At a time when several companies have grown new interest in open sourcing part of their offerings, Samsung appears to be going the other way. The company has shut down the Samsung Open-Source Group (Samsung OSG), according to a report. Phoronix, which reported the development, offers some background: Samsung's Open-Source Group had been structured within Samsung Research America. Samsung OSG was formed back in 2012 and has employed dozens of developers over the past number of years. Samsung OSG was akin to Intel OTC (Open-Source Technology Center) albeit with not nearly as many developers nor as many original open-source projects brought up by the Intel software crew. The Samsung OSG stated purpose has been to "enhance key open source projects through upstream contributions and active involvement with open source foundations." Samsung OSG has contributed very heavily to the development of Wayland as well as some X.Org components, Cairo, Enlightenment EFL, the LLVM Clang compiler, GStreamer, FFmpeg, the Linux kernel, and other related code-bases that helped benefit Samsung's open-source/Linux needs across their wide portfolio of products from smart watches to refrigerators.

With the in-development Linux 4.20 kernel, it is now effectively VLA-free. From a report: The variable-length arrays (VLAs) that can be convenient and part of the C99 standard but can have unintended consequences. VLAs allow for array lengths to be determined at run-time rather than compile time. The Linux kernel has long relied upon VLAs in different parts of the kernel -- including within structures -- but going on for months now (and years if counting the kernel Clang'ing efforts) has been to remove the usage of variable-length arrays within the kernel. The problems with them are:
1. Using variable-length arrays can add some minor run-time overhead to the code due to needing to determine the size of the array at run-time.
2. VLAs within structures is not supported by the LLVM Clang compiler and thus an issue for those wanting to build the kernel outside of GCC, Clang only supports the C99-style VLAs.
3. Arguably most importantly is there can be security implications from VLAs around the kernel's stack usage.

An anonymous reader quotes a report from EurekAlert: Air pollution in the U.S. has decreased since about 1990, and a new study conducted at the University of North Carolina at Chapel Hill now shows that this air quality improvement has brought substantial public health benefits. The study, published in the journal Atmospheric Chemistry and Physics, found that deaths related to air pollution were nearly halved between 1990 and 2010. The team's analyses showed that deaths related to air pollution exposure in the U.S. decreased by about 47 percent, dropping from about 135,000 deaths in 1990 to 71,000 in 2010.

These improvements in air quality and public health in the U.S. coincided with increased federal air quality regulations, and have taken place despite increases in population, energy and electricity use, and vehicle miles traveled between 1990 and 2010. [...] Still, despite clear improvements, air pollution remains an important public health issue in the U.S. The estimated 71,000 deaths in 2010 translates to 1 of every 35 deaths in the U.S. -- that's as many deaths as we see from all traffic accidents and all gun shootings combined.

TechCrunch reports: A major new campaign of disinformation around Brexit, designed to stir up U.K. 'Leave' voters, and distributed via Facebook, may have reached over 10 million people in the U.K., according to new research. The source of the campaign is so far unknown, and will be embarrassing to Facebook, which only this week claimed it was clamping down on "dark" political advertising on its platform. Researchers for the U.K.-based digital agency 89up allege that Mainstream Network -- which looks and reads like a "mainstream" news site but which has no contact details or reporter bylines -- is serving hyper-targeted Facebook advertisements aimed at exhorting people in Leave-voting U.K. constituencies to tell their MP to "chuck Chequers." Chequers is the name given to the U.K. Prime Ministers's proposed deal with the EU regarding the U.K.'s departure from the EU next year.
ABC News reports: When the Justice Department unsealed criminal charges detailing a yearslong effort by a Russian troll farm to "sow division and discord in the U.S. political system," it was the first federal case alleging continued foreign interference in U.S. elections. Earlier Friday, American intelligence officials released a rare public statement asserting that Russia, China, Iran and other countries are engaged in ongoing efforts to influence U.S. policy and voters in future elections. The statement didn't provide details on those efforts. That stood in contrast with the criminal charges, which provided a detailed narrative of Russian activities...

The criminal complaint provided a clear picture that there is still a hidden but powerful Russian social media effort aimed at spreading distrust for American political candidates and causing divisions on social issues such as immigration and gun control.... Court papers describe how the operatives in Friday's case would analyze U.S. news articles and decide how they would draft social media messages about those stories. They also show that Russian trolls have stepped up their efforts with a better understanding the U.S. political climate and messages that are no longer riddled with misspellings.
CNN notes that one week before America's 2016 presidential election, "one of the Kremlin-backed accounts denied that Russian meddling, saying: 'Russia's Putin says Moscow not trying to influence U.S. election.'"

America's Multi-State Information Sharing & Analysis Center is operated in collaboration with its Department of Homeland Security's Office of Cybersecurity and Communications -- and they've got some bad news. MS-ISAC released an advisory warning government agencies, businesses, and home users of multiple high-risk security issues in PHP that can allow attackers to execute arbitrary code. Furthermore, if the PHP vulnerabilities are not successfully exploited, attackers could still induce a denial-of-service condition rendering the probed servers unusable... The PHP Group has issued fixes in the PHP 7.1.23 and 7.2.11 releases for all the high-risk bugs that could lead to DoS and arbitrary code execution in all vulnerable PHP 7.1 and 7.2 versions before these latest updates.
But meanwhile, Threatpost reported this week that 62% of the world's web sites are still running PHP version 5 -- even though its end of life is December 31st. "The deadlines will not be extended, and it is critical that PHP-based websites are upgraded to ensure that security support is provided," warned a recent CERT notice.

So far Drupal is the only CMS posting an official notice requiring upgrades to PHP 7 (by March, three months after the PHP 5.6's end of life deadline). Threatpost notes that "There has been no such notice from WordPress or Joomla."

Long-time Slashdot reader Freshly Exhumed writes: Researchers at the University of Dayton Research Institute [Impact Physics Lab] have shown in a video what can happen when a high-mass, consumer-level drone strikes the wing of an aircraft. They provide visual evidence of the damage a 2.1-pound DJI Phantom 2 videography quadcopter would have upon the wing of a Mooney M20, a small, private aircraft. It is not difficult to extrapolate the effects upon an airliner in a similar situation. "We wanted to help the aviation community and the drone industry understand the dangers that even recreational drones can pose to manned aircraft before a significant event occurs," said Kevin Poormon of UDRI.
The video -- titled "Risk in the Sky?" -- simulates a collision at 238 mph in which the drone tears open the wing's leading edge.

"While the quadcopter broke apart, its energy and mass hung together to create significant damage to the wing," said Kevin Poormon, group leader for impact physics at UDRI.

Slashdot reader generic shares a report from ZDNet: For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the second most starred jQuery project on GitHub, after the jQuery framework itself. It is immensely popular, has been forked over 7,800 times, and has been integrated into hundreds, if not thousands, of other projects, such as CMSs, CRMs, Intranet solutions, WordPress plugins, Drupal add-ons, Joomla components, and so on.

Earlier this year, Larry Cashdollar, a security researcher for Akamai's SIRT (Security Intelligence Response Team), has discovered a vulnerability in the plugin's source code that handles file uploads to PHP servers. Cashdollar says that attackers can abuse this vulnerability to upload malicious files on servers, such as backdoors and web shells. The Akamai researcher says the vulnerability has been exploited in the wild. "I've seen stuff as far back as 2016," the researcher told ZDNet in an interview. The vulnerability was one of the worst kept secrets of the hacker scene and appears to have been actively exploited, even before 2016. Cashdollar found several YouTube videos containing tutorials on how one could exploit the jQuery File Upload plugin vulnerability to take over servers. One of three YouTube videos Cashdollar shared with ZDNet is dated August 2015. Thankfully, the CVE-2018-9206 identifier was pushed earlier this month to address this issue. "All jQuery File Upload versions before 9.22.1 are vulnerable," reports ZDNet. "Since the vulnerability affected the code for handling file uploads for PHP apps, other server-side implementations should be considered safe."

Security researchers have found flaws in four popular connected storage drives that they say could let hackers access a user's private and sensitive data. From a report: The researchers Paulos Yibelo and Daniel Eshetu said the software running on three of the devices they tested -- NetGear Stora, Seagate Home and Medion LifeCloud -- can allow an attacker to remotely read, change and delete data without requiring a password. Yibelo, who shared the research with TechCrunch this week and posted the findings Friday, said that many other devices may be at risk.

The software, Hipserv, built by tech company Axentra, was largely to blame for three of the four flaws they found. Hipserv is Linux-based, and uses several web technologies -- including PHP -- to power the web interface. But the researchers found that bugs could let them read files on the drive without any authentication. It also meant they could run any command they wanted as "root" -- the built-in user account with the highest level of access -- making the data on the device vulnerable to prying eyes or destruction.

An anonymous reader quotes a report from The Washington Post: Insects around the world are in a crisis, according to a small but growing number of long-term studies showing dramatic declines in invertebrate populations. A new report suggests that the problem is more widespread than scientists realized. Huge numbers of bugs have been lost in a pristine national forest in Puerto Rico (Warning: source may be paywalled; alternative source), the study found, and the forest's insect-eating animals have gone missing, too. The latest report, published Monday in the Proceedings of the National Academy of Sciences, shows that this startling loss of insect abundance extends to the Americas. The study's authors implicate climate change in the loss of tropical invertebrates.

Bradford Lister, a biologist at Rensselaer Polytechnic Institute in New York, has been studying rain forest insects in Puerto Rico since the 1970s. "We went down in '76, '77 expressly to measure the resources: the insects and the insectivores in the rain forest, the birds, the frogs, the lizards," Lister said. He came back nearly 40 years later, with his colleague Andrés García, an ecologist at the National Autonomous University of Mexico. What the scientists did not see on their return troubled them. "Boy, it was immediately obvious when we went into that forest," Lister said. Fewer birds flitted overhead. The butterflies, once abundant, had all but vanished. García and Lister once again measured the forest's insects and other invertebrates, a group called arthropods that includes spiders and centipedes. The researchers trapped arthropods on the ground in plates covered in a sticky glue, and raised several more plates about three feet into the canopy. The researchers also swept nets over the brush hundreds of times, collecting the critters that crawled through the vegetation. Each technique revealed the biomass (the dry weight of all the captured invertebrates) had significantly decreased from 1976 to the present day. The sweep sample biomass decreased to a fourth or an eighth of what it had been. Between January 1977 and January 2013, the catch rate in the sticky ground traps fell 60-fold. The study also found a 30-percent drop in anole lizards, which eat arthropods. Some anole species have disappeared entirely from the interior forest. Another research team captured insect-eating frogs and birds in 1990 and 2005, and found a 50 percent decrease in the number of captures. The authors attribute this decline to the changing climate.

An anonymous reader quotes a report from IEEE Spectrum: Over the past six months a small, publicly available genealogy database has become the go-to source for solving cold case crimes. The free online tool, called GEDmatch, is an ancestry service that allows people to submit their DNA data and search for relatives -- an open access version of AncestryDNA or 23andMe. Since April, investigators have used GEDmatch to identify victims, killers, and missing persons all over the U.S. in at least 19 cases, many of them decades old, according to authors of a report published today in Science. The authors predict that in the near future, as genetic genealogy reports gain in popularity, such tools could be used to find nearly any individual in the U.S. of European descent.

GEDmatch holds the genetic data of only about a million people. But cold case investigators have been exploiting the database using a genomic analysis technique called long-range familial search. The technique allows researchers to match an individual's DNA to distant relatives, such as third cousins. Chances are, one of those relatives will have used a genetic genealogy service. More than 17 million people have participated in these services -- a number that has grown rapidly over the last two years. AncestryDNA and 23andMe hold most of those customers. A genetic match to a distant relative can fairly quickly lead investigators to the person of interest. In a highly publicized case, GEDmatch was used earlier this year to identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s, but was never caught. In April, investigators were able to use a genealogy database to narrow down DNA data from crime scenes and identify the "Golden State Killer," a serial rapist and murderer who terrorized California in the 1970s and 1980s.

jrepin writes: KDE has released Plasma 5.14 desktop. Among many other things, Plasma 5.14 simplifies managing multiple displays thanks to its new Display Configuration widget; Global Menus a la macOS now work also with GTK applications like GIMP; a new safeguard feature warns you if other users are logged in when you log out; and Discover now lets you install Snaps from all available channels (not just the default), orders software by release date, and shows package dependencies. Downloads can be found here.

An anonymous reader quotes a report from Ars Technica: An energy development group has been working for years to put together Ohio's first offshore wind project. That might sound odd for a state so far from the sea, but the benefits of offshore wind (strong, consistent gusts and relative proximity to major population centers) translate to wind turbines that are placed in freshwater, too. Consequently, an area eight miles off Ohio's Lake Erie coastline is slated to see six new 3.45 megawatt (MW) turbines as part of a 20.7MW pilot installation. On Thursday, the Department of Energy (DOE) issued an Environmental Assessment stating that proceeding with the plan would not cause any "impact to the human environment." In an additional finding published by the DOE this week, the department added that it did not believe that the offshore wind project would cause significant damage to migratory birds, either. Finally, the DOE proposed an unspecified amount of funding for the project, which will be the first freshwater offshore wind project in the US and one of the first offshore wind projects overall. The Lake Erie Energy Department Corporation (LEEDCo) and Norwegian investor Fred Olsen Renewables (FOR) will be developing the "Icebreaker" project, as the turbine installation has been called. "Interestingly, the turbines will be secured to the lake using a 'Mono Bucket' foundation, with a suction-based design that's similar to what's been used on offshore oil-drilling platforms in the North Sea," reports Ars. "The design, LEEDCo says, uses 'the best and lowest-cost technology for sites 25 meters and less.'"

An anonymous reader writes: The 24th annual Interactive Fiction Competition kicked off Monday, unveiling 77 new text adventures which will vie for nearly $9,000 in prize money. The contest's organizers are encouraging people to play and rate the free games, and encourage their friends to join in the fun (or to donate more prize money or other prizes). They're dedicating this year's competition to the memory of Stu Galley, who co-founded the pioneering text adventure company Infocom back in 1979 with his classmates from MIT. Infocom went on to create everything from Zork to a popular Hitchhiker's Guide to the Galaxy game, and Stu is credited as the driving force behind text adventures like Moonmist, Seastalker, and The Witness.
Meanwhile, long-time Slashdot reader paulproteus reminds us that the "Roguelike Celebration" is happening today and tomorrow at the GitHub office in San Francisco -- and is streaming on Twitch. The Roguelike Celebration is a community-generated weekend of talks, games, and conversations about roguelike [games] and related topics, including procedural generation and game design... It's for fans, players, developers, scholars, and everyone else, including people new to this type of game.

At an event this month (you can find the video of it here), Davide Cavalca, a production engineer at Facebook, spoke about the growing adoption of systemd at the data centers of the company. From a report: Facebook continues making use of systemd's many features inside their data centers. Some of their highlights for systemd use in 2018 includes: Facebook's servers have been relying on systemd for about the past two years. Facebook is using CentOS 7 everywhere from hosts to containers. While relying on CentOS 7, Facebook backports a lot of packages including new systemd releases, Meson, other dependencies, and of course new Linux kernel releases. Facebook is working on "pystemd" as a Python (Cython) wrapper on top of SD-BUS.

Last month when Boeing and SpaceX announced the first astronauts who will fly on their commercial crew spacecraft, several newspapers across the U.S. began publishing an op-ed that criticized the process by which Boeing competitor SpaceX fuels its Falcon 9 rocket. "The first op-ed appeared in a Memphis newspaper a week before the commercial crew announcement," reports Ars Technica. "In recent weeks, copies of the op-ed have also appeared in the Houston Chronicle, various Alabama newspapers, Albuquerque Journal, Florida Today, and The Washington Times." Ars Technica reports: All of these op-eds were bylined by "retired spacecraft operator" Richard Hagar, who worked for NASA during the Apollo program and now lives in Tennessee. (Based upon his limited social media postings, Hagar appears to be more interested in conservative politics than in space these days). Each op-ed cites Hagar's work on NASA's recovery from the Apollo 1 fire and the hard lessons NASA learned that day about human spaceflight. The pieces then pivot to arguing that SpaceX's load-and-go fueling process -- in which the crew will board the Dragon spacecraft on top of the Falcon 9 rocket before it is fueled -- ignores the lessons that Hagar's generation learned during Apollo.

"It's concerning to learn that some of the newer private space ventures launching today don't appreciate the same safety standards we learned to emphasize on Apollo," the op-ed states. "I suppose for Mr. Musk, inexperience is replacing the abundant safety protocols drilled into us after witnessing the Apollo 1 disaster. Astronaut safety is NASA's number one priority on any space mission. There is no reason it should not be for private space travel, but commercial space companies like SpaceX play by different rules."

There are some factual inaccuracies here. For one thing, SpaceX does play by the same rules as Boeing for commercial crew -- astronaut safety rules that NASA itself wrote. Moreover, NASA has already provisionally cleared load-and-go for Falcon 9 launches that will send the Dragon spacecraft into orbit. To try to understand his viewpoint, Ars attempted to reach Hagar by phone and email in September. In the course of this process, we learned that he did not actually submit many of these op-eds. In fact, based upon our research, at least four of the six op-eds that we located were submitted by two people with gmail.com addresses. Their names were Josh Brevik and Casey Murray. Further research revealed that two people with these names worked as "associates" at a Washington, DC-based public relations firm named Law Media Group or LMG. LMG's website says they are a 15-year-old firm that "develops and executes public-, Hill-, and agency-facing issue advocacy campaigns that shift the narrative in a changing world." The SourceWatch website more bluntly "calls LMG a 'secretive Washington DC public affairs firm' with a history of placing op-eds, and it seeks to mask the op-eds' financial sponsors," reports Ars.

Michael Larabel, writing for Phoronix: Apple announced the Magic Trackpad 2 almost three years ago to the day while the mainline Linux kernel will finally be supporting this multi-touch device soon. The Magic Trackpad 2 is a wired/wireless touchpad with haptic feedback support and is a much larger touchpad compared to the original Magic Trackpad. There unfortunately hasn't been any mainline Linux kernel support for the Magic Trackpad 2, but some out-of-tree options. [...] However, as seen by this bug report there have been plenty of people since 2015 interested in using the Magic Trackpad 2 on Linux. Fortunately, Sean O'Brien of Google's Chrome OS team has been working on Magic Trackpad 2 support with a focus on getting it mainlined. The patch, which was also reviewed by other Google/ChromeOS developers, is now up to its third and perhaps final revision.

schwit1 shared an article from the New York Times: When investigative journalist Julia Angwin worked for ProPublica, the nonprofit news organization became known as "Big Tech's scariest watchdog." By partnering with programmers and data scientists, Angwin pioneered the work of studying Big Tech's algorithms -- the secret codes that have an enormous effect on everyday American life... Now, with a $20 million gift from Craigslist founder Craig Newmark, she and her partner at ProPublica, data journalist Jeff Larson, are starting the Markup, a news site dedicated to investigating technology and its effect on society. Sue Gardner, former head of the Wikimedia Foundation, which hosts Wikipedia, will be the Markup's executive director. Angwin and Larson said that they would hire two dozen journalists for its New York office and that stories would start going up on the website in early 2019...

Angwin, who was part of a Wall Street Journal team that won a Pulitzer Prize in 2003 for coverage of corporate corruption, said the newsroom would be guided by the scientific method, and each story would begin with a hypothesis... At the Markup, journalists will be partnered with a programmer from a story's inception until its completion. "To investigate technology, you need to understand technology," said Angwin, 47... Newmark, who splits his time between San Francisco and New York, has for years kept a low profile. But he worries about what he sees as a lack of self-reflection among engineers. "Sometimes it takes an engineer a while to understand that we need help, then we get that help, and then we do a lot better," Newmark said. "We need the help that only investigative reporting with good data science can provide...."

Engineers being surprised by the tools they have made is, to the Markup team, part of the problem. "Part of the premise of the Markup is the level of understanding technology and its effects is very, very low, and we would all benefit from a broader understanding," Gardner said. "And I would include people who work for the companies."
Larson laments a world where programs handle crucial decisions, and "once they go into production, there's no oversight..." Or, as he says earlier, "Increasingly, algorithms are used as shorthand for passing the buck." The Markup's site promises " a nonpartisan, nonprofit newsroom" offering independent analysis of how technology is re-shaping everything from what we believe to "who goes to prison versus who remains free." The site's donations page adds that "We strive for fairness and independence and for us, the best way to achieve that is to operate without ads or a paywall."

Angwin tells Recode that she grew up in Steve Jobs' neighborhood in Palo Alto, and in a long interview reveals that she learned to program in a fifth grade class that a public-spirited Steve Jobs funded. Now the Times points out that the Markup "will release all its stories under a creative commons license so other organizations can republish them, as ProPublica does."

A reader shares a report from BGR: When looking at the Earth from afar it appears to be a perfect sphere, but that actually isn't the case. Because Earth isn't uniform on all sides due to land masses that shift and change over time, our planet actually wobbles a bit when it spins. Now, a new study by researchers with NASA's Jet Propulsion Laboratory and several universities and science centers has pinpointed the causes of Earth's imperfect spin, called "polar motion," and they found that humans are contributing to it. The researchers used a wealth of data gathered over 100 years to build mathematical models to trace the causes of the wobble and found that three factors are at play, and mankind is responsible for one of them. Two of the three factors identified by the scientists are glacial rebound and mantle convection. Glacial rebound happens when thick ice sheets physically push down on land masses, compressing them, but then release that pressure upon melting. The land then balloons back up over time, causing Earth's spin to wobble as if slightly off-axis. The effects of the last ice age, which would have compressed a huge amount of land across many continents, is still being felt today in the form of glacial rebound.

Mantle convection, the other uncontrollable factor in Earth's wobble, relates to our planet's inner workings. The plates on Earth's surface are in constant flux due to the movement of liquid rock far beneath our feet. The researchers believe these currents also contribute to the planet's imperfect spin. The third and final factor identified by the scientists is the massive loss of ice on Greenland and other areas, which is the direct result of global warming thanks to human activities. The researchers estimate that Greenland has lost roughly 7,500 gigatons, or 7,500,000,000,000 metric tons of ice due to global warming. All that ice loss has happened in the 20th century, and greenhouse gas production has been cited as the primary culprit. Losing all that mass has caused a significant shift on the planet and has contributed to the wobble as well.

Jason Scott, writing for Internet Archive blog: The Internet Arcade, our collection of working arcade machines that run in the browser, has gotten a new upgrade in its 4th year. Advancements by both the MAME emulator team and the Emscripten conversion process allowed our team to go through many more potential arcade machines and add them to the site. The majority of these newly-available games date to the 1990s and early 2000s, as arcade machines both became significantly more complicated and graphically rich, while also suffering from the ever-present and home-based video game consoles that would come to dominate gaming to the present day. Even fervent gamers might have missed some of these arcade machines when they were in the physical world, due to lower distribution numbers and shorter times on the floor.

According to state monitoring data, Southern California violated federal smog standards for 87 consecutive days -- the longest stretch of bad air in at least 20 years. "The streak is the latest sign that Souther California's battle against smog is faltering after decades of dramatic improvement," reports San Francisco Chronicle. From the report: The ozone pollution spell began June 19 and continued through July and August, with every day exceeding the federal health standard of 70 parts per billion somewhere across Los Angeles, Orange, Riverside and San Bernardino counties. It didn't relent until Sept. 14, when air pollution dipped to "moderate" levels within federal limits for ozone, the lung-damaging gas in smog that triggers asthma and other respiratory illnesses. It's not unusual for Southern California summers to go weeks without a break in the smog, especially in inland communities that have long suffered the nation's worst ozone levels. But environmentalists and health experts say the persistence of dirty air this year is a troubling sign that demands action. Regulators blame the dip in air quality in recent years on hotter weather and stronger, more persistent inversion layers that trap smog near the ground.