quantic_oscillation7 shares a report: The latest notes from the Debian anti-harassment team on Wednesday caught my attention when reading, "We were requested to advice on the appropriateness of a certain package in the Debian archive. Our decision resulted in the package pending removal from the archive." Curiosity got the best of me... What package was deemed too inappropriate for the Debian archive?

When digging further, the package raised to the Debian Anti-Harassment Team was "Weboob." Weboob is short for "Web Outside of Browsers" as it's an open-source collection of software to script and automate the parsing/scraping/gathering-via-API of web data so that it can be consumed by different modules/applications. Weboob.org describes itself as "Weboob is a collection of applications able to interact with websites, without requiring the user to open them in a browser. It also provides well-defined APIs to talk to websites lacking one."

Weboob is Python-based and offers Qt-based user interfaces for accessing these different modules for reading data from different web-sites outside of any conventional web browser. Those interested can learn more about the software at Weboob.org. But, yes, the name is juvenile and likely inappropriate in most professional/corporate environments.

On Sunday night, a comet that orbits between Jupiter and the sun will make its closest approach to Earth in centuries. According to Tony Farnham, a research scientist in the astronomy department at the University of Maryland, the comet will appear as a bright, fuzzy ball with a greenish-gray tint. "You've got a one-kilometer solid nuclear in the middle, and gas is going out hundreds of thousands of miles," says Tony. The comet glows green because the gases emit light in green wavelengths. The New York Times reports: The ball of gas and dust, sometimes referred to as the "Christmas comet," was named 46P/Wirtanen, after the astronomer Carl Wirtanen, who discovered it in 1948. It orbits the sun once every 5.4 years, passing by Earth approximately every 11 years, but its distance varies and it is rarely this close. As the comet passes by, it will be 30 times farther from Earth than the moon, NASA said. The proximity of 46P/Wirtanen provides an opportunity to research the tail of the comet and see farther into the nucleus.

The comet is visible now but it will shine even brighter on Sunday as it reaches its closest approach, 7.1 million miles from Earth. That may sound really far, but it is among the 10 closest approaches by a comet in 70 years, NASA said. Only a few of those could be seen with the naked eye. Don't worry if you miss the comet on Sunday. It should be just as visible for a week or two because its appearance will change gradually. After it moves on, it won't be this close to Earth again for hundreds, if not thousands, of years. Online charts can help pinpoint its location.

An anonymous reader shared a report: It was just several years ago that the open-source ecosystem began supporting the x32 ABI, but already kernel developers are talking of potentially deprecating the support and for it to be ultimately removed..

[...] While the x32 support was plumbed through the Linux landscape, it really hasn't been used much. Kernel developers are now discussing the future of the x32 ABI due to the maintenance cost involved in still supporting this code but with minimal users. Linus Torvalds is in favor of sunsetting x32 and many other upstream contributors in favor of seeing it deprecated and removed.

Google CEO Sundar Pichai admitted today that YouTube needs to do better in dealing with conspiracy content on its site that can lead to real-world violence. From a report: During his testimony on Tuesday before the House Judiciary Committee, the exec was questioned on how YouTube handles extremist content that promotes conspiracy theories like Pizzagate and, more recently, a Hillary Clinton-focused conspiracy theory dubbed Frazzledrip. According to an article in Monday's Washington Post, Frazzledrip is a variation on Pizzagate that began spreading on YouTube this spring. In a bizarre series of questions, Rep. Jamie Raskin (D-MD) asked Pichai if he knew what Frazzledrip was.

Pichai replied that he was "not aware of the specifics about it." Raskin went on to explain that the recommendation engine on YouTube has been suggesting videos that claim politicians, celebrities and other leading figures were "sexually abusing and consuming the remains of children, often in satanic rituals." He said these new conspiracist claims were echoing the discredited Pizzagate conspiracy, which two years ago led to a man firing shots into a Washington, D.C. pizzeria, in search of the children he believed were held as sex slaves by Democratic Party leaders.

An anonymous reader quotes TechRepublic: PHP 7.3, the newest update to the widespread server-side web development language, was released on Thursday, bringing with it a handful of new features, modernizations, and modest speed improvements.... The largest improvements in 7.3 include support for Foreign Function Interface (FFI), allowing programmers to write inline C code inside PHP scripts. Though this feature does not presently provide the same level of performance as native PHP code, it can under certain circumstances be used to reduce the memory footprint of a given task.

PHP 7.3 also includes flexible heredoc and nowdoc syntax, now no longer requiring closing markers to be followed by a semicolon or new line. The feature proposal for this notes that the previous rigid requirements "caused them to be, in-part, eschewed by developers because their usage in code can look ugly and harm readability...." PHP 7.3 does bring some backward incompatible changes and deprecated functions. The use of case-insensitive constraints is now deprecated, as is the use of case-insensitive constants with a case that differs from the declaration.
Phoronix reports that PHP 7.3 is nearly 10% faster than version 7.2, while it's 31% faster than PHP 7.0 and nearly three times faster than PHP 5.6.

Microsoft's Visual Basic .NET now ranks above JavaScript, PHP, SQL on TIOBE's index of programming language popularity, which ZDNet notes is "the highest it's ever been since [TIIOBE] started tracking the Microsoft language in 2001." Tiobe analysts said it was "very surprising" that Visual Basic .Net is now the fifth most popular language, only behind C++, Python, C, and Java. It's even ahead of JavaScript, which currently lies in seventh place, down from sixth a year ago. C# meanwhile fell from fifth spot a year ago to sixth this month. The language index still reckons Visual Basic .Net will "sooner or later go into decline", but concedes it's popular for dedicated office applications in small and medium enterprises, and is probably still used by many developers because it's easy to learn.
TIOBE's methodology "basically...comes down to counting hits for the search query +"<language> programming," TIOBE explains on its web page -- though its results don't always agree with other analysts.

InfoWorld points out that on this month's PyPL Popularity of Programming Language index, which analyzes how often language tutorials are searched for on Google, VB.NET "doesn't even register Visual Basic.Net or Visual Basic among its Top 10 languages" -- and JavaScript comes in third, behind only Python and Java.

"When a pair of California Highway Patrol officers pulled alongside a car cruising down Highway 101 in Redwood City before dawn Friday, they reported a shocking sight: a man fast asleep behind the wheel," reports the San Francisco Chronicle: The car was a Tesla, the man was a Los Altos planning commissioner, and the ensuing freeway stop turned into a complex, seven-minute operation in which the officers had to outsmart the vehicle's autopilot system because the driver was unresponsive, according to the CHP...

Officers observed Samek's gray Tesla Model S around 3:30 a.m. as it sped south at 70 mph on Highway 101 near Whipple Avenue, said Art Montiel, a CHP spokesman. When officers pulled up next to the car, they allegedly saw Samek asleep, but the car was moving straight, leading them to believe it was in autopilot mode. The officers slowed the car down after running a traffic break, with an officer behind Samek turning on emergency lights before driving across all lanes of the highway, in an S-shaped path, to slow traffic down behind the Tesla, Montiel said. He said another officer drove a patrol car directly in front of Samek before gradually slowing down, prompting the Tesla to slow down as well and eventually come to a stop in the middle of the highway, north of the Embarcadero exit in Palo Alto -- about 7 miles from where the stop was initiated.
Tesla declined to comment on the incident, but John Simpson, privacy/technology project director for Consumer Watchdog, calls this proof that Tesla has wrongly convinced drivers their cars' "autopilot" function really could perform fully autonomous driving...

"They've really unconscionably led people to believe, I think, that the car is far more capable of self-driving than actually is the case. That's a huge problem."

With Shikoku Electric Power Company's 890 megawatt (MW) Ikata-3 reactor, Japan has restarted a total of five nuclear reactors in 2018. "Japan had suspended its nuclear fleet in 2013 for mandatory safety checks and upgrades following the 2011 Fukushima accident, and before 2018 only four reactors had been restarted," reports OilVoice. From the report: Following the Fukushima accident, as each Japanese nuclear reactor entered its scheduled maintenance and refueling outage, it was not returned to operation. Between September 2013 and August 2015, Japan's entire reactor fleet was suspended from operation, leaving the country with no nuclear generation. Sendai Units 1 and 2, in Japan's Kagoshima Prefecture, were the first reactors to be restarted in August and October 2015, respectively.

The restart of Japan's nuclear power plants requires the approval of both Japan's Nuclear Regulation Authority (NRA) and the central government, as well as consent from the governments of local prefectures. In July 2013, the NRA issued more stringent safety regulations to address issues dealing with tsunamis and seismic events, complete loss of station power, and emergency preparedness. As part of Japan's long-term energy policy, issued in April 2014, the central government called for the nuclear share of total electricity generation to reach 20%-22% by 2030, which would require 25 to 30 reactors to be in operation by then. In 2017, four operating nuclear reactors provided 3% of Japan's total electricity generation.

An anonymous reader quotes a report from Ars Technica: Microsoft has won a $480 million contract to develop an augmented reality system for use in combat and military training for the U.S. Army. Called Integrated Visual Augmentation System (IVAS), formerly Heads Up Display (HUD) 3.0, the goal of the project is to develop a headset that gives soldiers -- both in training and in combat -- an increase in "Lethality, Mobility, and Situational Awareness." The ambitions for the project are high. Authorities want to develop a system with a goggle or visor form factor -- nothing mounted on a helmet -- with an integrated 3D display, digital cameras, ballistic laser, and hearing protection. The system should provide remote viewing of weapon sights to enable low risk, rapid target acquisition, perform automated or assisted target acquisition, integrate both thermal and night vision cameras, track soldier vitals such as heart and breathing rates, and detect concussions. Over the course of IVAS's development, the military will order an initial run of 2,550 prototypes, with follow-on production possibly in excess of 100,000 devices.

Friday Greg Kroah-Hartman released stable point releases of Linux kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic maintenance updates, the 4.19.4 and 4.14.83 releases are significant because they also reverted the performance-killing Spectre patches (involving "Single Thread Indirect Branch Predictors", or STIBP) that had been back-ported from Linux 4.20, according to Phoronix:

There is improved STIBP code on the way for Linux 4.20 that by default just applies STIBP to SECCOMP threads and processes requesting it via prctl() but otherwise is off by default (that behavior can also be changed via kernel parameters). Once that code is ready to go for Linux 4.20, we may see it then back-ported to these stable trees.

Aside from reverting STIBP, these point releases just have various fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139.
Last Sunday Linus Torvalds complained that the performance impact of the STIPB code "was clearly way more expensive than people were told," according to ZDNet: "When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds. "So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"

PHP 7.3 RC6 was released earlier this week. Phoronix ran some benchmarks and compared the performance of v7.3 RC6 with releases going back to the v5.5 series. From the story: I ran some fresh benchmarks over the past day on PHP 5.5.38, PHP 5.6.38, PHP 7.0.32, PHP 7.1.24, PHP 7.2.12, and the PHP 7.3.0-RC6 test release. All of the PHP5/PHP7 builds were configured and built in the same manner. All tests happened from the same Dell PowerEdge R7425 dual EPYC server running Ubuntu 18.10 Linux.

Besides continuing to evolve the performance of PHP7, the PHP 7.3 release is also delivering on FFI (the Foreign Function Interface) to access functions / variables / data structures from the C language, a platform-independent manner for obtaining information on network interfaces, an is_countable() call, WebP support within GD's image create from string, updated SQLite support, improved PHP garbage collection performance, and many other enhancements. PHP 7.3 is just shy of 10% faster than PHP 7.2 in the popular PHPBench. PHP 7.3 is 31% faster than PHP 7.0 or nearly 3x the speed of PHP5.

If you're a tab-hoarder, and you use Chrome browser, Google may have some news for you soon. The company is working on a scrollable tabstrip to make it easier for users to navigate through tabs, a developer was quoted as saying. Peter Casting, who works on Chrome UI, said, "scrollable tabstrip is in the works. In the meantime, try shift-clicking and ctrl-clicking to select multiple tabs at once, then drag out to separate Windows to group tabs by Window." TechDows, which first reported the development: We're expecting this as the related bug, the 'UI: tab overflow' bug created 10 years back, reports opening too many tabs causes add tab button (+) to disappear and tabs do not scroll then, the expected result has been mentioned as 'scrollable tabs.' Further reading: Google is raiding Firefox for Chrome's next UI features.

Epic Games' Fortnite has reached 8.3 million concurrent players worldwide (or about 0.1 percent of the human population) after finally making its debut in South Korea earlier this month. From a report: Because Internet cafes still play a large role in Asian countries, VG247 reports that players were encouraged to play Fortnite at PC bang cafes to complete special challenges, which were created in order to launch the Battle Royale mode in South Korea. After Fortnite's Battle Royale mode launched in South Korea this week, Epic Games Korea CEO Sung Chul Park stated in an interview that the game now has 8.3 million concurrent players worldwide. A spokesperson from Epic confirmed the numbers to VG247 as well.

NASA is considering selling seats on the spacecraft that will ferry its astronauts to the International Space Station, offering rides to the public while opening another line of revenue as the agency attempts to broaden its appeal [Editor's note: the link may be paywalled; alternative source]. From a report: On several occasions, Russia has flown wealthy individuals who paid millions for the ride to space. And a trio of private companies backed by billionaires, is also looking to fly tourists out of the atmosphere. But except for a couple of rare exceptions, such as Christa McAuliffe, the teacher who was killed when the space Shuttle Challenger exploded in 1986, NASA has not allowed private citizens on its rockets. "Just like in the early days of aviation, with barnstorming, these initial activities will help build the infrastructure and the foundation that can lead to future innovations that, frankly, we cannot imagine right now," said Michael Gold, the general counsel of Maxar Technologies, who is leading the advisory council's policy reform effort.

The proposal, backed Friday by a NASA advisory subcommittee, is still in the nascent stage, and is part of moves by the agency to better insert itself into the public consciousness by working with the private sector. The proposals would have to be approved by the entire advisory council and then forwarded to NASA Administrator Jim Bridenstine. Friday's meeting comes two months after Bridenstine announced he was standing up the committee, and tasking it to look at how the agency could better partner with industry. He said then that he wants NASA and its astronauts "embedded into the American culture." On Friday, he reiterated the point, saying: "The reality is, we're in a new era now."

A recent TechCrunch article claimed to have identified the best indicator of programming language popularity: GitHub's annual "State of the Octoverse" reports. So Austin-based technology reporter Mike Melanson explored the new verdict in GitHub's 2018 report: It felt to me like the overarching theme of the numbers was one of quiet stasis for the year past, at least when it comes to those languages deemed the cream of the crop. One of the first graphics offered in the post shows the top languages according to the number of repositories created and we see that everything seems to be flowing along, just as it has for the last decade. While GitHub points to a "steady uptick" for JavaScript after 2011, it looks like this list of languages hasn't changed much over time. [The graphic shows the four most popular languages -- every year since early 2014 -- have been JavaScript, Java, Python, and PHP.]

When we look at the top languages according to the number of contributors, we see a similar story, with the top four languages mirrored. In this chart, of course, we see that Ruby is on a steady decline, while Typescript is on a steady rise. The only surprise to be seen here is that C, after a brief uptick in popularity, has taken a bit of a nosedive over the past year. Either way, seven of 10 languages have the same exact ranking....

Finally, beyond the language rankings themselves, GitHub offers a wonderful analysis of just what it is that makes a particular language popular in 2018, boiling it down to three key characteristics: thread safety, interoperability, and being open source.
GitHub's report also identifies its fastest growing languages over the last year -- including Kotin, TypeScript, Rust, Python, and Go. "This year, TypeScript shot up to #7 among top languages used on the platform overall, after making its way in the top 10 for the first time last year," the report notes.

"TypeScript is now in the top 10 most used languages across all regions GitHub contributors come from -- and across private, public, and open source repositories."

Freshly Exhumed writes: An intentional kernel change in Linux kernel 4.20 for enhanced Spectre mitigation is unfortunately causing Intel Linux performance to be much slower than with 4.19. That change is 'STIBP' (Single Thread Indirect Branch Predictors), which allows for preventing cross-hyperthread control of decisions that are made by indirect branch predictors. It affects Intel systems that have up-to-date microcode and CPU Hyper Threading enabled. Phoronix gives the evidence.

Yet another vulnerability has been patched that could have exposed user data. According to security company Imperva, the bug "allowed websites to obtain private information about Facebook users and their friends through unauthorized access to a company API, playing off a specific behavior in the Chrome browser," reports The Verge. From the report: In technical terms, the attack is a cross-site request forgery, using a legitimate Facebook login in unauthorized ways. For the attack to work, a Facebook user must visit a malicious website with Chrome, and then click anywhere on the site while logged into Facebook. From there, attackers could open a new pop-up or tab to the Facebook search page and run any number of queries to extract personal information. Some examples Imperva gives are checking if a user has taken photos in a certain location or country, if the user has written any recent posts that contain specific text, or checking if a user's friends like a company's Facebook page. In essence, the vulnerability exposed the interests of a user and their friends even if privacy settings were set so interests were only visible to a user's friends. Imperva says the vulnerability was not a common technique and the issue has been resolved with Facebook. However, it does mention that these more sophisticated social engineering attacks could become more common in 2019. A Facebook representative told The Verge: "We appreciate this researcher's report to our bug bounty program. We've fixed the issue in our search page and haven't seen any abuse. As the underlying behavior is not specific to Facebook, we've made recommendations to browser makers and relevant web standards groups to encourage them to take steps to prevent this type of issue from occurring in other web applications."

An anonymous reader writes: The Ruby programming language is impacted by a similar "deserialization issue" that has affected and wreaked havoc in the Java ecosystem in 2016; an issue that later also proved to be a problem for .NET and PHP applications as well. Researchers published proof-of-concept code this week showing how to exploit serialization/deserialization operations supported by the built-in features of the Ruby programming language itself.

"Versions 2.0 to 2.5 are affected," researchers said. "There is a lot of opportunity for future work including having the technique cover Ruby versions 1.8 and 1.9 as well as covering instances where the Ruby process is invoked with the command line argument --disable-all," the elttam team added. "Alternate Ruby implementations such as JRuby and Rubinius could also be investigated."

The deserialization issues can be used for remote code execution and taking over vulnerable servers. While .NET and PHP were affected, it was Java until now that has faced the biggest issues with deserialization, earlier this year, Oracle announcing it was dropping deserialization support from the Java language's standard package.

You can have a disaster-free Election Day in the social media age, writes New York Times columnist Kevin Roose, "but it turns out that it takes constant vigilance from law enforcement agencies, academic researchers and digital security experts for months on end." It takes an ad hoc "war room" at Facebook headquarters with dozens of staff members working round-the-clock shifts. It takes hordes of journalists and fact checkers willing to police the service for false news stories and hoaxes so that they can be contained before spreading to millions. And even if you avoid major problems from bad actors domestically, you might still need to disclose, as Facebook did late Tuesday night, that you kicked off yet another group of what appeared to be Kremlin-linked trolls...

Most days, digging up large-scale misinformation on Facebook was as easy as finding baby photos or birthday greetings... Facebook was generally responsive to these problems after they were publicly called out. But its scale means that even people who work there are often in the dark... Other days, combing through Facebook falsehoods has felt like watching a nation poison itself in slow motion. A recent study by the Oxford Internet Institute, a department at the University of Oxford, found that 25 percent of all election-related content shared on Facebook and Twitter during the midterm election season could be classified as "junk news"...

Facebook has framed its struggle as an "arms race" between itself and the bad actors trying to exploit its services. But that mischaracterizes the nature of the problem. This is not two sovereign countries locked in battle, or an intelligence agency trying to stop a nefarious foreign plot. This is a rich and successful corporation that built a giant machine to convert attention into advertising revenue, made billions of dollars by letting that machine run with limited oversight, and is now frantically trying to clean up the mess that has resulted... It's worth asking, over the long term, why a single American company is in the position of protecting free and fair elections all over the world.
Despite whatever progress has been made, the article complains that "It took sustained pressure from lawmakers, regulators, researchers, journalists, employees, investors and users to force the company to pay more attention to misinformation and threats of election interference. Facebook has shown, time and again, that it behaves responsibly only when placed under a well-lit microscope.

"So as our collective attention fades from the midterms, it seems certain that outsiders will need to continue to hold the company accountable, and push it to do more to safeguard its users -- in every country, during every election season -- from a flood of lies and manipulation."

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.