CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. From a report: Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an attempt to thwart automated detection by good guys. The Excel file contains macros that, when enabled, install GraceWire, a trojan that steals sensitive information such as passwords. The attacks are the work of a group Microsoft calls Chimborazo, which company researchers have been tracking since at least January. Previously, Microsoft observed Chimborazo distributing the Excel file in attachments included in phishing messages and later spreading through embedded Web links. In recent weeks, the group has begun sending phishing emails that change things up again. In some cases, the phishes include links that lead to redirector sites (usually legitimate sites that have been compromised). In other cases, the emails have an HTML attachment that contains a malicious iframe tag. Either way, clicking on the link or attachment leads to a site where targets download the malicious file, but only after completing the CAPTCHA (which is short for completely automated public Turing test to tell computers and humans apart). The purpose: to thwart automated analysis defenders use to detect and block attacks and get attack campaigns shut down. Typically the analysis is performed by what are essentially bots that download malware samples and run and analyze them in virtual machines. Requiring the successful completion of a CAPTCHA means analysis will only happen when a live human being downloads the sample. Without the automation, the chances of the malicious file flying under the radar are much better. Microsoft has dubbed Chimborazo's ongoing attack campaign Dudear.

Read more of this story at Slashdot.

Facebook on Thursday took down Trump campaign ads against antifa that prominently featured a symbol used by Nazis to designate political prisoners, a spokesperson for the company confirmed to The Hill. From the report: "We removed these posts and ads for violating our policy against organized hate," Facebook said in a statement. "Our policy prohibits using a banned hate group's symbol to identify political prisoners without the context that condemns or discusses the symbol." The ads featured an inverted red triangle, which was used by Nazis to identify political opponents including communists, social democrats and liberals at concentration camps. The symbol was included in 88 ads run by pages for President Trump, Vice President Pence and "Team Trump" alongside text warning readers of "Dangerous MOBS of far-left groups" and asking them to sign a petition against antifa, a loose group of radical activists that use direct action to fight against fascism. Just the ads on Trump's page were seen as many 950,000 times before being taken down. The Trump campaign is defending using the image, calling it a "common Antifa symbol" in a statement to The Hill. The campaign directed The Hill toward shirts, stickers and posters on websites were users can upload whatever design they would like to. The most common symbol used to identify antifa is a black and red flag or three arrows inside a circle.

Read more of this story at Slashdot.

Prime Minister Boris Johnson of Britain unveiled last month a "world beating" operation to track down people who had been exposed to the coronavirus, giving the country a chance to climb out of lockdown without losing sight of where infections were spreading. From a report: As with much of the government's response to the pandemic, however, the results have fallen short of the promises, jeopardizing the reopening of Britain's hobbled economy and risking a second wave of death in one of the countries most debilitated by the virus. In almost three weeks since the start of the system in England, called N.H.S. Test and Trace, some contact tracers have failed to reach a single person, filling their days instead with internet exercise classes and bookshelf organizing. Some call handlers, scattered in offices and homes far from the people they speak with, have mistakenly tried to send patients in England to testing sites across the sea in Northern Ireland. And a government minister threatened on a conference call to stop coordinating with local leaders on the virus-tracking system if they spoke publicly about its failings, according to three officials briefed on the call, who spoke on the condition of anonymity for fear of retribution. Contact tracing was supposed to be the bridge between lockdown and a vaccine, enabling the government to pinpoint clusters of infections as they emerged and to stop infected people from passing on the virus. Without it, a World Health Organization official said recently, England would be remiss in reopening its economy.

Read more of this story at Slashdot.

Gov. Gavin Newsom on Thursday ordered all Californians to wear face coverings while in public or high-risk settings, including when shopping, taking public transit or seeking medical care, following growing concerns that an increase in coronavirus cases has been caused by residents failing to voluntarily take that precaution. From a report: Newsom's order comes a week after Orange County rescinded a requirement for residents to wear masks and as other counties across California are debating whether to join other local jurisdictions in mandating face coverings. The Newsom administration did not address how the new requirement will be enforced or if Californians who violate the order will be subject to citations or other penalties. "Simply put, we are seeing too many people with faces uncovered -- putting at risk the real progress we have made in fighting the disease," Newsom said in a statement. "California's strategy to restart the economy and get people back to work will only be successful if people act safely and follow health recommendations. That means wearing a face covering, washing your hands and practicing physical distancing." Until now, state public health officials had only recommended that Californians wear the face coverings which, if worn by someone with the virus, have been shown to decease chances of spreading it to others.

Read more of this story at Slashdot.

A new project called Keen is launching today from Google's in-house incubator for new ideas, Area 120, to help users track their interests. The app is like a modern rethinking of the Google Alerts service, which allows users to monitor the web for specific content. From a report: Except instead of sending emails about new Google Search results, Keen leverages a combination of machine learning techniques and human collaboration to help users curate content around a topic. Each individual area of interest is called a "keen" -- a word often used to reference someone with an intellectual quickness. The idea for the project came about after co-founder C.J. Adams realized he was spending too much time on his phone mindlessly browsing feeds and images to fill his downtime. He realized that time could be better spent learning more about a topic he was interested in -- perhaps something he always wanted to research more or a skill he wanted to learn. To explore this idea, he and four colleagues at Google worked in collaboration with the company's People and AI Research (PAIR) team, which focuses on human-centered machine learning, to create what has now become Keen.

Read more of this story at Slashdot.

It's crazy. If everyone in America wore a mask, within a few weeks there would be no more new infections. We can't get that simple idea through the skulls of people who are entranced by the orange blob tweeting from the sub-basement of the White House.

I did create a new Hey account, I'm davew. I like it, but hey what I actually want a really simple scripting interface so I could write my own rules without having to try to figure out how the user interfaces for rules work in Gmail or Hey or Ha or Hmm or Heh or Who or Whatever. Silly thing is I had exactly that a long time ago with Eudora and Frontier and it worked exactly as well as you would think. I did all kinds of interesting web content apps with it. Email is a nice interface for web work. I bet you didn't know that.

The online giant bans products related to drugs, spying and weapons, but news outlet The Markeup found plenty for sale; one of the items bought on the site left a grim trail of overdoses. From a report: Amazon bans pill presses used to make prescription drugs. They're included among 38 pages of third-party seller rules and prohibitions for its U.S. marketplace. Yet an investigation by The Markup found that Amazon fails to properly enforce that list, allowing third-party sellers to put up and sell banned items. Alongside its third-party marketplace, Amazon sells products to consumers directly, and The Markup found it was also selling banned items itself, revealing cracks in the largely automated purchasing system that feeds its massive product catalog. We found nearly 100 listings for products that the company bans under its categories of drugs, theft, spying, weapons and other dangerous items, a virtual back alley where mostly third-party sellers peddle prohibited goods, some of which are used for illicit and potentially criminal activities. The Markup filled a shopping cart with a bounty of banned items: marijuana bongs, "dab kits" used to inhale cannabis concentrates, "crackers" that can be used to get high on nitrous oxide, and compounds that reviews showed were used as injectable drugs. We found two pill presses and a die used to shape tablets into a Transformers logo, which is among the characters that have been found imprinted on club drugs such as ecstasy. We found listings for prohibited tools for picking locks and jimmying open car doors. And we found AR-15 gun parts and accessories that Amazon specifically bans. Almost three dozen listings for banned items were sold by third parties but available to ship from Amazon's own warehouses. At least four were listed as "Amazon's Choice." The phrase "ships from and sold by Amazon.com" appeared beneath the buy button of five of the banned items we found, which two former employees confirmed means those products are, in fact, sold by Amazon. In addition, one of the sellers we were able to reach also confirmed it sold the items to Amazon.

Read more of this story at Slashdot.

Chinese search giant Baidu has left The Partnership on AI (PAI), a US-led effort to foster collaboration on the ethical challenges raised by artificial intelligence. From a report: Baidu is said to have cited the cost of membership and recent financial pressures for the move. But as relations between the US and China worsen, the departure comes amid growing challenges for companies and people in the two countries to collaborate, or find common ground, when it comes to critical technologies like AI. In a statement, Baidu said it "shares the vision of the Partnership on AI and is committed to promoting the ethical development of AI technologies. We are in discussions about renewing our membership, and remain open to other opportunities to collaborate with industry peers on advancing AI." Terah Lyons, executive director of PAI, says the company cited a weaker financial outlook for the decision, adding: "Baidu remains committed to our mission and hopes to be able to resume membership in 2021." The search giant was the only Chinese member of the Partnership on Artificial Intelligence.

Read more of this story at Slashdot.

Stockwell AI, which raised at least $45 million, entered the world with a bang but it is leaving with a whimper. From a report: Founded in 2017 by ex-Googlers, the AI vending machine startup formerly known as Bodega first raised blood pressures -- people hated how it was referenced and poorly "disrupted" mom-and-pop shops in one fell swoop -- and then raised a lot of money. But ultimately, it was no match for COVID-19 and the hit it has had on how we live. TechCrunch has learned and confirmed that Stockwell will be shutting down, after it was unable to find a viable business for its in-building app-controlled "smart" vending machines stocked with convenience store items. "Regretfully, the current landscape has created a situation in which we can no longer continue our operations and will be winding down the company on July 1st," co-founder and CEO Paul McDonald wrote in an email to TechCrunch. "We are deeply grateful to our talented team, incredible partners and investors, and our amazing shoppers that made this possible. While this wasn't the way we wanted to end this journey, we are confident that our vision of bringing the store to where people live, work and play will live on through other amazing companies, products and services."

Read more of this story at Slashdot.

Veteran journalist Om Malik, writing on his blog: I was reading Nikita Prokopov's blog this morning and came across his very visual damnation of what is wrong with Dropbox. Like me, he too had thought that "in the beginning, Dropbox was great, but in the last few years, they started to bloat up." He visually shows that as an existing customer, you need to jump through a dozen hoops to get Dropbox going on a new machine. And if you are just signing up, add another five steps. His sentiments reflect my feelings about Dropbox, as well. When I fell in love with Dropbox, it had not even launched. It was simple and elegant. It was nothing like anything I had experienced before. And I wasn't alone. The company was one of the fastest-growing companies in Silicon Valley, because of customers appreciated their simplicity and ease of use. Their revenues and userbase grew at an astonishing speed. For nearly a decade, I stayed loyal to the service, but like Prokopov, I too felt the bloat was getting too much. [...] I don't blame Dropbox going the way they have -- they are less about the individual customers and more focused on teams and corporations. That's where the money is -- and when you go public, you are all about the "quarterly goals." You don't go public without knowing that Wall Street owns you.

Read more of this story at Slashdot.

Wirecard was engulfed in a deepening crisis on Thursday after a warning from the German payments group that $2.1 billion of cash was missing [Editor's note: the link may be paywalled; alternative source] sent its shares crashing. From a report: The company was told by EY that there were indications a trustee of Wirecard bank accounts had attempted "to deceive the auditor" and that "spurious cash balances" might have been provided to EY by a third party. The disclosure left Wirecard unable to release its 2019 results as it had promised to do on Thursday and gives banks the option of terminating $2.2 billion of loans unless they are published by Friday June 19. In a statement Wirecard said it was "working intensively together with the auditor towards a clarification of the situation." The revelation caps a tumultuous period for Wirecard, a company long regarded as a great hope for Germany's tech sector but one that has spent the past 18 months battling to allay concerns over its accounting. Investors' enthusiasm for the company, whose aggressive expansion was masterminded by Markus Braun, its chief executive and largest shareholder, catapulted it into Germany's prestigious Dax 30 index two years ago with a market value of $27 billion. It slumped to less than $5.6 billion on Thursday as its shares plunged almost 70%

Read more of this story at Slashdot.

An anonymous reader shares a report: The volunteer moderators of Reddit's r/blackladies community -- an online message board that currently has over 40,000 members -- wrote an open letter outlining their frustrations with the popular website in August 2014. They had pitched their message board, known as a subreddit, as a safe space for Black women, but were being deluged with hateful comments and links to racist content from anonymous accounts. "They are relentless, coming in barrages," the moderators wrote. "We have a racist user problem and Reddit won't take action." Several months later Alexis Ohanian, one of Reddit's co-founders, joined a comment thread on r/blackladies discussing the letter. Ohanian, who had recently returned to the company as its executive chairman, said protecting communities like theirs from abuse was a "top priority." He solicited suggestions on how to do it, and expressed interest in an "ongoing dialogue with all of the mods who signed onto the open letter." Reddit user TheYellowRose, a r/blackladies moderator who helped write the letter said in a recent phone interview that Ohanian's promised dialogue never materialized. To TheYellowRose, who asked to be identified only by her screen name because she is still regularly subjected to racist abuse and fears physical violence if her identity is revealed, Ohanian's initial enthusiasm for the idea seemed like just another example of the company's leaders trying to say the right things without seriously confronting the ways their site harbored extremists and gave them a place to organize. Reddit has faced several potential inflection points in its approach to racism in the six years since then, but has never undertaken a full enough reckoning to satisfy its critics. It's facing another big moment in the aftermath of the killing of George Floyd. Once again, the pressure is coming in part from the volunteers who moderate Reddit's countless message boards. On June 1, Steve Huffman, another co-founder who has been chief executive since 2015, sent a note to Reddit employees voicing support for the Black Lives Matter movement. "We do not tolerate hate, racism, and violence, and while we have work to do to fight these on our platform, our values are clear," he wrote.

Read more of this story at Slashdot.

Yesterday I posted here and on Twitter this idea:

• I’d like to do a new server-side JavaScript environment that’s compatible with Node, ie runs Node apps, no breakage, but it also eliminates the need for callbacks, promises or async/await. I believe it’s technically possible.

A friend suggested using Babel to prototype this.

• I could imagine a modifier keyword on a function that means this function is internally going to do async things and calls to it should block until until it completes. That could be translated by a Babel plugin into somewhat that internally uses promises queuing to make callers wait for completion.

This is the way to start. I wonder if anyone reading this has the expertise in Babel to make this work. I've started a thread over in the repo to discuss.

I will write up some code to demonstrate what the Babel plug-in will do, hopefully later today. Stay tuned.

Why try to simplify?

I was asked on Twitter why I want this. There are all kinds of overhead, time, space, and intellectual. I program in a high level language instead of machine language because there's less intellectual overhead. It would save both time and space to use machine language. But I'm saving complexity by programming in a HLL, and that means I can build more complex and useful software.

Why not just use promises, they're easy my correspondent asks. I say it's easier to not have to program something than use something that makes it easier to program. That's the philosophy of factoring. However the JavaScript I envision would be backward compatible with EC6. It would run any code that runs in Node. But it would also be able to process asynchronous functions with syntax that's as simple for a programmer as calling a synchronous function.

I don't think there's any question that callbacks are something we'd like to simplify. I'm saying it's possible to simplify callbacks by removing the need to use them for simple asynchronous I/O operations, yet give up none of the efficiency. Most other languages do it, so can JavaScript.

There's another reasons, transparency in APIs. For example, I might want to prototype a function by storing its data in memory, but at a later time may decide to store it on disk or on the net. I want to keep the interface unchanged, but with today's JavaScript you can't, you have to go to callbacks/promises/etc.

In general, the philosophy of factoring says you take a problem that you're solving over and over, and create a library of functions that do it, and call them instead of replicating the code.

With Twitter's new voice tweet feature, i'd like a very simple way to post a voice message to an RSS feed. I can help with this. I have lots of working code for dealing with feeds, as you might imagine. Let's make podcasts super easy for the people.