"It was the year of 'OK boomer,' and the generations were at each other's throats," argues the national features writer for The Washington Post, starting with a quote from New York University's Michael North, who studies ageism in the workplace.

"Age-based prejudice is the last acceptable form of prejudice. People are making age-based generalizations and stereotypes that you wouldn't be able to get away with about race or background..." People are getting away with it. This year, the baby boom was blamed for almost everything: the fate of the planet, Congress, college debt, plastic straws, the ending of "Game of Thrones." An entire generation was perceived to be operating as a giant monolith, mind-melded in its intention to make young people miserable for the rest of their long lives. Never mind that old people were once young, struggling, loaded with debt, facing a lousy job market, expensive housing, inflation. (Yes, there was something called inflation. It had to be whipped. Ask your parents.)

And, guess what, millennials? You are acquiring property. So, you know, patience.

The sewer of mockery flowed both ways, upstream and down. It was funny, except when it wasn't. If young folk derided the Olds for leaving an environmental and fiscal mess, the baby boom was happy to sling verbal mud in their direction. After "OK boomer" erupted, AARP senior vice president and editorial director Myrna Blyth said in an interview with Axios, "Okay, millennials, but we're the people that actually have the money." (AARP long stood for American Association of Retired Persons, but now a growing number of older Americans can't or won't retire....) What distinguishes these latest ageist salvos are their intensity and frequency. It's an intergenerational quipping contest, fueled by the rapid, reductionist and unrestrictive nature of social media, which makes it far too easy to cast verbal stones. "Social media amplifies previously latent sentiment," North says....

Any day now, boomers won't be blamed for everything that is not okay. This is the year -- can you feel it? -- that, according to Pew's analysis of census projections, millennials are scheduled to surpass the baby boom in sheer size, 73 million to 72 million, because of, well, death. By 2028, Gen X is also projected to be larger than the baby boom, so we'll probably start blaming them.

In the meantime, perhaps the generations need to be kinder to each other.

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.

FPS (first-person shooter) games have been a staple in the video game industry ever since the explosion of Wolfenstein 3D back in 1992. Since then, the genre has been evolving with graphical upgrades, huge budgets, and an eSports ecosystem. But what about its core, the shooting mechanics? How have we progressed on that front? Why do some guns feel like it's the real thing, while others feel like toys?

An anonymous reader quotes the Washington Post: The nation's oldest anti-vaccine advocacy group often emphasizes that it is supported primarily by small donations and concerned parents, describing its founder as the leader of a "national, grass roots movement." But over the past decade a single donor has contributed more than $2.9 million to the National Vaccine Information Center, accounting for about 40 percent of the organization's funding, according to the most recent available tax records.

That donor, osteopathic physician Joseph Mercola, has amassed a fortune selling natural health products, court records show, including vitamin supplements, some of which he claims are alternatives to vaccines.

In recent years, the center has been at the forefront of a movement that has led some parents to forgo or delay immunizing their children against vaccine-preventable diseases such as measles. Health officials say falling vaccination rates contributed to the infectious virus sickening more than 1,200 people in the United States this year, the largest number in more than 25 years. Measles outbreaks are surging worldwide, including in Samoa -- where nearly 80 people have died since mid-October, the great majority of them young children and infants... The group claimed credit this year for helping to defeat legislation in a dozen states that would have made it harder for parents to opt out of vaccinating their children...

Mercola, whose claims about other products have drawn warnings from regulators, has also given at least $4 million to several groups that echo the anti-vaccine message. His net worth, derived largely from his network of private companies, has grown to "in excess of $100 million," he said in a 2017 affidavit.
In 2010 Mercola's site and the anti-vaccination group "launched a website that tracks vaccine-related legislation in every state. The site provides activists with detailed information, including how to sign up for public comment to support or oppose legislation in their state, where to park to attend a public hearing and what color T-shirt to wear to rallies..."

"In 2016, in response to a complaint from the Federal Trade Commission, Mercola refunded nearly $2.6 million to more than 1,300 people who bought tanning beds that he claimed could reduce the risk of skin cancer."

The Tow Center for Digital Journalism at Columbia's Graduate School of Journalism reports: An increasingly popular tactic challenges conventional wisdom on the spread of electoral disinformation: the creation of partisan outlets masquerading as local news organizations. An investigation by the Tow Center for Digital Journalism at Columbia Journalism School has discovered at least 450 websites in a network of local and business news organizations, each distributing thousands of algorithmically generated articles and a smaller number of reported stories. Of the 450 sites we discovered, at least 189 were set up as local news networks across ten states within the last twelve months by an organization called Metric Media. Titles like the East Michigan News, Hickory Sun, and Grand Canyon Times have appeared on the web ahead of the 2020 election. These networks of sites can be used in a variety of ways: as 'stage setting' for events, focusing attention on issues such as voter fraud and energy pricing, providing the appearance of neutrality for partisan issues, or to gather data from users that can then be used for political targeting.

On October 20, the Lansing State Journal first broke the story of the network's existence. About three dozen local news sites, owned by Metric Media, had appeared in Michigan. Further reporting by the Michigan Daily, the Guardian and the New York Times identified yet more sites. Ultimately, previous reporting has identified around 200 of these sites. Our analysis suggests that there are at least twice that number of publications across a number of related networks, of which Metric Media is just one component. Over a two-week period starting November 26, we tapped into the RSS feeds of these 189 Metric Media sites, all of which were we found that were created this year, and found over fifteen thousand unique stories had been published (over fifty thousand when aggregated across the sites), but only about a hundred titles had the bylines of human reporters. The rest cited automated services or press releases.

The creators of Vim have released a game called "Killersheep" to show off two new features in Vim 8.2.

"Before I did the keynote at VimConf 2018 I asked plugin developers what they wanted from Vim," reads the announcement at Vim.org. "The result was a very long list of requested features. The top two items were clear: Popup windows and text properties." After more than a year of development the new features are now ready for the Vim crowds.

Popup windows make it possible to show messages, function prototypes, code snippets and anything else on top of the text being edited. They open and close quickly and can be highlighted in many ways... This was no small effort. Although the existing window support could be used, popup windows are different enough to require a lot of extra logic. Especially to update the screen efficiently. Also to make it easy for plugin writers to use them; you don't need to tell Vim exactly where to show one, just give a reference point and the text to display, Vim will figure out the size and where the popup fits best.

Text properties can be used for something as simple as highlighting a text snippet or something as complicated as using an external parser to locate syntax items and highlight them asynchronously. This can be used instead of the pattern based syntax highlighting. A text property sticks with the text, also when inserting a word before it. And this is done efficiently by storing the properties with the text.

"It's been five years already since the vote to transition to systemd in Debian over Upstart," reports Phoronix, noting that the Debian developer community has now begun a 20-day ranked-choice vote on eight different proposals for "'init system diversity' and just how much Debian developers care (or not) in supporting alternatives to systemd."

The eight options they're voting on:

• Choice 1: F: Focus on systemd

• Choice 2: B: Systemd but we support exploring alternatives

• Choice 3: A: Support for multiple init systems is Important

• Choice 4: D: Support non-systemd systems, without blocking progress

• Choice 5: H: Support portability, without blocking progress

• Choice 6: E: Support for multiple init systems is Required

• Choice 7: G: Support portability and multiple implementations

• Choice 8: Further Discussion

There's detailed descriptions of each option on the Debian developers mailing list. "This is a non-secret vote," the post explains. "After the voting period is over the details on who voted what will be published."

b-dayyy quotes Linux Security: A new and particularly troublesome ransomware variant has been identified in the wild. Dubbed NextCry, this nasty strain of ransomware encrypts data on NextCloud Linux servers and has managed to evade the detection of public scanning platforms and antivirus engines. To make matters worse, there is currently no free decryption tool available for victims.

Ransomware hunter and creator of ID Ransomware Michael Gillespie notes that the NextCry ransomware, which is a Python script compiled in a Linux ELF binary using pyInstaller, oddly uses Base64 to encode file names as well as the content of files which have already been encrypted. Gillespie has also confirmed that NextCry encrypts data using the AES algorithm with a 256-bit key.

The ransom note that NextCry victims receive reads "READ_FOR_DECRYPT", and demands 0.025 BTC for a victim's files to be unlocked.

Slashdot reader Rutabaga8 is the CEO of a web site conducting in-depth research on personal finance topics. They recently contacted Slashdot to share "some surprising results" from their analysis of a nonprofit advocacy group's seven years of data on Tesla batteries: By seven years of age, the typical car could still deliver around 93% of the original range on a full charge. That means a Tesla battery typically loses around 1 percentage point of range each year on the road.

Of course, cars that put more miles on the odometer are likely to get faster battery deterioration, because it's the number of charges that really impact battery degradation. However, the data showed that by 150,000 miles Tesla cars still achieved more than 85% of their original range when they were charged to full capacity.

Oculus CTO John Carmack announced Wednesday that he is stepping down from the augmented-reality company to focus his time on artificial general intelligence. The Verge reports: Carmack will remain in a "consulting CTO" position at Oculus, where he will "still have a voice" in the development work at the company, he wrote. Recent comments from Carmack suggest he may have soured on VR. Carmack was a champion of phone-based VR for years at Oculus, but in October, he delivered a "eulogy" for Oculus' phone-based Gear VR. And in a video for receiving a lifetime achievement award this week at the VR Awards, he said that "I really haven't been satisfied with the pace of progress that we've been making" in VR.

schwit1 writes: A private DNA ancestry database that's been used by police to catch criminals is a security risk from which a nation-state could steal DNA data on a million Americans, according to security researchers. Security flaws in the service, called GEDmatch, not only risk exposing people's genetic health information but could let an adversary such as China or Russia create a powerful biometric database useful for identifying nearly any American from a DNA sample. GEDMatch, which crowdsources DNA profiles, was created by genealogy enthusiasts to let people search for relatives and is run entirely by volunteers. It shows how a trend toward sharing DNA data online can create privacy risks affecting everyone, even people who don't choose to share their own information.

"You can replace your credit card number, but you can't replace your genome," says Peter Ney, a postdoctoral researcher in computer science at the University of Washington. Ney, along with professors and DNA security researchers Luis Ceze and Tadayoshi Kohno, described in a report posted online how they developed and tested a novel attack employing DNA data they uploaded to GEDmatch. Using specially designed DNA profiles, they say, they were able to run searches that let them guess more than 90% of the DNA data of other users. The founder of GEDmatch, Curtis Rogers, confirmed that the researchers alerted him to the threat during the summer. "The same attack wouldn't work on other genealogy sites, like 23andMe, because they don't permit data uploads," the report notes. "Others, like MyHeritage, do allow uploads but don't give users as much information about their matches."

"The problem with GEDmatch is the browser is too good, and searches too deeply," says Erlich. "If I were them, I would remove it, fix it, then put it back."

An anonymous reader quotes ISP Review: The RIPE Network Coordination Centre (RIPE NCC), which manages regional distribution of internet addresses for the UK, Europe, Middle East and parts of Central Asia, has confirmed that their final reserve pool of Internet Protocol v4 (IPv4) addresses will completely run out in November 2019. Strictly speaking the Regional Internet Registry (RIR) started running out of address space in 2012 and began rationing the little they had left. Fast forward a few years and at the start of October 2019 it was confirmed that they only had 1 million IPv4 addresses left in their available pool (out of 4 billion addresses total), "which we expect to run out in November 2019...."

Thankfully many ISPs, devices and services have now introduced "newer" IPv6 addresses, although some still have a lot of work to do (e.g. TalkTalk)... A Spokesperson for RIPE NCC told ISPreview.co.uk "... IPv4 'run-out' has long been anticipated and planned for by the technical community and no one needs to worry about the Internet suddenly breaking. But it does mean that the pressure will continue to build for many networks, necessitating the use of complex and expensive workarounds.

"Our advice to network operators is to take stock of their IP resources and to make sure their IPv6 plans are making progress."

nickwinlund77 shares this story from ZDNet: A recently patched security flaw in modern versions of the PHP programming language is being exploited in the wild to take over servers, ZDNet has learned from threat intelligence firm Bad Packets. The vulnerability is a remote code execution (RCE) in PHP 7, the newer branch of PHP, the most common programming language used to build websites.

The issue, tracked as CVE-2019-11043, lets attackers run commands on servers just by accessing a specially-crafted URL. Exploiting the bug is trivial, and public proof-of-concept exploit code has been published on GitHub earlier this week. Only NGINX servers with PHP-FPM enabled are vulnerable. PHP-FPM, or FastCGI Process Manager, is an alternative PHP FastCGI implementation with some additional features, and according to reports, a common server configuration option.

Software engineer Kieran Potts asks: does JavaScript need to be renamed? There's no doubt there are problems with JavaScript's branding...

- Correctly, "JavaScript" refers to a subset of ECMAScript specified by Mozilla, but the word is used interchangeably to refer to multiple different ECMAScript supersets, depending on context.

- JavaScript is a trademark of Oracle Corporation, which doesn't fit comfortably with the language's position as a central component of the web platform, which is meant to be built entirely from open technologies and standards.

- There isn't even an official logo for JavaScript, let alone a cute mascot like Go's gopher or PHP's elephant.

- And famously, JavaScript is unrelated to Java. This has confused the hell out of non-technical managers and recruiters for decades.
The article also suggests "a standard convention" to identify the runtime's host system (for example, "WebJS" or "ServerJS").

But in response to the question of rebranding JavaScript, "the most common, knee jerk reaction was a quick guffaw and an exclaimed 'no!'" notes tech columnist Mike Melanson, "while others offered that the simple contraction to JS would suffice."

California's largest power utility began power shut-offs today for an estimated 2.35 million people -- expected to last two days -- after weather forecasts predicted extreme fire danger due to exceptionally dry weather and severe winds, according to the Washington Post. "Some gusts this weekend might reach 75 mph (120 kph) or higher as part of a 'historic' wind event, the National Weather Service said. The winds could lead to 'erratic fire behavior,' warned the California Department of Forestry and Fire Protection..."

The San Jose Mercury News reports: PG&E won't restore power until inspections of de-energized lines are completed and any damage to the system is repaired. The utility also has requested mutual aid from 1,000 workers from other energy companies, including ATCO Energy in Alberta, Canada; Xcel Energy in Minnesota; and Florida Power & Light. Those crews are expected to be staged and in place to do repairs by Sunday, according to the company.
50,000 people living near Northern California's wine country were also ordered to evacuate, as firefighters struggled to contain an already-burning 25,955-acre wildfire nearby which is only 10% contained. And 40,000 people were ordered to evacuate homes in Southern California near Santa Clarita, where the 4,600-acre Tick Fire is now 25% contained.

mpol writes: Phoronix published an interview with former Purism CTO Zlatan Todoric who left Purism in September 2018. The story hints quite strongly at chaotic situations over at Purism. He started at the company in 2015, when it was a small outfit, and steered it into the bigger company that it is now. To him the smartphone development for the Librem 5 was a mistake and way too early. He has high hopes for the Pinephone, who according to him are doing things right. The first "Aspen" batch of the Purism Librem 5 are supposed to be shipping, though seemingly only people related to Purism are showing off their devices.

Google appears to be removing apps that have donation links, including open-source apps where donations are one of the main sources of revenue. WireGuard, a free and open-source VPN, has been reportedly dropped over this according to WireGuard lead developer Jason Donenfeld. Phoronix reports: After waiting days for Google to review the latest version of their secure VPN tunnel application, it was approved and then removed and delisted -- including older versions of WireGuard. The reversal comes on the basis of violating their "payments policy." The only bit of possible "payments" within the WireGuard app is a donation link within the program taking the user to the WireGuard website should anyone want to donate to support this promising open-source secure networking tech. An appeal to the situation was also rejected by Google, Donenfeld has confirmed this morning on their mailing list. In trying to make it back into Android's Play Store, Jason has dropped the donation link from the Android app version while it's still awaiting review from Google. UPDATE: WireGuard lead developer Jason Donenfeld says the app "has been relisted on the Play Store in its usual location," adding: "Sorry again for any inconvenience this has caused users, or caused developers who depend on the availability of our app for use by their own users. We won't be making any similar changes unless we're certain that we won't be delisted."

California Attorney General Xavier Becerra released a series of draft regulations this week aimed at getting businesses to comply with the state's landmark data privacy law, scheduled to take effect Jan. 1. From a report: Under the California Consumer Privacy Act, signed into law in June 2018, businesses must disclose to consumers the various kinds of data they collect about them. Companies must stop selling consumer data to third parties if customers ask them to, delete personal data on request, and explicitly seek consent from consumers aged 16 or younger to sell personal information. The bill also states that consumers who exercise their rights under the law cannot be discriminated against. The newly announced rules for businesses require notifying people before or when their data is collected. If notice is not given, data cannot be collected. The attorney general also provided guidelines for how to respond to consumers wanting to opt out, delete and know the data that's collected on them, as well as how to verify the identity of people making such requests and how to maintain relevant records for two years. "Help us get this right," Becerra said. Privacy is a right in California, he said, even as he acknowledged that some businesses may struggle to find the resources to comply. But, he added, "We want companies to understand that ignorance is not an excuse."

An anonymous reader writes: Billy Mitchell is the intense videogamer made famous in the 2007 documentary The King of Kong. Last month he threatened to sue both the Guinness Book of World Records and the videogame record-keepers at Twin Galaxies for defamation after they revoked an entire lifetime's worth of videogame high scores. An online discussion had argued that videotapes of three of Mitchell's performances suggested they'd been achieved using a MAME emulator -- but the organization revoked all of Mitchell's high scores (including his uncontested perfect game of Pac-Man in 1999).

Last week Twin Galaxies finally posted their response to Mitchell's lawsuit. "It is not necessary to hire lawyers and threaten Twin Galaxies out of the blue to get it to review and consider relevant new evidence -- all anyone has to do is simply reach out and directly request an opportunity to present the information...

"There will be no retraction or reinstatement. It should be noted that Twin Galaxies is under no obligation to maintain Mr. Mitchell's scores in its database. He has no divine right to be part of the Twin Galaxies community either. Twin Galaxies has unlimited authority to maintain the integrity of its score database." They also write that any lawsuit will be considered a strategic lawsuit against public participation and countered accordingly, followed by a second suit over malicious prosecution. "Please advise Mr. Mitchell to tread lightly, and choose wisely."

Last week a massive new 16,000-word profile of Mitchell pointed out that after his records were revoked, Mitchell had actually webcast himself playing Donkey Kong on Twitch, "obtaining scores equal to those that had been disputed, broadcast live from public venues.... Mitchell had proven he could earn those scores now. But he hadn't outlined a clear defense to prove he'd achieved them at the time of the original submissions."

Google has been testing the Linux kernel with its "sanitizer" testing software that hunts for memory corruption bugs and undefined behaviors. Now Phoronix reports on Google's newest sanitizer: Kernel Concurrency Sanitizer (KCSAN) is focused on discovering data-race issues within the kernel code. This dynamic data-race detector is an alternative to the Kernel Thread Sanitizer. In their testing just last month, in two days they found over 300 unique data race conditions within the mainline kernel.

There was a recent discussion about the Kernel Concurrency Sanitizer on the LKML.