The Tow Center for Digital Journalism at Columbia's Graduate School of Journalism reports: An increasingly popular tactic challenges conventional wisdom on the spread of electoral disinformation: the creation of partisan outlets masquerading as local news organizations. An investigation by the Tow Center for Digital Journalism at Columbia Journalism School has discovered at least 450 websites in a network of local and business news organizations, each distributing thousands of algorithmically generated articles and a smaller number of reported stories. Of the 450 sites we discovered, at least 189 were set up as local news networks across ten states within the last twelve months by an organization called Metric Media. Titles like the East Michigan News, Hickory Sun, and Grand Canyon Times have appeared on the web ahead of the 2020 election. These networks of sites can be used in a variety of ways: as 'stage setting' for events, focusing attention on issues such as voter fraud and energy pricing, providing the appearance of neutrality for partisan issues, or to gather data from users that can then be used for political targeting.

On October 20, the Lansing State Journal first broke the story of the network's existence. About three dozen local news sites, owned by Metric Media, had appeared in Michigan. Further reporting by the Michigan Daily, the Guardian and the New York Times identified yet more sites. Ultimately, previous reporting has identified around 200 of these sites. Our analysis suggests that there are at least twice that number of publications across a number of related networks, of which Metric Media is just one component. Over a two-week period starting November 26, we tapped into the RSS feeds of these 189 Metric Media sites, all of which were we found that were created this year, and found over fifteen thousand unique stories had been published (over fifty thousand when aggregated across the sites), but only about a hundred titles had the bylines of human reporters. The rest cited automated services or press releases.

The creators of Vim have released a game called "Killersheep" to show off two new features in Vim 8.2.

"Before I did the keynote at VimConf 2018 I asked plugin developers what they wanted from Vim," reads the announcement at Vim.org. "The result was a very long list of requested features. The top two items were clear: Popup windows and text properties." After more than a year of development the new features are now ready for the Vim crowds.

Popup windows make it possible to show messages, function prototypes, code snippets and anything else on top of the text being edited. They open and close quickly and can be highlighted in many ways... This was no small effort. Although the existing window support could be used, popup windows are different enough to require a lot of extra logic. Especially to update the screen efficiently. Also to make it easy for plugin writers to use them; you don't need to tell Vim exactly where to show one, just give a reference point and the text to display, Vim will figure out the size and where the popup fits best.

Text properties can be used for something as simple as highlighting a text snippet or something as complicated as using an external parser to locate syntax items and highlight them asynchronously. This can be used instead of the pattern based syntax highlighting. A text property sticks with the text, also when inserting a word before it. And this is done efficiently by storing the properties with the text.

"It's been five years already since the vote to transition to systemd in Debian over Upstart," reports Phoronix, noting that the Debian developer community has now begun a 20-day ranked-choice vote on eight different proposals for "'init system diversity' and just how much Debian developers care (or not) in supporting alternatives to systemd."

The eight options they're voting on:

• Choice 1: F: Focus on systemd

• Choice 2: B: Systemd but we support exploring alternatives

• Choice 3: A: Support for multiple init systems is Important

• Choice 4: D: Support non-systemd systems, without blocking progress

• Choice 5: H: Support portability, without blocking progress

• Choice 6: E: Support for multiple init systems is Required

• Choice 7: G: Support portability and multiple implementations

• Choice 8: Further Discussion

There's detailed descriptions of each option on the Debian developers mailing list. "This is a non-secret vote," the post explains. "After the voting period is over the details on who voted what will be published."

b-dayyy quotes Linux Security: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads "READ_FOR_DECRYPT", and demands 0.025 BTC for a victim's files to be unlocked.

Slashdot reader Rutabaga8 is the CEO of a web site conducting in-depth research on personal finance topics. They recently contacted Slashdot to share "some surprising results" from their analysis of a nonprofit advocacy group's seven years of data on Tesla batteries: By seven years of age, the typical car could still deliver around 93% of the original range on a full charge. That means a Tesla battery typically loses around 1 percentage point of range each year on the road.

Of course, cars that put more miles on the odometer are likely to get faster battery deterioration, because it's the number of charges that really impact battery degradation. However, the data showed that by 150,000 miles Tesla cars still achieved more than 85% of their original range when they were charged to full capacity.

Oculus CTO John Carmack announced Wednesday that he is stepping down from the augmented-reality company to focus his time on artificial general intelligence. The Verge reports: Carmack will remain in a "consulting CTO" position at Oculus, where he will "still have a voice" in the development work at the company, he wrote. Recent comments from Carmack suggest he may have soured on VR. Carmack was a champion of phone-based VR for years at Oculus, but in October, he delivered a "eulogy" for Oculus' phone-based Gear VR. And in a video for receiving a lifetime achievement award this week at the VR Awards, he said that "I really haven't been satisfied with the pace of progress that we've been making" in VR.

schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information.

"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."

"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."

An anonymous reader quotes ISP Review: The RIPE Network Coordination Centre (RIPE NCC), which manages regional distribution of internet addresses for the UK, Europe, Middle East and parts of Central Asia, has confirmed that their final reserve pool of Internet Protocol v4 (IPv4) addresses will completely run out in November 2019. Strictly speaking the Regional Internet Registry (RIR) started running out of address space in 2012 and began rationing the little they had left. Fast forward a few years and at the start of October 2019 it was confirmed that they only had 1 million IPv4 addresses left in their available pool (out of 4 billion addresses total), "which we expect to run out in November 2019...."

Thankfully many ISPs, devices and services have now introduced "newer" IPv6 addresses, although some still have a lot of work to do (e.g. TalkTalk)... A Spokesperson for RIPE NCC told ISPreview.co.uk "... IPv4 'run-out' has long been anticipated and planned for by the technical community and no one needs to worry about the Internet suddenly breaking. But it does mean that the pressure will continue to build for many networks, necessitating the use of complex and expensive workarounds.

"Our advice to network operators is to take stock of their IP resources and to make sure their IPv6 plans are making progress."

nickwinlund77 shares this story from ZDNet: A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL. Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week. Only NGINX servers with PHP-FPM enabled are vulnerable. PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features, and according to reports, a common server configuration option.

Software engineer Kieran Potts asks: does JavaScript need to be renamed? There's no doubt there are problems with JavaScript's branding...

- Correctly, "JavaScript" refers to a subset of ECMAScript specified by Mozilla, but the word is used interchangeably to refer to multiple different ECMAScript supersets, depending on context.

- JavaScript is a trademark of Oracle Corporation, which doesn't fit comfortably with the language's position as a central component of the web platform, which is meant to be built entirely from open technologies and standards.

- There isn't even an official logo for JavaScript, let alone a cute mascot like Go's gopher or PHP's elephant.

- And famously, JavaScript is unrelated to Java. This has confused the hell out of non-technical managers and recruiters for decades.
The article also suggests "a standard convention" to identify the runtime's host system (for example, "WebJS" or "ServerJS").

But in response to the question of rebranding JavaScript, "the most common, knee jerk reaction was a quick guffaw and an exclaimed 'no!'" notes tech columnist Mike Melanson, "while others offered that the simple contraction to JS would suffice."

California's largest power utility began power shut-offs today for an estimated 2.35 million people -- expected to last two days -- after weather forecasts predicted extreme fire danger due to exceptionally dry weather and severe winds, according to the Washington Post. "Some gusts this weekend might reach 75 mph (120 kph) or higher as part of a 'historic' wind event, the National Weather Service said. The winds could lead to 'erratic fire behavior,' warned the California Department of Forestry and Fire Protection..."

The San Jose Mercury News reports: PG&E won't restore power until inspections of de-energized lines are completed and any damage to the system is repaired. The utility also has requested mutual aid from 1,000 workers from other energy companies, including ATCO Energy in Alberta, Canada; Xcel Energy in Minnesota; and Florida Power & Light. Those crews are expected to be staged and in place to do repairs by Sunday, according to the company.
50,000 people living near Northern California's wine country were also ordered to evacuate, as firefighters struggled to contain an already-burning 25,955-acre wildfire nearby which is only 10% contained. And 40,000 people were ordered to evacuate homes in Southern California near Santa Clarita, where the 4,600-acre Tick Fire is now 25% contained.

mpol writes: Phoronix published an interview with former Purism CTO Zlatan Todoric who left Purism in September 2018. The story hints quite strongly at chaotic situations over at Purism. He started at the company in 2015, when it was a small outfit, and steered it into the bigger company that it is now. To him the smartphone development for the Librem 5 was a mistake and way too early. He has high hopes for the Pinephone, who according to him are doing things right. The first "Aspen" batch of the Purism Librem 5 are supposed to be shipping, though seemingly only people related to Purism are showing off their devices.

Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."

California Attorney General Xavier Becerra released a series of draft regulations this week aimed at getting businesses to comply with the state's landmark data privacy law, scheduled to take effect Jan. 1. From a report: Under the California Consumer Privacy Act, signed into law in June 2018, businesses must disclose to consumers the various kinds of data they collect about them. Companies must stop selling consumer data to third parties if customers ask them to, delete personal data on request, and explicitly seek consent from consumers aged 16 or younger to sell personal information. The bill also states that consumers who exercise their rights under the law cannot be discriminated against. The newly announced rules for businesses require notifying people before or when their data is collected. If notice is not given, data cannot be collected. The attorney general also provided guidelines for how to respond to consumers wanting to opt out, delete and know the data that's collected on them, as well as how to verify the identity of people making such requests and how to maintain relevant records for two years. "Help us get this right," Becerra said. Privacy is a right in California, he said, even as he acknowledged that some businesses may struggle to find the resources to comply. But, he added, "We want companies to understand that ignorance is not an excuse."

An anonymous reader writes: Billy Mitchell is the intense videogamer made famous in the 2007 documentary The King of Kong. Last month he threatened to sue both the Guinness Book of World Records and the videogame record-keepers at Twin Galaxies for defamation after they revoked an entire lifetime's worth of videogame high scores. An online discussion had argued that videotapes of three of Mitchell's performances suggested they'd been achieved using a MAME emulator -- but the organization revoked all of Mitchell's high scores (including his uncontested perfect game of Pac-Man in 1999).

Last week Twin Galaxies finally posted their response to Mitchell's lawsuit. "It is not necessary to hire lawyers and threaten Twin Galaxies out of the blue to get it to review and consider relevant new evidence -- all anyone has to do is simply reach out and directly request an opportunity to present the information...

"There will be no retraction or reinstatement. It should be noted that Twin Galaxies is under no obligation to maintain Mr. Mitchell's scores in its database. He has no divine right to be part of the Twin Galaxies community either. Twin Galaxies has unlimited authority to maintain the integrity of its score database." They also write that any lawsuit will be considered a strategic lawsuit against public participation and countered accordingly, followed by a second suit over malicious prosecution. "Please advise Mr. Mitchell to tread lightly, and choose wisely."

Last week a massive new 16,000-word profile of Mitchell pointed out that after his records were revoked, Mitchell had actually webcast himself playing Donkey Kong on Twitch, "obtaining scores equal to those that had been disputed, broadcast live from public venues.... Mitchell had proven he could earn those scores now. But he hadn't outlined a clear defense to prove he'd achieved them at the time of the original submissions."

Google has been testing the Linux kernel with its "sanitizer" testing software that hunts for memory corruption bugs and undefined behaviors. Now Phoronix reports on Google's newest sanitizer: Kernel Concurrency Sanitizer (KCSAN) is focused on discovering data-race issues within the kernel code. This dynamic data-race detector is an alternative to the Kernel Thread Sanitizer. In their testing just last month, in two days they found over 300 unique data race conditions within the mainline kernel.

There was a recent discussion about the Kernel Concurrency Sanitizer on the LKML.

Scientists have detected new types of organic compounds in the plumes that have been erupting from Saturn's icy moon Enceladus. Space.com reports: NASA's Cassini spacecraft collected invaluable data and images of Saturn and its moons over the approximately 20 years that the mission took place. While the mission ended on Sept. 15, 2017, with the craft diving toward the planet in a "Grand Finale," scientists continue to study the wealth of data that they gathered during the mission. In one new study, scientists looked at the material that Enceladus ejects from its core using hydrothermal vents. The material mixes with water in the moon's subsurface ocean and is then emitted as water vapor and icy grains.

In studying these ejections, the team found organic molecules that are condensed onto these grains and which contain oxygen and nitrogen. This comes after the first discovery of organics on the moon in 2018. Similar compounds on Earth take part in the chemical reactions that form amino acids, which are the organic compounds that combine to form proteins and are essential to life as we know it. On Earth, energy, or heat, from hydrothermal vents on the ocean floor helps to fuel these amino acid-producing reactions. With these findings, scientists have suggested that perhaps something similar is happening on Enceladus and the hydrothermal vents under its subsurface ocean are aiding in the creation of amino acids on the moon. "If the conditions are right, these molecules coming from the deep ocean of Enceladus could be on the same reaction pathway as we see here on Earth. We don't yet know if amino acids are needed for life beyond Earth, but finding the molecules that form amino acids is an important piece of the puzzle," Nozair Khawaja, who led the research team from the Free University of Berlin, said in a statement.

Security researchers at IBM have found evidence that hackers have been working on creating malicious scripts they can deploy on commercial-grade "Layer 7" routers to steal payment card details. From a report: This discovery is a game-changer in what researchers call Magecart attacks, also known as web skimming. These are attacks where hackers plant malicious code on an online store that records and steals payment card details. Until now, Magecart-specific code was only delivered at the website level, hidden inside JavaScript or PHP files. However, this new discovery is an escalation of Magecart attacks to a new level, where the malicious code is injected at the router level, rather than being added by hackers on outdated websites.

Layer 7, or L7, routers are a type of commercial, heavy-duty router that's usually installed on large networks, such as hotels, malls, airports, casinos, government networks, public spaces, and others. They work like any other router, except with the added benefit of being able to manipulate traffic at the seventh layer (application level) of the OSI networking model -- meaning they can react to traffic based on more than just IP addresses, such as cookies, domain names, browser types, and more. In a report published today, researchers with the IBM X-Force Incident Response and Intelligence Services (IRIS) team said they found evidence that a well-known hacker group has been testing Magecart scripts to deploy on L7 routers.

"The US military has been forced to apologise for tweeting that it would use stealth-bombers on 'millenials' who try to storm Area 51," reports Yahoo News UK: More than two million people signed up to a Facebook event recently which encouraged atendees to visit the top secret base in Nevada. But only a few thousand UFO enthusiasts turned up on Friday to the facility, which is rumoured to contain secrets about aliens. As hordes of enthusiasts turned up the PR arm of the US military, called the Defence Visual Information Distribution Service (DVIDS), tweeted: "The last thing #Millennials will see if they attempt the #area51raid today" with a picture of military officers in front of a stealth bomber.

Shortly afterwards the tweet was deleted and the unit apologised saying it "in no way" reflects their stance... "It was inappropriate and we apologize for this mistake."

Around 1,000 people visited the facility's gates on Friday and at least six were arrested by police.

The Storm Area 51 invitation spawned festivals in the tiny nearby towns of Rachel and Hiko, more than two hours' drive from Las Vegas. Lincoln County Sheriff Kerry Lee estimated late on Thursday that about 1,500 people had gathered at the festival sites, and more than 150 made the trip several additional miles on bone-rattling dirt roads to get within selfie distance of the gates.... "It's public land," the sheriff said. "They're allowed to go to the gate as long as they don't cross the boundary."
Most of the arrests were for "misdemeanor trespassing on base property," which carries a $1,000 fine, according to the article. "In the end, no one actually 'stormed' Area 51, although deputies in rural Nye County resorted to 'heated warnings' to disperse as many as 200 people," reports the Associated Press.

In another article the news service also quotes Lincoln County emergency services chief Eric Holt as saying resources had been mustered to handle up to 30,000 people and calling the low turnout a "best-case" scenario... Although there were two car crashes involving cows. "The cows died, but motorists weren't hurt."

The main festival apparently drew 3,000 attendees, while the rival "Area 51 Basecamp" festival sold just 500 tickets for their Friday concert, prompting them to cancel their Saturday concert altogether. Its promoter told the Associated Press, "It was a gamble financially. We lost."

"Debian Project Leader Sam Hartman has shared his August 2019 notes where he outlines the frustrations and issues that have come up as a result of init system diversity with some developers still aiming to viably support systemd alternatives within Debian," reports Phoronix: Stemming from elogind being blocked from transitioning to testing and the lack of clarity into that, Hartman was pulled in to try to help mediate the matter and get to the bottom of the situation with a lack of cooperation between the elogind and systemd maintainers for Debian as well as the release team. Elogind is used by some distributions as an implementation of systemd's logind, well, outside of systemd as a standalone daemon. Elogind is one of the pieces to the puzzle for trying to maintain a modern, systemd-free Linux distribution.

Various issues were raised that are trying to be worked through albeit many Debian developers face time limitations and other factors like emotional exhaustion. Hartman noted in his August notes, "I think we may be approaching a point where we need to poll the project -- to have a GR and ask ourselves how committed we are to the different parts of this init diversity discussion. Reaffirming our support for sysvinit and elogind would be one of the options in any such GR. If that option passed, we'd expect all the maintainers involved to work together or to appoint and empower people who could work on this issue. It would be fine for maintainers not to be involved so long as they did not block progress. And of course we would hold the discussions to the highest standards of respect."