A day after buying the Pixel 4a, I drop my iPhone XS/Max, which is usually OK because it's in a case, but this time the display cracked. I can't be without a phone, and the 4a won't get here until the end of the month, so I bought a new iPhone SE. I'll be comparing the two low-end products from Google and Apple. Weird timing, eh.

This week saw the release Linux 5.8, which Linus Torvalds called "one of our biggest releases of all time," reports TechRepublic: The new version of the Linux kernel brings a number of updates to Linux 5.7 spanning security, core components, drivers, memory management, networking and improvements to the kernel's design, amongst others. This includes updates for Microsoft's Hyper-V virtualization platform, Intel Tiger Lake Thunderbolt support, improvements to Microsoft's exFAT file system, and support for newer Intel and ARM chips. Torvalds said the kernel had received over 15,000 merge requests and that around 20% of all the files in the kernel source repository had been modified. "That's really a fairly big percentage, and while some of it is scripted, on the whole it's really just the same pattern: 5.8 has simply seen a lot of development," Torvalds said. Translated into numbers, Linux 5.8 includes over 800,000 new lines and over 14,000 changed files. It also received one of the biggest number of merge requests during its merge window — over 14,000 non-merge commits and more than 15,000 including merges, according to Torvalds. "5.8 looks big. Really big," he added.

Read more of this story at Slashdot.

Slashdot reader Third Position quotes CleanTechnica: According to a press release from Argonne National Laboratory, researchers at the lab, working with partners at Northern Illinois University, have discovered a new electrocatalyst that converts carbon dioxide and water into ethanol with very high energy efficiency, high selectivity for the desired final product, and low cost. Ethanol is a particularly desirable commodity because it is an ingredient in nearly all U.S. gasoline and is widely used as an intermediate product in the chemical, pharmaceutical, and cosmetics industries. "The process resulting from our catalyst would contribute to the circular carbon economy, which entails the reuse of carbon dioxide," says Di-Jia Liu, senior chemist in Argonne's chemical sciences and engineering division and also a scientist at the Pritzker School of Molecular Engineering at the University of Chicago. "The process resulting from our catalyst would contribute to the circular carbon economy, which entails the reuse of carbon dioxide," he says. The new electrochemical process converts carbon dioxide emitted from industrial processes, such as fossil fuel power plants or alcohol fermentation plants, into valuable commodities at reasonable cost... It breaks down carbon dioxide and water molecules and selectively reassembles them into ethanol using an external electrical field. "What we are witnessing is a convergence of technologies that may result in ways to substantially lower the amount of carbon dioxide that gets added to the atmosphere by industry," writes CleanTechnica, " and at far lower cost than previously thought possible."

Read more of this story at Slashdot.

Song of the day: It's Alright Ma (I'm Only Bleeding).

An anonymous reader quotes Reuters: Twitter has approached TikTok's Chinese owner ByteDance to express interest in acquiring the U.S. operations of the video-sharing app, two people familiar with the matter told Reuters, as experts raised doubts over Twitter's ability to put together financing for a potential deal. It is far from certain that Twitter would be able to outbid Microsoft and complete such a transformative deal in the 45 days that U.S. President Donald Trump has given ByteDance to agree to a sale, the sources said on Saturday. The news of Twitter and TikTok being in preliminary talks and Microsoft still being seen as the front-runner in bidding for the app's U.S. operations was reported earlier by the Wall Street Journal. Twitter has a market capitalization of close to $30 billion, almost as much as the valuation of TikTok's assets to be divested, and would need to raise additional capital to fund the deal, according to the sources. "Twitter will have a hard time putting together enough financing to acquire even the U.S. operations of TikTok. It doesn't have enough borrowing capacity", said Erik Gordon, a professor at the University of Michigan.... One of Twitter's shareholders, private equity firm Silver Lake, is interested in helping fund a potential deal, one of the sources added. Twitter has also privately made a case that its bid would face less regulatory scrutiny than Microsoft's, and will not face any pressure from China given that it is not active in that country, the sources said.

Read more of this story at Slashdot.

An anonymous reader quotes long-time technology pundit Robert Cringely: Forty-five days from now, we're told, President Trump will shut down TikTok and WeChat. TikTok, maybe, but WeChat? Impossible... Trump has a chance of taking down TikTok, the short form video sharing site, because that service is dependent on advertising. He can force the app out of U.S. app stores (though not out of foreign ones) and he can cut off the flow of ad dollars... at least those dollars that flow through American pockets. But there are workarounds, I'm sure, even for TikTok and 45 days is a lot of time to come up with them. So maybe the service will be sold to Microsoft or maybe not. In either case I'm sure TikTok will survive in some form. WeChat, on the other hand, will thrive. WeChat, if you haven't used it, is the mobile operating system for China. It's an app platform in its own right that is used for communication, entertainment, and commerce. Imagine Facebook, LinkedIn, PayPal, Venmo, Skype, Uber, Gmail and eBay all in a single application. That's WeChat. It's even a third-party application platform, so while U.S. banks operate on the Internet, Chinese banks operate on WeChat. Shutting WeChat down in the U.S. would be a huge blow to WeChat's parent company, TenCent, and a huge blow to the Chinese diaspora. Except it won't work. To defeat President Trump, all WeChat users need is a Virtual Private Network and any WeChat users already in the U.S. already have a VPN to defeat the much more formidable Great Firewall of China.

Read more of this story at Slashdot.

"Anyone in the United States who held a Google Plus account between January 1, 2015 and April 2, 2019, and believes they were impacted by a security flaw that Google disclosed in 2018 can now register for a payout from a class action settlement..." reports the Verge. "Each class action member is eligible for a payout of up to $12 after attorney fees and other costs are accounted for, although this could vary depending on the number of people who submit a claim." Although it's reached a settlement, Google denies the allegations made in the lawsuit. It denies any wrongdoing, and believes that no users "sustained any damages or injuries due to the software bugs." If you're interested in making a claim, then you can do so over on the settlement's website, where you'll need to provide the email address associated with your Google Plus account. As well as holding an account between the dates listed, your data must have been exposed as part of the security lapse (Google has previously said that as many as 500,000 users were affected). A final fairness hearing is scheduled for November 19. Google has set aside $7.5 million to handle all costs associated with the settlement, according to the claims page at GooglePlusDataLitigation.com. "If you submit a Valid Claim by October 8, 2020, you may receive a payment. You will also give up your rights to sue Google and/or any other released entities regarding the legal claims in this case."

Read more of this story at Slashdot.

Axios reports: New Zealand has now gone 100 days with no detected community spread of COVID-19, the Ministry of Health confirmed in an emailed statement Sunday afternoon local time... Prime Minister Jacinda Ardern has been widely praised for her leadership that saw New Zealand lock down hard for several weeks before all domestic restrictions were lifted in June... New Zealand has 23 active coronavirus cases. All are NZ residents newly returned from abroad, who are staying in managed isolation facilities. The border remains closed to non-residents and all newly-returned Kiwis must undergo a two-week isolation program managed by the country's defense force... Police are stationed outside hotels where travelers are in quarantine.

Read more of this story at Slashdot.

Confirmed coronavirus cases in the U.S. hit 5 million on Sunday, reports the Associated Press, "by far the highest of any country..." "The failure of the most powerful nation in the world to contain the scourge has been met with astonishment and alarm in Europe." Perhaps nowhere outside the U.S. is America's bungled virus response viewed with more consternation than in Italy, which was ground zero of Europe's epidemic. Italians were unprepared when the outbreak exploded in February, and the country still has one of the world's highest official death tolls at 35,000. But after a strict nationwide, 10-week lockdown, vigilant tracing of new clusters and general acceptance of mask mandates and social distancing, Italy has become a model of virus containment. "Don't they care about their health?" a mask-clad Patrizia Antonini asked about people in the United States as she walked with friends along the banks of Lake Bracciano, north of Rome. "They need to take our precautions. ... They need a real lockdown." Much of the incredulity in Europe stems from the fact that America had the benefit of time, European experience and medical know-how to treat the virus that the continent itself didn't have when the first COVID-19 patients started filling intensive care units. Yet, more than four months into a sustained outbreak, the U.S. reached the 5 million mark, according to the running count kept by Johns Hopkins University. Health officials believe the actual number is perhaps 10 times higher, or closer to 50 million, given testing limitations and the fact that as many as 40% of all those who are infected have no symptoms.... With America's world's-highest death toll of more than 160,000, its politicized resistance to masks and its rising caseload, European nations have barred American tourists and visitors from other countries with growing cases from freely traveling to the bloc. France and Germany are now imposing tests on arrival for travelers from "at risk" countries, the U.S. included. America has just 44% of the population of Europe — but 77% of its confirmed virus deaths, according to stats in the article from John Hopkins University. (It cites "America's world's-highest death toll of more than 160,000," while noting that the entire continent of Europe has over 207,000 confirmed virus deaths.) "In the U.S., new cases are running at about 54,000 a day — an immensely high number even when taking into account the country's larger population." 1 out of every 67 Americans has now had a confirmed infection.

Read more of this story at Slashdot.

New package: davesql.

Environmentalist Dr Stephen Marsh-Smith led efforts to establish a network of river trusts.

Satellite-mapping technology "that detects stains on the ice from penguin droppings" has revealed there are more Emperor colonies than previously known in fast-warming Antarctica, reports Bloomberg: Eleven new colonies of the species were found, taking the census to 61 across the polar continent, according to a study by scientists at the British Antarctic Survey published Wednesday. The scientists used images from Europe's Copernicus Sentinel-2 mission to locate the flightless birds. "This is an exciting discovery," said lead author and geographer Peter Fretwell in a statement. "Whilst this is good news, the colonies are small and so only take the overall population count up by 5-10%, to just over half a million penguins..." The discovery will be used by scientists who are monitoring the birds and raising concerns because they're particularly vulnerable to sea ice melting from climate change... Scientists warned that most of the newly found colonies are in locations likely to be lost as the climate warms and large sections of seasonal ice -- where penguins mate -- risk disappearing. "Birds in these sites are therefore probably the 'canaries in the coal mine'," said Phil Trathan, head of conservation biology at BAS.

Read more of this story at Slashdot.

I wrote this as a comment on Instagram, worth repeating here: When I was young I was afraid of what women my age would look like when I got older. I wish I could have told myself back then that they only become more beautiful with age.

Some scary new variants of "HTTP request smuggling" have been discovered by Amit Klein, VP of security research at SafeBreach, reports Security Week: Specifically, an HTTP request smuggling attack, which can be launched remotely over the internet, can allow a hacker to bypass security controls, gain access to sensitive data, and compromise other users of the targeted app. While the attack method has been known for more than a decade, it still hasn't been fully mitigated. Klein has managed to identify five new attack variants and he has released proof-of-concept (PoC) exploits. He demonstrated his findings using the Abyss X1 web server from Aprelium and the Squid caching and forwarding HTTP web proxy. The developers of Abyss and Squid have been notified of the vulnerabilities exploited by Klein during his research, and they have released patches and mitigations. One of the attacks bypasses the OWASP ModSecurity Core Rule Set (CRS), which provides generic attack detection rules for ModSecurity or other web application firewalls. OWASP has also released fixes after being notified. Klein told SecurityWeek ahead of his talk on HTTP request smuggling at the Black Hat conference that an attacker needs to find combinations of web servers and proxy servers with "matching" vulnerabilities in order to launch an attack, which makes it difficult to determine exactly how many servers are impacted. However, an attacker can simply try to launch an attack to determine if a system is vulnerable. "The attack is not demanding resource-wise, so there's no downside to simply trying it," Klein said. In his research, he demonstrated a web cache poisoning attack, in which the attacker forces the proxy server to cache the content of one URL for a request of a different URL. He says attacks can be launched en-masse through a proxy server against multiple different web servers or against multiple proxy servers... While there haven't been any reports of HTTP request smuggling being used in the wild, Klein has pointed out that attacks may have been launched but were not detected by the target.

Read more of this story at Slashdot.

"As controversy rages over the governance of Google's Istio service mesh, Microsoft has seen an opportunity to offer a simple and truly open alternative," reports InfoWorld: Microsoft has announced that it will release its own open source service mesh — called Open Service Mesh (OSM) — and transfer it to the Cloud Native Computing Foundation (CNCF) as soon as possible. This sets the Redmond-based company apart from its cloud rival Google, which recently announced that its own Istio service mesh will no longer be part of the vendor-neutral CNCF and will instead sit under Google's own Open Usage Commons foundation. The service mesh has quickly become a vital part of the modern cloud native computing stack, as it essentially enables communication, monitoring, and load balancing between disparate parts of today's microservices-based architecture. This differs from the popular container orchestration service Kubernetes in its level of granularity. When run in tandem with Kubernetes, a service mesh enables deeper security policy and encryption enforcement and automated load balancing and circuit breaking functionality... With this launch Microsoft is not only aligning itself with the open governance side of the debate which has been raging through the open source software community for the past few months, but is also looking to solve a customer pain point.

Read more of this story at Slashdot.