Linus Torvalds "has shown already for the new Linux 4.20~5.0 cycle he isn't relaxing his standards but is communicating better when it comes to bringing up coding," reports Phoronix, adding "So far it looks like Linus' brief retreat is paying off with still addressing code quality issues -- and not blatantly accepting new code into the kernel as some feared -- but in doing so in a professional manner compared to his past manner of exclaiming himself over capitalized sentences and profanity that at time put him at odds with some in the Linux kernel community."

AmiMoJo quotes their report: Last Saturday he took issue with the HID pull request and its introduction of the BigBen game controller driver that was introduced: the developer enabled this new driver by default. Linus Torvalds has always frowned upon random new drivers being enabled by default in the kernel configuration driver. [H]e still voiced his opinion over this driver's default "Y" build configuration, but did so in a more professional manner than he has done in the past:

We do *not* enable new random drivers by default. And we most *definitely* don't do it when they are odd-ball ones that most people have never heard of.

Yet the new "BigBen Interactive" driver that was added this merge window did exactly that.

Just don't do it.

Yes, yes, every developer always thinks that _their_ driver is so special and so magically important that it should be enabled by default. But no. When we have thousands of drivers, we don't randomly pick one new driver to be enabled by default just because some developer thinks it is special. It's not.... Please don't do things like this.
Phoronix also describes another "kernel oops" testing Torvalds' patience, in which Linus responded tactfully that "What makes me *very* unhappy about this is that if I'm right, I think it means that code was literally not tested at all by anybody who didn't have one of the entries in that list."

An anonymous reader quotes a report from Phys.Org: We learn it at high school: Release two objects of different masses in the absence of friction forces and they fall down at the same rate in Earth's gravity. What we haven't learned, because it hasn't been directly measured in experiments, is whether antimatter falls down at the same rate as ordinary matter or if it might behave differently. Two new experiments at CERN, ALPHA-g and GBAR, have now started their journey towards answering this question.

After months of round-the-clock work by researchers and engineers to put together the experiments, ALPHA-g and GBAR have received the first beams of antiprotons, marking the beginning of both experiments. ALPHA-g began taking beam on October 30, after receiving the necessary safety approvals. ELENA sent its first beam to GBAR on July 20, and since then the decelerator and GBAR researchers have been trying to perfect the delivery of the beam. The ALPHA-g and GBAR teams are now racing to commission their experiments before CERN's accelerators shut down in a few weeks for a two-year period of maintenance work.

The world's oceans have been soaking up far more excess heat in recent decades than scientists realized, suggesting that Earth could be set to warm even faster than predicted in the years ahead, according to new research published Wednesday. From a report: Over the past quarter-century, the Earth's oceans have retained 60 percent more heat each year than scientists previously had thought, said Laure Resplandy, a geoscientist at Princeton University who led the startling study published Wednesday in the journal Nature. The difference represents an enormous amount of additional energy, originating from the sun and trapped by the Earth's atmosphere -- more than 8 times the world's energy consumption, year after year.

In the scientific realm, the new findings help to resolve long-running doubts about the rate of the warming of the oceans before 2007, when reliable measurements from devices called "Argo floats" were put to use worldwide. Before that, different types of temperature records -- and an overall lack of them -- contributed to murkiness about how quickly the oceans were heating up. The higher-than-expected amount of heat in the oceans means more heat is being retained within the Earth's climate system each year, rather than escaping into space. In essence, more heat in the oceans signals that global warming itself is more advanced than scientists thought.

"We thought that we got away with not a lot of warming in both the ocean and the atmosphere for the amount of CO2 that we emitted," said Resplandy, who published the work with experts from the Scripps Institution of Oceanography and several other institutions in the U.S., China, France and Germany. "But we were wrong. The planet warmed more than we thought. It was hidden from us just because we didn't sample it right. But it was there. It was in the ocean already." Wednesday's study also could have important policy implications. If ocean temperatures are rising more rapidly than previously calculated, that could leave nations even less time to dramatically cut the world's emissions of carbon dioxide, in hopes of limiting global warming to the ambitious goal of 1.5 degrees Celsius (2.7 degrees Fahrenheit) above preindustrial levels. Updated on November 14 at 14:40 GMT: Scientists Acknowledge Key Errors in Study of How Fast the Oceans Are Warming.

ewhac writes: NASA today announced that it is retiring the Kepler telescope after nearly ten years of service -- double its initial mission life. In that time, Kepler discovered over 2,600 exoplanets, most of which are between the size of Earth and Neptune, sparking an entirely new field of astronomical research, and revealing for the first time just how common exo-planetary systems are. With its fuel supply exhausted, Kepler is no longer able to maneuver or reorient itself to make observations. NASA has elected to decommission the spacecraft and leave it in its current, safe orbit away from Earth.

At a time when several companies have grown new interest in open sourcing part of their offerings, Samsung appears to be going the other way. The company has shut down the Samsung Open-Source Group (Samsung OSG), according to a report. Phoronix, which reported the development, offers some background: Samsung's Open-Source Group had been structured within Samsung Research America. Samsung OSG was formed back in 2012 and has employed dozens of developers over the past number of years. Samsung OSG was akin to Intel OTC (Open-Source Technology Center) albeit with not nearly as many developers nor as many original open-source projects brought up by the Intel software crew. The Samsung OSG stated purpose has been to "enhance key open source projects through upstream contributions and active involvement with open source foundations." Samsung OSG has contributed very heavily to the development of Wayland as well as some X.Org components, Cairo, Enlightenment EFL, the LLVM Clang compiler, GStreamer, FFmpeg, the Linux kernel, and other related code-bases that helped benefit Samsung's open-source/Linux needs across their wide portfolio of products from smart watches to refrigerators.

With the in-development Linux 4.20 kernel, it is now effectively VLA-free. From a report: The variable-length arrays (VLAs) that can be convenient and part of the C99 standard but can have unintended consequences. VLAs allow for array lengths to be determined at run-time rather than compile time. The Linux kernel has long relied upon VLAs in different parts of the kernel -- including within structures -- but going on for months now (and years if counting the kernel Clang'ing efforts) has been to remove the usage of variable-length arrays within the kernel. The problems with them are:
1. Using variable-length arrays can add some minor run-time overhead to the code due to needing to determine the size of the array at run-time.
2. VLAs within structures is not supported by the LLVM Clang compiler and thus an issue for those wanting to build the kernel outside of GCC, Clang only supports the C99-style VLAs.
3. Arguably most importantly is there can be security implications from VLAs around the kernel's stack usage.

An anonymous reader quotes a report from EurekAlert: Air pollution in the U.S. has decreased since about 1990, and a new study conducted at the University of North Carolina at Chapel Hill now shows that this air quality improvement has brought substantial public health benefits. The study, published in the journal Atmospheric Chemistry and Physics, found that deaths related to air pollution were nearly halved between 1990 and 2010. The team's analyses showed that deaths related to air pollution exposure in the U.S. decreased by about 47 percent, dropping from about 135,000 deaths in 1990 to 71,000 in 2010.

These improvements in air quality and public health in the U.S. coincided with increased federal air quality regulations, and have taken place despite increases in population, energy and electricity use, and vehicle miles traveled between 1990 and 2010. [...] Still, despite clear improvements, air pollution remains an important public health issue in the U.S. The estimated 71,000 deaths in 2010 translates to 1 of every 35 deaths in the U.S. -- that's as many deaths as we see from all traffic accidents and all gun shootings combined.

TechCrunch reports: A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports: When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...

The criminal complaint provided a clear picture that there is still a hidden but powerful Russian social media effort aimed at spreading distrust for American political candidates and causing divisions on social issues such as immigration and gun control.... Court papers describe how the operatives in Friday's case would analyze U.S. news articles and decide how they would draft social media messages about those stories. They also show that Russian trolls have stepped up their efforts with a better understanding the U.S. political climate and messages that are no longer riddled with misspellings.
CNN notes that one week before America's 2016 presidential election, "one of the Kremlin-backed accounts denied that Russian meddling, saying: 'Russia's Putin says Moscow not trying to influence U.S. election.'"

America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news. MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.

So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."

Long-time Slashdot reader Freshly Exhumed writes: Researchers at the University of Dayton Research Institute [Impact Physics Lab] have shown in a video what can happen when a high-mass, consumer-level drone strikes the wing of an aircraft. They provide visual evidence of the damage a 2.1-pound DJI Phantom 2 videography quadcopter would have upon the wing of a Mooney M20, a small, private aircraft. It is not difficult to extrapolate the effects upon an airliner in a similar situation. "We wanted to help the aviation community and the drone industry understand the dangers that even recreational drones can pose to manned aircraft before a significant event occurs," said Kevin Poormon of UDRI.
The video -- titled "Risk in the Sky?" -- simulates a collision at 238 mph in which the drone tears open the wing's leading edge.

"While the quadcopter broke apart, its energy and mass hung together to create significant damage to the wing," said Kevin Poormon, group leader for impact physics at UDRI.

Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on.

Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user's private and sensitive data. From a report: The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested -- NetGear Stora, Seagate Home and Medion LifeCloud -- can allow an attacker to remotely read, change and delete data without requiring a password. Yibelo, who shared the research with TechCrunch this week and posted the findings Friday, said that many other devices may be at risk.

The software, Hipserv, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies -- including PHP -- to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any command they wanted as "root" -- the built-in user account with the highest level of access -- making the data on the device vulnerable to prying eyes or destruction.

An anonymous reader quotes a report from The Washington Post: Insects around the world are in a crisis, according to a small but growing number of long-term studies showing dramatic declines in invertebrate populations. A new report suggests that the problem is more widespread than scientists realized. Huge numbers of bugs have been lost in a pristine national forest in Puerto Rico (Warning: source may be paywalled; alternative source), the study found, and the forest's insect-eating animals have gone missing, too. The latest report, published Monday in the Proceedings of the National Academy of Sciences, shows that this startling loss of insect abundance extends to the Americas. The study's authors implicate climate change in the loss of tropical invertebrates.

Bradford Lister, a biologist at Rensselaer Polytechnic Institute in New York, has been studying rain forest insects in Puerto Rico since the 1970s. "We went down in '76, '77 expressly to measure the resources: the insects and the insectivores in the rain forest, the birds, the frogs, the lizards," Lister said. He came back nearly 40 years later, with his colleague Andrés García, an ecologist at the National Autonomous University of Mexico. What the scientists did not see on their return troubled them. "Boy, it was immediately obvious when we went into that forest," Lister said. Fewer birds flitted overhead. The butterflies, once abundant, had all but vanished. García and Lister once again measured the forest's insects and other invertebrates, a group called arthropods that includes spiders and centipedes. The researchers trapped arthropods on the ground in plates covered in a sticky glue, and raised several more plates about three feet into the canopy. The researchers also swept nets over the brush hundreds of times, collecting the critters that crawled through the vegetation. Each technique revealed the biomass (the dry weight of all the captured invertebrates) had significantly decreased from 1976 to the present day. The sweep sample biomass decreased to a fourth or an eighth of what it had been. Between January 1977 and January 2013, the catch rate in the sticky ground traps fell 60-fold. The study also found a 30-percent drop in anole lizards, which eat arthropods. Some anole species have disappeared entirely from the interior forest. Another research team captured insect-eating frogs and birds in 1990 and 2005, and found a 50 percent decrease in the number of captures. The authors attribute this decline to the changing climate.

An anonymous reader quotes a report from IEEE Spectrum: Over the past six months a small, publicly available genealogy database has become the go-to source for solving cold case crimes. The free online tool, called GEDmatch, is an ancestry service that allows people to submit their DNA data and search for relatives -- an open access version of AncestryDNA or 23andMe. Since April, investigators have used GEDmatch to identify victims, killers, and missing persons all over the U.S. in at least 19 cases, many of them decades old, according to authors of a report published today in Science. The authors predict that in the near future, as genetic genealogy reports gain in popularity, such tools could be used to find nearly any individual in the U.S. of European descent.

GEDmatch holds the genetic data of only about a million people. But cold case investigators have been exploiting the database using a genomic analysis technique called long-range familial search. The technique allows researchers to match an individual's DNA to distant relatives, such as third cousins. Chances are, one of those relatives will have used a genetic genealogy service. More than 17 million people have participated in these services -- a number that has grown rapidly over the last two years. AncestryDNA and 23andMe hold most of those customers. A genetic match to a distant relative can fairly quickly lead investigators to the person of interest. In a highly publicized case, GEDmatch was used earlier this year to identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s, but was never caught. In April, investigators were able to use a genealogy database to narrow down DNA data from crime scenes and identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s.

jrepin writes: KDE has released Plasma 5.14 desktop. Among many other things, Plasma 5.14 simplifies managing multiple displays thanks to its new Display Configuration widget; Global Menus a la macOS now work also with GTK applications like GIMP; a new safeguard feature warns you if other users are logged in when you log out; and Discover now lets you install Snaps from all available channels (not just the default), orders software by release date, and shows package dependencies. Downloads can be found here.

An anonymous reader quotes a report from Ars Technica: An energy development group has been working for years to put together Ohio's first offshore wind project. That might sound odd for a state so far from the sea, but the benefits of offshore wind (strong, consistent gusts and relative proximity to major population centers) translate to wind turbines that are placed in freshwater, too. Consequently, an area eight miles off Ohio's Lake Erie coastline is slated to see six new 3.45 megawatt (MW) turbines as part of a 20.7MW pilot installation. On Thursday, the Department of Energy (DOE) issued an Environmental Assessment stating that proceeding with the plan would not cause any "impact to the human environment." In an additional finding published by the DOE this week, the department added that it did not believe that the offshore wind project would cause significant damage to migratory birds, either. Finally, the DOE proposed an unspecified amount of funding for the project, which will be the first freshwater offshore wind project in the US and one of the first offshore wind projects overall. The Lake Erie Energy Department Corporation (LEEDCo) and Norwegian investor Fred Olsen Renewables (FOR) will be developing the "Icebreaker" project, as the turbine installation has been called. "Interestingly, the turbines will be secured to the lake using a 'Mono Bucket' foundation, with a suction-based design that's similar to what's been used on offshore oil-drilling platforms in the North Sea," reports Ars. "The design, LEEDCo says, uses 'the best and lowest-cost technology for sites 25 meters and less.'"

An anonymous reader writes: The 24th annual Interactive Fiction Competition kicked off Monday, unveiling 77 new text adventures which will vie for nearly $9,000 in prize money. The contest's organizers are encouraging people to play and rate the free games, and encourage their friends to join in the fun (or to donate more prize money or other prizes). They're dedicating this year's competition to the memory of Stu Galley, who co-founded the pioneering text adventure company Infocom back in 1979 with his classmates from MIT. Infocom went on to create everything from Zork to a popular Hitchhiker's Guide to the Galaxy game, and Stu is credited as the driving force behind text adventures like Moonmist, Seastalker, and The Witness.
Meanwhile, long-time Slashdot reader paulproteus reminds us that the "Roguelike Celebration" is happening today and tomorrow at the GitHub office in San Francisco -- and is streaming on Twitch. The Roguelike Celebration is a community-generated weekend of talks, games, and conversations about roguelike [games] and related topics, including procedural generation and game design... It's for fans, players, developers, scholars, and everyone else, including people new to this type of game.

At an event this month (you can find the video of it here), Davide Cavalca, a production engineer at Facebook, spoke about the growing adoption of systemd at the data centers of the company. From a report: Facebook continues making use of systemd's many features inside their data centers. Some of their highlights for systemd use in 2018 includes: Facebook's servers have been relying on systemd for about the past two years. Facebook is using CentOS 7 everywhere from hosts to containers. While relying on CentOS 7, Facebook backports a lot of packages including new systemd releases, Meson, other dependencies, and of course new Linux kernel releases. Facebook is working on "pystemd" as a Python (Cython) wrapper on top of SD-BUS.

Last month when Boeing and SpaceX announced the first astronauts who will fly on their commercial crew spacecraft, several newspapers across the U.S. began publishing an op-ed that criticized the process by which Boeing competitor SpaceX fuels its Falcon 9 rocket. "The first op-ed appeared in a Memphis newspaper a week before the commercial crew announcement," reports Ars Technica. "In recent weeks, copies of the op-ed have also appeared in the Houston Chronicle, various Alabama newspapers, Albuquerque Journal, Florida Today, and The Washington Times." Ars Technica reports: All of these op-eds were bylined by "retired spacecraft operator" Richard Hagar, who worked for NASA during the Apollo program and now lives in Tennessee. (Based upon his limited social media postings, Hagar appears to be more interested in conservative politics than in space these days). Each op-ed cites Hagar's work on NASA's recovery from the Apollo 1 fire and the hard lessons NASA learned that day about human spaceflight. The pieces then pivot to arguing that SpaceX's load-and-go fueling process -- in which the crew will board the Dragon spacecraft on top of the Falcon 9 rocket before it is fueled -- ignores the lessons that Hagar's generation learned during Apollo.

"It's concerning to learn that some of the newer private space ventures launching today don't appreciate the same safety standards we learned to emphasize on Apollo," the op-ed states. "I suppose for Mr. Musk, inexperience is replacing the abundant safety protocols drilled into us after witnessing the Apollo 1 disaster. Astronaut safety is NASA's number one priority on any space mission. There is no reason it should not be for private space travel, but commercial space companies like SpaceX play by different rules."

There are some factual inaccuracies here. For one thing, SpaceX does play by the same rules as Boeing for commercial crew -- astronaut safety rules that NASA itself wrote. Moreover, NASA has already provisionally cleared load-and-go for Falcon 9 launches that will send the Dragon spacecraft into orbit. To try to understand his viewpoint, Ars attempted to reach Hagar by phone and email in September. In the course of this process, we learned that he did not actually submit many of these op-eds. In fact, based upon our research, at least four of the six op-eds that we located were submitted by two people with gmail.com addresses. Their names were Josh Brevik and Casey Murray. Further research revealed that two people with these names worked as "associates" at a Washington, DC-based public relations firm named Law Media Group or LMG. LMG's website says they are a 15-year-old firm that "develops and executes public-, Hill-, and agency-facing issue advocacy campaigns that shift the narrative in a changing world." The SourceWatch website more bluntly "calls LMG a 'secretive Washington DC public affairs firm' with a history of placing op-eds, and it seeks to mask the op-eds' financial sponsors," reports Ars.

Michael Larabel, writing for Phoronix: Apple announced the Magic Trackpad 2 almost three years ago to the day while the mainline Linux kernel will finally be supporting this multi-touch device soon. The Magic Trackpad 2 is a wired/wireless touchpad with haptic feedback support and is a much larger touchpad compared to the original Magic Trackpad. There unfortunately hasn't been any mainline Linux kernel support for the Magic Trackpad 2, but some out-of-tree options. [...] However, as seen by this bug report there have been plenty of people since 2015 interested in using the Magic Trackpad 2 on Linux. Fortunately, Sean O'Brien of Google's Chrome OS team has been working on Magic Trackpad 2 support with a focus on getting it mainlined. The patch, which was also reviewed by other Google/ChromeOS developers, is now up to its third and perhaps final revision.