Wednesday Greg Kroah-Hartman announced the release of the 6.4.2 kernel. "All users of the 6.4 kernel series must upgrade."

The Hacker News reports: Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date.

"As StackRot is a Linux kernel vulnerability found in the memory management subsystem, it affects almost all kernel configurations and requires minimal capabilities to trigger," Peking University security researcher Ruihan Li said. "However, it should be noted that maple nodes are freed using RCU callbacks, delaying the actual memory deallocation until after the RCU grace period. Consequently, exploiting this vulnerability is considered challenging."

Following responsible disclosure on June 15, 2023, it has been addressed in stable versions 6.1.37, 6.3.11, and 6.4.1 as of July 1, 2023, after a two-week effort led by Linus Torvalds. A proof-of-concept (PoC) exploit and additional technical specifics about the bug are expected to be made public by the end of the month.
ZDNet points out that Linux 6.4 "offers improved hardware enablement for ARM boards" and does a better job with the power demands of Steam Deck gaming devices. And "On the software side, the Linux 6.4 release includes more upstreamed Rust code. We're getting ever closer to full in-kernel Rust language support."

The Register also notes that Linux 6.4 also includes "the beginnings of support for Apple's M2 processors," along with support for hibernation of RISC-V CPUs, "a likely presage to such silicon powering laptop computers."

Remember those researchers who generated electricity from the energy in air humidity?

"To be frank, it was an accident," the study's lead author, Prof Jun Yao, tells the Guardian: "We were actually interested in making a simple sensor for humidity in the air. But for whatever reason, the student who was working on that forgot to plug in the power." The UMass Amherst team were surprised to find that the device, which comprised an array of microscopic tubes, or nanowires, was producing an electrical signal regardless. Each nanowire was less than one-thousandth the diameter of a human hair, wide enough that an airborne water molecule could enter, but so narrow it would bump around inside the tube. Each bump, the team realised, lent the material a small charge, and as the frequency of bumps increased, one end of the tube became differently charged from the other. "So it's really like a battery," says Yao. "You have a positive pull and a negative pull, and when you connect them the charge is going to flow..."

"The beauty is that the air is everywhere," says Yao. "Even though a thin sheet of the device gives out a very tiny amount of electricity or power, in principle, we can stack multiple layers in vertical space to increase the power." That's exactly what another team, Prof Svitlana Lyubchyk and her twin sons, Profs Andriy and Sergiy Lyubchyk, are trying to do. Svitlana Lyubchyk and Andriy are part of the Lisbon-based Catcher project, whose aim is "changing atmospheric humidity into renewable power", and along with Sergiy they have founded CascataChuva, a startup intended to commercialise the research... Catcher and related projects [received] nearly €5.5m (£4.7m) in funding from the European Innovation Council. The result is a thin grey disc measuring 4cm (1.5in) across. According to the Lyubchyks, one of these devices can generate a relatively modest 1.5 volts and 10 milliamps. However, 20,000 of them stacked into a washing machine-sized cube, they say, could generate 10 kilowatt hours of energy a day — roughly the consumption of an average UK household. Even more impressive: they plan to have a prototype ready for demonstration in 2024...

The Lyubchyks estimate that the levelised cost of energy — the average net present cost of electricity generation for a generator over its lifetime — from these devices will indeed be high at first, but by moving into mass production, they hope to lower it significantly, ultimately making this hygroelectric power competitive with solar and wind... The team accept that it may take years to optimise a prototype and scale up production, but if they're successful, the benefits are clear. Unlike solar or wind, hygroelectric generators could work day and night, indoors and out, and in many places.
Yao explains to the Guardian that "Lots of energy is stored in water molecules in the air. That's where we get the lightning effect during a thunderstorm.

"The existence of this type of energy isn't in doubt. It's about how we collect it."

Thanks to Slashdot reader j3x0n for sharing the article.

"The flow of lifesaving organs to 63 U.S. transplant centers could be disrupted..." reported the Washington Post on Monday, "by a dispute over the use of data."

Or, as a local news station WRIC puts it, "Two entities dedicated to fighting to save lives through organ transplant operations are now fighting with each other." Buckeye Transplant Services filed a lawsuit against the United Network for Organ Sharing — or UNOS — on July 3 after the Richmond-based non-profit accused the transplant screening service of putting donor and patient privacy at risk.

UNOS claimed Buckeye did so by using technology to gain unauthorized, improper access to a DonorNet database. Buckeye denied any wrongdoing and insisted that the company has always complied with data accessibility protocol... This isn't UNOS's first controversy, but the reason this particular debate has become high-profile is due to rumors that it could impact transplant operations. Prior to the lawsuit, UNOS threatened to cut off Buckeye's access to data necessary for its operation. UNOS still insists that no transplant program will experience any interruptions in receiving organ offers as a result of the dispute. However, Buckeye warned that if it loses access to crucial data, 63 hospitals across the country — two in Virginia — could have to take on extra burdens.

One of those healthcare systems, the University of Virginia's Transplant Center, told 8News that its team is closely monitoring the situation and is already coming up with plans to prevent any legal hiccups from interrupting the lifesaving organ donation process.
Buckeye was involved in over 13% of America's organ transplants in 2022, according to figures cited by the Washington Post. "Buckeye said it is doing nothing wrong," according to the article, "and that other organizations across the transplant system act similarly." Meanwhile, UNOS's general counsel "stressed that cutting off Buckeye is a last resort in a negotiation that has been underway for two months," the Washington Post reported. "Certain features of Buckeye's electronic systems are capable of and have collected from UNOS systems various large volumes of patient-specific and facility-specific information related to transplant services," a UNOS attorney wrote to Buckeye on June 21. Livingston, the UNOS general counsel, said in an interview that the data belongs to UNOS and that transplant centers are able to obtain it from the organization if they want it. But Buckeye is not allowed to collect it in bulk and sell it to its customers. He said if Buckeye retrieves and "scrapes" the data, UNOS does not know how well it is secured, whether it is being "misused or mishandled" and how it is being stored. He also said Buckeye could create an alternate database with the information.
On Tuesday the Washington Post reported that UNOS had issued a two-week extension (through July 19): Anne Paschke, a spokesperson for UNOS, said the group provided the extension to "allow the court an appropriate amount of time" to consider the company's request for a temp restraining order. "We are confident in our position," Paschke said... Buckeye sued UNOS in federal court on Monday seeking an injunction that would stop the nonprofit group from blocking its access to the national transplant database system...

[The U.S. Health Resources and Services Administration] unveiled plans in March to overhaul the transplant system, including changes to the 37-year monopoly UNOS has held as manager of the organ database... Buckeye is potentially interested in bidding for a part of the contract UNOS now holds, according to company representatives. Its lawsuit contends UNOS "has monopolistic intent to squash the development of technology that could eventually supplant" the UNOS transplant system.
Thanks to long-time Slashdot reader belmolis for sharing the article.

Equuleus42 (Slashdot reader #723) shares the Washington Post's article on "the latest evidence of the pervasiveness of 'forever chemicals'."

A new study from the United States Geological Survey estimates that these 12,000 "PFAS" contaminants "taint nearly half" of America's tap water: Studies are steadily documenting the ubiquity of this class of chemicals. A 2015 report by the Centers for Disease Control and Prevention found PFAS in the blood of over 95 percent of Americans. Exposure to PFAS has been associated with severe health risks, including some kinds of cancers, developmental delays in children and reproductive effects in pregnant people, although the Environmental Protection Agency states that "research is still ongoing to determine how different levels of exposure to different PFAS can lead to a variety of health effects..."

The researchers more frequently detected PFAS in urban areas or places next to potential sources of the chemicals such as airports, industry and wastewater treatment plants, said USGS research hydrologist Kelly Smalling, the study's lead author. Smalling estimated that about 75 percent of urban tap water has at least one type of PFAS present, compared with about 25 percent of rural tap water. The chemicals were also more prevalent in the Great Plains, Great Lakes, Eastern Seaboard and central and Southern California regions, according to the study.
Smalling even tested the water in their own home in New Jersey — and found that it, too, was contaminated. "It's not a surprise," Smalling said, describing New Jersey as "a hot spot for PFAS."

The article also notes that in March America's Environmental Protection Agency proposed the first drinking standard for PFAS in drinking water (though final rules may not arrive before next year). And 3M is paying a $10.3 billion settlement over 13 years for testing for and cleaning up PFAS in water supplies. "States are also stepping up action on PFAS, including through legislation banning or restricting the use of PFAS in everyday products and implementing drinking water standards..."

But Carmen Messerlian, an assistant Harvard professor of environmental epidemiology, argues for regulating companies that produce forever chemicals, since "By the time they hit our water, our food, our children's mouths and our bodies, it really is too late..." In the meantime, consumers can buy water filters that remove PFAS, "though the most effective filters can come at a cost that not everyone can afford, Messerlian said."

Long-time Slashdot reader 93 Escort Wagon writes: Age discrimination is something many tech workers think about — especially once they get into their 40s and 50s. But imagine what it would be like if you thought that every job in every field shunned you at an even earlier age. In China, you apparently don't have to imagine, the New York Times reports...

"When Sean Liang turned 30, he started thinking of the Curse of 35 — the widespread belief in China that white-collar workers like him confront unavoidable job insecurity after they hit that age. In the eyes of employers, the Curse goes, they're more expensive than new graduates and not as willing to work overtime.

Liang, now 38, is a technology support professional turned personal trainer. He has been unemployed for much of the past three years, partly because of the pandemic and China's sagging economy. But he believes the main reason is his age. He's too old for many employers, including the Chinese government, which caps the hiring age for most civil servant positions at 35. If the Curse of 35 is a legend, it's one supported by some facts."
"It's not clear how the phenomenon started, and it's hard to know how much truth there is to it," the article points out. But it also notes that age discrimination "is not against the law in China," which with a weak job market forms "a double whammy for workers in their mid-30s who are making big decisions about career, marriage and children...

"In 2022, the number of marriage registrations fell 10.5% from a year earlier, to the lowest number since China began disclosing the data in 1986. The country's birthrate fell to a low point last year, and its population shrank for the first time since 1961, the end of the Great Famine."

Slashdot reader j3x0n shared this report from California newspaper the Sacramento Bee: In 2015, Democratic Elk Grove Assemblyman Jim Cooper voted for Senate Bill 34, which restricted law enforcement from sharing automated license plate reader (ALPR) data with out-of-state authorities. In 2023, now-Sacramento County Sheriff Cooper appears to be doing just that. The Electronic Frontier Foundation (EFF) a digital rights group, has sent Cooper a letter requesting that the Sacramento County Sheriff's Office cease sharing ALPR data with out-of-state agencies that could use it to prosecute someone for seeking an abortion.

According to documents that the Sheriff's Office provided EFF through a public records request, it has shared license plate reader data with law enforcement agencies in states that have passed laws banning abortion, including Alabama, Oklahoma and Texas. Adam Schwartz, EFF senior staff attorney, called automated license plate readers "a growing threat to everyone's privacy ... that are out there by the thousands in California..." Schwartz said that a sheriff in Texas, Idaho or any other state with an abortion ban on the books could use that data to track people's movements around California, knowing where they live, where they work and where they seek reproductive medical care, including abortions.

The Sacramento County Sheriff's Office isn't the only one sharing that data; in May, EFF released a report showing that 71 law enforcement agencies in 22 California counties — including Sacramento County — were sharing such data... [Schwartz] said that he was not aware of any cases where ALPR data was used to prosecute someone for getting an abortion, but added, "We think we shouldn't have to wait until the inevitable happens."
In May the EFF noted that the state of Idaho "has enacted a law that makes helping a pregnant minor get an abortion in another state punishable by two to five years in prison."

Monday was Earth's hottest day in at least 125,000 years — and Tuesday was hotter.

The Washington Post reports that the director of Europe's Copernicus Climate Change Service has a term for it: "uncharted territory." It's not just that records are being broken — but the massive margins with which conditions are surpassing previous extremes, scientists note. In parts of the North Atlantic, temperatures are running as high as 9 degrees Fahrenheit above normal, the warmest observed there in more than 170 years. The warm waters helped northwestern Europe, including the United Kingdom, clinch its warmest June on record.

New data the Copernicus center published Thursday showed global surface air temperatures were 0.53 degrees Celsius (0.95 degrees Fahrenheit) above the 1991-2020 average in June... Antarctic sea ice, meanwhile, reached its lowest June extent since the dawn of the satellite era, at 17 percent below the 1991-2020 average, Copernicus said. The previous record, set a year earlier, was about 9 percent below average.

The planet is increasingly flirting with a global warming benchmark that policymakers have sought to avoid — 1.5 degrees Celsius (2.7 degrees Fahrenheit) above preindustrial levels. It has, at times, been surpassed already this year, including in early June, though the full month averaged 1.36 degrees above an 1850-1900 reference temperature, according to Copernicus.

An anonymous reader quotes this report from Engadget: A disgruntled Tom Clancy's Rainbow Six Siege gamer who called in a fake emergency to Ubisoft's Montreal office was sentenced this week to three years of community service, according to The Montreal Gazette. Yanni Ouahioune, 22, was handed the sentence on Monday in Paris following his call to authorities about a fake hostage situation in November 2020.

Police say Ouahioune called in the hoax because he was angry he had been banned several times from Tom Clancy's Rainbow Six Siege. In response to the bogus call, a heavily armed squad of police officers surrounded the building. The officers secured the headquarters — and closed several nearby streets — before confirming there wasn't an active threat. Ouahioune allegedly called from his parents' house using Russian servers to mask his identity (unsuccessfully). After being charged, La Presse reported (via Polygon) that Ouahioune pleaded for Ubisoft to unban his account. "Can you say that I am kindly asking the Ubisoft team to 'unban' my account please," Ouahioune said. "I have put over $1,500 in cosmetic enhancements in my profile."

The sentencing also includes Ouahioune's alleged part in a DDoS attack against a French government office and making threats against Minecraft developers. The convicted hoaxer will reportedly be required to "compensate victims, undergo treatment for a mental health problem and either work or undergo training" in addition to the community service.

Perl 5.38 was released this week "after being in development for more than one year," reports Phoronix. "Perl 5.38 brings a new experimental syntax for defining object classes where per-instance data is stored in 'field' variables that behave like lexicals."

"Maybe, just maybe, the new features introduced into the language in this newest version will attract much sought new talent," writes the site I Programmer, noting the argument that Perl is installed by default everywhere — and has the "fun factor... The class keyword is part of the plan to bring effective object-oriented programming to the Perl core while still keeping Perl being Perl."

The Perl docs warn that "This remains a new and experimental feature, and is very much still under development. It will be the subject of much further addition, refinement and alteration in future releases." But "Since Perl 5, support for objects revolved around the concept of blessing references with a package name," notes updated documentation, which points out this new class syntax "isn't a bless wrapper, but a completely new system built right into the perl interpreter." The class keyword declares a new package which is intended to be a class... classes automatically get a constructor named new... Just like with other references, when object reference count reaches zero it will automatically be destroyed.
Phoronx notes that Perl 5.38 also brings a new PERL_RAND_SEED environment variable "for controlling seed behavior for random number generation," along with some new APIs. And I Programmer adds that Perl 5.38 also adds support for Unicode 15.0, adding 4, 489 characters, for a total of 149,186 characters. Other additions include enhanced regular expressions, plus defined-or and logical-or assignment default expressions in signatures.

2096 subreddits were still dark on Friday, as PC Magazine shared this update about ongoing protests at Reddit: To stamp out any remaining protests, Reddit is sending "final warnings" to subreddits that decided to permit NSFW content as a way to derail the company's advertising business.

Reddit sent warnings to subreddits including r/PICs, r/Military, r/dndmemes, and r/JustNoMil, which was first noticed by The Verge. The message states: "This is a final warning for inaccurately labeling your community NSFW, which is a violation of the Mod Code of Conduct rule 2. Your subreddit has not historically been considered NSFW nor would they under our current policies."

The warning threatens to punish volunteer moderators of the affected subreddits. "Please immediately correct the NSFW labeling on your subreddit. Failure to do so will result in action being taken on your moderator team by the end of this week," Reddit told the moderators of r/PICs. "This means moderators involved in this activity will be removed from this mod team..."

However, the r/PICs subreddit wants to remain a NSFW destination, citing the adult and profane content that users often post. "We are not in violation of the cited rule as it is written. Moreover, according to Reddit's listed policies, our subreddit is considered NSFW," the moderators for r/PICs told Reddit.

Long-time Slashdot reader hpickens writes: Richard A. Muller Has an interesting op-ed in the WSJ that asserts that World War III may not be what you expect (Source paywalled; alternative source) and that a two-front biological and cyberattack could lead to a U.S. defeat before we know what hit us. Muller paints a picture of what such a dual attack would look like. "The great value to the attacker of a two-pronged biological and cyber attack is the possibility of achieving destructive goals while keeping the whole operation covert," writes Muller. "Covid wasn't a deliberate attack, but it quickly and successfully damaged the American economy. Any nation thinking of using a deadly virus as a weapon of war would first need to immunize its own people, perhaps under the guise of a flu vaccination. Long-term population-level immunity would require the virus be sufficiently optimized, before release, to reduce the probability of further mutation."

The second prong of the attack would target hospitals with ransomware viruses. "Ransomware could simultaneously target energy grids, power plants, factories, refineries, trains, airlines, shipping, banking, water supplies, sewage-treatment plants and more. But hospitals would be the most salient targets. Avoiding obvious military targets would enhance the illusion that World War III hadn't begun."

"Deterring such an attack will require a clear, credible and articulated promise to respond to aggression. It can't be covert. If China, Russia or both attacked the U.S. this way, how would we react? Policy makers need to come up with an answer. An economic embargo seems suboptimal. Many would interpret nuclear retaliation as disproportionate. Developing a retaliatory virus would take time, and responding this way would clearly violate the Biological Weapons Convention."

Harvard professor Avi Loeb believes he may have found fragments of alien technology from a meteor that landed in the waters off of Papua, New Guinea in 2014. CBS News reports: Loeb and his team just brought the materials back to Harvard for analysis. The U.S. Space Command confirmed with almost near certainty, 99.999%, that the material came from another solar system. The government gave Loeb a 10 km (6.2 mile) radius of where it may have landed. "That is where the fireball took place, and the government detected it from the Department of Defense. It's a very big area, the size of Boston, so we wanted to pin it down," said Loeb. "We figured the distance of the fireball based off the time delay between the arrival of blast wave, the boom of explosion, and the light that arrived quickly."

Their calculations allowed them to chart the potential path of the meteor. Those calculations happened to carve a path right through the same projected 10 km range that came from the U.S. government. Loeb and his crew took a boat called the Silver Star out to the area. The ship took numerous passes along and around the meteor's projected path. Researchers combed the ocean floor by attaching a sled full of magnets to their boat. "We found ten spherules. These are almost perfect spheres, or metallic marbles. When you look at them through a microscope, they look very distinct from the background," explained Loeb, "They have colors of gold, blue, brown, and some of them resemble a miniature of the Earth."

An analysis of the composition showed that the spherules are made of 84% iron, 8% silicon, 4% magnesium, and 2% titanium, plus trace elements. They are sub-millimeter in size. The crew found 50 of them in total. "It has material strength that is tougher than all space rock that were seen before, and catalogued by NASA," added Loeb, "We calculated its speed outside the solar system. It was 60 km per second, faster than 95% of all stars in the vicinity of the sun. The fact that it was made of materials tougher than even iron meteorites, and moving faster than 95% of all stars in the vicinity of the sun, suggested potentially it could be a spacecraft from another civilization or some technological gadget." He likens the situation to any of the Voyager spacecrafts launched by NASA.