78-year-old filmmaker Werner Herzog shared some interesting thoughts before the release of his new documentary on asteroids, Fireball: Visitors From Darker Worlds now available on Apple TV+.

From Herzog's new interview with the science site inverse: Herzog tells Inverse he's less concerned than ever that a meteorite will destroy the Earth, but that doesn't mean we shouldn't still be worried about our own extinction. "It may be 100 million years to go until then," Herzog says, before adding, "within the next thousand years, we may have done such stupid things that we are not around anymore to contemplate it...."

There's a theory that all life on Earth came from a meteorite. Do you think that's possible...?

[I]f you expand the question, it wouldn't surprise me if we found life somewhere outside of our solar system, or even within our solar system, because we share the same chemistry with the universe. We share the same physics with the universe. And we share the same history with the universe. So with trillions and trillions and trillions of stars out there, it's highly likely that somewhere there are some forms of life. Probably not as good and interesting as in movies. We can be pretty certain there are no creatures out there like in Star Wars...

Have you heard the theory that we're living inside a simulation?

Yes, but I don't buy it. Because when I kick a soccer ball from the penalty spot, I know this is for real. If the goalie saves it, oh shit, this is for real.
He also discusses the 1998 asteroid disaster film Deep Impact and his own appearance on Rick and Morty, as well as part on The Mandalorian — and the experience of watching its premiere with 1,000 hardcore Star Wars fans. ("It was unbelievable. The first credit appears and there's a shout of joy that you cannot describe... It's evident Star Wars is a new mythology for our times, whether you like it or not.")

But though Herzog's films "often feature ambitious protagonists with impossible dreams, people with unique talents in obscure fields, or individuals who are in conflict with nature," according to Wikipedia, Herzog insists to Inverse that Elon Musk's plan to build a city on Mars is a "mistake."
In a blistering criticism, Herzog describes the idea as "an obscenity," and says humans should "not be like the locusts...."

Herzog is not opposed to going to Mars at all. In fact, the German filmmaker would "love to go [to Mars] with a camera with scientists." But the long-term vision of a Mars city is a "mistake." Herzog's main concern is that humanity should "rather look to keep our planet habitable," instead of trying to colonize another one.

In short, Mars is not a livable place. There is no liquid water at the surface, or air to breathe. Solar wind means inhabitants would be "fried like in a microwave," Herzog says.

Joe Morrison: The first time I spoke with Jennings Anderson, I couldn't believe what he was telling me. I mean that genuinely -- I did not believe him. He was a little incredulous about it himself. I felt like he was sharing an important secret with me that the world didn't yet know. The open secret Jennings filled me in on is that OpenStreetMap (OSM) is now at the center of an unholy alliance of the world's largest and wealthiest technology companies. The most valuable companies in the world are treating OSM as critical infrastructure for some of the most-used software ever written. The four companies in the inner circle -- Facebook, Apple, Amazon, and Microsoft -- have a combined market capitalization of over six trillion dollars. In almost every other setting, they are mortal enemies fighting expensive digital wars of attrition. Yet they now find themselves eagerly investing in and collaborating on OSM at an unprecedented scale (more on the scale later). What likely started as a conversation in a British pub between grad students in 2004 has spiraled out of control into an invaluable, strategic, voluntarily-maintained data asset the wealthiest companies in the world can't afford to replicate.

I will admit that I used to think of OSM as little more than a virtuous hobby for over-educated Europeans living abroad -- a cutesy internet collectivist experiment somewhere on the spectrum between eBird and Linux. It's most commonly summarized with a variant of this analogy: OSM is to an atlas as Wikipedia is to an encyclopedia. OSM acolytes hate this comparison in the much same way baseball players resent when people describe the sport as "cricket for fat people." While vaguely truthful, it doesn't quite get to the spirit of the thing. OSM is incomparable. Over 1.5M individuals have contributed data to it. It averages 4.5M changes per day. The stats page on the OSM Wiki is a collection of hockey sticks. [...]

Last week, Apple released macOS Big Sur and the rollout was anything but smooth. The mass upgrade caused the Apple servers responsible for checking if a user opens an app not downloaded from the App Store to slow to a crawl. Apple eventually fixed the problem, "but concerns about paralyzed Macs were soon replaced by an even bigger worry -- the vast amount of personal data Apple, and possibly others, can glean from Macs performing certificate checks each time a user opens an app that didn't come from the App Store," writes Dan Goodin via Ars Technica. From the report: Before Apple allows an app into the App Store, it must first pass a review that vets its security. Users can configure the macOS feature known as Gatekeeper to allow only these approved apps, or they can choose a setting that also allows the installation of third-party apps, as long as these apps are signed with a developer certificate issued by Apple. To make sure the certificate hasn't been revoked, macOS uses OCSP -- short for the industry standard Online Certificate Status Protocol -- to check its validity. [...] Somehow, the mass number of people upgrading to Big Sur on Thursday seems to have caused the servers at ocsp.apple.com to become overloaded but not fall over completely. The server couldn't provide the all clear, but it also didn't return an error that would trigger the soft fail. The result was huge numbers of Mac users left in limbo.

The post Your Computer Isn't Yours was one of the catalysts for the mass concern. It noted that the simple HTML get-requests performed by OCSP were unencrypted. That meant that not only was Apple able to build profiles based on our minute-by-minute Mac usage, but so could ISPs or anyone else who could view traffic passing over the network. (To prevent falling into an infinite authentication loop, virtually all OCSP traffic is unencrypted, although responses are digitally signed.) Fortunately, less alarmist posts like this one provided more helpful background. The hashes being transmitted weren't unique to the app itself but rather the Apple-issued developer certificate. That still allowed people to infer when an app such as Tor, Signal, Firefox, or Thunderbird was being used, but it was still less granular than many people first assumed. The larger point was that, in most respects, the data collection by ocsp.apple.com wasn't much different from the information that already gets transmitted in real time through OCSP every time we visit a website. [...] In short, though, the takeaway was the same: the potential loss of privacy from OCSP is a trade-off we make in an effort to check the validity of the certificate authenticating a website we want to visit or a piece of software we want to install.

In an attempt to further assure Mac users, Apple on Monday published this post. It explains what the company does and doesn't do with the information collected through Gatekeeper and a separate feature known as notarization, which checks the security even of non-App Store apps. The post went on to say that in the next year, Apple will provide a new protocol to check if developer certificates have been revoked, provide "strong protections against server failure," and present a new OS setting for users who want to opt out of all of this. [...] People who don't trust OCSP checks for Mac apps can turn them off by editing the Mac hosts file. Everyone else can move along.

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about one of those cases, and how a big company like Google might be able to lead the way in fixing it. This post is about the situation with Domain Keys Identified Mail (DKIM), a harmless little spam protocol that has somehow become a monster. My request is simple and can be summarized as follows: Dear Google: would you mind rotating and publishing your DKIM secret keys on a periodic basis? This would make the entire Internet quite a bit more secure, by removing a strong incentive for criminals to steal and leak emails. The fix would cost you basically nothing, and would remove a powerful tool from hands of thieves.

Wingsuits normally create a wide surface area of fabric between a skydiver's legs and from their legs to their arms, substantially slowing their fall.

But to create a buzz for the unveiling of BMW's new iX3 electric SUV, the company's creative consultancy Designworks "has partnered up with Austrian stuntman Peter Salzmann to unveil a wicked-cool new electric powered wingsuit that can propel a brave human being up to speeds nearing 200 miles-per-hour," reports Syfy Wire: Over the years since non-powered wingsuits first hit the extreme sports scene, Salzmann had pondered over how to infuse wingsuits with sustainable propulsion and the ability to climb. He teamed up with engineers and creative consultants at BMW's Designworks studio to create a pair of chest-mounted electric impellers and a special wingsuit that would utilize them. Realizing that the optimum airflow would exist in front of the suit, and not behind, Salzmann and the BMW crew pivoted to this front-end arrangement employing two 5-inch, 25,000 rpm impellers inside an aerodynamic, economical air-inlet package that mirrors the legendary German automotive firm's aesthetic sensibilities. For safety measures, there is a dedicated on/off switch to fire it up, a two-finger throttle device, a minimal steering component, and an instant cutoff switch for emergency situations, like encountering a flock of wild geese leisurely flying south for the winter.

While not built for extended flights, but short hops instead, the suit's propellers pump out approximately 20 horsepower for roughly five minutes, far superior than a standard wingsuit, whose horizontal glide rate falls one meter for every three meters traveled horizontally. Non-powered wingsuits max out at about 62 mph, but when Salzmann punches the electric boost, he can attain speeds over 186 mph, in addition to gaining altitude instead of gradually losing it.
BMW has released a terrific video with footage showing a trio of stuntment flying in formation in their powered wingsuits over the Austrian Alps.

"EFF is launching How to Fix the Internet, a new podcast mini-series to examine potential solutions to six ills facing the modern digital landscape," announces EFF.org: Over the course of 6 episodes, we'll consider how current tech policy isn't working well for users and invite experts to join us in imagining a better future... It's easy to see all the things wrong with the modern Internet, and how the reality of most peoples' experience online doesn't align with the dreams of its early creators. How did we go astray and what should we do now? And what would our world look like if we got it right...?

In each episode, we are joined by a guest to examine how the current system is failing, consider different possibilities for solutions, and imagine a better future. After all, we can't build a better world unless we can imagine it.

We are launching the podcast with two episodes: The Secret Court Approving Secret Surveillance, featuring the Cato Institute's specialist in surveillance legal policy Julian Sanchez; and Why Does My Internet Suck?, featuring Gigi Sohn, one of the nation's leading advocates for open, affordable, and democratic communications networks. Future episodes will be released on Tuesdays.
Other topics to be covered by the podcast mini-series:

• The third-party doctrine [which asserts "no reasonable expectation of privacy"]
• Barriers to interoperable technology
• Law enforcement's use of face recognition technology
• Digital first sale and the resale of intellectual property

Programming columnist Mike Melanson assesses the news that Guido Van Rossum, the creator of the Python programming language, has come out of retirement to join Microsoft's developer division: The news brought a flurry of congratulations and feature requests, though a few of the suggested features indeed, already exist. Others still were met with informative responses that make the resulting threads worth a perusal, especially if you're looking for a quick "who's who" on Twitter for the world of programming languages. Microsoft's Miguel de Icaza pointed out that this addition adds to the company's now growing list of language designers and contributors:

"The developer division at Microsoft now employs the language designers and contributors to Python, Java, JavaScript, Typescript, F# C#, C++. We just need some PHP, Rust and Swift magic to complete the picture."

[Microsoft senior software engineer Kat Marchán added "We actually have some early ex-moz Rust people too!"]

So, what can we expect from all of this? Is it a corporate takeover of open source, as some further down in the long list of replies always seem to suggest? Or is Microsoft planning the Frankenstein of all languages, with a little bit of this, a little bit of that? In all likelihood, you Python developers using Microsoft products probably have some good features to look forward to in the near future, and that's that, but there's always lingering fears...especially when it comes to Microsoft. As van Rossum suggests, stay tuned.
After Slashdot's earlier story, long-time reader alexgieg posted his own theory: "Several months ago the Excel folk within Microsoft asked users whether they'd like to have Python as an alternative scripting language in Office. Support for that was overwhelming, but nothing more was said on the matter since then. I guess this is Microsoft's answer."

An anonymous reader quotes a report from Ars Technica: On Thursday, an Amazon AWS blogpost announced that the company has moved most of the cloud processing for its Alexa personal assistant off of Nvidia GPUs and onto its own Inferentia Application Specific Integrated Circuit (ASIC). Amazon dev Sebastien Stormacq describes the Inferentia's hardware design as follows: "AWS Inferentia is a custom chip, built by AWS, to accelerate machine learning inference workloads and optimize their cost. Each AWS Inferentia chip contains four NeuronCores. Each NeuronCore implements a high-performance systolic array matrix multiply engine, which massively speeds up typical deep learning operations such as convolution and transformers. NeuronCores are also equipped with a large on-chip cache, which helps cut down on external memory accesses, dramatically reducing latency and increasing throughput."

When an Amazon customer -- usually someone who owns an Echo or Echo dot -- makes use of the Alexa personal assistant, very little of the processing is done on the device itself. [...] According to Stormacq, shifting this inference workload from Nvidia GPU hardware to Amazon's own Inferentia chip resulted in 30-percent lower cost and 25-percent improvement in end-to-end latency on Alexa's text-to-speech workloads. Amazon isn't the only company using the Inferentia processor -- the chip powers Amazon AWS Inf1 instances, which are available to the general public and compete with Amazon's GPU-powered G4 instances. Amazon's AWS Neuron software development kit allows machine-learning developers to use Inferentia as a target for popular frameworks, including TensorFlow, PyTorch, and MXNet.

An anonymous reader quotes a report from Ars Technica : In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else. With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario. Now, Kaminsky's DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name.

On Wednesday, researchers from Tsinghua University and the University of California, Riverside presented a technique that, once again, makes cache poisoning feasible. Their method exploits a side channel that identifies the port number used in a lookup request. Once the attackers know the number, they once again stand a high chance of successfully guessing the transaction ID. The side channel in this case is the rate limit for ICMP, the abbreviation for the Internet Control Message Protocol. To conserve bandwidth and computing resources, servers will respond to only a set number of requests from other servers. After that, servers will provide no response at all. Until recently, Linux always set this limit to 1,000 per second. To exploit this side channel, the new spoofing technique floods a DNS resolver with a high number of responses that are spoofed so they appear to come from the name server of the domain they want to impersonate. Each response is sent over a different port.

When an attacker sends a response over the wrong port, the server will send a response that the port is unreachable, which drains the global rate limit by one. When the attacker sends a request over the right port, the server will give no response at all, which doesn't change the rate limit counter. If the attacker probes 1,000 different ports with spoofed responses in one second and all of them are closed, the entire rate limit will be drained completely. If, on the other hand, one out of the 1,000 ports is open, then the limit will be drained to 999. Subsequently, the attacker can use its own non-spoofed IP address to measure the remaining rate limit. And if the server responds with one ICMP message, the attacker knows one of the previously probed 1,000 ports must be open and can further narrow down to the exact port number. Linux kernel developers responded by introducing a change that causes the rate limit to randomly fluctuate between 500 and 2,000 per second, preventing the new technique from working. Cloudflare also introduced a fix where its DNS service will fall back to TCP, "which is much more difficult to spoof," reports Ars.

The researchers' press release is available here.

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. From a report: The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term "tab-nabbing" refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario. This scenario refers to situations when users click on a link, and the link opens in a new tab (via the "target=_blank" attribute). These new tabs have access to the original page that opened the new link. Via the JavaScript "window.opener" function, the newly opened tabs can modify the original page and redirect users to malicious sites. This type of attack has powered quite a few phishing campaigns across the years. To mitigate this threat, browser makers like Apple, Google, and Mozilla have created the rel="noopener" attribute.

tlhIngan writes: Many years ago, Kojima Productions produced P.T., a "playable teaser" (rumored meaning to P.T.) for a now-cancelled Silent Hill survival-horror reboot. This was a popular teaser but when Kojima and Konami parted ways, it was swiftly removed from the Sony PlayStation Store. People who downloaded the trailer could still re-download it for a period but that was swiftly removed, leading to PS4s preloaded with the game spiking in price. Since the PS5 offers backwards compatibility, reviewers did test the PS5 playing back P.T. to find it still worked. However, this was short lived, as Sony removed the trailer from working in backwards compatible mode, as well as removing the ability to transfer the game to the PS5. Sony's response to the removal was "it was a publisher decision" to remove it from the backwards compatibility list.

In 1962 Sean Connery became the first actor to appear in movies as secret agent James Bond, and according to long-time Slashdot reader schwit1 was "The best of the many Bonds, by far."

An anonymous reader writes: Connery influenced the character deeply. The Huffington Post once wrote that James Bond wasn't Scottish until Sean Connery played the role. Ian Fleming was still writing his series of James Bond novels, and "After seeing Connery in Dr. No and thinking the actor did a superb job, Fleming wrote Connery's heritage into the character. In the book You Only Live Twice, Fleming wrote that James Bond's father was Scottish and was from the town of Glencoe. Coincidentally, Connery would film Highlander in Glencoe decades later."

Sir Sean Connery — he was also knighted in the year 2000 — performed many other iconic roles throught his long career, even playing the father of Harrison Ford's character in Indiana Jones and the Last Crusade. Leaving Bond behind, Connery appeared in many historical dramas, including the World War II movies The Longest Day and A Bridge Too Far, as well as The Man Who Would Be King, The Name of the Rose, and (in 2003) The League of Extraordinary Gentlemen. But throughout his life he was always in demand for high-quality action films, from The Hunt for Red October to The Rock, even co-starring with Catherine Zeta-Jones in the romantic caper film Entrapment at the age of 69.

And in Terry Gilliam's movie Time Bandits, Connery appears as more than one character, hinting that beneath the individual roles lay some timeless embodiment of strength and goodness itself.

The Wikimedia Foundation, the American non-profit organization that owns the internet domain names of many movement projects and hosts sites like Wikipedia, has decided to migrate their code repositories from Gerrit to Gitlab. Slashdot reader nfrankel shares the announcement: For the past two years, our developer satisfaction survey has shown that there is some level of dissatisfaction with Gerrit, our code review system. This dissatisfaction is particularly evident for our volunteer communities. The evident dissatisfaction with code review, coupled with an internal review of our CI tooling and practice makes this an opportune moment to revisit our code review choices. While Gerrit's workflow is in many respects best-in-class, its interface suffers from usability deficits, and its workflow differs from mainstream industry practices. This creates barriers to entry for the community and slows onboarding for WMF technical staff. In addition, there are a growing number of individuals and teams (both staff and non-staff) who are opting to forgo the use of Gerrit and instead use a third-party hosted option such as GitHub. Reasons vary for the choice to use third-party hosting but, based on informal communication, there are 3 main groupings: lower friction to create new repositories; easier setup and self-service of Continuous Integration configuration; and more familiarity with pull-request style workflows.

All these explanations point to friction in our existing code-review system slowing development rather than fostering it. The choice to use third-party code-hosting hurts our collaboration (both internal and external), adds to the confusion of onboarding, and makes it more difficult to maintain code standards across repositories. At the same time, there is a requirement that all software which is deployed to Wikimedia production is hosted and deployed from Gerrit. If we fail to address the real usability problems that users have with Gerrit, people will continue to launch and build projects on whatever system it is they prefer -- Wikimedia's GitHub already contains 152 projects, the Research team has 127 projects.

This raises the question: if Gerrit has identifiable problems, why can't we solve those problems in Gerrit? Gerrit is open source (Apache licensed) software; modifications are a simple matter of programming. [...] Upstream has improved the UI in recent releases, and releases have become more frequent; however, upgrade path documentation is often lacking. The migration from Gerrit 2 to Gerrit 3, for example, required several upstream patchsets to avoid the recommended path of several days of downtime. This is the effort required to maintain the status quo. Even small improvements require effort and time as, often, our use-case is very different from the remainder of the Gerrit community.

An anonymous reader quotes a report from Ars Technica: Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they're secured. The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it's patching. The key may also allow parties other than Intel -- say a malicious hacker or a hobbyist -- to update chips with their own microcode, although that customized version wouldn't survive a reboot.

"At the moment, it is quite difficult to assess the security impact," independent researcher Maxim Goryachy said in a direct message. "But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates." Goryachy and two other researchers -- Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies -- worked jointly on the project. The key can be extracted for any chip -- be it a Celeron, Pentium, or Atom -- that's based on Intel's Goldmont architecture. In a statement, Intel officials wrote: "The issue described does not represent security exposure to customers, and we do not rely on obfuscation of information behind red unlock as a security measure. In addition to the INTEL-SA-00086 mitigation, OEMs following Intel's manufacturing guidance have mitigated the OEM specific unlock capabilities required for this research. The private key used to authenticate microcode does not reside in the silicon, and an attacker cannot load an unauthenticated patch on a remote system."

Self-described "Java geek" nfrankel writes: At the beginning of 2019, I wrote about the state of Java modularization. I took a sample of widespread libraries, and for each of them, I checked whether:

- It supports the module system i.e. it provides an automatic module name in the manifest

- It's a full-fledged module i.e. it provides a module-info

The results were interesting. 14 out of those 29 libraries supported the module system, while 2 were modules in their own right.

Nearly 2 years later, and with Java 16 looming around the corner, it's time to update the report. I kept the same libraries and added Hazelcast and Hazelcast Jet. I've checked the latest version...

Three full years after that release, 10 out of 31 libraries still don't provide a module-compatible JAR. Granted, 3 of them didn't release a new version in the meantime. That's still 7 libraries that didn't add a simple line of text in their MANIFEST.MF
Meanwhile, long-time Slashdot reader AirHog argues that "Java is in a war for the browser. Can it regain the place it once held in its heyday?" All major browsers have disabled support for Java (and indeed most non-JavaScript technologies). Web-based front-ends are usually coded in JavaScript or some wrapper designed to make it less problematic (like TypeScript). Yes, you can still make websites using Java technology. There are plenty of 'official' technologies like JSP and JSF. Unfortunately, these technologies are entirely server-side. You can generate the page using Java libraries and business logic, but once it is sent to the browser it is static and lifeless... Java client-side innovation has all but stopped, at least via the official channels....

How can Java increase its relevance? How can Java win back client-side developers? How can Java prevent other technologies from leveraging front-end dominance to win the back-end, like Java once did to other technologies?

To win the war, Java needs a strong client-side option. One that lets developers make modern web applications using Java code. One that leverages web technologies. One that supports components. One that builds quickly. One that produces fast-downloading, high performance, 100-Lighthouse-scoring apps. One that plays nicely with other JVM languages. What does Java need?
Spoiler: The article concludes that "What Java needs Is TeaVM... an ahead-of-time transpiler that compiles Java classes to JavaScript."

emil (Slashdot reader #695) shares an article from Linux Journal re-visiting the saga of the btrfs file system (initially designed at Oracle in 2007): The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, [while] none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions.

Most of the intended goals of btrfs have been met. However, Red Hat famously cut continued btrfs support from their 7.4 release, and has allowed the code to stagnate in their backported kernel since that time. The Fedora project announced their intention to adopt btrfs as the default filesystem for variants of their distribution, in a seeming juxtaposition. SUSE has maintained btrfs support for their own distribution and the greater community for many years.

For users, the most desirable features of btrfs are transparent compression and snapshots; these features are stable, and relatively easy to add as a veneer to stock CentOS (and its peers). Administrators are further compelled by adjustable checksums, scrubs, and the ability to enlarge as well as (surprisingly) shrink filesystem images, while some advanced btrfs topics (i.e. deduplication, RAID, ext4 conversion) aren't really germane for minimal loopback usage. The systemd init package also has dependencies upon btrfs, among them machinectl and systemd-nspawn . Despite these features, there are many usage patterns that are not directly appropriate for use with btrfs. It is hostile to most databases and many other programs with incompatible I/O, and should be approached with some care.
The original submission drew reactions from three disgruntled btrfs users. But the article goes on to explore providers of CentOS-compatible btrfs-enabled kernels, ultimately opining that "There are many 'rough edges' that are uncovered above with btrfs capabilities and implementations, especially with the measures taken to enable it for CentOS. Still, this is far better than ext2/3/4 and XFS, discarding all the desirable btrfs features, in that errors can be known because all filesystem content is checksummed." It would be helpful if the developers of btrfs and ZFS could work together to create a single kernel module, with maximal sharing of "cleanroom" code, that implemented both filesystems... Oracle is itself unwilling to settle these questions with either a GPL or BSD license release of ZFS. Oracle also delivers a btrfs implementation that is lacking in features, with inapplicable documentation, and out-of-date support tools (for CentOS 8 conversion). Oracle is the impediment, and a community effort to purge ZFS source of Oracle's contributions and unify it with btrfs seems the most straightforward option... It would also be helpful if other parties refrained from new filesystem efforts that lack the extensive btrfs functionality and feature set (i.e. Microsoft ReFS).

Until such a day that an advanced filesystem becomes a ubiquitous commodity as Linux is as an OS, the user community will continue to be torn between questionable support, lack of features, and workarounds in a fragmented btrfs community. This is an uncomfortable place to be, and we would do well to remember the parties responsible for keeping us here.
So how do Slashdot's readers feel about btrfs?

Marketplace reports: Songwriter Tom Lehrer became a star in the 1950s and '60s writing and performing satirical songs that skewered just about everything... Lehrer, 92, announced Tuesday via his website that he's effectively putting everything he ever wrote into the public domain. That means his lyrics and sheet music are available for anyone to use or perform, without having to pay royalties or deal with lawyers... [Most of Lehrer's music "will be added gradually later with further disclaimers," according to Lehrer's web site.]

Lehrer's giving up those royalties. But in exchange, he's trying to give his work a new lease on life, said Siva Vaidhyanathan, a media studies professor at the University of Virginia. "Lehrer, in this case, is basically saying, 'Hey everybody, come revisit my material, come do with it what you want,'" he said... That could mean we'll be hearing more of Tom Lehrer's work, said Jennifer Jenkins, who runs the Center for the Study of the Public Domain at Duke Law School. "There is empirical research showing that when material enters the public domain, it actually gets used more," she said.
Lehrer's lyrics touched on geeky subjects including nuclear weapons, Wernher von Braun, and one song where he set the names of the chemical elements to a tune by Gilbert and Sullivan.

Wikipedia notes he "largely retired" in the 1970s to become a mathematics teacher at the University of California, Santa Cruz (also teaching the history of musical theatre). In the same decade he also wrote ten songs for The Electric Company, an educational TV show about reading broadcast on America's public television, singing two of the songs himself — L-Y and Silent E.

As part of efforts to stop the spread of false information about the coronavirus pandemic, Wikipedia and the World Health Organization announced a collaboration on Thursday: The health agency will grant the online encyclopedia free use of its published information, graphics and videos. The collaboration is the first between Wikipedia and a health agency. From a report: "We all consult just a few apps in our daily life, and this puts W.H.O. content right there in your language, in your town, in a way that relates to your geography," said Andrew Pattison, a digital content manager for the health agency who helped negotiate the contract. "Getting good content out quickly disarms the misinformation." Since its start in 2001, Wikipedia has become one of the world's 10 most consulted sites; it is frequently viewed for health information. The agreement puts much of the W.H.O.'s material into the Wikimedia "commons," meaning it can be reproduced or retranslated anywhere, without the need to seek permission -- as long as the material is identified as coming from the W.H.O. and a link to the original is included.

"Equitable access to trusted health information is critical to keeping people safe and informed," said Tedros Adhanom Ghebreyesus, the W.H.O.'s director general. His agency translates its work into six official languages, which do not include, for example, Hindi, Bengali, German or Portuguese, so billions of people cannot read its documents in their native or even second language. Wikipedia articles, by contrast, are translated into about 175 languages. The first W.H.O. items used under the agreement are its "Mythbusters" infographics, which debunk more than two dozen false notions about Covid-19. Future additions could include, for example, treatment guidelines for doctors, said Ryan Merkley, chief of staff at the Wikimedia Foundation, which produces Wikipedia. If the arrangement works out, it could be extended to counter misinformation regarding AIDS, Ebola, influenza, polio and dozens of other diseases, Mr. Merkley said, "But this was something that just had to happen now." Eventually, live links will be established that would, for example, update global case and death numbers on Wikipedia as soon as the W.H.O. posts them, Mr. Pattison said.

As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. ZDNet reports: The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft's own dialect of the ECMAScript standard (the JavaScript language). Development on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE. Across the years, threat actors realized they could attack the JScript engine, as Microsoft wasn't actively developing it and only rarely shipped security updates, usually only when attacked by threat actors. [...]

Now, 11 years after deprecating the component, Microsoft is finally giving system administrators a way to disable JScript execution by default. According to Microsoft, the October 2020 Patch Tuesday introduces new registry keys that system administrators can apply and block the jscript.dll file from executing code. Details on how this can be done are available below, as taken from Microsoft's documentation.

Long-time Slashdot reader theodp writes: After near death, MOOCs are booming during the coronavirus pandemic, reported the NY Times in May. That news apparently wasn't lost on Google and EdX, who on Thursday announced they've teamed up and are asking $298 (temporarily reduced to $268.20!) for Google's Power Searching with Google XSeries Program (learn "how to create an effective search query to yield the most relevant results").

In case that seems familiar to some, Google offered a free 5-hour online course called Power Searching with Google with the same instructor way back in 2012 (followed by the free Advanced Power Searching with Google in 2013). But before dismissing the new program as tone-deaf pandemic price gouging, check out the $0 course audit option for yourself or your kids.

The instructor for both Power Searching with Google and Advanced Power Searching With Google is Google's Daniel Russell, author of The Joy of Search, who gives students an engaging lesson in how to conduct fast and effective online research. Sure beats card catalog, and Readers' Guide to Periodical Literature searches, kids!