Tim Nolet, founder and chief technology officer of Checkly, tweeted on Friday: Oh @awscloud I really do love you! But next time you fork my OS project and present it as your new service, give the maintainers a short "nice job, kids" or something. Not necessary as per the APLv2 license, but still, ya know?

"To celebrate Java's 25th anniversary this year and the latest release of Java 15, JetBrains has compiled data from multiple sources to look at what the current state of the language," reports SD Times: The largest concentration of Java developers is in Asia, where 2.5 million developers use it as their primary language. JetBrains believes this may be due to the fact that it is common to hire offshore developers in countries like China and India to build Android apps. "We might have expected the USA to have a high percentage of Java users, but it also makes a lot of sense that they don't. There is a big technology stack to choose from and often a lot of the tech companies are at the forefront of that stack, so it could be that developers there don't need the power or stability of Java and are using languages that allow them to build and test quickly," JetBrains wrote in a post.
The post on JetBrains notes that the six countries with the highest percentage of developers using Java as their primary language are: China, South Korea, India, Germany, Spain, and Brazil: The reasons Java is most likely so popular in the first 6 countries include the free use of Java, governmental support, and open-source... Germany is also very high which could be attributed to Java being the most popular language in Germany for software engineers as it is used to build highly scalable applications for a multitude of industries. Most enterprise services rely on Java to power the applications that enable the day-to-day running of businesses, such as payroll, inventory management, reporting, and so on. Germany also has a big financial sector that uses Java heavily for their homegrown tech, such as trading bots, retail banking systems, and other applications that the finance industry requires in order to remain competitive...

According to the State of the Developer Ecosystem Survey 2020, more than a third of professional developers use Java as a primary language and Java remains the second primary language among professional developers after JavaScript. Expert analysis: It is not surprising to see JavaScript and Java taking the leading positions as they are kind of paired together; developers who work with Java often write their frontend and any quick scripts in JavaScript. Python is probably third place due to the spread of machine learning. In general, we expect the web to be a big part of the developer ecosystem and so JavaScript, HTML and CSS, and PHP will always have solid standing. SQL is also always going to be around as there isn't much that doesn't require databases in some capacity. C++ is also kind of a solid language in that it is used for a lot of embedded applications, so it won't be disappearing off the charts any time soon. C# though seems to be losing ground, and I guess if Java is high then C# will be low, as they are both very similar in terms of capabilities.

As to why I think Java is so high in the sphere of professional development — it's similar to what was mentioned about Germany. Most enterprise business services rely on Java to make them tick along. It's not just the IT sector either — almost every company, be it in distribution, manufacturing, or banking, has IT services as part of their infrastructure, and these services, such as payroll or inventory management, are generally built with Java in the backend. So Java is used a lot by professional developers who work for these companies.

"Google is proposing a new standard called WebBundles," complains Brave's senior privacy reseacher. "This standard allows websites to 'bundle' resources together, and will make it impossible for browsers to reason about sub-resources by URL." This threatens to change the Web from a hyperlinked collection of resources (that can be audited, selectively fetched, or even replaced), to opaque all-or-nothing "blobs" (like PDFs or SWFs). Organizations, users, researchers and regulators who believe in an open, user-serving, transparent Web should oppose this standard...

The Web is valuable because it's user-centric, user-controllable, user-editable. Users, with only a small amount of expertise, can see what web-resources a page includes, and decide which, if any, their browser should load; and non-expert users can take advantage of this knowledge by installing extensions or privacy protecting tools... At root, what makes the Web different, more open, more user-centric than other application systems, is the URL. Because URLs (generally) point to one thing, researchers and activists can measure, analyze and reason about those URLs in advance; other users can then use this information to make decisions about whether, and in what way, they'd like to load the thing the URL points to...

At a high level, WebBundles are a way of packing resources together, so that instead of downloading each Website, image and JavaScript file independently, your browser downloads just one "bundle", and that file includes all the information needed to load the entire page. And URLs are no longer common, global references to resources on the Web, but arbitrary indexes into the bundle. Put differently, WebBundles make Websites behave like PDFs (or Flash SWFs). A PDF includes all the images, videos, and scripts needed to render the PDF; you don't download each item individually. This has some convenience benefits, but also makes it near-impossible to reason about an image in a PDF independently from the PDF itself. This is, for example, why there are no content-blocking tools for PDFs. PDFs are effectively all or nothing propositions, and WebBundles would turn Websites into the same.

By changing URLs from meaningful, global identifiers into arbitrary, package-relative indexes, WebBundles give advertisers and trackers enormously powerful new ways to evade privacy and security protecting web tools... At root, the common cause of all these evasions is that WebBundles create a local namespace for resources, independent of what the rest of the world sees, and that this can cause all sorts of name confusion, undoing years of privacy-and-security-improving work by privacy activists and researchers...

We've tried to work at length with the WebBundle authors to address these concerns, with no success. We strongly encourage Google and the WebBundle group to pause development on this proposal until the privacy and security issues discussed in this post have been addressed. We also encourage others in the Web privacy and security community to engage in the conversation too, and to not implement the spec until these concerns have been resolved.

An anonymous reader quotes a report from ZDNet: A browser fingerprinting script is a piece of JavaScript code that runs inside a web page and works by testing for the presence of certain browser features. In an academic paper published earlier this month, a team of academics from the University of Iowa, Mozilla, and the University of California, Davis, has analyzed how popular browser fingerprinting scripts are used today by website operators. Using a machine learning toolkit they developed themselves and named FP-Inspector, the research team scanned and analyzed the top 100,000 most popular websites on the internet, according to the Alexa web traffic ranking.

"We find that browser fingerprinting is now present on more than 10% of the top-100K websites and over a quarter of the top-10K websites," the research team said. However, the research team also points out that despite the large number of websites that are currently using browser fingerprinting, not all scripts are used for tracking. Some fingerprinting scripts are also used for fraud detection since automated bots tend to have the same or similar fingerprints, and fingerprinting scripts are a reliable method of detecting automated behavior. Additional details about the team's research can be found in a paper named "Fingerprinting the Fingerprinters: Learning to Detect Browser Fingerprinting Behaviors," set to be presented at the IEEE Symposium on Security and Privacy, next year, in May 2021. If you're concerned about the findings, you can block fingerprinting scripts by enabling anti-fingerprinting protections in your respective browser settings or by installing an ad blocker extension.

An anonymous reader quotes a report from Wired: FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe. Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including: In-memory payloads that never touch the disks of infected servers; At least 20 versions of the software binary since January; A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines; The ability to backdoor infected servers; and A list of login credential combinations used to suss out weak login passwords that's more "extensive" than those in previously seen botnets. Taken together, the attributes indicate an above-average operator who has invested considerable resources to build a botnet that's effective, difficult to detect, and resilient to takedowns. The new code base -- combined with rapidly evolving versions and payloads that run only in memory -- make it hard for antivirus and other end-point protection to detect the malware.

The botnet has so far succeeded in infecting 500 servers belonging to "well-known universities in the US and Europe, and a railway company."Once installed, the malicious payload can execute 30 commands, including those that run scripts and download databases, logs, or files. To evade firewalls and endpoint protection, attackers pipe commands over SSH to a netcat client on the infected machine. Netcat then connects to a "malware server." (Mention of this server suggests that the FritzFrog peer-to-peer structure may not be absolute. Or it's possible that the "malware server" is hosted on one of the infected machines, and not on a dedicated server. Guardicore Labs researchers weren't immediately available to clarify.)

slack_justyb shares a report from Ars Technica: As COVID-19 hospitalizations in the US approach the highest levels seen in the pandemic so far, national efforts to track patients and hospital resources remain in shambles after the federal government abruptly seized control of data collection earlier this month. Watchdogs and public health experts were immediately aghast by the switch to the HHS database, fearing the data would be manipulated for political reasons or hidden from public view all together. However, the real threat so far has been the administrative chaos. The switch took effect July 15, giving hospitals and states just days to adjust to the new data collection and submission process.

As such, hospitals have been struggling with the new data reporting, which involves reporting more types of data than the CDC's previous system. Generally, the data includes stats on admissions, discharges, beds and ventilators in use and in reserve, as well as information on patients. For some hospitals, that data has to be harvested from various sources, such as electronic medical records, lab reports, pharmacy data, and administrative sources. Some larger hospital systems have been working to write new scripts to automate new data mining, while others are relying on staff to compile the data manually into excel spreadsheets, which can take multiple hours each day, according to a report by Healthcare IT News. The task has been particularly onerous for small, rural hospitals and hospitals that are already strained by a crush of COVID-19 patients. "It seems the obvious of going from a system that is well tested, to something new and alien to everyone is happening exactly as everyone who has ever done these kinds of conversions predicted," adds Slashdot reader slack_justyb.

With macOS 11, also known as Big Sur, Apple has removed the ability to install macOS profile configurations from the command-line. ZDNet reports: This ability was previously a core feature of macOS' enterprise package, which allows system administrators to deploy new configurations company-wide via automated scripts. However, the ability to deploy a new profile config via the command-line has also been abused by malware gangs or adware strains, who used it because it was silent and didn't require any type of user interaction. Hackers or malware authors who gained access to Mac Deployment servers or who infected just one Mac, abused the command-line to deploy their own malicious configurations to hijack proxy settings, change default apps, and more.

williamyf shares a report from The Register: Mozilla has released Firefox 78 with a new Protections Dashboard and a bunch of updates for web developers. This is also the last supported version of Firefox for macOS El Capitan (10.11) and earlier. Firefox is on a "rapid release plan," which means a new version every four to five weeks. This means that major new features should not be expected every time. That said, Firefox 78 is also an extended support release (ESR), which means users who stick with ESR get updates from this and the previous 10 releases. The main new user-facing feature in Firefox 78 is the Protections Dashboard, a screen which shows trackers and scripts blocked, a link to the settings, a link to Firefox Monitor for checking your email address against known data breaches, and a button for password management.

Developers get a bunch of new features. The Accessibility inspector is out of beta -- this is a tab in the developer tools that will check a page for accessibility issues when enabled. Source maps are a JavaScript feature that map minified code back to the original code to make debugging easier. Firefox has a Map option that lets you use source maps in the debugger, and this now works with logpoints, a type of breakpoint that writes a message to the console rather than pausing execution, so that you see the original variable names. Mozilla has also worked on debugging JavaScript promises, so you can see more detail when exceptions are thrown.

A big feature for debugging web applications when running on mobile is the ability to connect an Android phone with USB, and navigate and refresh mobile web pages from the desktop. Patience is required though, since this will only work with a forthcoming new version of Firefox for Android. Mozilla has been working on a new Regular Expression (RegExp) evaluator and this is included in SpiderMonkey (Mozilla's JavaScript engine) in Firefox 78. This brings the evaluator up to date with the requirements of ECMAScript 2018.

Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes.

Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
[...]
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

Websites are still capable of detecting when a visitor is using Chrome's incognito (private browsing) mode, despite Google's efforts last year to disrupt the practice. From a report: It is still possible to detect incognito mode in Chrome, and all the other Chromium-based browsers, such as Edge, Opera, Vivaldi, and Brave, all of which share the core of Chrome's codebase. Furthermore, developers have taken the scripts shared last year and have expanded support to non-Chrome browsers, such as Firefox and Safari, allowing sites to block users in incognito mode across the board. Currently, there is no deadline for a new Chrome update to block incognito mode detections, however, today, Google might be interested more than ever in fixing this issue.

"Having re-open-sourced MS-DOS on GitHub in 2018, Microsoft has now released the source code for GW-BASIC, Microsoft's 1983 BASIC interpreter," reports ZDNet, adding that GW-BASIC "can trace its roots back to Bill Gates' and Paul Allen's implementation of Microsoft's first product, the BASIC interpreter for the Altair 8800 computer."

"Interested to look at thousands of lines of glorious 8088 assembly code for the original 1983 GW-BASIC...?" writes Slashdot reader sonofusion82, adding "there are not Makefiles or build scripts, just a bunch of 8088 ASM files."

Or as Hackaday jokes, "Microsoft releases the source code you wanted almost 30 years ago." In the late 1970s and early 1980s, if you had a personal computer there was a fair chance it either booted into some version of Microsoft Basic or you could load and run Basic... Now you can get the once-coveted Microsoft Basic source code...

They put up a read only GW-BASIC repository, presumably to stop a flood of feature requests for GPU acceleration...

From what we understand, GW-Basic was identical to IBM's BASICA, but didn't require certain IBM PC ROMs to operate. Of course, BASICA, itself, came from MBASIC, Microsoft's CP/M language that originated with Altair Basic... We did enjoy the 1975 copyright message, though:

ORIGINALLY WRITTEN ON THE PDP-10 FROM FEBRUARY 9 TO APRIL 9 1975

BILL GATES WROTE A LOT OF STUFF.
PAUL ALLEN WROTE A LOT OF OTHER STUFF AND FAST CODE.
MONTE DAVIDOFF WROTE THE MATH PACKAGE (F4I.MAC).
Bill Gates was 19 years old, Paul Allen was 22.

"The makers of the widely used JavaScript server-side runtime, Node.js, have released Deno 1.0, a new runtime for JavaScript and TypeScript that addresses 'design mistakes' in Node.js," reports ZDNet: Just like Node.js or Node, the Deno runtime is for executing JavaScript outside a web browser. However, unlike Node.js, Deno offers first-class support for Microsoft's increasingly popular Typescript, a superset of JavaScript designed for large projects... "With the changing JavaScript language, and new additions like TypeScript, building Node projects can become an arduous endeavor, involving managing build systems and other heavy-handed tooling that takes away from the fun of dynamic language scripting," writes Node.js creator Ryan Dahl in a blogpost co-authored by fellow Deno developers Bert Belder and Bartek Iwanczuk...

Deno is based on Google's Chromium V8 JavaScript engine.
While its standard modules are all written in TypeScript, Infoworld points out that Deno "can be a replacement for utility scripts that may have been written in Python or Bash... Deno was designed as a series of Rust crates to allow integration at different layers." (A blog post by its developers notes Deno "makes it easy to bind Rust future-based APIs into JavaScript promises.")

But "Like a web browser, it knows how to fetch external code," the developers wrote, calling Deno "a web browser for command-line scripts" while arguing that with Node, "the mechanism for linking to external libraries is fundamentally centralized through the NPM repository, which is not inline with the ideals of the web... Also like browsers, [Deno] code is executed in a secure sandbox by default. Scripts cannot access the hard drive, open network connections, or make any other potentially malicious actions without permission." In an interview Dahl tells JAXenter they're already keeping an index of third party modules that work on Deno at https://deno.land/x/.

"It's important to understand that Deno is not a fork of Node," the developers' blog post explains. "It's a completely new implementation..."

"One last thing," the blog post concludes. "Consider supporting this open source software work by pre-ordering a Deno v1.0 hoodie."

An anonymous reader quotes a report from Wired: Apple has a well-earned reputation for security, but in recent years its Safari browser has had its share of missteps. This week, a security researcher publicly shared new findings about vulnerabilities that would have allowed an attacker to exploit three Safari bugs in succession and take over a target's webcam and microphone on iOS and macOS devices. Apple patched the vulnerabilities in January and March updates. But before the fixes, all a victim would have needed to do is click one malicious link and an attacker would have been able to spy on them remotely.

The bugs Pickren found all stem from seemingly minor oversights. For example, he discovered that Safari's list of the permissions a user has granted to websites treated all sorts of URL variations as being part of the same site, like https://www.example.com, http://example.com and fake://example.com. By "wiggling around," as Pickren puts it, he was able to generate specially crafted URLs that could work with scripts embedded in a malicious site to launch the bait-and-switch that would trick Safari. A hacker who tricked a victim into clicking their malicious link would be able to quietly launch the target's webcam and microphone to capture video, take photos, or record audio. And the attack would work on iPhones, iPads, and Macs alike. None of the flaws are in Apple's microphone and webcam protections themselves, or even in Safari's defenses that keep malicious sites from accessing the sensors. Instead, the attack surmounts all of these barriers just by generating a convincing disguise.

schweini shares a report: Every year the world celebrates the anniversaries of masterworks and maestros. In 2020, a host of events and publications commemorated the lives of Ludwig van Beethoven, Raphael, Charles Dickens, Anne Bronte and William Wordsworth. Such milestones usually come in neat multiples of 50. The 42nd anniversary of anything is rarely observed. Yet on March 8th fans of "The Hitchhiker's Guide to the Galaxy" ("HHGTTG") paid tribute to the comedy science-fiction series, which had its radio premiere on that day in 1978 and was subsequently adapted into novels, TV series, video games and a film.

To mark the occasion, Pan Macmillan reprinted the scripts and novels in colourful new editions ("HHGTTG" was the first book published under their "Pan Original" imprint to sell more than 1m copies). The British Library will host a day of "celebrations, conversation and performance." BBC Radio 4 has aired the original episodes; Radio 4 Extra will put on a "five-hour Hitchhiker's spectacular" including archival material and specially commissioned programmes. Such is the enduring interest in Douglas Adams's story that it is due to be adapted into a new television series by Hulu, a streaming service.

Phoronix's Michael Larabel is doing some performance testing on Walmart's $199 Motile-branded M141 laptop (which has an AMD Ryzen 3 3200U processor, Vega 3 graphics, 4GB of RAM, and a 14-inch 1080p display).

But first he compared the performance of its pre-installed Windows 10 OS against the forthcoming Ubuntu 20.04 LTS Linux distribution.

Some highlights: - Java text rendering performance did come out much faster on Ubuntu 20.04 with this Ryzen 3 3200U laptop...

- The GraphicsMagick imaging program tended to run much better on Linux, which we've seen on other systems in the past as well.

- Intel's Embree path-tracer was running faster on Ubuntu...

- Various video benchmarks were generally favoring Ubuntu for better performance though I wouldn't recommend much in the way of video encoding from such a low-end device...

- The GIMP image editing software was running much faster on Ubuntu 20.04 in its development state than GIMP 2.10 on Windows 10...

- Python 3 performance is still much faster on Linux than Windows.

- If planning to do any web/LAMP development from the budget laptop and testing PHP scripts locally, Ubuntu's PHP7 performance continues running much stronger than Windows 10. - Git also continues running much faster on Linux.
Their conclusion? "Out of 63 tests ran on both operating systems, Ubuntu 20.04 was the fastest... coming in front 60% of the time." (This sounds like 38 wins for Ubuntu versus 25 wins for Windows 10.)

"If taking the geometric mean of all 63 tests, the Motile $199 laptop with Ryzen 3 3200U was 15% faster on Ubuntu Linux over Windows 10."

Google will shut down its low-code development platform, App Maker, early next year. From a report: Google today announced it is killing off yet another service: App Maker, G Suite's low-code environment for building custom business apps. Google App Maker will be "turned down" gradually this year and officially shut down on January 19, 2021. Google cited "low usage" as an explanation for the move. If your business was using App Maker or considering moving to App Maker, you'll need to find another tool. Indeed, Google is making today's announcement not even two weeks after acquiring no-code app development platform AppSheet. Google first launched App Maker as part of an Early Adopter Program in November 2016. At the time, we described it as a service that "lets users drag and drop widgets around on a user interface that complies with Google's Material design principles" to create apps that can be "customized further with scripts, as well as HTML, CSS, JavaScript, and JQuery content." Once apps are live, usage can be monitored through Google Analytics. App Maker hit general availability for all G Suite Business, Enterprise, and Education customers in June 2018. A year and a half later, and it's already headed to the grave.

Quincy Larson, founder of freeCodeCamp, a non-profit organization that runs an open-source community for learning to code, writes in a blog post: I tucked my son under my arm and jogged to my desk. I'd been up until 2 a.m. finishing the announcement for our new #AWSCertified Challenge. And so far, the launch was going well. Our new Twitter bot was tweeting, and our Discord chatroom was abuzz with ambitious developers eager to earn their AWS certifications. I was getting ready to meet with my team when I noticed two strange emails -- both of which arrived within minutes of one another. "Your a fraud" read one of the emails in typo-riddled English. "That's exactly what I'm thinking since I see a charge on my financial institution from you and since I've never heard of you. Yes you need to resolve this." The other email was... well, let's just say it was also an angry letter and let's leave it at that. freeCodeCamp is a donor-supported nonprofit, and we have thousands of people around the world who donate to us each month. Once in a while, there are misunderstandings -- usually when one family member donates without telling the other. But this felt different.

So I tabbed over to Stripe, the credit card processing service our nonprofit uses for donations. On a typical day, we'd have 20 or 30 new donors. But here's what I saw instead: Stripe's dashboard showing 11,000 new customers and $60,000 in revenue for a single 24 hour period. It took me a moment to process what was happening. Our nonprofit -- which operates on an annual budget of less than $400,000 -- had just received more than $60,000 in 24 hours - and from thousands of donors. And my heart began to sink. There was no way those were real donations. We've had spikes in donations from articles in major newspapers. Heck -- I've even been interviewed on Good Morning America. But none of those spikes caused such a surge in donations. No. There was only one thing that could cause a surge in donations like this. Fraud. Extensive, programmatic credit card fraud. I'd heard about this technique before. It's called "card testing." Here's how it works: 1. A fraudster finds a website with a relatively simple credit card form. 2. Then they run scripts to test thousands of stolen credit card numbers in rapid succession. 3. That way they can see which cards are still valid and which ones have been cancelled. Then they turn around and sell those valid card numbers on the dark web. In this case, I'd detected the fraud much faster than a lot of other websites would have. So I had a window.

An anonymous reader quotes a report from Motherboard: BlackVue is a dashcam company with its own social network. With a small, internet-connected dashcam installed inside their vehicle, BlackVue users can receive alerts when their camera detects an unusual event such as someone colliding with their parked car. Customers can also allow others to tune into their camera's feed, letting others "vicariously experience the excitement and pleasure of driving all over the world," a message displayed inside the app reads. Users are invited to upload footage of their BlackVue camera spotting people crashing into their cars or other mishaps with the #CaughtOnBlackVue hashtag. But what BlackVue's app doesn't make clear is that it is possible to pull and store users' GPS locations in real-time over days or even weeks. Motherboard was able to track the movements of some of BlackVue's customers in the United States.

Ordinarily, BlackVue lets anyone create an account and then view a map of cameras that are broadcasting their location and live feed. This broadcasting is not enabled by default, and users have to select the option to do so when setting up or configuring their own camera. Motherboard tuned into live feeds from users in Hong Kong, China, Russia, the U.K, Germany, and elsewhere. BlackVue spokesperson Jeremie Sinic told Motherboard in an email that the users on the map only represent a tiny fraction of BlackVue's overall customers. But the actual GPS data that drives the map is available and publicly accessible. By reverse engineering the iOS version of the BlackVue app, Motherboard was able to write scripts that pull the GPS location of BlackVue users over a week long period and store the coordinates and other information like the user's unique identifier. One script could collect the location data of every BlackVue user who had mapping enabled on the eastern half of the United States every two minutes. Motherboard collected data on dozens of customers. Following the report, BlackVue said their developers "have updated the security measures" to prevent this sort of tracking.

Motherboard confirmed that previously provided user data stopped working, and they said they have "deleted all of the data collected to preserve individuals' privacy."

Mozilla today launched Firefox 72 for Windows, Mac, Linux, and Android. Firefox 72 includes fingerprinting scripts blocked by default, less annoying notifications, and Picture-in-Picture video on macOS and Linux. There isn't too much else here, as Mozilla has now transitioned Firefox releases to a four-week cadence (from six to eight weeks).

Long-time Slashdot reader twocows writes: Hyperbola GNU/Linux, a FSF-approved distribution of GNU/Linux, has declared their intent to fork OpenBSD and become HyperbolaBSD..."
The news came earlier this week in a roadmap announcement promising "a completely new OS derived from several BSD implementations" (though Hyperbola was originally based on Arch snapshots and Debian development).

"This was not an easy decision to make, but we wish to use our time and resources to create a viable alternative to the current operating system trends which are actively seeking to undermine user choice and freedom." In 2017 Hyperbola dropped its support for systemd -- but its concerns go far beyond that: This will not be a "distro", but a hard fork of the OpenBSD kernel and userspace including new code written under GPLv3 and LGPLv3 to replace GPL-incompatible parts and non-free ones.

Reasons for this include:

- Linux kernel forcing adaption of DRM, including HDCP.

- Linux kernel proposed usage of Rust (which contains freedom flaws and a centralized code repository that is more prone to cyber attack and generally requires internet access to use.)

- Linux kernel being written without security and in mind. (KSPP is basically a dead project and Grsec is no longer free software)

- Many GNU userspace and core utils are all forcing adaption of features without build time options to disable them. E.g. (PulseAudio / SystemD / Rust / Java as forced dependencies....)

HyperbolaBSD is intended to be modular and minimalist so other projects will be able to re-use the code under free license.