Power

California Will Close Its Last Nuclear Power Plant (sfchronicle.com) 352

An anonymous reader quotes the San Francisco Chronicle: California's last nuclear power plant -- Diablo Canyon, whose contentious birth helped shape the modern environmental movement -- will close in 2025, state utility regulators decided Thursday. The unanimous vote by the California Public Utilities Commission will likely bring an end to nuclear energy's long history in the state. State law forbids building more nuclear plants in California until the federal government creates a long-term solution for dealing with their waste, a goal that remains elusive despite decades of effort.

The decision comes even as California expands its fight against global warming. Owned by Pacific Gas and Electric Co., Diablo Canyon is the state's largest power plant, supplying 9 percent of California's electricity while producing no greenhouse gases. "With this decision, we chart a new energy future by phasing out nuclear power here in California," said commission President Michael Picker. "We've looked hard at all the arguments, and we agree the time has come."

The Almighty Buck

Cryptocurrency Exchange Kraken Suddenly Goes Dark For Two Days (sfchronicle.com) 118

An anonymous reader quotes the San Francisco Chronicle: One of the biggest cryptocurrency exchanges was down more than 40 hours this week, causing clients to freak out... San Francisco's Kraken went offline at 9 p.m. on Wednesday for maintenance that was initially scheduled to last two hours, plus an additional two to three hours for withdrawals, according to an announcement on the company's website. "We are still working to resolve the issues that we have identified and our team is working around the clock to ensure a smooth upgrade," according to a status update on Kraken's website posted early Friday. "This means it may still take several hours before we can relaunch." Shortly after noon, the company said it was "still working to track down an elusive bug which is holding up launch." It promised customers "a substantial amount of free trading" after the problem was resolved. In previous updates, Kraken mentioned it is working on "unexpected and delicate issues" and assured clients their funds were secure, adding that "Yes, this is our new record for downtime since we launched in 2013. No, we're not proud of it."
It's 53 hours after the downtime began, and their web page is still showing the same announcement.

"Kraken is presently offline for maintenance."
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
Programming

C Programming Language 'Has Completed a Comeback' (infoworld.com) 242

InfoWorld reports that "the once-declining C language" has "completed a comeback" -- citing its rise to second place in the Tiobe Index of language popularity, the biggest rise of any language in 2017. An anonymous reader quotes their report: Although the language only grew 1.69 percentage points in its rating year over year in the January index, that was enough beat out runners-up Python (1.21 percent gain) and Erlang (0.98 percent gain). Just five months ago, C was at its lowest-ever rating, at 6.477 percent; this month, its rating is 11.07 percent, once again putting it in second place behind Java (14.215 percent) -- although Java dropped 3.05 percent compared to January 2017. C's revival is possibly being fueled by its popularity in manufacturing and industry, including the automotive market, Tiobe believes...

But promising languages such as Julia, Hack, Rust, and Kotlin were not able to reach the top 20 or even the top 30, Tiobe pointed out. "Becoming part of the top 10 or even the top 20 requires a large ecosystem of communities and evangelists including conferences," said Paul Jansen, Tiobe managing director and compiler of the index. "This is not something that can be developed in one year's time."

For 2017 Tiobe also reports that after Java and C, the most popular programming languages were C++, Python, C#, JavaScript, Visual Basic .Net, R, PHP, and Perl.

The rival Pypl Popularity of Programming Language index calculates that the most popular languages are Java, Python, PHP, JavaScript, C#, C++, C, R, Objective-C, and Swift.
Space

The Alien Megastructure Around Mysterious 'Tabby's Star' Is Probably Just Dust, Analysis Shows (theguardian.com) 75

An analysis by more than 200 astronomers has been published that shows the mysterious dimming of star KIC 8462852 -- nicknamed Tabby's star -- is not being produced by an alien megastructure. "The evidence points most strongly to a giant cloud of dust occasionally obscuring the star," reports The Guardian. From the report: KIC 8462852 is approximately 1,500 light years away from the Earth and hit the headlines in October 2015 when data from Nasa's Kepler space telescope showed that it was dimming by unexplainably large amounts. The star's light dropped by 20% first and then 15% making it unique. Even a large planet passing in front of the star would have blocked only about 1% of the light. For an object to block 15-20%, it would have to be approaching half the diameter of the star itself. With this realization, a few astronomers began whispering that such a signal would be the kind expected from a gigantic extraterrestrial construction orbiting in front of the star -- and the idea of the alien megastructure was born.

In the case of Tabby's star, the new observations show that it dims more at blue wavelengths than red. Thus, its light is passing through a dust cloud, not being blocked by an alien megastructure in orbit around the star. The new analysis of KIC 8462852 showing these results is to be published in The Astrophysical Journal Letters. It reinforces the conclusions reached by Huan Meng, University of Arizona, Tucson, and collaborators in October 2017. They monitored the star at multiple wavelengths using Nasa's Spitzer and Swift missions, and the Belgian AstroLAB IRIS observatory. These results were published in The Astrophysical Journal.

Bug

'Kernel Memory Leaking' Intel Processor Design Flaw Forces Linux, Windows Redesign (theregister.co.uk) 416

According to The Register, "A fundamental design flaw in Intel's processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug." From the report: Programmers are scrambling to overhaul the open-source Linux kernel's virtual memory system. Meanwhile, Microsoft is expected to publicly introduce the necessary changes to its Windows operating system in this month's Patch Tuesday: these changes were seeded to beta testers running fast-ring Windows Insider builds in November and December. Crucially, these updates to both Linux and Windows will incur a performance hit on Intel products. The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model. More recent Intel chips have features -- specifically, PCID -- to reduce the performance hit. Similar operating systems, such as Apple's 64-bit macOS, will also need to be updated -- the flaw is in the Intel x86 hardware, and it appears a microcode update can't address it. It has to be fixed in software at the OS level, or buy a new processor without the design blunder. Details of the vulnerability within Intel's silicon are under wraps: an embargo on the specifics is due to lift early this month, perhaps in time for Microsoft's Patch Tuesday next week. Indeed, patches for the Linux kernel are available for all to see but comments in the source code have been redacted to obfuscate the issue. The report goes on to share some details of the flaw that have surfaced. "It is understood the bug is present in modern Intel processors produced in the past decade," reports The Register. "It allows normal user programs -- from database applications to JavaScript in web browsers -- to discern to some extent the contents of protected kernel memory. The fix is to separate the kernel's memory completely from user processes using what's called Kernel Page Table Isolation, or KPTI."
Programming

Which Programming Languages Are Most Prone to Bugs? (i-programmer.info) 247

An anonymous reader writes: The i-Programmer site revisits one of its top stories of 2017, about researchers who used data from GitHub for a large-scale empirical investigation into static typing versus dynamic typing. The team investigated 20 programming languages, using GitHub code repositories for the top 50 projects written in each language, examing 18 years of code involving 29,000 different developers, 1.57 million commits, and 564,625 bug fixes.

The results? "The languages with the strongest positive coefficients - meaning associated with a greater number of defect fixes are C++, C, and Objective-C, also PHP and Python. On the other hand, Clojure, Haskell, Ruby and Scala all have significant negative coefficients implying that these languages are less likely than average to result in defect fixing commits."

Or, in the researcher's words, "Language design does have a significant, but modest effect on software quality. Most notably, it does appear that disallowing type confusion is modestly better than allowing it, and among functional languages static typing is also somewhat better than dynamic typing."

Stats

Slashdot's 10 Most-Visited Stories of 2017 (slashdot.org) 35

Slashdot's most-visited story of 2017 was Google Has Demonstrated a Successful Practical Attack Against SHA-1, which was visited more than 212,000 times since it was published in Feburary.

And our second- and third-most popular stories also came in February -- both just one week before.

FCC Chairman Wants It To Be Easier To Listen To Free FM Radio On Your Smartphone and IT Decisions Makers and Executives Don't Agree On Cyber Security Responsibility.

Keep reading for a complete list of Slashdot's 10 most-visited stories of 2017.
Iphone

Samsung Could Make $22 Billion Off Next Year's iPhones (cnet.com) 43

According to a report by Korean outlet ETnews (via The Investor), Apple placed an order for 180 million to 200 million OLED displays from Samsung's manufacturing branch, Samsung Display, for the next round of iPhones. Each display is estimated to cost $110, which could mean the deal is worth up to $22 billion. CNET reports: The recently released iPhone X was Apple's first phone to feature an OLED display, rather than an LCD panel. Samsung, on the other hand, has been using OLED displays in its phones for quite some time. Currently Samsung holds a near monopoly on the world's manufacturing of OLED screens. As a result, Apple had little choice but to turn to its rival for this type of screen. This isn't the first deal of its kind. Earlier this year it was reported that Apple bought 60 million OLED displays from Samsung, apparently for what would later become the iPhone X. According to the report, Apple's next order is up to four times larger than this previous order. Demand is so high that Samsung considered opening a new manufacturing plant to process Apple's order, the report said, but has been able to manufacture enough of the panels to fill Apple's order.
Bug

Ubuntu 17.10 Temporarily Pulled Due To A BIOS Corrupting Problem (phoronix.com) 167

An anonymous reader writes: Canonical has temporarily pulled the download links for Ubuntu 17.10 "Artful Aardvark" from the Ubuntu website due to ongoing reports of some laptops finding their BIOS corrupted after installing this latest Ubuntu release. The issue is appearing most frequently with Lenovo laptops but there are also reports of issues with other laptop vendors as well. This issue appears to stem from the Intel SPI driver in the 17.10's Linux 4.13 kernel corrupting the BIOS for a select number of laptop motherboards. Canonical is aware of this issue and is planning to disable the Intel SPI drivers in their kernel builds. Canonical's hardware enablement team has already verified this works around the problem, but doesn't provide any benefit if your BIOS is already corrupted.
Star Wars Prequels

Ajit Pai Taunts Net Neutrality Critics. Mark Hamill Taunts Ajit Pai (mashable.com) 346

An anonymous reader writes: Just days before voting to repeal net neutrality regulations, FCC chairman Ajit Pai introduced a comedy video at the annual gathering of the Federal Communications Bar Association -- and it offered its own self-disparaging version of Pai's tenure as a Verizon attorney in 2003. "We want to brainwash and groom a Verizon puppet to install as FCC chairman," says a real-world Verizon executive appearing in the videotaped skit. "That sounds awesome," Pai responds.

And the day of the vote Pai also appeared in another trying-to-be-funny video on the conservative site The Daily Caller demonstrating "seven things you can still do on the internet after net neutrality." In the first image he's holding a fidget spinner and dressed as Santa Claus, and the unmistakably patronizing video reminds critics that they can still upload photos of their meals to Instagram and "post photos of cute animals, like puppies." He also demonstrated that net neutrality critics can still stay part of their favorite fan communities -- by showing himself holding a light saber. And this unexpectedly drew the wrath of Star Wars actor Mark Hamill, who responded on Twitter by calling him "Ajit 'Aren't I Precious?' Pai."

Hamill also added that "you are profoundly unworthy 2 wield a lightsaber. A Jedi acts selflessly for the common man, NOT lie 2 enrich giant corporations." When U.S. Senator Ted Cruz responded -- likening government overreach to Darth Vader and urging Hamill to "reject the dark side" -- Hamill responded again, complaining that the Senator was "smarm-splaining." Hamill also added, "you'd have more credibility if you spelled my name correctly. I mean IT'S RIGHT THERE IN FRONT OF YOU! Maybe you're just distracted from watching porn at the office again."

The Houston Chronicle reports that the newest meme on Twitter is now Pai's over-sized coffee mug stamped with the logo for Reese's Peanut Butter cups, "which he occasionally sipped from during the widely-criticized reversal." The Dangerous Minds site notes that some angry net neutrality supporters have even taken their complaints to Reese's Facebook page, adding "Perhaps these protester's pleas to the candy company are simply a misguided hope that someone, ANYONE will listen to their frustration."

"Clearly, the FCC wasn't listening to the estimated 83% of Americans who support net neutrality."
Crime

Stolen Car Recovered With 11,000 More Miles -- and Lyft Stickers (sfgate.com) 119

The San Francisco Bay Area has more car thefts than any region in America, according to SFGate.com. A National Insurance Crime Bureau report found that between 2012 and 2014, there were an average of 30,000 car thefts a year just in the cities of San Francisco, Oakland and Hayward. But one theft took a strange turn. An anonymous reader quotes their report: Cierra and Josh Barton purchased a new Honda HR-V at the beginning of summer. It was stolen while parked in front of their Livermore apartment complex at the end of August. Four months later, Hayward police called the Bartons to say they had recovered the vehicle... What they found, to their surprise, was a car in relatively good shape -- a few dents, a rattling hood. But in the back and front windows were Lyft stickers, Cierra Barton said.

The odometer had spiked from 2,000 miles to more than 13,000. And in the back seat, Cierra said she found a pillow, a jacket and a stuffed animal. "It wasn't burned out, it wasn't gutted, but it appeared to be have been used as a Lyft," she said. That, Cierra added, was even worse than she imagined. "Not only did someone steal our car, they made money off it!"

Lyft says that "Given the information provided, we are unable to match this vehicle to any Lyft accounts in the area," adding they "stand ready to assist law enforcement in any investigation."
AMD

AMD Is Open-Sourcing Their Official Vulkan Linux Driver (phoronix.com) 75

An anonymous reader writes: While many of you have likely heard of the "RADV" open-source Vulkan driver, it's been a community-written driver up to this point in the absence of AMD's official, cross-platform Vulkan driver being open-source. That's now changed with AMD now open-sourcing their official Vulkan driver. The code drop is imminent and they are encouraging the use of it for quick support of new AMD hardware, access to the Radeon GPU Profiler, easy integration of AMD Vulkan extensions, and enabling third-party extensions. For now at least it does provide better Vulkan performance than RADV but the RADV developers have indicated they plan to continue development of their Mesa-based Vulkan driver.
Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 100

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Windows

Lead Developer of Popular Windows Application Classic Shell Is Quitting 97

WheezyJoe writes: Classic Shell is a free Windows application that for years has replaced Microsoft's Start Screen or Start Menu with a highly configurable, more familiar non-tile Start menu. Yesterday, the lead developer released what he said would be the last version of Classic Shell. Citing other interests and the frequency at which Microsoft releases updates to Windows 10, as well as lagging support for the Win32 programming model, the developer says that he won't work on the program anymore. The application's source code is available on SourceForge, so there is a chance others may come and fork the code to continue development. There are several alternatives available, some pay and some free (like Start10 and Start Is Back++), but Classic Shell has an exceptionally broad range of tweaks and customizability.
Encryption

PHP Now Supports Argon2 Next-Generation Password Hashing Algorithm (bleepingcomputer.com) 94

An anonymous reader quotes Bleeping Computer: PHP got a whole lot more secure this week with the release of the 7.2 branch, a version that improves and modernizes the language's support for cryptography and password hashing algorithms.

Of all changes, the most significant is, by far, the support for Argon2, a password hashing algorithm developed in the early 2010s. Back in 2015, Argon2 beat 23 other algorithms to win the Password Hashing Competition, and is now in the midst of becoming a universally recognized Internet standard at the Internet Engineering Task Force (IETF), the reward for winning the contest. The algorithm is currently considered to be superior to Bcrypt, today's most widely used password hashing function, in terms of both security and cost-effectiveness, and is also slated to become a favorite among cryptocurrencies, as it can also handle proof-of-work operations.

The other major change in PHP 7.2 was the removal of the old Mcrypt cryptographic library from the PHP core and the addition of Libsodium, a more modern alternative.

Education

Massive Financial Aid Data Breach Proves Stanford Lied For Years To MBAs (poetsandquants.com) 116

14 terabytes of "highly confidential" data about 5,120 financial aid applications over seven years were exposed in a breach at Stanford's Graduate School of Business -- proving that the school "misled thousands of applicants and donors about the way it distributes fellowship aid and financial assistance to its MBA students," reports Poets&Quants. The information was unearthed by a current MBA student, Adam Allcock, in February of this year from a shared network directory accessible to any student, faculty member or staffer of the business school. In the same month, on Feb. 23, the student reported the breach to Jack Edwards, director of financial aid, and the records were removed within an hour of his meeting with Edwards. Allcock, however, says he spent 1,500 hours analyzing the data and compiling an 88-page report on it...

Allcock's discovery that more money is being used by Stanford to entice the best students with financial backgrounds suggests an admissions strategy that helps the school achieve the highest starting compensation packages of any MBA program in the world. That is largely because prior work experience in finance is generally required to land jobs in the most lucrative finance fields in private equity, venture capital and hedge funds.

Half the school's students are awarded financial aid, and though Stanford always insisted it was awarded based only on need, the report concluded the school had been "lying to their faces" for more than a decade, also identifying evidece of "systemic biases against international students."

Besides the embarrassing exposure of their financial aid policies, there's another obvious lesson, writes Slashdot reader twentysixV. "It's actually way too easy for users to improperly secure their files in a shared file system, especially if the users aren't particularly familiar with security settings." Especially since Friday the university also reported another university-wide file-sharing platform had exposed "a variety of information from several campus offices, including Clery Act reports of sexual violence and some confidential student disciplinary information from six to 10 years ago."
Transportation

Drone Pilot Arrested After Flying Over Two Stadiums, Dropping Leaflets (cbslocal.com) 108

"A man with an anti-media agenda was arrested in Oakland after he flew a drone over two different stadiums to drop leaflets" last Sunday, writes Slashdot reader execthis. A local CBS station reports: According to investigators, [55-year-old Tracy] Mapes piloted his drone over Levi's Stadium during the second quarter of the 49ers-Seattle game and released a load of pamphlets. He then quickly landed the drone, loaded it up and drove over to Oakland. He flew a similar mission over the Raiders-Broncos game. Santa Clara Police Lt. Dan Moreno said after Mapes was apprehended he defended the illegal action as a form of free speech.
USA Today reports there's now also an ongoing federal investigation "because the Federal Aviation Administration prohibits the flying of drones within five miles of an airport. Both Levi's Stadium and Oakland Coliseum are within that range."

"The San Francisco Chronicle added that the drone was a relatively ineffective messenger because 'most of the drone-dropped leaflets were carried away by the wind.'"
NASA

Voyager 1 Fires Up Thrusters After 37 Years (nasa.gov) 127

If you tried to start a car that's been sitting in a garage for decades, you might not expect the engine to respond. But a set of thrusters aboard the Voyager 1 spacecraft successfully fired up Wednesday after 37 years without use. NASA announces: Voyager 1, NASA's farthest and fastest spacecraft, is the only human-made object in interstellar space, the environment between the stars. The spacecraft, which has been flying for 40 years, relies on small devices called thrusters to orient itself so it can communicate with Earth. These thrusters fire in tiny pulses, or "puffs," lasting mere milliseconds, to subtly rotate the spacecraft so that its antenna points at our planet. Now, the Voyager team is able to use a set of four backup thrusters, dormant since 1980. "With these thrusters that are still functional after 37 years without use, we will be able to extend the life of the Voyager 1 spacecraft by two to three years," said Suzanne Dodd, project manager for Voyager at NASA's Jet Propulsion Laboratory, Pasadena, California.
Intel

Clear Linux Beats CentOS, openSUSE, and Ubuntu in (Enterprise) Benchmark Tests (phoronix.com) 136

An anonymous reader writes: Recently completed Linux distro benchmarks by Phoronix show Intel's Clear Linux is the most powerful on x86 hardware. A six-way, enterprise-focused Linux distro comparison show Clear Linux being the fastest with a Core i9 and Xeon systems, easily beating CentOS, openSUSE, and Ubuntu in a majority of the tests.

When doing an 11-way Linux distro boot test they also found Clear Linux easily booted the fastest followed by the Clear-inspired Solus distribution. Clear Linux does work on AMD hardware and works on Intel CPUs back to Sandy Bridge but leverages its speed from optimized compiler settings, specially built libraries capable of AVX instructions on supported systems, a specially tuned kernel configuration, and other optimizations/patches.

Debian 9.2 and Fedora 27 "ended up being dropped from this article due to data overload," the article concludes, "and those distributions really not offering anything really different in terms of the performance."

Slashdot Top Deals