Power

Is Natural Gas (Mostly) Good for Global Warming? (ieee.org) 139

Natural gas "creates less carbon emissions than the coal it replaces, but we have to find ways to minimize the leakage of methane."

That's the opinion of Vaclav Smil, a distinguished professor emeritus at the University of Manitoba and a Fellow of the Royal Society of Canada, writing in IEEE's Spectrum (in an article shared by Slashdot reader schwit1): Natural gas is abundant, low-cost, convenient, and reliably transported, with low emissions and high combustion efficiency. Natural-gas-fired heating furnaces have maximum efficiencies of 95 to 97 percent, and combined-cycle gas turbines now achieve overall efficiency slightly in excess of 60 percent. Of course, burning gas generates carbon dioxide, but the ratio of energy to carbon is excellent: Burning a gigajoule of natural gas produces 56 kilograms of carbon dioxide, about 40 percent less than the 95 kg emitted by bituminous coal.

This makes gas the obvious replacement for coal. In the United States, this transition has been unfolding for two decades. Gas-fueled capacity increased by 192 gigawatts from 2000 to 2005 and by an additional 69 GW from 2006 through the end of 2020. Meanwhile, the 82 GW of coal-fired capacity that U.S. utilities removed from 2012 to 2020 is projected to be augmented by another 34 GW by 2030, totaling 116 GW — more than a third of the former peak rating.

So far, so green. But methane is itself a very potent greenhouse gas, packing from 84 to 87 times as much global warming potential as an equal quantity of carbon dioxide when measured over 20 years (and 28 to 36 times as much over 100 years). And some of it leaks out. In 2018, a study of the U.S. oil and natural-gas supply chain found that those emissions were about 60 percent higher than the Environmental Protection Agency had estimated. Such fugitive emissions, as they are called, are thought to be equivalent to 2.3 percent of gross U.S. gas production...

Without doubt, methane leakages during extraction, processing, and transportation do diminish the overall beneficial impact of using more natural gas, but they do not erase it, and they can be substantially reduced.

Google

Google's San Jose Mega-Campus Wins City Approval (sfchronicle.com) 69

An anonymous reader quotes a report from the San Francisco Chronicle: After more than three years of negotiations, San Jose officials voted late Tuesday to approve Google's plan for a sprawling downtown campus with thousands of new homes, millions of square feet of office space and a first-of-its kind $200 million community benefit agreement. It's a deal that business, labor and community groups say could signal a shift in Bay Area development politics -- particularly as San Jose, long overshadowed by neighboring San Francisco, looks to rebound from the pandemic with more active public spaces near transit. But in a region long accustomed to isolated suburban tech campuses and big-dollar affordable housing commitments, some still questioned how exactly a $155 million community fund will be spent, and whether it will be enough to offset familiar concerns about gentrification, homelessness and daily issues like parking.

With the vote on Tuesday, Google can move forward with an80-acre development plan near San Jose's central rail hub at Diridon Station, including 4,000 new homes, more than 7 million square feet of office space, 15 acres of parks and 500,000 square feet of retail and other space. Under a community benefit deal approved earlier this year, the company also agreed to create a $155 million community stabilization fund for job training, homelessness and affordable housing. It's unprecedented for a Bay Area tech campus -- and a stark contrast to tech peers like Amazon and Tesla, which have at times asked governments to compete for business by cutting costs -- as well as developers from other industries where community concessions are not the norm. Before the coronavirus upended daily commutes, Google planned for up to 25,000 workers to occupy the new San Jose office. The company has since announced that some of its global workforce will shift to remote roles, but the city hopes that the proposed "Downtown West" neighborhood around the new offices will help buoy lively public spaces.
"A Google spokesman said the company will soon transfer land to the city for planned affordable housing development," the report says. "It aims to start construction work in 2022 and plans to transfer an initial $3 million to the city within 30 days of approval of the project, the spokesman said. In the meantime, the San Jose City Council will be tasked with appointing a new committee to oversee the $155 million community fund."
Operating Systems

Linux 5.13 Reverts and Fixes Problematic University of Minnesota Patches (phoronix.com) 38

An anonymous reader shares a report: One month ago the University of Minnesota was banned from contributing to the Linux kernel when it was revealed the university researchers were trying to intentionally submit bugs into the kernel via new patches as "hypocrite commits" as part of a questionable research paper. Linux kernel developers have finally finished reviewing all UMN.edu patches to address problematic merges to the kernel and also cleaning up / fixing their questionable patches. Sent in on Thursday by Greg Kroah-Hartman was char/misc fixes for 5.13-rc3. While char/misc fixes at this mid-stage of the kernel cycle tend to not be too exciting, this pull request has the changes for addressing the patches from University of Minnesota researchers. [...] Going by the umn.edu Git activity that puts 37 patches as having been reverted with this pull request. The reverts span from ALSA to the media subsystem, networking, and other areas. That is 37 reverts out of 150+ patches from umn.edu developers over the years.
The Internet

Freenode IRC Staff Quit After New Owner 'Seizes' Control of Network (boingboing.net) 145

Staff at the world's largest FOSS IRC network, Freenode, have resigned following a "hostile takeover." "Seeking to take control of the Freenode IRC network after acquiring Freenode Limited as their live conference organization is reported to be Andrew Lee, the founder of VPN service Private Internet Access (PIA)," reports Phoronix. Aaron Jones, a member of the staff since March 2019, details the sequence of events. Another staff member has provided additional details. Slashdot reader rastos1 writes: As it is now known, the Freenode IRC network has been taken over by a "narcissistic Trumpian wannabe korean royalty bitcoins millionaire," [writes (former) staff member Marco d'Itri]. "To make a long story short, the former freenode head of staff secretly 'sold' the network to this person even if it was not hers to sell, and our lawyers have advised us that there is not much that we can do about it without some of us risking financial ruin."

Fuck you Christel, lilo's life work did not deserve this. What you knew as Freenode after 12:00 UTC of May 19 will be managed by different people.
Freenode Limited has responded to the backlash, writing: "Given the millions I have injected into freenode thus far, the fact I own it and the fact that I protected the freenode staff with professional legal work and funding when they needed help and they could still lie and slander like this... says a lot about who they are. It saddens me that christel was forced out, and I wish she'd feel safe returning. I'm frustrated that tomaw's hostile takeover seems likely to succeed, in spite of all. I simply want freenode to keep on being a great IRC network, and to support it financially and legally as I have for a long time now."
Businesses

Coinbase To Close San Francisco Offices For Good, Will Have No Headquarters (sfgate.com) 32

The biggest U.S. cryptocurrency exchange, Coinbase, has announced it will close its San Francisco offices for good. SFGate reports: The company -- founded in June 2012 by former Airbnb engineer Brian Armstrong -- has had a speedy rise to the top in the nascent crypto industry, though its practices have also sometimes stoked controversy. [...] Coinbase's 1,200 employees are now decentralizing, and the company will no longer have a physical headquarters at all. The announcement on Twitter on Wednesday that the company's Market Street offices would shutter next year wasn't a total shock. A year ago, Armstrong announced the company would be "remote first" and not have a specific headquarters. Coinbase say they will instead offer some smaller offices elsewhere, but didn't give details. "Closing our SF office is an important step in ensuring no office becomes an unofficial HQ and will mean career outcomes are based on capability and output rather than location," the company said in a statement. "Instead, we will offer a network of smaller offices for our employees to work from if they choose to."
Education

Should Colleges Break Down How Much Money Students Make For Each Major? (msn.com) 233

The Boston Globe published some thoughts from a professor of political science at Fordham University: A bipartisan group of senators, including Elizabeth Warren of Massachusetts and Sheldon Whitehouse of Rhode Island, are backing a bill called the College Transparency Act. It would require public and private colleges around the country to report how many students enroll, transfer, drop out, and complete various programs. Then that information would be combined with inputs from other federal agencies, including the Internal Revenue Service, so that the "labor market outcomes" of former students could be tracked.

In other words, the act would create a system that publicizes how much money students make, on average, after going through particular colleges, programs, and majors. According to Senator Whitehouse, "Choosing a college is a big decision, and yet too often families can't get the information to make apples-to-apples comparisons of the costs and benefits of attending different schools." The purpose of the College Transparency Act is to allow people to make these comparisons. Its other sponsors are Republicans Bill Cassidy of Louisiana and Tim Scott of South Carolina.

Unfortunately, the College Transparency Act could reshape how students, families, policymakers, and the public view the purposes of higher education.

To be sure, privileged students will still be able to pursue their academic passions, but many students will be channeled into paths with a higher payoff upon graduation. Many students who might want to explore geography, philosophy, or the fine arts will be advised to stay away from such majors that do not appear lucrative... The system would publicize only some outputs of college — especially how much money students make — and not, for instance, surveys of graduates' satisfaction. This would have the effect of nudging students and families into viewing college as being primarily about making money...

If students learn to read complex texts and write research papers, practice public speaking, find a mentor, and make friends, then they often do well after college regardless of major.

Television

Elon Musk Teased on Twitter with Ideas for SNL Comedy Sketches (sfgate.com) 65

"Always the innovator, Elon Musk is crowdsourcing ideas for his upcoming Saturday Night Live appearance," writes USA Today.

SFGate reports: Both Musk fans and critics weighed in, with the tweet drawing over 4,500 quote tweets at time of publication (and 113,000-plus likes from his devotees). One of the top responses skewered his recent move to Texas.

"How about a skit where a selfish billionaire has a tantrum and makes a showy to-do about moving his factory to another state, but that new state is so dysfunctional it has a third-world power grid and runs out of electricity to run his factories and cars? That would be hilarious...."

As a result of his controversial image, "SNL" announced that cast members will not be required to act alongside him if it makes them uncomfortable. No cast member has publicly decline to perform yet, but cast member Chris Redd did jump into the Twitter fray to correct Musk on his use of the word "skit."

Page Six describes more of the suggestions from Twitter: Some commenters suggested ideas, including, "Extraterrestrials found your Tesla Roadster sent to space in 2018 & are trying to figure out what it is," "You play Chris Hansen on "To Catch a PP loan" with Ross Gerber," and, "Something about how it is all a simulation," while many of the responses to Musk's tweets were real zingers.

"You meeting with SNL writers using the same motivational techniques you use with $TSLA engineers. Elon: I need this done tomorrow or you're fired. SNL Writer: In your dreams a-hole," one user responded.

Programming

Survey Confirms Popularity of JavaScript, Python, C/C++, While C# Overtakes PHP (zdnet.com) 68

Analyst firm SlashData surveyed over 19,000 respondents from 155 countries for its "State of the Developer Nation" survey — and now estimates that there's 24.3 million active developers worldwide.

TechRadar reports: The report pegs JavaScript as the most popular language that, together with variants including TypeScript and CoffeeScript, is used by almost 14 million developers around the world. Based on SlashData's observations over the past several years, more than 4.5 million JavaScript developers have joined the ranks between Q4 2017 and Q1 2021. This is the highest growth in terms of absolute numbers across all programming languages...

Next up is Python with just over 10 million users, followed by Java with 9.4 million, and C/C++ with 7.3 million. The report notes that Python added 1.6 million new developers in the past year, recording a growth rate of 20%.

From ZDNet: SlashData estimates the next three largest developer communities are using C/C++ (7.3 million), Microsoft's C# (6.5 million), and PHP (6.3 million). Other large groups of developers are fans of Kotlin, Swift, Go, Ruby, Objective C, Rust and Lua...

SlashData, however, notes that Rust and Lua were the two fastest growing programming language communities in the past 12 months, albeit from a lower base than Python.

And Visual Studio magazine couldn't resist emphasizing that C# "has ticked up a notch in popularity, overtaking PHP for No. 5 on that ranking..." "C# lost three places in the rankings of language communities between Q3 2019 and Q3 2020, but it regained its lead over PHP in the past six months after adding half a million developers," the report states... "C# is traditionally popular within the desktop developer community, but it's also the most broadly used language among AR/VR and game developers, largely due to the widespread adoption of the Unity game engine in these areas..."

It was a different story one year ago, when the 18th edition of the report said: "C# lost about 1M developers during 2019... [I]t seems to be losing its edge in desktop development — possibly due to the emergence of cross-platform tools based on web technologies."

The language might see more desktop development inroads as new initiatives from Microsoft such as Blazor Desktop (one of those "cross-platform tools based on web technologies") and .NET MAUI provide a wide array of desktop approaches.

GNU is Not Unix

The FSF Says ThinkPenguin's Wireless-N Mini Router 'Respects Your Freedom' (fsf.org) 36

Friday the Free Software Foundation awarded their coveted "Respects Your Freedom" (RYF) certification to another new product: the Free Software Wireless-N Mini Router v3 (TPE-R1300) from ThinkPenguin, Inc.

Just 45 products currently hold the FSF's certification "that these products meet the FSF's standards in regard to users' freedom, control over the product, and privacy." (That is to say, they run on 100% free software, allow the installation of modified software, and are free from DRM, spyware and tracking.) The FSF writes: As with previous routers from ThinkPenguin, the Free Software Wireless-N Mini Router v3 ships with an FSF-endorsed fully free embedded GNU/Linux distribution called libreCMC. It also comes with a custom flavor of the U-Boot boot loader, assembled by Robert Call, who is the maintainer of libreCMC and a former FSF intern.

The router enables users to run multiple devices on a network through a VPN service, helping to simplify the process of keeping their communications secure and private. While ThinkPenguin offers a VPN service, users are not required to purchase a subscription to their service in order to use the router, and the device comes with detailed instructions on how to use the router with a wide variety of VPN providers...

"ThinkPenguin once again demonstrates a long-standing commitment to protecting the rights of their users. With the latest iteration of the Wireless-N Mini Router, users know that they'll have up to date hardware they can trust for years to come," said the FSF's licensing and compliance manager, Donald Robertson, III.

Phoronix points its readers to the device's page at ThinkPenguin.com "should you be looking to build out your wireless network using the decade old 802.11n standard."
The Internet

How Should We Honor the Legacy of Dan Kaminsky? 27

Last week came the news that Dan Kaminsky, security researcher (and popular speaker at security conferences), had passed away at the age of 42. In a half hour the DEF CON security convention will hold a special online memorial for Dan Kaminsky on Discord.

But interestingly, Kaminsky was also one of ICANN's "Trusted Community Representatives," part of a small community involved in a ceremonial root key generation, backup and signing process. (Since 2010 Kaminsky was one of the seven "Recovery Key Share Holders" entrusted with a fragment of a cryptographic key and reporting in for its annual inventory.)

So who will take Dan's place? Slashdot contacted ICANN's vice president of IANA Services, Kim Davies. His response? We maintain an open invitation for volunteers who believe they are qualified, and review those volunteers when a vacancy arises. The selection process is documented, but in essence means we try to maintain a balance of skills and geographic location so that in the aggregate the TCRs are diverse.

The selection is not in chronological order, and will not necessarily result in selecting someone who most matches Dan's attributes. Ultimately the replacement will be a volunteer that the evaluation panel feels best contrasts and complements the attributes of the remaining TCRs.

Davies also shared this remembrance of Dan Kaminsky: He played a critical role in the evolution of the DNS by bringing attention to the practical cache poisoning vulnerability he discovered. He was a greater collaborator who worked closely with us to rapidly address the issue in critical infrastructure, and then worked to promote technologies like DNSSEC that can mitigate it effectively in the long term. He really provided a significant catalyst that resulted in DNSSEC being put into widespread production in 2010.

His service as a Trusted Community Representative was just a part of his commitment to these issues, and while his work on the DNS is perhaps his most famous contribution, he has an amazing resume of accomplishments throughout his career.

Personally I found him a delight to work with and we are deeply mourning the loss.

Of course, there's another way to follow in Dan's footsteps. Long-time Slashdot reader destinyland writes: Jeff Moss, founder of DEF CON and Black Hat, has proposed nominating Kaminsky for the Internet Hall of Fame, or even creating a Kaminsky award to honor "the core ideals" of the security researcher. But there's another complementary direction to go in... Black Hat board member Matt Devost tweeted last weekend that, "No one that knew Dan Kaminsky well is talking about DNS today. They are talking about kindness, boundless energy and positivity, spontaneous adventures, and how hard he worked to lift others up. Want to emulate one of the greatest hackers of all time? Let that be your guide."

And last week a self-described hacker named Dr. Russ even tweeted, "In an effort to honor Dan Kaminsky's character and legacy, we should all make a random act of Kaminsky weekly. Make it a point to be kind and helpful to someone, friend or stranger. Legit helpful and kind, take it over the finish line. Be the persistent guide he was. Then do it again."

I propose we call that "pulling a Kaminsky."

Presumably in the way later generations in William Gibson's Count Zero talked of "pulling a Wilson...."
Bitcoin

The IRS Wants Help Hacking Cryptocurrency Hardware Wallets (vice.com) 66

An anonymous reader quotes a report from Motherboard: The IRS is looking for help to break into cryptocurrency hardware wallets, according to a document posted on the agency website in March of this year. Many cryptocurrency investors store their cryptographic keys, which confer ownership of their funds, with the exchange they use to transact or on a personal device. Some folks, however, want a little more security and use hardware wallets -- small physical drives which store a user's keys securely, unconnected to the internet. The law enforcement arm of the tax agency, IRS Criminal Investigation, and more specifically its Digital Forensic Unit, is now asking contractors to come up with solutions to hack into cryptowallets that could be of interest in investigations, the document states.

"The decentralization and anonymity provided by cryptocurrencies has fostered an environment for the storage and exchange of something of value, outside of the traditional purview of law enforcement and regulatory organizations," the document reads. "There is a portion of this cryptographic puzzle that continues to elude organizations -- millions, perhaps even billions of dollars, exist within cryptowallets." The security of hardware wallets presents a problem for investigators. The document states that agencies may be in possession of a hardware wallet as part of a case, but may not be able to access it if the suspect does not comply. This means that authorities cannot effectively "investigate the movement of currencies" and it may "prevent the forfeiture and recovery" of the funds. "The explicit outcome of this contract is to tame the cybersecurity research into measured, repeatable, consistent digital forensics processes that can be trained and followed in a digital forensics' laboratory," the document says.

Power

Texas On Track To Add Record Solar Power Capacity By End of 2022 (reuters.com) 111

According to a report from the U.S. Energy Information Administration (EIA), Texas will add a record 10 GW of utility-scale solar capacity by the end of 2022, compared with 3.2 GW in California. A third of all U.S. utility-scale solar capacity planned to come online in the next two years (30 GW) will be in Texas. Reuters reports: California currently has the most installed utility-scale solar capacity of any state - about 16 gigawatts (GW). One gigawatt can power about 1 million U.S. homes. But since solar power is on only about a third of the time, a gigawatt of solar can only power about 330,000 homes. Texas added 2.5 GW of solar capacity in 2020, and EIA said it expected the state to add another 4.6 GW in 2021 and 5.4 GW in 2022, bringing the state's total to 14.9 GW. Solar is expected to make up the largest share of capacity additions in Texas between 2020 and 2022, with almost half of the additions, compared with 35% for wind and 13% for gas, according to EIA projections.
Facebook

'Blistering' Note Reveals Secret Travails of Facebook's Content Moderators (sfgate.com) 65

A Facebook content moderator (contracted through Accenture) quit their position in Austin, Texas — but also left a critical internal note which was later leaked by a senior tech reporter at BuzzFeed who described it as "blistering."

SFGate also calls it "a harrowing account of what it's like to work as a Facebook content moderator." The message describes content moderation as a job that takes a significant toll mentally and physically and has led some coworkers to go on psychiatric medication for the first time or self-medicate with alcohol and drugs... "Content analysts are paid to look at the worst of humanity for eight hours a day..." The employee in question allegedly acknowledges that Facebook has made improvements to their wellness program, but still claims it to be inadequate, stating that managers view their employees' brains "as machines," rather than taking into account the consequences of workplace stress.
But the note also points out that "Those who spend the most time in the queues have the least input as to policy... It can take months for issues to be addressed, if they are addressed at all..." Content analysts should be able to communicate directly with those responsible for designing policy... The fact that content analysts are hired by outside agencies makes these things impossible. There are no established avenues for communication with Facebook full-time employees, and we can face penalties if we attempt to contact them.
The last line of the note offers this benediction for Facebook. "I hope you figure out a way to stop constantly starting PR fires and traumatize people en masse."
Linux

Slackware Approaches 28th Birthday With New Beta Release (theregister.com) 58

Slashdot reader LeeLynx shares news from The Register about a Slackware 15 beta release (following the debut of February's alpha), "nearly five years after the distribution last saw a major update." (And nearly 28 years after its initial release back in 1993...) Created by Patrick Volkerding (who still lays claim to the title Benevolent Dictator For Life), the current release version arrived in the form of 2016's 14.2... The Linux kernel has been updated to 5.10.30 (at time of writing) with 5.11.14 available for testing. Desktop fans may be pleased to see, among the many updates, KDE Plasma hitting 5.21.4 as well as updates for old faithfuls, such as Mozilla Firefox and Thunderbird.

The beta itself dropped on 12 April (with the 5.10.29 kernel) and Volkerding noted: "I'm going to go ahead and call this a beta even though there's still no fix for the illegal instruction issue with 32-bit mariadb. But there should be soon."

Tinkering has continued since, judging by the change log, although the beta tag brings hope there will be a release before long.

Technology

Missing California Hiker Found After Mystery Photo Reveals Location (sfgate.com) 97

A mystery photo and a geography enthusiast helped locate a missing California hiker who is now safely back home. From a report: Rene Compean of Palmdale was on a hike Monday near Mount Waterman, a popular ski destination in the San Gabriel Mountains in Southern California. While the 45-year-old was on his outdoor adventure, he snapped a picture. Compean texted the shot to a friend. And then, he went off the map. He was reported missing at 6 p.m. by a friend, who received one last text from Compean saying he was worried he was lost and his cell phone battery was running low. The photo was turned over to investigators at the Los Angeles County Sheriff's Department who posted it to social media, asking if anyone recognized the spot in the photograph. Benjamin Kuo saw the message and thought he might be able to help. The report adds: As a satellite image aficionado, he was already familiar with tracking California wildfires in remote areas. "I've got a very weird hobby, which is I love taking a look at photos and figuring out where they're taken," Kuo told NBC Los Angeles. Using satellite images, maps and the scenery below Compean's feet in the photo, Kuo was able to estimate the coordinates of where he believed the man had gone missing. Kuo sent his tip to the sheriff's office, and a helicopter was sent to survey the area Tuesday. There, as if by magic, was Compean.
Unix

FreeBSD 13 Released (phoronix.com) 66

"FreeBSD, the other Linux, reached version 13," writes long-time Slashdot reader undoman. "The operating system is known for its stable code, native ZFS support, and use of the more liberal BSD licenses." Phoronix highlights some of the major new improvements: FreeBSD 13.0 delivers on performance improvements (particularly for Intel CPUs we've seen in benchmarks thanks to hardware P-States), upgrading to LLVM Clang 11 as the default compiler toolchain, POWER 64-bit support improvements, a wide variety of networking improvements, 64-bit ARM (AArch64) now being a tier-one architecture alongside x86_64, EFI boot improvements, AES-NI is now included by default for generic kernel builds, the default CPU support for i386 is bumped to i686 from i486, and a variety of other hardware support improvements. Various obsolete GNU tools have been removed like an old version of GNU Debugger used for crashinfo, obsolete GCC 4.2.1 and Binutils 2.17 were dropped from the main tree, and also switching to a BSD version of grep. The release announcement can be found here.
PHP

Git.PHP.net Not Compromised in Supply Chain Attack, but User Database Leak Possible (inside.com) 18

Inside.com's developer newsletter reports: The PHP team no longer believes the git.php.net server was compromised in a recent attack, which prompted PHP to move servers to GitHub and caused the team to temporarily put releases on hold until mid-April...

In an update offering further insight into the root cause of the late March attack, the team says because it's possible the master.php.net user database was exposed, master.php.net has been moved to main.php.net. The team also reset php.net passwords, and you can visit https://main.php.net/forgot.php to set a new password. In addition, git.php.net and svn.php.net are both read-only now.

Two malicious commits were pushed to the php-src repo from PHP founder Rasmus Lerdorf and PHP core developer Nikita Popov, Popov announced March 28. After an investigation, the PHP team reassured users these malicious commits never reached end-users. However, the team decided to move to GitHub after determining maintaining its own git infrastructure is "an unnecessary security risk."

"In 2019, the PHP team temporarily shut down its Git server after discovering that an attacker had maliciously replaced the official PHP Extension and Application Repository with a malicious one," reports CPO magazine. But this newer supply chain attack "targeted any server that uses PHP ZLib compression when sending data. Most servers use this functionality on almost all content except images and archives that are already size optimized." The supply chain attack would have turned PHP into a remote web shell through which the attackers could execute any command without authentication. This is because the malicious attackers would have the same privileges as the web server running PHP. The backdoor is triggered at the start of a request by checking if the request contains the word "zerodium." If this condition was met, PHP executes the code in the "User-Agentt" request header. The header closely resembles the PHP "User-Agent" request for checking for browser properties.

The rest of the request would thus be treated as a command that could be executed on a PHP server using the server's privileges. This would allow the hackers to run any arbitrary command without the need for further privileges...

PHP powers 80% of all websites. Thus, a successful supply chain attack exploiting the language could prove catastrophic.

Linux

Reactions to Arch Linux's New Guided Installer (linuxreviews.org) 108

Long-time Slashdot reader xiando quotes LinuxReviews: The community distribution Arch Linux has up to now required you to manually install it by entering a whole lot of scary commands in a terminal. Arch version 2021.04.01 features a new guided installer [reached by] typing python -m archinstall guided into the console you get when you boot the Arch Linux installation ISO.

It is not very novice-friendly, or user-friendly, but it gets the job done and it will work fine for those with some basic GNU/Linux knowledge.

Tech Radar writes that previously Arch Linux had "a rather convoluted installation process, which has given rise to a stream of Arch-based distros that are easier to install," adding that the new installer "was reportedly promoted as an official installation mechanism back in January, and was actively worked upon leading to its inclusion in the installation medium." Users have been calling on Arch Linux for simplifying the installation process for a long time, to bring it in line with other Linux distros. However, the Arch philosophy has always been to put the users in charge of every aspect of their installation, which is the antithesis of automated installers.
Phoronix calls the new installer "very quick and easy," although "granted not as user-friendly / polished as say the Debian Installer, Red Hat's Anaconda installer, even Ubuntu's Subiquity, and other TUI/GUI Linux installers out there." They also note that Archinstall "does allow automatically partitioning the drive with your choice of file-system options, automatically installing a desktop environment if desired, configuring the network interfaces, and all the other basics." The method is quick enough that I'll likely use archinstall for future Arch Linux benchmarks on Phoronix as it also then applies a sane set of defaults for users... Five minutes or less and off to the races, ready for Arch Linux."
But Slashdot reader I75BJC still favors "scary commands in a terminal," leaving this comment on the original submission: If you can't type with the big adults, stay on your PlayStation.

Even Apple, with its very good GUI has a command line. The command line commands are more flexible, more specific, more subtle than the pointy-clicky GUI.

Businesses

Uber May Stop Letting Drivers See Destinations and Name Prices (sfchronicle.com) 141

An anonymous reader shares a report: A year ago, Uber let its California drivers see ride destinations before picking up passengers and let them set pricing in an effort to prove that the drivers were truly independent contractors. It was part of the company's strategy to block drivers from being reclassified as employees under AB5, California's gig-work law. Now, Uber is acknowledging that the move has hurt business and is considering axing its visible destinations and price-naming policies, The Chronicle has learned. The see-saw may disappoint drivers who appreciated that extra control over their work.

Too many drivers cherry-pick lucrative rides and decline other requests, making the service unreliable, the San Francisco company said on Monday. Uber no longer has to worry about proving that drivers are independent contractors, because Prop 22 -- the November ballot measure that Uber and fellow gig companies spent $220 million to pass -- enshrines their non-employee status.

Businesses

Insider-Trading Indictment Shows Ties To Bloomberg News Scoops (cjr.org) 32

For more than six months, federal prosecutors say, a New York man used inside information to make illegal profits in the stock market -- and a core element of his alleged scheme was his interaction with Bloomberg News, which published several stories shortly after the trader arranged to make significant purchases of the companies' shares. From a report: Last month, a federal grand jury indicted Jason Peltz on multiple counts of securities fraud, money laundering, tax evasion and lying to the FBI. Peltz, 38, is accused of working with over a half-dozen unnamed and unindicted co-conspirators to learn about impending takeovers and other market-moving news, and to move money between accounts as a way to hide his role and profits. The indictment notes that Peltz's moves were timed closely to stories that ran at "a financial news organization."

While the newsroom isn't named, federal officials cite five stories and their timestamps -- all of which match precisely to pieces that ran on Bloomberg News' website. Each of those stories had shared bylines, but only one reporter is identified as an author for all of the articles: Ed Hammond, who worked at the Financial Times before coming to Bloomberg more than six years ago to cover mergers and acquisitions. In 2017, Hammond was named Bloomberg's senior deals reporter in New York -- a highly prestigious post in that newsroom. The feds allege that Peltz used disposable "burner" phones and encrypted apps to communicate with a journalist, and that the reporter provided "material nonpublic information about forthcoming articles" which Peltz used to trade in the market "just prior to publication of an article about each company written by the reporter." The indictment describes "numerous contacts" between Peltz and a reporter, including at least one in-person meeting. Neither Hammond nor Bloomberg is named in the indictment; the filing says a financial-news reporter's identity was made known to the grand jury that heard the case. No one at Bloomberg is accused by prosecutors of wrongdoing or of being aware that these stories might be linked to an insider-trading scheme. Prosecutors make no allegation that the stories contained any inaccurate information, nor do any of the stories display corrections.

Slashdot Top Deals