"SpaceX's attempt to reduce the reflectivity of Starlink satellites is working, but not to the degree required by astronomers," reports Gizmodo: Starlink satellites with an anti-reflective coating are half as bright as the standard version, according to research published in The Astrophysical Journal. It's an improvement, but still not good enough, according to the team, led by astronomer Takashi Horiuchi from the National Astronomical Observatory in Japan. These "DarkSats," as they're called, also continue to cause problems at other wavelengths of light [and] were included in a batch of satellites launched by SpaceX on January 7, 2020. The new study aimed to evaluate the effectiveness of that dark coating...

The scientists found that the "albedo of DarkSat is about a half of that of STARLINK-1113," as they wrote in their paper. That's a decent improvement in the visual spectrum, but still not great. What's more, problems persist at other wavelengths. "The darkening paint on DarkSat certainly halves reflection of sunlight compared to the ordinary Starlink satellites, but [the constellation's] negative impact on astronomical observations still remains," Horiuchi told Physics World. He said the mitigating effect is "good in the UV/optical region" of the spectrum, but "the black coating raises the surface temperature of DarkSat and affects intermediate infrared observations."

A third version of Starlink is supposed to be even dimmer. Called "VisorSats," they feature a sun visor that will "dim the satellites once they reach their operational altitude," according to Sky and Telescope. SpaceX launched some VisorSats last year, but the degree to which their albedo is lessened compared to the original version is still not known, or if these versions will exhibit elevated surface temperatures.

Horiuchi told Physics World that SpaceX should seriously consider lifting the altitude of the Starlink constellation to further reduce the brightness of these objects.
. The article ends with a quote from an astronomer at Harvard-Smithsonian Center for Astrophysics and an expert on satellites. He'd told Gizmodo's reporter back in January of 2020 that "SpaceX is making a good-faith effort to fix the problem," and that he believes the company "can get the satellites fainter than what the naked eye can see."

TechRepublic shares a remarkable calculation by the not-for-profit IT leadership group the Consortium for Information and Software Security: CISQ's 2020 report, The Cost of Poor Software Quality in the U.S., looked at the financial impact of software projects that went awry or otherwise ended up leaving companies with a larger bill by creating additional headaches for them. According to the consortium, unsuccessful IT projects alone cost U.S. companies $260 billion in 2020, while software problems in legacy systems cost businesses $520 billion and software failures in operational systems left a dent of $1.56 trillion in corporate coffers.

As a result, the total cost of poor software quality in the U.S. amounted to approximately $2.08 trillion in 2020, CISQ said. Comparing this to the total U.S. IT and software wage base of $1.4 trillion, the company said the figures "underscored the magnitude of the negative economic impact of poor software quality."

"At least 10,000 Signal users can be attributed to a 12-year-old kid in India who created a somewhat popular clone of the encrypted chat app," reports Motherboard: Dev Sharma, a Signal user from Melbourne, Australia, found the Signal clone when he encountered an unusual thing: Signal displayed a pop-up showing that their friend had just joined the app. Sharma messaged their friend, but the friend had never even heard of Signal, despite apparently using the app. The friend had downloaded a different app called "Calls Chat," according to a tweet from Dev. It turned out, Calls Chat is actually a clone of Signal and lets users communicate with people on the legitimate Signal app.

The app may have been harmless in this instance, but its existence and thousands of downloads shows how it can be relatively easy for someone to take the open source code of Signal and repurpose it for their own means, potentially misleading users about what they're actually downloading in the process. "I didn't know I was creating a clone of Signal, in fact I didn't even know such an app existed," Dheeraj, the boy who made the clone, told Motherboard in a phone call...

The Google Play Store bars developers from impersonating other apps or making others that are deceptive, however. Google told Motherboard on Wednesday that the chat app is no longer available on the Play Store.

Jake Edge, writing at LWN: The problems with "vendoring" in packages -- bundling dependencies rather than getting them from other packages -- seems to crop up frequently these days. We looked at Debian's concerns about packaging Kubernetes and its myriad of Go dependencies back in October. A more recent discussion in that distribution's community looks at another famously dependency-heavy ecosystem: JavaScript libraries from the npm repository. Even C-based ecosystems are not immune to the problem, as we saw with iproute2 and libbpf back in November; the discussion of vendoring seems likely to recur over the coming years. Many application projects, particularly those written in languages like JavaScript, PHP, and Go, tend to have a rather large pile of dependencies. These projects typically simply download specific versions of the needed dependencies at build time. This works well for fast-moving projects using collections of fast-moving libraries and frameworks, but it works rather less well for traditional Linux distributions. So distribution projects have been trying to figure out how best to incorporate these types of applications.

This time around, Raphael Hertzog raised the issue with regard to the Greenbone Security Assistant (gsa), which provides a web front-end to the OpenVAS vulnerability scanner (which is now known as Greenbone Vulnerability Management or gvm). "the version currently in Debian no longer works with the latest gvm so we have to update it to the latest upstream release... but the latest upstream release has significant changes, in particular it now relies on yarn or npm from the node ecosystem to download all the node modules that it needs (and there are many of them, and there's no way that we will package them individually). The Debian policy forbids download during the build so we can't run the upstream build system as is."

Hertzog suggested three possible solutions: collecting all of the dependencies into the Debian source package (though there would be problems creating the copyright file), moving the package to the contrib repository and adding a post-install step to download the dependencies, or removing gsa from Debian entirely. He is working on updating gsa as part of his work on Kali Linux, which is a Debian derivative that is focused on penetration testing and security auditing. Kali Linux does not have the same restrictions on downloading during builds that Debian has, so the Kali gsa package can simply use the upstream build process. He would prefer to keep gsa in Debian, "but there's only so much busy-work that I'm willing to do to achieve this goal". He wondered if it made more sense for Debian to consider relaxing its requirements. But Jonas Smedegaard offered another possible approach: analyzing what packages are needed by gsa and then either using existing Debian packages for those dependencies or creating new ones for those that are not available. Hertzog was convinced that wouldn't be done, but Smedegaard said that the JavaScript team is already working on that process for multiple projects.

Charlotte Web writes: With Linux 5.10 having shipped as the latest Long Term Support (LTS) release to be maintained for at least the next five years, a discussion has begun over dropping a number of old and obsolete CPU platform support currently found within the mainline kernel. For many of the architectures being considered for removal they haven't seen any new commits in years but as is the case once proposals are made for them to be removed there are often passionate users wanting the support to be kept.

Thelasko quotes gHacks: Linux Mint 20.1 is now available.

The first stable release of Linux Mint in 2021 is available in the three flavors Cinnamon, MATE and Xfce. The new version of the Linux distribution is based on Ubuntu 20.04 LTS and Linux kernel 5.4...

- Linux Mint 20.1 comes with a unified file system that sees certain directories being merged with their counterparts in /usr, e.g. /bin merged with /usr/bin, /lib merged with /usr/lib for compatibility purposes...

- The developers have added an option to turn websites into desktop applications in the new version [using the new Web App manager]... Web apps behave like desktop programs for the most part; they start in their own window and use a custom icon, and you find them in the Alt-Tab interface when you use it. Web apps can be pinned and they are found in the application menu after they have been created.

An anonymous reader quotes a report from ZDNet: President-elect Joe Biden's transition team announced that David Recordon, one of OpenId and oAuth's developers, has been named the White House Director of Technology. Recordon most recently was the VP of infrastructure and security at the non-profit Chan Zuckerberg Initiative Foundation. Before that, Recordon was Facebook's engineer director. There, he had led Facebook's open-source initiatives and projects. Among other programs, this included Phabricator, a suite of code review web apps, which Facebook used for its own development. He also led efforts on Cassandra, the Apache open-source distributed database management system; HipHop, a PHP to C++ source code translator; and Apache Thrift, a software framework, for scalable cross-language services development. In short, he's both a programmer and manager who knows open-source from the inside out.

Recordon learned to program at a public elementary school. According to the Biden-Harris transition team, he's spent his almost two-decade career working at the intersection of technology, security, open-source software, public service, and philanthropy. Looking forward to the challenges Recordon faces in his new position, he wrote on LinkedIn: "The pandemic and ongoing cybersecurity attacks present new challenges for the entire Executive Office of the President, but ones I know that these teams can conquer in a safe and secure manner together." The report notes that Recordon served as the first Director of White House Information Technology during President Barack Obama's term of office, working on IT modernization and cybersecurity issues. He's also served as the Biden-Harris transition team's deputy CTO.

71-year-old Hugh Pickens (Slashdot reader #49,171) is a physicist who explored for oil in the Amazon jungle, commissioned microwave communications systems in Saudi Arabia, and built satellite control stations for Goddard Space Flight Center around the world including Australia, Antarctica, and Guam.

After retiring in 1999, he wrote over 1,400 Slashdot posts, and in the site's 23-year history still remains one of its two all-time most active submitters (behind only long-time Slashdot reader theodp). Today theodp shares an article by Hugh Pickens: I am a Covid Survivor," writes former Slashdot contributor extraordinaire Hugh Pickens (aka pickens, aka Hugh Pickens writes, aka Hugh Pickens DOT Com, aka HughPickens.com, aka pcol, aka ...). "I got the Covid six weeks ago and yesterday I was declared virus free. I had what was called a moderate case of Covid. I was never hospitalized. I was never in any real danger of death. But I was in bed for three weeks.

"It knocked me on my ass. I have been talking about my Covid when I go out and a lot of people are interested in what it really means to have a moderate case of Covid. I don't claim to speak for every Covid patient. I certainly can't speak for the ones who went into the hospital and are on ventilators. But I think the majority of people have a moderate case of Covid so I thought I would write this up for people that were interested."
During those three consecutive weeks in bed, "I guess I ate Jell-O for about two weeks..." Pickens writes. "I was laying in bed all day long. I was sleeping 12 to 14 hours a day..." He lost 25 pounds — and vividly describes having nightmares "every night like clockwork." But the essay ends with him committed to making the most of his second chance. "I'm only going to do what's important from now on...

"I'm 71 years old and I may have five more years or ten but I am going to live every day like it's my last."

Phoronix reports: It's been a turbulent year and 2020 is certainly ending interesting in the Linux/open-source space... If it wasn't odd enough seeing Sony providing a new official Linux driver for their PlayStation 5 DualSense controller for ending out the year, there is also a new Linux port to the Nintendo 64 game console... Yes, a brand new port to the game console that launched more than two decades ago.

Open-source developer Lauri Kasanen who has contributed to Mesa and the Linux graphics stack took to developing a new Nintendo 64 port and announced it this Christmas day. This isn't the first time Linux has been ported to the N64 but prior attempts weren't aimed at potentially upstreaming it into the mainline Linux kernel...

This fresh port to the N64 was pursued in part to help port emulators and frame-buffer or console games.
And also, the announcement adds, "Most importantly, because I can."

"Edmund M. Clarke, the FORE Systems Professor of Computer Science Emeritus at Carnegie Mellon University, has died of Covid-19," writes Slashdot reader McGruber.

From the Pittsburgh Post-Gazette: Professor Clarke was best known for his work in model checking, an automated method for detecting design errors in computer hardware and software. CMU president Farnam Jahanian said the world had "lost a giant in computer science" with Mr. Clarke's death. "Ed's pioneering work in model checking applied formal computational methods to the ultimate challenge: computers checking their own correctness," Mr. Jahanian said in a statement. "As systems become ever more complex, we are just beginning to see the wide-reaching and long-term benefits of Ed's insights, which will continue to inspire researchers and practitioners for years to come."

In the early 1980s, Mr. Clarke and his Harvard University graduate student, E. Allen Emerson — as well as Joseph Sifakis of the University of Grenoble, who was working separately — developed model checking, which has helped to improve the reliability of complex computer chips, systems and networks. For their work, the Association for Computing Machinery gave the three scientists the prestigious A.M. Turing Award — computer science's Nobel Prize — in 2007.

Mr. Clark's citation on the Turing Award website said Microsoft and Intel and other companies use model checking to verify designs for computer networks and software. "It is becoming particularly important in the verification of software designed for recent generations of integrated circuits, which feature multiple processors running simultaneously," the citation page said. "Model checking has substantially improved the reliability and safety of the systems upon which modern life depends."

Ananda Sharma, founder of the app Gyroscope, describes to a local TV station the monolith he discovered during a Christmas-morning jog under a candy-cane red sunrise.

"I think I smelled it before I saw it..."

He spotted a double rainbow and wanted to peek at that too. At first, he thought the monolith was "a big post," but as he got closer, he smelled the gingerbread scent wafting toward him. The monolith is standing in panels separated by icing...

"It made me smile.
SFGate spoke to another eye-witness: Alexis Gallagher also happened upon the sweet monolith at about 8:25 a.m. Friday morning, confirming it was made of gingerbread, frosting and gumdrops... "I had a closer look and it looks like there's a plywood skeleton underneath, but I try not to dwell on such mundane realities."

Gallagher added that he had to "stop my dog from nibbling on it..."
When reached for an official comment, the San Francisco Recreation and Parks Department General Manager told the TV news reporter that the gingerbread monolith "Looks like a great spot to get baked."

Then he added more sternly that "we will leave it up until the cookie crumbles."

But their article notes it raises several questions for Bay Area residents: Did Christmas-happy aliens beam it down from above? Did some rogue artificial intelligence escape a nearby Google campus, and, driven mad by our plethora of Christmas music...design an art piece to brighten our days? And just how expensive is it to rent a highrise apartment within its crumbly, ginger-pungent walls...?
SFGate's report ends with Ananda Sharma noting that it began raining in San Francisco at 11:30 a.m., adding, "not sure what happens to gingerbread in the rain but it probably isn't good."

Redox OS, the micro-kernel based Rust-written operating system, is out with a new Christmas release. From a report: Redox OS 0.6 was released on Christmas Eve with many bug fixes and new features. Redox OS 0.6 features a complete rewrite of its RMM kernel memory manager, improvements to its Relibc C library implementation, Pkgar as a new package format, and Rust code compatibility updates. It's been the better part of two years since Redox 0.5 was released but moving forward they hope to start releasing new updates more often.

fahrbot-bot shares a report from Phys.Org: Researchers from Tokyo Metropolitan University have discovered a way to make self-assembled nanowires of transition metal chalcogenides at scale using chemical vapor deposition. By changing the substrate where the wires form, they can tune how these wires are arranged, from aligned configurations of atomically thin sheets to random networks of bundles. This paves the way to industrial deployment in next-gen industrial electronics, including energy harvesting, and transparent, efficient, even flexible devices.

Using a process called chemical vapor deposition (CVD), they found that they could assemble TMC nanowires in different arrangements depending on the surface or substrate that they use as a template. Examples are shown in Figure 2; in (a), nanowires grown on a silicon/silica substrate form a random network of bundles; in (b), the wires assemble in a set direction on a sapphire substrate, following the structure of the underlying sapphire crystal. By simply changing where they are grown, the team now have access to centimeter-sized wafers covered in the arrangement they desired, including monolayers, bilayers and networks of bundles, all with different applications. They also found that the structure of the wires themselves were highly crystalline and ordered, and that their properties, including their excellent conductivity and 1D-like behavior, matched those found in theoretical predictions. The research has been published in the journal Nano Letters.

Sony has published a new "hid-playstation" Linux kernel driver for bringing up the PlayStation 5 DualSense controller and will also be used for supporting other PlayStation hardware on Linux. Phoronix reports: This new Linux kernel driver supports the PlayStation 5 "DualSense" game controller both in USB and Bluetooth modes. All key functionality along with LEDs, motion sensors, touchpad, battery, lightbar, and rumble are all supported by this official Sony Linux driver. The Linux kernel already has the existing "hid-sony" driver while this PlayStation 5 game controller comes with the hid-playstation driver. In announcing the new driver, they are planning to move some of the Sony Interactive Entertainment hardware support from the existing hid-sony to hid-playstation drivers. The hid-sony driver will continue to be maintained and used by broader Sony devices. This new driver follows the move from about a year ago of Sony "officially" maintaining the hid-sony Linux input driver.

This new driver comes in at just over 1,400 lines of code in its initial form catering to the PS5 controller. When transitioning support for older hardware to this new driver there is also a promise of unit test coverage and more. The new HID-PlayStation driver is currently under review and isn't yet queued up for mainlining but those wanting to try it out can find the 13 patches up for testing.

Roughly half a billion people played Among Us in November, becoming "by far the most popular game ever in terms of monthly players," according to Nielsen's SuperData. The Verge reports: The success is even more remarkable because InnerSloth -- the company that makes Among Us -- only has four employees. That's roughly 125 million players per person who works on the game. It's proven to be so popular that the studio decided to cancel a sequel that was in the works and just put all its effort into improving the original. It even caught the attention of sitting congresswoman Alexandria Ocasio-Cortez, who livestreamed herself playing it to try to encourage people to vote, with an audience on Twitch that peaked at over 400 thousand viewers.

In an email to The Verge, Carter Rogers, Principal Analyst at SuperData, said that the next-most popular game in terms of monthly active users only clocked in at 300 million. Rogers notes that Nielsen arrives at its figures through a mix of "point-of-sale and event data from publishers, developers and payment service providers." Among Us' release on the Nintendo Switch was recent enough that it didn't have an appreciable impact on the game's total numbers in Nielsen's analysis.

Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic.

The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection: The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws...

Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP.

Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses.

An anonymous Slashdot reader writes: For the past year, hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back. If database owners don't respond and ransom their data back in nine days, the databases are then put up on auction on a dark web portal.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.

"NASA's twin Voyager probes keep making discoveries in interstellar space," reports Space.com The Voyager mission has detected a new type of "electron burst," which will provide insights into the mechanisms of flaring stars, a new study reports. The bursts occur when cosmic ray electrons — fast-moving particles from far beyond the solar system — are pushed by shock waves generated by solar eruptions. The electrons then accelerate further along cosmic magnetic field lines to incredible speed, study team members said.

"The idea that shock waves accelerate particles is not new," corresponding author Don Gurnett, professor emeritus in physics and astronomy at the University of Iowa, said in a statement. "[But] we detected it in a new realm: the interstellar medium, which is much different than in the solar wind, where similar processes have been observed...."

Eventually, the magnetic field lines propel the cosmic rays to almost the speed of light — nearly 670 times faster than the solar shock waves that first pushed them. (The shock waves move at roughly 1 million mph, or 1.6 million kph, study team members said.)
The article marvels at the fact that the spacecraft are still sending back data regularly from 14 billion miles away, beyond the edge of our solar system, more than 43 years after they left earth. They even detected the original solar shock wave which caused the electron burst "up to a year after the event occurred.

"The wait time happened because the spacecraft are so far from the sun."

"A Mysterious Object Is Hurtling Towards Earth, and Scientists Don't Know What It Is," read Newsweek's headline on Monday, describing an object projected to pass 31,605 miles from earth. (One astronomer told them that was roughly 13% of the average distance between the earth and the moon).

But then a computer model calculated its past trajectories through space, according to the director for NASA's Center for Near Earth Object Studies (CNEOS). "One of the possible paths for 2020 SO brought the object very close to Earth and the Moon in late September 1966," he said in a statement. "It was like a eureka moment when a quick check of launch dates for lunar missions showed a match with the Surveyor 2 mission."

On Wednesday NASA described how a team led by Vishnu Reddy, an associate professor/planetary scientist at the Lunar and Planetary Laboratory at the University of Arizona, tried to prove what they'd seen was a 54-year-old booster rocket: Through a series of follow up observations, Reddy and his team analyzed 2020 SO's composition using NASA's IRTF and compared the spectrum data from 2020 SO with that of 301 stainless steel, the material Centaur rocket boosters were made of in the 1960's. While not immediately a perfect match, Reddy and his team persisted, realizing the discrepancy in spectrum data could be a result of analyzing fresh steel in a lab against steel that would have been exposed to the harsh conditions of space weather for 54 years. This led Reddy and his team to do some additional investigation.

"We knew that if we wanted to compare apples to apples, we'd need to try to get spectral data from another Centaur rocket booster that had been in Earth orbit for many years to then see if it better matched 2020 SO's spectrum," said Reddy. "Because of the extreme speed at which Earth-orbiting Centaur boosters travel across the sky, we knew it would be extremely difficult to lock on with the IRTF long enough to get a solid and reliable data set."

However, on the morning of Dec. 1, Reddy and his team pulled off what they thought would be impossible. They observed another Centaur D rocket booster from 1971 launch of a communication satellite that was in Geostationary Transfer Orbit, long enough to get a good spectrum. With this new data, Reddy and his team were able to compare it against 2020 SO and found the spectra to be consistent with each another, thus definitively concluding 2020 SO to also be a Centaur rocket booster...
So what happens next? 2020 SO made its closest approach to Earth on Dec. 1, 2020 and will remain within Earth's sphere of gravitational dominance — a region in space called the "Hill Sphere" that extends roughly 930,000 miles (1.5 million kilometers) from our planet — until it escapes back into a new orbit around the Sun in March 2021.

As NASA-funded telescopes survey the skies for asteroids that could pose an impact threat to Earth, the ability to distinguish between natural and artificial objects is valuable as nations continue to explore and more artificial objects find themselves in orbit about the Sun.

Astronomers will continue to observe this particular relic from the early Space Age until it's gone.

This week the Microsoft-owned code repository site GitHub released its annual report with statistics about its community, writes programming columnist Mike Melanson: The report offers a deep dive into three specific areas, with a look at developer productivity in the time of COVID, community and collaboration, and open source security. Highlights include increased productivity with 35% more repositories created in 2020 than 2019, a large open source community with more than 56M developers in 2020 with 100M expected by 2025, and security vulnerabilities that often go undetected for more than 4 years before being disclosed and 94% of projects relying on open source components.
"2020 has been a year of extraordinary change," notes GitHub's report. "Yet with 60M+ new repositories created this past year, one thing has remained true — developers came together from all corners of the world to innovate, find connection, and solve problems."

GitHub reports that over 1.9 billion contributions were added in the last year, with users distributed around the globe:

North America:	34%
Asia:	30.7%
Europe:	26.8%
South America:	4.9%
Africa:	2%
Oceania:	1.7%

And while JavaScript is still the most popular language used on the site, Python remains more popular (at #2) than Java (at #3) for the second year in a row.

1. JavaScript
2. Python
3. Java
4. TypeScript
5. C#
6. PHP
7. C++
8. C
9. Shell
10. Ruby