads; Lockit Master: more than 5,000 downloads; Horoscope Pi: 1,000 downloads; and App Lock Manager: 10 downloads. A search of Google Play shows that all apps have been removed from Play.

While it will come as no comfort to those who had their Western Digital My Book Live NAS drives wiped last week, it seems they were attacked by a combination of two exploits, and possibly caught in the fallout of a rivalry between two different teams of hackers. Tom's Hardware reports: Initially, after the news broke on Friday, it was thought a known exploit from 2018 was to blame, allowing attackers to gain root access to the devices. However, it now seems that a previously unknown exploit was also triggered, allowing hackers to remotely perform a factory reset without a password and to install a malicious binary file. A statement from Western Digital, updated today, reads: "My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device ... The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication. The unauthenticated factory reset vulnerability [has] been assigned CVE-2021-35941."

Analysis of WD's firmware suggests code meant to prevent the issue had been commented out, preventing it from running, by WD itself, and an authentication type was not added to component_config.php which results in the drives not asking for authentication before performing the factory reset. The question then arises of why one hacker would use two different exploits, particularly an undocumented authentication bypass when they already had root access through the command injection vulnerability, with venerable tech site Ars Technica speculating that more than one group could be at work here, with one bunch of bad guys trying to take over, or sabotage, another's botnet. Western Digital advises users to disconnect their device(s) from the internet. They are offering data recovery services beginning in July, and a trade-in program to switch the obsolete My Book Live drives for more modern My Cloud devices.

Hmmmmmm shares a report from PC Gamer: Near, also known by their username Byuu, the creator of several groundbreaking videogame emulators and a recent celebrated translation of JRPG Bahamut Lagoon, has died by suicide. Near posted a thread on Twitter explaining how they were affected by a campaign of harassment organized against them on the Kiwi Farms forum. Subsequently, Hector Martin, an IT consultant and Linux hacker, posted a message about Near from a mutual friend (CW: contains explicit details of Near's method of suicide) and said that they had confirmed Near's death with police in a follow-up tweet. The linked document also focuses on the Kiwi Farms forum and the doxing and harassing of Near and their friends.

Near's bsnes was the first Super Nintendo emulator with 100% compatibility, and higan is a multi-system emulator supporting 26 different devices including the NES, SNES, Game Boy and Game Boy Advance, Sega Master System and Genesis/Mega Drive, and PC Engine. If you've played any of the indie games influenced by EarthBound, aka Mother 2, then odds are good that game's designer had a copy of EarthBound open in higan for reference. Parts of the emulator created to keep Stephen Hawking's voice synthesizer working in the final years of the famous physicist's life were even borrowed from higan's open source code.

Intel is going to be disabling Transactional Synchronization Extensions (TSX) by default for various Skylake through Coffee Lake processors with forthcoming microcode updates. Phoronix reports: Transactional Synchronization Extensions (TSX) have been around since Haswell for hardware transactional memory support and going off Intel's own past numbers can be around 40% faster in specific workloads or as much 4~5 times faster in database transaction benchmarks. TSX issues have been found in the past such as a possible side channel timing attack that could lead to KASLR being defeated and CVE-2019-11135 (TSX Async Abort) for an MDS-style flaw. Now in 2021 Intel is disabling TSX by default across multiple families of Intel CPUs from Skylake through Coffee Lake. [...] The Linux kernel is preparing for this microcode change as seen in the flow of new patches this morning for the 5.14 merge window.

A memory ordering issue is what is reportedly leading Intel to now deprecate TSX on various processors. There is this Intel whitepaper (PDF) updated this month that outlines the problem at length. As noted in the revision history, the memory ordering issue has been known to Intel since at least before October 2018 but only now in June 2021 are they pushing out microcode updates to disable TSX by default. With forthcoming microcode updates will effectively deprecate TSX for all Skylake Xeon CPUs prior to Stepping 5 (including Xeon D and 1st Gen Xeon Scalable), all 6th Gen Xeon E3-1500m v5 / E3-1200 v5 Skylake processors, all 7th/8th Gen Core and Pentium Kaby/Coffee/Whiskey CPUs prior to 0x8 stepping, and all 8th/9th Gen Core/Pentium Coffee Lake CPUs prior to 0xC stepping will be affected. That ultimately spans from various Skylake steppings through Coffee Lake; it was with 10th Gen Comet Lake and Ice Lake where TSX/TSX-NI was subsequently removed.

In addition to disabling TSX by default and force-aborting all RTM transactions by default, a new CPUID bit is being enumerated with the new microcode to indicate that the force aborting of RTM transactions. It's due to that new CPUID bit that the Linux kernel is seeing patches. Previously Linux and other operating systems applied a workaround for the TSX memory ordering issue but now when this feature is disabled, the kernel can drop said workaround. These patches are coming with the Linux 5.14 cycle and will likely be back-ported to stable too.

"Linus Torvalds has just released the Linux 5.13 kernel as stable," reports Phoronix: Linux 5.13 brings initial but still early support for the Apple M1 with basic support but not yet accelerated graphics and a lot more to iron out moving ahead. There are also new Linux 5.13 security features like the Landlock security module, Clang control flow integrity support, and optionally randomizing the kernel stack offset at each system call. There is also AMD fun this cycle around FreeSync HDMI support, initial Aldebaran bring-up, and more. Intel has more work on Alder Lake, a new cooling driver, and more discrete graphics bring-up. There are also other changes for Linux 5.13 around faster IO_uring, a generic USB display driver, and other new hardware enablement.
"5.13 overall is actually fairly large," Linus Torvalds posted on the Linux Kernel Mailing List, calling it "one of the bigger 5.x releases, with over 16,000 commits (over 17k if you count merges), from over 2,000 developers. But it's a "big all over" kind of thing, not something particular that stands out as particularly unusual..."

The Houston Chronicle reports: The Texas Supreme Court ruled Friday in a Houston case that Facebook is not a "lawless no-man's-land" and can be held liable for the conduct of pimps who use its technology to recruit and prey on children.

The ruling came in a trio of Houston civil actions involving teenage trafficking victims who met their abusive pimps through Facebook's messaging functions. They sued the California-based social media juggernaut for negligence and product liability, saying that Facebook failed to warn about or attempt to prevent sex trafficking from taking place on its internet platforms. The suits also alleged that Facebook benefited from the sexual exploitation of trafficking victims. The justices said trafficking victims can move forward with lawsuits on the grounds that Facebook violated a provision of the Texas Civil Practice and Remedies Code passed in 2009.

Facebook lawyers argued the company was shielded from liability under Section 230 of the federal Communications Decency Act, which states that what users say or write online is not akin to a publisher conveying the same message. Essentially, they said, Facebook is immune to these types of lawsuits. The majority wrote, "We do not understand Section 230 to 'create a lawless no-man's-land on the Internet' in which states are powerless to impose liability on websites that knowingly or intentionally participate in the evil of online human trafficking... Holding internet platforms accountable for the words or actions of their users is one thing, and the federal precedent uniformly dictates that Section 230 does not allow it," the opinion said. "Holding internet platforms accountable for their own misdeeds is quite another thing. This is particularly the case for human trafficking."

The justices explained that Congress recently amended Section 230 to add the possibility of civil liability for websites that violate state and federal human-trafficking laws. They said under the amended law states may protect residents from internet companies that knowingly or intentionally participate in human trafficking through their action or inaction..... Annie McAdams, a lead attorney for the plaintiffs, said it was a groundbreaking decision. This is the first case to beat Facebook on its argument that it had immunity under Section 230, she said.

The New York Times tells the story of Fayçal Ziraoui, a 38-year-old French-Moroccan business consultant who "caused an online uproar" after saying he'd cracked the last two unsolved ciphers of the four attributed to the Zodiac killer in California "and identified him, potentially ending a 50-year-old quest." Maybe because he said he cracked them in just two weeks. Many Zodiac enthusiasts consider the remaining ciphers — Z32 and Z13 — unsolvable because they are too short to determine the encryption key. An untold number of solutions could work, they say, rendering verification nearly impossible.

But Mr. Ziraoui said he had a sudden thought. The code-crackers who had solved the [earlier] 340-character cipher in December had been able to do so by identifying the encryption key, which they had put into the public domain when announcing their breakthrough. What if the killer used that same encryption key for the two remaining ciphers? So he said he applied it to the 32-character cipher, which the killer had included in a letter as the key to the location of a bomb set to go off at a school in the fall of 1970. (It never did, even though police failed to crack the code.) That produced a sequence of random letters from the alphabet. Mr. Ziraoui said he then worked through a half-dozen steps including letter-to-number substitutions, identifying coordinates in numbers and using a code-breaking program he created to crunch jumbles of letters into coherent words...

After two weeks of intense code-cracking, he deciphered the sentence, "LABOR DAY FIND 45.069 NORT 58.719 WEST." The message referred to coordinates based on the earth's magnetic field, not the more familiar geographic coordinates. The sequence zeroed in on a location near a school in South Lake Tahoe, a city in California referred to in another postcard believed to have been sent by the Zodiac killer in 1971.

An excited Mr. Ziraoui said he immediately turned to Z13, which supposedly revealed the killer's name, using the same encryption key and various cipher-cracking techniques. [The mostly un-coded letter includes a sentence which says "My name is _____," followed by a 13-character cipher.] After about an hour, Mr. Ziraoui said he came up with "KAYR," which he realized resembled the last name of Lawrence Kaye, a salesman and career criminal living in South Lake Tahoe who had been a suspect in the case. Mr. Kaye, who also used the pseudonym Kane, died in 2010.

The typo was similar to ones found in previous ciphers, he noticed, likely errors made by the killer when encoding the message. The result that was so close to Mr. Kaye's name and the South Lake Tahoe location were too much to be a coincidence, he thought. Mr. Kaye had been the subject of a report by Harvey Hines, a now-deceased police detective, who was convinced he was the Zodiac killer but was unable to convince his superiors. Around 2 a.m. on Jan. 3, an exhausted but elated Mr. Ziraoui posted a message entitled "Z13 — My Name is KAYE" on a 50,000-member Reddit forum dedicated to the Zodiac Killer.

The message was deleted within 30 minutes.

"Sorry, I've removed this one as part of a sort of general policy against Z13 solution posts," the forum's moderator wrote, arguing that the cipher was too short to be solvable.

AmiMoJo shares a report from Phoronix: The Linux x86/x86_64 kernel code already had logic in place for reserving portions of the first 1MB of RAM to avoid the BIOS or kernel potentially clobbering that space among other reasons while now Linux 5.13 is doing away with that 'wankery' and will just unconditionally always reserve the first 1MB of RAM. The Linux kernel was already catering to Intel Sandy Bridge graphics accessing memory below the 1MB mark, the first 64K of memory are known to be corrupted by some BIOSes, and similar problems coming up in that low area of memory. But rather than dealing with all that logic and other possible niche cases besides the EGA/VGA frame-buffer and BIOS, the kernel is playing it safe and just always reserving the first 1MB of RAM so it will not get clobbered by the kernel.

KDE Plasma 5.22 is now available, bringing "hugely improved" Wayland support, better performance for gaming, adaptive panel transparency for the panel and widgets, and more. Phoronix reports: There is now support for variable rate refresh (VRR) / Adaptive-Sync on Wayland, vertical/horizontal maximization now working with KWin Wayland, global menu applet support under Wayland, support for activities, and a lot of other general improvements and fixes so the overall Wayland support is much more polished and nearly at par to the X.Org Server support.

The performance for gaming with KDE Plasma on Wayland should also be better with now having direct scan-out support for full-screen windows. Rounding out the graphics fun with this release is also GPU hot-plugging support on Wayland for KWin, such as if using an external GPU or USB display adapter. KDE Plasma 5.22 also delivers on adaptive panel transparency for the panel and widgets, desktop notification improvements, Plasma System Monitor has replaced KSysGuard as the default system monitoring application, and a variety of other improvements. You can view the full changelog for Plasma 5.22 here.

The hills of ice at the base of Alaska's Muldrow Glacier "have sat undisturbed and covered by tundra for more than 60 years," reports the Washington Post, adding that in normal years the glacier only moves about three inches a day.

But that's suddenly changed, and they're now moving between 360 and 720 inches a day (that is, 30 to 60 feet, every day). The rare phenomenon began last fall some 12 miles uphill. That's where the glacier initially started sliding, its smooth surface ice cracking under tremendous, hidden stresses. New crevasses opened and ice cliffs were pushed up in a chaotic jumble. The first witness was a pilot who spied the scene in March as he flew around the north side of Denali, the continent's tallest mountain.

The Muldrow has been "surging" forward ever since, at speeds up to 100 times faster than normal....

Surges are one of the last mysteries for those who study glaciers, in part because they happen so infrequently and in just a fraction of places around the world. The activity is different from a glacier actually growing in size, and it can take decades for the right conditions to develop.... The prevailing theory of surges is that the natural advance of a glacier causes friction, which melts the deepest ice. Loose gravel traps the meltwater underneath. But as snow and ice accumulate in the glacier's higher elevations, the mass there gets top heavy. A surge redistributes that mass to lower elevations, with the meltwater serving as a lubricant that helps the glacier pick up speed as it slides downhill.

This last happened with the Muldrow during the winter and spring of 1956-57. Given its record of surges roughly every 50 years, scientists had long anticipated the current event. Their concern is that a warming climate could spell disaster for future surges. "You wonder, 'Are you going to ever be able to see the surge again?' " said Chad Hults, regional geologist for Alaska's national parks. "I don't know, because 50 years from now, you might lose enough glacier ice that even if it surges... you might not actually even be able to see any difference."

For most of the glaciologists and geologists tracking today's surge, it's a once-in-a-lifetime thrill.
The article also reminds readers that "across the Alaska Range, glaciers are losing mass because of climate change."

A birthday party for 17-year-old Adrian Lopez turned into a viral TikTok event that drew thousands of unruly party-goers to Huntington Beach, California, reports the Los Angeles Times.

Just not Adrian Lopez, "who in the days leading up to the party was increasingly nervous about all the attention." When it was over, more than 175 people were arrested, city officials and merchants were adding up the damage, and everyone was wondering who should be blamed and who should be billed...

The high schooler's invitation was picked up by TikTok's "For You" algorithm and viewed by people across the country. The announcement was curious: Who was this mystery teen, and would anyone actually go to his party? Some TikTok users, including internet celebrities, began posting about it, and videos with the hashtag #adrianskickback have since drawn more than 326 million views.

On Saturday night, roughly 2,500 teenagers and young adults — some who say they drove for hours or flew in from other states — converged on the Huntington Beach Pier and downtown area in a gathering that devolved into mayhem. Partygoers blasted fireworks into a mob in the middle of Pacific Coast Highway, jumped on police cars, scaled palm trees and flag poles and leapt from the pier into throngs of people below to crowd-surf. A window at CVS was smashed, businesses were tagged with graffiti, and the roof of Lifeguard Tower 13 collapsed after it was scaled...

Authorities spotted the party announcement when it began circulating last week and immediately began staffing up in preparation for what was being billed as a weekend-long event. In all, more than 150 officers from nearly every police agency in Orange County were called out to the beach Saturday night to help get the crowd under control. Clashes with police broke out Saturday, and officers fired rubber bullets and pepper projectiles as they tried to disperse the crowd. Eventually, authorities issued an overnight curfew to clear the streets...

The majority of those taken into custody over the weekend were not from Orange County, police said.
One 53-year-old watching the crowd told the Times that "Literally they were playing in traffic on the Pacific Coast Highway." But the Times also got a quote from one 18-year-old attendee who "went to last Saturday's party but said he does not condone the debauchery that ensued."

"People my age haven't gone out in a year... It was to get the ball rolling. This is the start of summer."

Natural gas "creates less carbon emissions than the coal it replaces, but we have to find ways to minimize the leakage of methane."

That's the opinion of Vaclav Smil, a distinguished professor emeritus at the University of Manitoba and a Fellow of the Royal Society of Canada, writing in IEEE's Spectrum (in an article shared by Slashdot reader schwit1): Natural gas is abundant, low-cost, convenient, and reliably transported, with low emissions and high combustion efficiency. Natural-gas-fired heating furnaces have maximum efficiencies of 95 to 97 percent, and combined-cycle gas turbines now achieve overall efficiency slightly in excess of 60 percent. Of course, burning gas generates carbon dioxide, but the ratio of energy to carbon is excellent: Burning a gigajoule of natural gas produces 56 kilograms of carbon dioxide, about 40 percent less than the 95 kg emitted by bituminous coal.

This makes gas the obvious replacement for coal. In the United States, this transition has been unfolding for two decades. Gas-fueled capacity increased by 192 gigawatts from 2000 to 2005 and by an additional 69 GW from 2006 through the end of 2020. Meanwhile, the 82 GW of coal-fired capacity that U.S. utilities removed from 2012 to 2020 is projected to be augmented by another 34 GW by 2030, totaling 116 GW — more than a third of the former peak rating.

So far, so green. But methane is itself a very potent greenhouse gas, packing from 84 to 87 times as much global warming potential as an equal quantity of carbon dioxide when measured over 20 years (and 28 to 36 times as much over 100 years). And some of it leaks out. In 2018, a study of the U.S. oil and natural-gas supply chain found that those emissions were about 60 percent higher than the Environmental Protection Agency had estimated. Such fugitive emissions, as they are called, are thought to be equivalent to 2.3 percent of gross U.S. gas production...

Without doubt, methane leakages during extraction, processing, and transportation do diminish the overall beneficial impact of using more natural gas, but they do not erase it, and they can be substantially reduced.

An anonymous reader quotes a report from the San Francisco Chronicle: After more than three years of negotiations, San Jose officials voted late Tuesday to approve Google's plan for a sprawling downtown campus with thousands of new homes, millions of square feet of office space and a first-of-its kind $200 million community benefit agreement. It's a deal that business, labor and community groups say could signal a shift in Bay Area development politics -- particularly as San Jose, long overshadowed by neighboring San Francisco, looks to rebound from the pandemic with more active public spaces near transit. But in a region long accustomed to isolated suburban tech campuses and big-dollar affordable housing commitments, some still questioned how exactly a $155 million community fund will be spent, and whether it will be enough to offset familiar concerns about gentrification, homelessness and daily issues like parking.

With the vote on Tuesday, Google can move forward with an80-acre development plan near San Jose's central rail hub at Diridon Station, including 4,000 new homes, more than 7 million square feet of office space, 15 acres of parks and 500,000 square feet of retail and other space. Under a community benefit deal approved earlier this year, the company also agreed to create a $155 million community stabilization fund for job training, homelessness and affordable housing. It's unprecedented for a Bay Area tech campus -- and a stark contrast to tech peers like Amazon and Tesla, which have at times asked governments to compete for business by cutting costs -- as well as developers from other industries where community concessions are not the norm. Before the coronavirus upended daily commutes, Google planned for up to 25,000 workers to occupy the new San Jose office. The company has since announced that some of its global workforce will shift to remote roles, but the city hopes that the proposed "Downtown West" neighborhood around the new offices will help buoy lively public spaces. "A Google spokesman said the company will soon transfer land to the city for planned affordable housing development," the report says. "It aims to start construction work in 2022 and plans to transfer an initial $3 million to the city within 30 days of approval of the project, the spokesman said. In the meantime, the San Jose City Council will be tasked with appointing a new committee to oversee the $155 million community fund."

An anonymous reader shares a report: One month ago the University of Minnesota was banned from contributing to the Linux kernel when it was revealed the university researchers were trying to intentionally submit bugs into the kernel via new patches as "hypocrite commits" as part of a questionable research paper. Linux kernel developers have finally finished reviewing all UMN.edu patches to address problematic merges to the kernel and also cleaning up / fixing their questionable patches. Sent in on Thursday by Greg Kroah-Hartman was char/misc fixes for 5.13-rc3. While char/misc fixes at this mid-stage of the kernel cycle tend to not be too exciting, this pull request has the changes for addressing the patches from University of Minnesota researchers. [...] Going by the umn.edu Git activity that puts 37 patches as having been reverted with this pull request. The reverts span from ALSA to the media subsystem, networking, and other areas. That is 37 reverts out of 150+ patches from umn.edu developers over the years.

Staff at the world's largest FOSS IRC network, Freenode, have resigned following a "hostile takeover." "Seeking to take control of the Freenode IRC network after acquiring Freenode Limited as their live conference organization is reported to be Andrew Lee, the founder of VPN service Private Internet Access (PIA)," reports Phoronix. Aaron Jones, a member of the staff since March 2019, details the sequence of events. Another staff member has provided additional details. Slashdot reader rastos1 writes: As it is now known, the Freenode IRC network has been taken over by a "narcissistic Trumpian wannabe korean royalty bitcoins millionaire," [writes (former) staff member Marco d'Itri]. "To make a long story short, the former freenode head of staff secretly 'sold' the network to this person even if it was not hers to sell, and our lawyers have advised us that there is not much that we can do about it without some of us risking financial ruin."

Fuck you Christel, lilo's life work did not deserve this. What you knew as Freenode after 12:00 UTC of May 19 will be managed by different people. Freenode Limited has responded to the backlash, writing: "Given the millions I have injected into freenode thus far, the fact I own it and the fact that I protected the freenode staff with professional legal work and funding when they needed help and they could still lie and slander like this... says a lot about who they are. It saddens me that christel was forced out, and I wish she'd feel safe returning. I'm frustrated that tomaw's hostile takeover seems likely to succeed, in spite of all. I simply want freenode to keep on being a great IRC network, and to support it financially and legally as I have for a long time now."

The biggest U.S. cryptocurrency exchange, Coinbase, has announced it will close its San Francisco offices for good. SFGate reports: The company -- founded in June 2012 by former Airbnb engineer Brian Armstrong -- has had a speedy rise to the top in the nascent crypto industry, though its practices have also sometimes stoked controversy. [...] Coinbase's 1,200 employees are now decentralizing, and the company will no longer have a physical headquarters at all. The announcement on Twitter on Wednesday that the company's Market Street offices would shutter next year wasn't a total shock. A year ago, Armstrong announced the company would be "remote first" and not have a specific headquarters. Coinbase say they will instead offer some smaller offices elsewhere, but didn't give details. "Closing our SF office is an important step in ensuring no office becomes an unofficial HQ and will mean career outcomes are based on capability and output rather than location," the company said in a statement. "Instead, we will offer a network of smaller offices for our employees to work from if they choose to."

The Boston Globe published some thoughts from a professor of political science at Fordham University: A bipartisan group of senators, including Elizabeth Warren of Massachusetts and Sheldon Whitehouse of Rhode Island, are backing a bill called the College Transparency Act. It would require public and private colleges around the country to report how many students enroll, transfer, drop out, and complete various programs. Then that information would be combined with inputs from other federal agencies, including the Internal Revenue Service, so that the "labor market outcomes" of former students could be tracked.

In other words, the act would create a system that publicizes how much money students make, on average, after going through particular colleges, programs, and majors. According to Senator Whitehouse, "Choosing a college is a big decision, and yet too often families can't get the information to make apples-to-apples comparisons of the costs and benefits of attending different schools." The purpose of the College Transparency Act is to allow people to make these comparisons. Its other sponsors are Republicans Bill Cassidy of Louisiana and Tim Scott of South Carolina.

Unfortunately, the College Transparency Act could reshape how students, families, policymakers, and the public view the purposes of higher education.

To be sure, privileged students will still be able to pursue their academic passions, but many students will be channeled into paths with a higher payoff upon graduation. Many students who might want to explore geography, philosophy, or the fine arts will be advised to stay away from such majors that do not appear lucrative... The system would publicize only some outputs of college — especially how much money students make — and not, for instance, surveys of graduates' satisfaction. This would have the effect of nudging students and families into viewing college as being primarily about making money...

If students learn to read complex texts and write research papers, practice public speaking, find a mentor, and make friends, then they often do well after college regardless of major.

"Always the innovator, Elon Musk is crowdsourcing ideas for his upcoming Saturday Night Live appearance," writes USA Today.

SFGate reports: Both Musk fans and critics weighed in, with the tweet drawing over 4,500 quote tweets at time of publication (and 113,000-plus likes from his devotees). One of the top responses skewered his recent move to Texas.

"How about a skit where a selfish billionaire has a tantrum and makes a showy to-do about moving his factory to another state, but that new state is so dysfunctional it has a third-world power grid and runs out of electricity to run his factories and cars? That would be hilarious...."

As a result of his controversial image, "SNL" announced that cast members will not be required to act alongside him if it makes them uncomfortable. No cast member has publicly decline to perform yet, but cast member Chris Redd did jump into the Twitter fray to correct Musk on his use of the word "skit."
Page Six describes more of the suggestions from Twitter: Some commenters suggested ideas, including, "Extraterrestrials found your Tesla Roadster sent to space in 2018 & are trying to figure out what it is," "You play Chris Hansen on "To Catch a PP loan" with Ross Gerber," and, "Something about how it is all a simulation," while many of the responses to Musk's tweets were real zingers.

"You meeting with SNL writers using the same motivational techniques you use with $TSLA engineers. Elon: I need this done tomorrow or you're fired. SNL Writer: In your dreams a-hole," one user responded.

Analyst firm SlashData surveyed over 19,000 respondents from 155 countries for its "State of the Developer Nation" survey — and now estimates that there's 24.3 million active developers worldwide.

TechRadar reports: The report pegs JavaScript as the most popular language that, together with variants including TypeScript and CoffeeScript, is used by almost 14 million developers around the world. Based on SlashData's observations over the past several years, more than 4.5 million JavaScript developers have joined the ranks between Q4 2017 and Q1 2021. This is the highest growth in terms of absolute numbers across all programming languages...

Next up is Python with just over 10 million users, followed by Java with 9.4 million, and C/C++ with 7.3 million. The report notes that Python added 1.6 million new developers in the past year, recording a growth rate of 20%.
From ZDNet: SlashData estimates the next three largest developer communities are using C/C++ (7.3 million), Microsoft's C# (6.5 million), and PHP (6.3 million). Other large groups of developers are fans of Kotlin, Swift, Go, Ruby, Objective C, Rust and Lua...

SlashData, however, notes that Rust and Lua were the two fastest growing programming language communities in the past 12 months, albeit from a lower base than Python.
And Visual Studio magazine couldn't resist emphasizing that C# "has ticked up a notch in popularity, overtaking PHP for No. 5 on that ranking..." "C# lost three places in the rankings of language communities between Q3 2019 and Q3 2020, but it regained its lead over PHP in the past six months after adding half a million developers," the report states... "C# is traditionally popular within the desktop developer community, but it's also the most broadly used language among AR/VR and game developers, largely due to the widespread adoption of the Unity game engine in these areas..."

It was a different story one year ago, when the 18th edition of the report said: "C# lost about 1M developers during 2019... [I]t seems to be losing its edge in desktop development — possibly due to the emergence of cross-platform tools based on web technologies."

The language might see more desktop development inroads as new initiatives from Microsoft such as Blazor Desktop (one of those "cross-platform tools based on web technologies") and .NET MAUI provide a wide array of desktop approaches.

Friday the Free Software Foundation awarded their coveted "Respects Your Freedom" (RYF) certification to another new product: the Free Software Wireless-N Mini Router v3 (TPE-R1300) from ThinkPenguin, Inc.

Just 45 products currently hold the FSF's certification "that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy." (That is to say, they run on 100% free software, allow the installation of modified software, and are free from DRM, spyware and tracking.) The FSF writes: As with previous routers from ThinkPenguin, the Free Software Wireless-N Mini Router v3 ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, who is the maintainer of libreCMC and a former FSF intern.

The router enables users to run multiple devices on a network through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers...

"ThinkPenguin once again demonstrates a long-standing commitment to protecting the rights of their users. With the latest iteration of the Wireless-N Mini Router, users know that they'll have up to date hardware they can trust for years to come," said the FSF's licensing and compliance manager, Donald Robertson, III.
Phoronix points its readers to the device's page at ThinkPenguin.com "should you be looking to build out your wireless network using the decade old 802.11n standard."