"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads." An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...." According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice. "The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood. "Nothing's stopping this happening again, and it's terrifying."

Read more of this story at Slashdot.

The Wall Street Journal reported that the Saudi crown prince was in contact with the team that killed Jamal Khashoggi

Final communique reiterates US decision to withdraw from Paris deal and omits G20 pledges to fight protectionism.

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them. According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native. The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum." And there's even a long list of upcoming Linux conferences...

Read more of this story at Slashdot.

Lawyers lodge case against Rania Youssef, accusing actress of 'debauchery' for exposing legs at Cairo film festival.

Khadim Hussain Rizvi and three others of TLP charged following protests over Aasia Bibi's acquittal in blasphemy ordeal.

AmiMoJo writes: Japanese broadcaster NHK is launching the world's first 8K TV channel with a special edition of 2001: A Space Odyssey. NHK asked Warner Bros. to scan the original negatives at 8K specially for the channel. 8K offers 16 times the resolution of standard HD, 120 frames per second progressive scan, and 24 channels of sound. NHK is hoping to broadcast the 2020 Tokyo Olympics on the channel. 17 other channels also began broadcasting 4K programming today, according to Japan Times, even though, as Engadget points out, "almost no one has an 8K display, and most of the people who do need a special receiver and antenna just to pick up the signal... Also, HDMI 2.1 hasn't been implemented in any of these displays yet, so just getting the signal from box to TV requires plugging in four HDMI cables." NHK's channel will broadcast for 12 hours a day, reports the BBC, adding that Samsung already sells an 8K TV for $15,000, and that LG has announced one too, while Engadget reports that Sharp sells one for $6,600.

Read more of this story at Slashdot.

French President Emmanuel Macron is in Argentina for the G20 summit, but he remains firmly in the crosshairs of the yellow vest protest movement that appears to have the support of the French public.

Andres Manuel Lopez Obrador will soon be sworn in as the new Mexican president and, although he won in a landslide, not everyone is excited.

Ukrainian leader warns of the Russian military build-up as he rallies for action after the first open attack by Moscow.

Imran Khan's idea to 'uplift' the poor by developing the poultry industry sets Twitter alight with jokes at his expense.

The festival highlights local Qatari filmmakers as well as international films from over 30 countries.

Leonovo will add $7.3 million into a $1M fund settling a class action lawsuit over their undisclosed pre-installation of Superfish's targeting adware on 28 different laptop models in 2014. Within one year the U.S. Department of Homeland Security had warned that the adware made laptops vulnerable to SSL spoofing, allowing the reading of encrypted web traffic and the redirecting of traffic from official websites to spoofs, while according to Bloomberg the original software itself also "could access customer Social Security numbers, financial data, and sensitive heath information, the court said." An anonymous reader quotes Softpedia: According to a "SuperFish Vulnerability" advisory published by Lenovo on their support website following the discovery of the pre-installed software by consumers, the VisualDiscovery comparison search engine software was designed to work in the background, intercepting HTTP(S) traffic with the help of a self-signed root certificate that allowed it to decrypt and monitor all traffic, encrypted or not.... "VisualDiscovery was installed on nearly 800,000 Lenovo laptops sold in the United States between September 1, 2014 and February 28, 2015," also states the settlement agreement. "On January 18, 2015, in response to mounting complaints about the effects of VisualDiscovery, Lenovo instructed Superfish to turn it off at the server level...." Out of the 800,000 who bought the laptops that came with VisualDiscovery pre-installed, the 500,000 ones who registered their devices with Lenovo or bought them from retailers such as Best Buy and Amazon will be contacted directly by the Chinese company and informed about the settlement agreement. The rest of the customers who cannot be reached straightaway will be targeted by Lenovo using multiple online advertising platforms, from Google to Twitter and Facebook. A separate settlement with the FTC in 2017 was criticized for its failure to fine Lenovo -- though it did require the company to get affirmative consent for any future adware programs, plus regular third-party audits of its bundled software for the next 20 years.

Read more of this story at Slashdot.

Chris Reeve writes: Wired Magazine is reporting that astronomers have since 2014 witnessed up to 100 possible instances of quasars transforming into galaxies over very short timespans, but the article leaves no hint of the trouble this spells for the Big Bang cosmology. The article begins, "Stephanie Lamassa did a double take. She was staring at two images on her computer screen, both of the same object — except they looked nothing alike... The quasar seemed to have vanished, leaving just another galaxy. That had to be impossible, she thought. Although quasars turn off, transitioning into mere galaxies, the process should take 10,000 years or more. This quasar appeared to have shut down in less than 10 years — a cosmic eyeblink." What the Wired article fails to mention is that the short timespans vindicate the quasar ejection model proposed by Edwin Hubble's assistant, Halton Arp, who insisted that these objects must be considerably closer than the extreme distances inferred by their redshifts: "The conclusion was very, very strong just from looking at this picture that these objects had been ejected from the central galaxy, and that they were initially at high redshift, and the redshift decayed as time went on. And therefore, we were looking at a physics that was operating in the universe in which matter was born with low mass and very high redshift, and it matured and evolved into our present form, that we were seeing the birth and evolution of galaxies in the universe." Arp's attempts to publish his quasar ejection model famously led to his removal from the world's largest optical telescope at that time — the 200-inch Palomar. He decided to resign from his permanent position at the Carnegie Institute of Washington on the principle of "whether scientists could follow new lines of investigation, and follow up... on evidence which apparently contradicted the current theorems and the current paradigms." The fact that these quasar changes appear to occur over just months in some cases should raise questions about whether or not the objects are truly at the vast distances and scales implied by their redshift-inferred distances. The original submission also included a comment with a carefully-documented "list of vindications for Halton Arp" -- and complains again that Wired failed to include any mention of Arp's theory, and it's "dire" implications for the Big Bang theory's assumptions about redshift.

Read more of this story at Slashdot.

Hakeem Al-Araibi, 25, was arrested at Bangkok airport following an Interpol notice issued at Bahrain's request.