New submitter em1ly writes: A source familiar with the Nevada version of the error-ridden Iowa caucus app spoke to Motherboard about even more issues with the app. From the report: "After logging into the app, users were presented with a dashboard letting them submit how many caucus attendees they wished to add for each candidate, according to the app. A pop-up then asked, 'Are you sure you want to submit the first alignment? Please ensure all in-person participant counts are correct before confirming.' But submitting the counts for the first alignment did not work, according to a source. Motherboard granted the source anonymity to speak candidly about a technical issue. 'Error,' a second pop-up reads. 'Could not submit alignment.'" A Shadow spokesperson told Motherboard that "Because the deadline for the Nevada app was later, Shadow's Nevada app was still in beta testing, and that testing identified some errors that were being fixed." They also said that the app was on track for a "successful rollout" with the Nevada Democratic Party. "There was a new release ready to test in Nevada following the Iowa caucuses. That version wasn't ready for use and has not been, and will not be released," they added. Nevada Democrats have already said they will not use the app.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: The British government is helping a controversial Israeli spyware company to market its surveillance technologies at a secretive trade fair visited by repressive regimes, the Guardian can reveal. The government will host the NSO Group, which sells technology that has allegedly been used by autocratic regimes to spy on the private messages of journalists and human rights activists, at the closed Security and Policing trade fair in Hampshire next month. The NSO Group is due to be an exhibitor at the three-day fair, where police and security officials from abroad can browse commercial stalls selling surveillance and crowd-control equipment. Around 60 foreign delegations are typically hosted by the British government to the fair. In the last four years they have included countries whose human rights records have been criticized such as Saudi Arabia, Egypt, the UAE, Oman, Qatar and Hong Kong. The identities of this year's delegations are not known as they are usually announced on the opening day of the fair. NSO has faced allegations that its technology is used to target human rights activists and reporters around the world. At least three UK residents are among those who are alleged to have been targeted using spyware sold by NSO. Among them is a prominent London-based satirist who is suing Saudi Arabia in the UK courts alleging that the Riyadh regime targeted him using malware developed by the firm. The closed Security and Policing trade fair will take place on March 3 at the Farnborough airport exhibition center.

Read more of this story at Slashdot.

Must-read interview with James Carville.

Braintrust query: Here's an interesting piece of data. I said Hey Doc, create an AWS account. I didn't tell him how to do it. I wanted to see what happened. He didn't succeed. OK so this means to me that we need a piece of software. A rough idea of how it would work. The user signs on to their Amazon account, the one they use to buy socks, and then authorizes you to act on its behalf with AWS. Ideally that would feel, to the user, like giving access to an app to use their Twitter identity. From there, you create a pair of S3 buckets, one private and one public. Then you allow my software to access his bucket. I don't know what all these steps are. But it should draw on a user's ability to create accounts on other popular services. I imagine it's what Amazon itself would create if they wanted to provide a service to non-developers. I imagine at this time they consider it a "developer opportunity." I need this functionality as a go-between my users and my software. I don't want to store their stuff long-term, because I dont have a long-term.

Starting in March 2020, public transport in Luxembourg will be free of charge. Primarily a social measure, this policy will also be implemented to decrease congestion in the capital region. From a report: Luxembourg's public transportation system is already heavily subsidized as fares in the country are as low as $2.2 per two hours. Even so, the country has the highest car ownership per person in Europe. This is mainly because citizens and out-of-country commuters argue that Luxembourg's public transportation is more time consuming compared to driving. Additionally, its unique position between France, Belgium, and Germany, draws lots of commuters across its borders every day. Therefore, the investment and legislation for free public transportation will be complemented by improving the country's network, but also for raising the minimum wage, pension adjustments, and financial aid for higher education. For out-of-country commuters, a parallel policy will allow workers to deduct travel expenses from their annual tax bill. However, many citizens argue that the money spent on free transportation and modernising the system can be better spent on rent subsidies or social housing.

Read more of this story at Slashdot.

As I say in my podcast, this series is a rambling disorganized and repetitive conversation between Doc and myself. I'm getting huge value out of it. We're not going to hire a writer to do transcripts, because after that we'd need an editor to make sense of it. Maybe someday, could be a book or something, but right now it's just a conversation between two old friends. And it's giving me amazing information for my software development work.

A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect. From a report: The purpose of these drivers is to allow the hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped. This new novel technique has been spotted in two ransomware incidents so far, according to UK cybersecurity firm Sophos. In both cases, the ransomware was RobbinHood, a strain of "big-game" ransomware that's usually employed in targeted attacks against selected, high-value targets. In a report published late last night, Sophos described this new technique as follows: 1. Ransomware gang gets a foothold on a victim's network. 2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS. 3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access. 4. Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement. 5. Hackers install a malicious kernel driver named RBNL.SYS. 6. Attackers use this driver to disable or stop antivirus and other security products running on an infected host. 7. Hackers execute the RobbinHood ransomware and encrypt the victim's files

Read more of this story at Slashdot.

Jeffrey Ladish writes: I was recently the (unsuccessful) target of a very well-crafted phishing scam. As part of a housing search a few weeks ago, I was trawling craigslist and zillow for rental opportunities in the SF bay area. I reached out to a beautiful looking rental place to inquire about a tour. Despite my experience as a security professional, I didn't realize this was a scam until about the third email! Below I will account the story in excessive detail including screenshots. [...] The phishing team -- and given the work involved and the level of polish I bet it was a team -- ran a pretty tight operation. Their English was perfect, their emails looked professional, and their phishing site looked identical the original Airbnb site. The email domain "engineers-hibernia-chevron [dot] ca" redirected to "hibernia [dot] ca" to add legitimacy for those who took the extra step of looking up the domain. I'm even more impressed by their subtle psychological tricks. Each step of the way, they left out information which required me to ask for something if I wanted to proceed. It's a lot easier to be on your guard when others are asking you for things. When you're the one doing the asking, it's even harder to say something when things look strange, because you may already feel like you're being a burden on their time. For the initial ad, they left out the phone number so I had to ask. After they told me I could look at their airbnb site, I had to ask for a link. Then, after they sent me to search on Airbnb's site, I had to ask for the link again! That was deliberately planned! Throughout these interactions, they mentioned there were other people looking, maintaining a plausible sense of urgency. Finally, using Airbnb as the phishing site was clever, because it gave the impression of a trusted middleman. I was genuinely thrown off at first, because I couldn't figure out how they were planning to steal my financial information. If they had just asked for bank or credit card information early on, their game would have been easy to spot.

Read more of this story at Slashdot.

This video explains how the Repubs tore Michael Dukakis apart in 1988. Remember that when choosing a candidate to run against Trump, who is the great-great-grandchild heir to this slash-and-burn style of campaign. The Democratic Party in its current shape will not be able to help the nominee. That's why, even if you don't like oligarchs, it's so important that Bloomberg is building a campaign attack machine as fast as he can.

I did a search on Google yesterday trying to find a US government website. The top hit took me to a site that looked like the site I was looking for. I started filling in my information, then I noticed the URL wasn't on a .gov domain. Looked closer and realized it was a hack. I don't want to publicize the search; just to say there's another attack vector I hadn't considered and should have. I assumed a hack wouldn't be a top hit for a government site on Google.

Trolling 101: "The press, he likely knew, wouldn’t be able to resist criticizing him. To criticize him, they would have to talk about him."

French authorities on Friday said tech giant Apple has agreed to pay $27.4 million for failing to inform users that software updates to older iPhone models could slow down the device, according to French media. From a report: Le Parisien reported it was the highest fine for fraud ever imposed by the consumer watchdog. The crackdown comes two years after Apple admitted its iOS software slowed down the performance of older phones -- in particular, devices with shorter battery life.

Read more of this story at Slashdot.

A U.S. appeals court said late on Thursday it will not reconsider an October ruling that largely upheld the repeal of landmark net neutrality rules, rejecting requests by 15 U.S. states, and tech and advocacy groups. From a report: The Federal Communications Commission in December 2017 reversed Obama-era rules prohibiting internet service providers (ISPs) from blocking or throttling traffic, or offering paid fast lanes, a blow to large tech companies and consumer groups that had championed the level playing field of net neutrality. In orders issued Thursday, the full U.S. Court of Appeals for the District of Columbia declined without comment to rehear the decision, as did the three-judge panel that issued the ruling in October. FCC Chairman Ajit Pai, who had proposed and championed the repeal, was pleased with the decision, a spokeswoman for him said. "The internet has remained free and open, consumers have been protected, speeds have increased, and more and more Americans have gotten access to broadband," she said.

Read more of this story at Slashdot.

Makers of productivity suite Basecamp have announced Hey, an email product they plan to release this spring. Basecamp founder and CEO, Jason Fried shared the vision for what they are calling a much-improved approach to email in an open letter today on the Hey website: You started getting stuff you didn't want from people you didn't know. You lost control over who could reach you. You were forced to inherit other people's bad communication habits. Then an avalanche of automated emails amplified the clutter. And Gmail, Outlook, Yahoo, Apple, and all the others just let it happen. Now email feels like a chore, rather than a joy. Something you fall behind on. Something you clear out, not cherish. Rather than delight in it, you deal with it. Your relationship with email changed, and you didn't have a say. So good news, the magic's still there. It's just obscured -- buried under a mess of modern day bad habits and neglect. Some from people, some from machines, a lot from email systems. It deserves a dust off. A renovation. Modernized for the way we email today. With HEY, we've done just that. It's a redo, a rethink, a simplified, potent reintroduction of email. A fresh start, the way it should be. For web, iOS, and Android. HEY is our love letter to email, and we're sending it to you.

Read more of this story at Slashdot.

And here's Doc's cast. This is gold. The narrative of a user. I get so much out of this.