Ananda Sharma, founder of the app Gyroscope, describes to a local TV station the monolith he discovered during a Christmas-morning jog under a candy-cane red sunrise.

"I think I smelled it before I saw it..."

He spotted a double rainbow and wanted to peek at that too. At first, he thought the monolith was "a big post," but as he got closer, he smelled the gingerbread scent wafting toward him. The monolith is standing in panels separated by icing...

"It made me smile.
SFGate spoke to another eye-witness: Alexis Gallagher also happened upon the sweet monolith at about 8:25 a.m. Friday morning, confirming it was made of gingerbread, frosting and gumdrops... "I had a closer look and it looks like there's a plywood skeleton underneath, but I try not to dwell on such mundane realities."

Gallagher added that he had to "stop my dog from nibbling on it..."
When reached for an official comment, the San Francisco Recreation and Parks Department General Manager told the TV news reporter that the gingerbread monolith "Looks like a great spot to get baked."

Then he added more sternly that "we will leave it up until the cookie crumbles."

But their article notes it raises several questions for Bay Area residents: Did Christmas-happy aliens beam it down from above? Did some rogue artificial intelligence escape a nearby Google campus, and, driven mad by our plethora of Christmas music...design an art piece to brighten our days? And just how expensive is it to rent a highrise apartment within its crumbly, ginger-pungent walls...?
SFGate's report ends with Ananda Sharma noting that it began raining in San Francisco at 11:30 a.m., adding, "not sure what happens to gingerbread in the rain but it probably isn't good."

Redox OS, the micro-kernel based Rust-written operating system, is out with a new Christmas release. From a report: Redox OS 0.6 was released on Christmas Eve with many bug fixes and new features. Redox OS 0.6 features a complete rewrite of its RMM kernel memory manager, improvements to its Relibc C library implementation, Pkgar as a new package format, and Rust code compatibility updates. It's been the better part of two years since Redox 0.5 was released but moving forward they hope to start releasing new updates more often.

fahrbot-bot shares a report from Phys.Org: Researchers from Tokyo Metropolitan University have discovered a way to make self-assembled nanowires of transition metal chalcogenides at scale using chemical vapor deposition. By changing the substrate where the wires form, they can tune how these wires are arranged, from aligned configurations of atomically thin sheets to random networks of bundles. This paves the way to industrial deployment in next-gen industrial electronics, including energy harvesting, and transparent, efficient, even flexible devices.

Using a process called chemical vapor deposition (CVD), they found that they could assemble TMC nanowires in different arrangements depending on the surface or substrate that they use as a template. Examples are shown in Figure 2; in (a), nanowires grown on a silicon/silica substrate form a random network of bundles; in (b), the wires assemble in a set direction on a sapphire substrate, following the structure of the underlying sapphire crystal. By simply changing where they are grown, the team now have access to centimeter-sized wafers covered in the arrangement they desired, including monolayers, bilayers and networks of bundles, all with different applications. They also found that the structure of the wires themselves were highly crystalline and ordered, and that their properties, including their excellent conductivity and 1D-like behavior, matched those found in theoretical predictions. The research has been published in the journal Nano Letters.

Sony has published a new "hid-playstation" Linux kernel driver for bringing up the PlayStation 5 DualSense controller and will also be used for supporting other PlayStation hardware on Linux. Phoronix reports: This new Linux kernel driver supports the PlayStation 5 "DualSense" game controller both in USB and Bluetooth modes. All key functionality along with LEDs, motion sensors, touchpad, battery, lightbar, and rumble are all supported by this official Sony Linux driver. The Linux kernel already has the existing "hid-sony" driver while this PlayStation 5 game controller comes with the hid-playstation driver. In announcing the new driver, they are planning to move some of the Sony Interactive Entertainment hardware support from the existing hid-sony to hid-playstation drivers. The hid-sony driver will continue to be maintained and used by broader Sony devices. This new driver follows the move from about a year ago of Sony "officially" maintaining the hid-sony Linux input driver.

This new driver comes in at just over 1,400 lines of code in its initial form catering to the PS5 controller. When transitioning support for older hardware to this new driver there is also a promise of unit test coverage and more. The new HID-PlayStation driver is currently under review and isn't yet queued up for mainlining but those wanting to try it out can find the 13 patches up for testing.

Roughly half a billion people played Among Us in November, becoming "by far the most popular game ever in terms of monthly players," according to Nielsen's SuperData. The Verge reports: The success is even more remarkable because InnerSloth -- the company that makes Among Us -- only has four employees. That's roughly 125 million players per person who works on the game. It's proven to be so popular that the studio decided to cancel a sequel that was in the works and just put all its effort into improving the original. It even caught the attention of sitting congresswoman Alexandria Ocasio-Cortez, who livestreamed herself playing it to try to encourage people to vote, with an audience on Twitch that peaked at over 400 thousand viewers.

In an email to The Verge, Carter Rogers, Principal Analyst at SuperData, said that the next-most popular game in terms of monthly active users only clocked in at 300 million. Rogers notes that Nielsen arrives at its figures through a mix of "point-of-sale and event data from publishers, developers and payment service providers." Among Us' release on the Nintendo Switch was recent enough that it didn't have an appreciable impact on the game's total numbers in Nielsen's analysis.

Application-security company Veracode "has released the 11th volume of its annual State of Software Security report, and its findings reveal that flawed applications are the norm, open-source libraries are increasingly untrustworthy, and it's taking a long time to patch problems," reports TechRepublic.

The top three security flaws — like last year — are still information leakage, cryptographic issues, and CRLF injection: The report found a full 76% of apps contained flaws, and 24% of apps have flaws considered highly severe. Some 70% of apps are inheriting security flaws from their open-source libraries, but it's important to note that only 30% of apps have more security bugs in their open-source libraries than in code written in-house, suggesting that it isn't solely open-source projects that are to blame... In terms of how bugs are being resolved, Veracode found that 73% of the bugs it found as part of the report were patched, which is a big improvement over previous years, when that number was in the mid-50% range. Despite that good sign, it's still taking an average of six months to close half of discovered flaws...

Veracode also released a heatmap of the worst bugs in the most popular languages. Interestingly enough, the language with the least use of open-source libraries is also the one with the most bugs: PHP.

Looking at the heatmap, it's easy to spot which of the five popular languages included has the worst security. Following PHP is C++, then Java, .Net, JavaScript, and Python. The latter two are, doing considerably better than the competition, with the worst flaws in each only being found in roughly 30% of apps. Compared to PHP with 74.6% of its apps vulnerable to cross-site scripting, JavaScript and Python are security powerhouses.

An anonymous Slashdot reader writes: For the past year, hackers have been breaking into MySQL databases, downloading tables, deleting the originals, and leaving ransom notes behind, telling server owners to contact the attackers to get their data back. If database owners don't respond and ransom their data back in nine days, the databases are then put up on auction on a dark web portal.
"More than 85,000 MySQL databases are currently on sale on a dark web portal for a price of only $550/database," reports ZDNet: This suggests that both the DB intrusions and the ransom/auction web pages are automated and that attackers don't analyze the hacked databases for data that could contain a higher concentration of personal or financial information. Signs of these ransom attacks have been piling up over the course of 2020, with the number of complaints from server owners finding the ransom note inside their databases popping up on Reddit, the MySQL forums, tech support forums, Medium posts, and private blogs.

"NASA's twin Voyager probes keep making discoveries in interstellar space," reports Space.com The Voyager mission has detected a new type of "electron burst," which will provide insights into the mechanisms of flaring stars, a new study reports. The bursts occur when cosmic ray electrons — fast-moving particles from far beyond the solar system — are pushed by shock waves generated by solar eruptions. The electrons then accelerate further along cosmic magnetic field lines to incredible speed, study team members said.

"The idea that shock waves accelerate particles is not new," corresponding author Don Gurnett, professor emeritus in physics and astronomy at the University of Iowa, said in a statement. "[But] we detected it in a new realm: the interstellar medium, which is much different than in the solar wind, where similar processes have been observed...."

Eventually, the magnetic field lines propel the cosmic rays to almost the speed of light — nearly 670 times faster than the solar shock waves that first pushed them. (The shock waves move at roughly 1 million mph, or 1.6 million kph, study team members said.)
The article marvels at the fact that the spacecraft are still sending back data regularly from 14 billion miles away, beyond the edge of our solar system, more than 43 years after they left earth. They even detected the original solar shock wave which caused the electron burst "up to a year after the event occurred.

"The wait time happened because the spacecraft are so far from the sun."

"A Mysterious Object Is Hurtling Towards Earth, and Scientists Don't Know What It Is," read Newsweek's headline on Monday, describing an object projected to pass 31,605 miles from earth. (One astronomer told them that was roughly 13% of the average distance between the earth and the moon).

But then a computer model calculated its past trajectories through space, according to the director for NASA's Center for Near Earth Object Studies (CNEOS). "One of the possible paths for 2020 SO brought the object very close to Earth and the Moon in late September 1966," he said in a statement. "It was like a eureka moment when a quick check of launch dates for lunar missions showed a match with the Surveyor 2 mission."

On Wednesday NASA described how a team led by Vishnu Reddy, an associate professor/planetary scientist at the Lunar and Planetary Laboratory at the University of Arizona, tried to prove what they'd seen was a 54-year-old booster rocket: Through a series of follow up observations, Reddy and his team analyzed 2020 SO's composition using NASA's IRTF and compared the spectrum data from 2020 SO with that of 301 stainless steel, the material Centaur rocket boosters were made of in the 1960's. While not immediately a perfect match, Reddy and his team persisted, realizing the discrepancy in spectrum data could be a result of analyzing fresh steel in a lab against steel that would have been exposed to the harsh conditions of space weather for 54 years. This led Reddy and his team to do some additional investigation.

"We knew that if we wanted to compare apples to apples, we'd need to try to get spectral data from another Centaur rocket booster that had been in Earth orbit for many years to then see if it better matched 2020 SO's spectrum," said Reddy. "Because of the extreme speed at which Earth-orbiting Centaur boosters travel across the sky, we knew it would be extremely difficult to lock on with the IRTF long enough to get a solid and reliable data set."

However, on the morning of Dec. 1, Reddy and his team pulled off what they thought would be impossible. They observed another Centaur D rocket booster from 1971 launch of a communication satellite that was in Geostationary Transfer Orbit, long enough to get a good spectrum. With this new data, Reddy and his team were able to compare it against 2020 SO and found the spectra to be consistent with each another, thus definitively concluding 2020 SO to also be a Centaur rocket booster...
So what happens next? 2020 SO made its closest approach to Earth on Dec. 1, 2020 and will remain within Earth's sphere of gravitational dominance — a region in space called the "Hill Sphere" that extends roughly 930,000 miles (1.5 million kilometers) from our planet — until it escapes back into a new orbit around the Sun in March 2021.

As NASA-funded telescopes survey the skies for asteroids that could pose an impact threat to Earth, the ability to distinguish between natural and artificial objects is valuable as nations continue to explore and more artificial objects find themselves in orbit about the Sun.

Astronomers will continue to observe this particular relic from the early Space Age until it's gone.

This week the Microsoft-owned code repository site GitHub released its annual report with statistics about its community, writes programming columnist Mike Melanson: The report offers a deep dive into three specific areas, with a look at developer productivity in the time of COVID, community and collaboration, and open source security. Highlights include increased productivity with 35% more repositories created in 2020 than 2019, a large open source community with more than 56M developers in 2020 with 100M expected by 2025, and security vulnerabilities that often go undetected for more than 4 years before being disclosed and 94% of projects relying on open source components.
"2020 has been a year of extraordinary change," notes GitHub's report. "Yet with 60M+ new repositories created this past year, one thing has remained true — developers came together from all corners of the world to innovate, find connection, and solve problems."

GitHub reports that over 1.9 billion contributions were added in the last year, with users distributed around the globe:

North America:	34%
Asia:	30.7%
Europe:	26.8%
South America:	4.9%
Africa:	2%
Oceania:	1.7%

And while JavaScript is still the most popular language used on the site, Python remains more popular (at #2) than Java (at #3) for the second year in a row.

1. JavaScript
2. Python
3. Java
4. TypeScript
5. C#
6. PHP
7. C++
8. C
9. Shell
10. Ruby

A Reddit user found Google Earth photos showing the Utah monolith may have appeared in its canyon up to five years ago, according to The Daily Beast. But it's gone now: Last week, a team of four people removed the Utah obelisk. One of them, a Utah adventure guide, explained their actions in an Instagram post. "We removed the Utah Monolith because there are clear precedents for how we share and standardize the use of our public lands, natural wildlife, native plants, fresh water sources, and human impacts upon them. The mystery was the infatuation and we want to use this time to unite people behind the real issues here — we are losing our public lands — things like this don't help," Sylvan Christensen wrote.

Although the statue had damaged some of the surrounding rock formations, its real cost came when hordes of tourists drove cars and rode helicopters to the remote canyon to see it, Christensen said. "This land wasn't physically prepared for the population shift (especially during a pandemic)," he wrote. "People arrived by car, by bus, by van, helicopter, planes, trains, motorcycles and E-bikes and there isn't even a parking lot. There aren't bathrooms — and yes, pooping in the desert is a misdemeanor. There was a lot of that."
"The group of four took the big pieces of the monolith and placed them in a wheelbarrow and said 'leave no trace' as they rolled it away," reports CNN, citing a photographer who witnessed the event.

The second mysterious monolith that appeared in Romania has also been "removed by parties unknown," reports the Bay Area Newsgroup. But a third monolith also mysteriously appeared 200 miles south of San Francisco in the small town of Atascadero on Tuesday, according to SFGate. Though their reporter has a theory as to why: Atascadero is a handy place. There's plenty of rugged cowboy types, and plenty of people with the room and machinery to weld and rivet some sheets of metal together. The local band when I was in high school was in fact known for riveting metal parts and tubing onto stages and cars and painting the whole thing silver...

[W]hen Atascadero saw this monolith trend hitting, someone took note of the importance of getting in fast, went out into their garage and built a monolith.
"And then, overnight, it was gone," notes the Bay Area News Group. Forbes describes the young men responsible as "Dressed in camo gear, armed with night-vision goggles and energy drinks," and at least once referencing the QAnon conspiracy theory. "One of the men even states: 'We don't want illegal aliens from Mexico, or outer space.'"

The Bay Area News Group writes: The revelation that the culprits drove five hours from Southern California to tear it down, live-streaming the trek, has angered Central Coast residents. Video shows the four young men chanting "Christ is king" as they tear down the monolith and replace it with a plywood cross. They also made racist and anti-immigrant statements...

In a statement Thursday, Atascadero Mayor Heather Moreno said: "We are upset that these young men felt the need to drive 5 hours to come into our community and vandalize the Monolith.

"The Monolith was something unique and fun in an otherwise stressful time."

GitHub has released its annual Octoverse report, revealing trends in one of the largest developer communities on the planet, including a spike in open source project activity following the start of the COVID-19 pandemic. VentureBeat: JavaScript continues to be the most popular programming language on GitHub, while Python is now the second most popular, followed by Java and the fast-growing TypeScript community. Maintained by GitHub owner Microsoft, TypeScript has climbed from seventh place in 2018 and 2019 to fourth overall this year. PHP and Ruby, languages that ranked among the most popular five years ago, continued to decline in popularity.

Apple has picked "Code Switch" as the best audio show of the year, marking the first time the company has recognized a single podcast in this way. Engadget reports: Code Switch is NPR's weekly discussion on race. While the series has been on the air for the better part of seven years, it became significantly more popular over the summer as people across the US took to protest the death of George Floyd and other instances of racial injustice.

As in past years, the company also shared a selection of the most popular audio shows people listened to through Apple Podcasts. Few surprises here as old favorites like Stuff You Should Know, This American Life and The Daily came out as the most popular shows in the US. When it comes to shows new to 2020, Unlocking Us, Nice White Parents and CounterClock made the top three for the year. Apple's editorial team had their say as well. They picked California Love, Canary by the Washington Post and Dying for Sex as their favorites of 2020. If you're looking for something new to listen to, all three lists are a good place to start.

hackingbear writes: Australian Prime Minister Scott Morrison demanded an apology after a senior Chinese official posted a "fake image" of an Australian soldier holding a knife with blood on it to the throat of an Afghan child, calling it "truly repugnant" and demanding it be taken down. The Australian government has asked Twitter to remove the image, posted on Monday by China's foreign ministry spokesman Zhao Lijian on his official Twitter account, Morrison said. "It is utterly outrageous and cannot be justified on any basis," Morrison said. "The Chinese government should be utterly ashamed of this post. It diminishes them in the world's eyes."

The image is actually an art work, originally posted on Weibo by online artist Wuhe Qilin, based on the recently uncovered war crimes committed by Australian special forces in the Afghan War. On Friday, Australia has told 13 special forces soldiers they face dismissal in relation to an independent report on alleged unlawful killings in Afghanistan, the head of the country's army said on Friday. "It is the Australian government who should feel ashamed for their soldiers killing innocent Afghan civilians," said Hua Chunying, China's foreign ministry spokeswoman, when asked about Morrison's comments. Wuhe Qilin praised Zhao's re-posting [translation: "Deputy Zhao's strong. Go for it!"] of his work.

NBC News reports: Many urban centers have seen residents move out in large numbers since the start of stay-at-home orders in March, but the shift has been especially dramatic for San Francisco, a city that was already experiencing rapid change because of the tech industry. Software engineers, CEOs and venture capitalists have chosen to jump from the Bay Area to places such as Denver, Miami and Austin, Texas, citing housing costs, California's relatively high income tax and the Bay Area's general resistance to rapid growth and change.

The scale of the departures is visible in vacant high-end apartments, moth-balled offices and quieter streets in neighborhoods popular with tech workers. And while no one is exactly celebrating, especially as Covid-19 has devastated the incomes of many people, some residents were ready to take a break from the rich.... Rents may have fallen 20 percent or more from a year ago, but they're still high by national standards, and many artists left the city a long time ago.

Although some companies such as Pinterest have canceled leases, Google is expanding its offices in San Francisco, a sign of the tech industry's attachment to the city despite the local hostility and the predictions of a permanent work-from-home culture...

Tracy Rosenberg, executive director of Media Alliance, a San Francisco nonprofit that is often critical of the power of tech companies, said she wonders whether tech workers will want to return to a place where they've received a mixed welcome. "The level of tech blowback in San Francisco and the Bay Area was going up in intensity," she said. "I think there'll be sort of a reluctance to come back and face that, because that was reaching a level that was hard to live with — when you are the cause of all social problems, in the eyes of a significant part of the population, at least."

"PHP version 8.0 has arrived, bringing with it a major update to the 25-year-old programming language..." writes Tech Republic.

New language features include the nullsafe operator and attributes (commonly known as annotations in other languages) to add metadata to classes — and more: The JIT compiler is designed to bring performance improvements to web applications by turning code into instructions for the CPU at runtime. Meanwhile, union types is a feature that allows data of more than one type to be held by a variable. Named arguments allow developers to assign values to a function by specifying the value name, allowing optional parameters to be ignored. Alongside these, version 8.0 of PHP brings optimizations and enhancements to the language's type system, syntax, error handling and consistency....

Commenting on PHP 8.0, PHP programmer and stitcher.io developer, Brent Roose, noted that the latest version of the language may require developers to review code for any breaking changes.

An anonymous reader shares a report: Satoshi didn't leave much behind when he decided to leave the scene for good back in April, 2011. But, he did leave enough for us to conduct a thorough research into his whereabouts when he was working on Bitcoin. To conduct this research, we gathered data from the following:
Satoshi's Bitcointalk account (539 available posts)
His 34 emails on the cryptography and Bitcoin mailing lists
His 169 commits on SourceForge
The metadata from Bitcoin whitepaper versions from 2008 (PDF) and 2009 (PDF)
The Genesis block
Various Wayback Machine archives

The data-driven part of the research focuses on timestamps from Satoshi's Bitcointalk posts, SourceForge commits, and emails, which represent a total of 742 activity instances from 206 days (not consecutive). The timestamp data starts from October 31, 2008, when he first announced Bitcoin on the cryptography mailing list, and ends on December 13, 2010, when he sent his last email that is known to be UTC timestamped. Using that data we compiled scatter charts in different suspect time zones to see when he was active and when he was not. We then used other data we gathered to further confirm the most likely location he called home. Common suspect locations are the UK (GMT), US Eastern (EST), US Pacific (PST), Japan (JST), and Australia (AEST). The last two were easy to debunk, but the first three prospects needed further examination.

Programming columnist Mike Melanson assesses the news that Guido Van Rossum, the creator of the Python programming language, has come out of retirement to join Microsoft's developer division: The news brought a flurry of congratulations and feature requests, though a few of the suggested features indeed, already exist. Others still were met with informative responses that make the resulting threads worth a perusal, especially if you're looking for a quick "who's who" on Twitter for the world of programming languages. Microsoft's Miguel de Icaza pointed out that this addition adds to the company's now growing list of language designers and contributors:

"The developer division at Microsoft now employs the language designers and contributors to Python, Java, JavaScript, Typescript, F# C#, C++. We just need some PHP, Rust and Swift magic to complete the picture."

[Microsoft senior software engineer Kat Marchán added "We actually have some early ex-moz Rust people too!"]

So, what can we expect from all of this? Is it a corporate takeover of open source, as some further down in the long list of replies always seem to suggest? Or is Microsoft planning the Frankenstein of all languages, with a little bit of this, a little bit of that? In all likelihood, you Python developers using Microsoft products probably have some good features to look forward to in the near future, and that's that, but there's always lingering fears...especially when it comes to Microsoft. As van Rossum suggests, stay tuned.
After Slashdot's earlier story, long-time reader alexgieg posted his own theory: "Several months ago the Excel folk within Microsoft asked users whether they'd like to have Python as an alternative scripting language in Office. Support for that was overwhelming, but nothing more was said on the matter since then. I guess this is Microsoft's answer."

An anonymous reader shares an excerpt from a report via VICE: Like other gig work giants, DoorDash has admitted in its IPO documents that its own business model -- and the way it treats and pays workers -- are major "risks" to its business. In its S-1 filing with the Securities and Exchanges Commission, there's little to no evidence DoorDash can achieve let alone sustain profitability (in fact, that it may never be profitable is another "risk"), and lots of evidence that its business model is largely based on taking advantage of both restaurants and drivers.

Included in "risks" are the two following statements, which are wonders to behold: "Our success, or perceived success, and increased visibility may also drive some businesses that perceive our business model negatively to raise their concerns to local policymakers and regulators. These businesses and their trade association groups or other organizations may take actions and employ significant resources to shape the legal and regulatory regimes in jurisdictions where we may have, or seek to have, a market presence in an effort to change such legal and regulatory regimes in ways intended to adversely affect or impede our business and the ability of merchants, consumers, and Dashers to use our platform." What this means is that restaurants might want DoorDash to take less of a cut from their commission, which is understandable. Even with cuts to DoorDash's commission rates during the pandemic, many restaurants are still struggling to scrape by.

And then there's this, which explicitly says the company's own pay model for drivers is a risk to its further existence: "Our ability to provide a cost-effective local logistics platform is also dependent on Dasher pay, which is a significant cost and subject to a number of risks..." That's a mouthful, but says that DoorDash's pay model for delivery drivers is algorithmic, which leads to an "inconsistency in earnings" which is likely to piss off both its workforce and its customers to the point where it may be challenged both in court and by regulators, and reported on in the media. This problem is even worse when you consider the labor patterns of gig companies: they require a large reserve of idle labor to keep wait times low and to fight extremely high turnover rates, but they also rely on a core of full-time gig workers to do the vast majority of work. As a result, the workers hurt the most by this "inconsistency in earnings" are the most precarious and vulnerable workers who rely on DoorDash to make ends meet.

Long-time Slashdot reader fahrbot-bot shared this report from the New York Times: A decade ago, a band of astronomers set out to investigate one of the oldest questions taunting philosophers, scientists, priests, astronomers, mystics and the rest of the human race: How many more Earths are out there, if any? How many far-flung planets exist that could harbor life as we know it?

Their tool was the Kepler spacecraft, which was launched in March 2009 on a three-and-a-half year mission to monitor 150,000 stars in a patch of sky in the Milky Way. It looked for tiny dips in starlight caused by an exoplanet passing in front of its home star. "It's not E.T., but it's E.T.'s home," said William Borucki when the mission was launched in March 2009. It was Dr. Borucki, an astronomer now retired from NASA's Ames Research Center, who dreamed up the project and spent two decades convincing NASA to do it. Before the spacecraft finally gave out in 2018, it had discovered more than 4,000 candidate worlds among those stars. So far, none have shown any sign of life or habitation. (Granted, they are very far away and hard to study.) Extrapolated, that figure suggests that there are billions of exoplanets in the Milky Way galaxy. But how many of those are potentially habitable?

After crunching Kepler's data for two years, a team of 44 astronomers led by Steve Bryson of NASA Ames has landed on what they say is the definitive answer, at least for now. Their paper has been accepted for publication in the Astronomical Journal... The team calculated that at least one-third, and perhaps as many as 90 percent, of stars similar in mass and brightness to our sun have rocks like Earth in their habitable zones, with the range reflecting the researchers' confidence in their various methods and assumptions. That is no small bonanza, however you look at it.

According to NASA estimates there are at least 100 billion stars in the Milky Way, of which about 4 billion are sunlike. If only 7 percent of those stars have habitable planets — a seriously conservative estimate — there could be as many as 300 million potentially habitable Earths out there in the whole Milky Way alone.

On average, the astronomers calculated, the nearest such planet should be about 20 light-years away, and there should be four of them within 30 light-years or so of the sun...
"The new result means that the galaxy is at least twice as fertile as estimated in one of the first analyses of Kepler data, in 2013."