A Chinese bank required at least two western companies to install malware-laced tax software, according to a new report from the cyber-security firm Trustwave. "The two companies are a UK-based technology/software vendor and a major financial institution, both of which had recently opened offices in China," reports ZDNet: "Discussions with our client revealed that [the malware] was part of their bank's required tax software," Trustwave said Thursday... Trustwave, who was providing cyber-security services for the UK software vendor, said it identified the malware after observing suspicious network requests originating from its customer's network... Trustwave said the software worked as advertised, allowing its customer to pay local taxes, but that it also installed a hidden backdoor. The security firm says this backdoor, which Trustwave codenamed GoldenSpy and said it ran with SYSTEM-level access, allowed a remote attacker to connect to the infected system and run Windows commands, or upload and install other software... GoldenSpy installs two identical versions of itself, both as persistent autostart services. If either stops running, it will respawn its counterpart... The Intelligent Tax software's uninstall feature will not uninstall GoldenSpy. It leaves GoldenSpy running as an open backdoor into the environment, even after the tax software is fully removed. GoldenSpy is not downloaded and installed until a full two hours after the tax software installation process is completed. When it finally downloads and installs, it does so silently, with no notification on the system.

Read more of this story at Slashdot.

"Anyone familiar with how Windows and other operating systems work might know that files aren't actually deleted, they're marked to allow other data to overwrite them in the future," points out Hot Hardware, noting it's now led to the "quiet" launch of a new free Microsoft tool. Slashdot reader Mark Wilson writes that the tool even recovers files from drives that were formatted or became corrupt: The command line tool can be used to retrieve data from local hard drives as well as removable media such as USB drives and memory cards... [F]or those who don't mind rolling up their sleeves and getting their hands dirty, it provides a means of getting back files from NTFS, FAT, exFAT and ReFS formatted drives.

Read more of this story at Slashdot.

Some of America's biggest brands — Coca-Cola, The Hershey Company and the Levi Strauss & Co. — "are among the latest in pledging to halt advertising on Facebook as part of a growing boycott," reports USA Today: Despite Facebook CEO Mark Zuckerberg outlining several steps the social network will take to combat hate speech ahead of the 2020 presidential election Friday, the companies joined Unilever, Honda, Verizon and others in the protest... Jen Sey, chief marketing officer of Levi's, said in a statement late Friday the company was pausing all paid Facebook and Instagram advertising globally at least through the end of July across all of its brands. "When we re-engage will depend on Facebook's response," Sey said. The ad boycott on Facebook focuses on advertising for the month of July and also includes Eddie Bauer and Ben & Jerry's... Patagonia, REI, Mozilla and Upwork in addition to about 100 smaller companies also have said they are committed. Nearly all of the social media company's revenue comes from advertising on Facebook and Instagram. Shares of Facebook dropped more than 8% on Friday. Business Insider notes that the 8% drop in Facebook's stock price meant that Mark Zuckerberg's fortune dropped $7.21 billion in a single day. And then Sunday Starbucks announced they were also taking action, suspending advertising on all social media because "we believe both business leaders and policy makers need to come together to affect real change."

Read more of this story at Slashdot.

CNET is celebrating its 25th anniversary with articles remembering the 1990s — including that moment "when Hollywood finally noticed the web," calling it "a flawed but fun snapshot of the moment the internet took over the world..." "Twenty-five years ago, cinema met cyberspace in a riot of funky fashion, cool music and surveillance paranoia. It began in May 1995 with the release of Johnny Mnemonic, a delirious sci-fi action dystopia matching Keanu Reeves with seminal cyberpunk author William Gibson. In July, Sandra Bullock had her identity erased in conspiracy thriller The Net. In August, Denzel Washington pursued Russell Crowe's computer-generated serial killer in Virtuosity, and in September Angelina Jolie found her breakthrough role in anarchic adventure Hackers. In October, Kathryn Bigelow served up dystopian thriller Strange Days. It's hard to know what's most dated about these mid-'90s curios: the primitive-looking effects, the funky fashions or the clunky technology depicted on screen. But now, 25 years later, they've proved prescient in their concerns about surveillance, corporate power and the corruption of what seemed to be an excitingly democratic new age... Most tellingly, Johnny Mnemonic and the other tech-focused films of 1995 all express fears around the misuse of surveillance in a connected world. The Net updates the paranoia of '70s thrillers The Conversation and The Anderson Tapes, and each movie features an unholy alliance of avaricious corporate bad guys and authoritarian law enforcement. Or as Matthew Lillard's character puts it in Hackers, "Orwell is here and livin' large!" But the whistleblowing heroes of Hackers, The Net and Johnny Mnemonic use their skills to subvert and unpick the establishment's grip on technology. Hackers in particular radiates an infectious idealism as the diverse crew of anarchic youngsters rollerblade rings around the greedy suits and clueless cops, "snooping onto them as they snoop onto us". The movie highlights technology's potential to be a tool for wrongdoing and a democratic, open medium where you can be who you want to be... Sadly, 1995's wave of technology-themed movies have one other thing in common. They all bombed. CNET's reporter gets new quotes from the director of Hackers — as well as one of that film's then-15-year-old technical advisors, Nicholas Jareck. "For all its exaggerations," he says, "it does a decent job of showing the hacker spirit — those kids were tinkerers, experimenting, reveling in their ability to figure something out. It's a celebration of human ingenuity." Johnny Mnemonic. "Speaking on the phone from New York, Longo's memories are peppered with entertaining asides about who was 'evil,' 'a dick,' 'an idiot' or 'a fucking idiot.'"

Read more of this story at Slashdot.

"What if a single injection could lower blood levels of cholesterol and triglycerides — for a lifetime?" asks the New York Times. "In the first gene-editing experiment of its kind, scientists have disabled two genes in monkeys that raise the risk for heart disease." (Alternate source here.) Humans carry the genes as well, and the experiment has raised hopes that a leading killer may one day be tamed. "This could be the cure for heart disease," said Dr. Michael Davidson, director of the Lipid Clinic at the University of Chicago Pritzker School of Medicine, who was not involved in the research. But it will be years before human trials can begin, and gene-editing technology so far has a mixed tracked record. It is much too early to know whether the strategy will be safe and effective in humans; even the monkeys must be monitored for side effects or other treatment failures for some time to come. The results were presented on Saturday at the annual meeting of the International Society for Stem Cell Research, this year held virtually with about 3,700 attendees around the world. The scientists are writing up their findings, which have not yet been peer-reviewed or published... Both genes are active in the liver, which is where cholesterol and triglycerides are produced. People who inherit mutations that destroyed the genes' function do not get heart disease.

Read more of this story at Slashdot.

"Invisible outbreaks sprang up everywhere. The United States ignored the warning signs," writes the New York Times, in a detailed interactive data visualization. "We analyzed travel patterns, hidden infections and genetic data to show how the epidemic spun out of control." By mid-February, there were only 15 known coronavirus cases in the United States, all with direct links to China... The patients were isolated. Their contacts were monitored. Travel from China was restricted. None of that worked. Only a small part of the picture was visible. Some 2,000 hidden infections were already spreading through major cities... Genetic samples linked to the Seattle outbreak appeared in at least 14 states, said Trevor Bedford, a professor at Fred Hutchinson Cancer Research Center... In New York City, where officials had found only a single case by March 1, roughly 10,000 infections had spread undetected... More than 5,000 contagious travelers left New York City in the first two weeks of March, estimates suggest... People [from New York City] also made more than 25,000 trips to New Orleans, where genetic data suggests that a large early outbreak stemmed from infections from New York... Travel from the city helped to spread that variant across the country. "New York has acted as a Grand Central Station for this virus," said David Engelthaler of the Translational Genomics Research Institute. By the time President Trump blocked travel from Europe on March 13, the restrictions were essentially pointless. The outbreak had already been spreading widely in most states for weeks... The New Orleans outbreak helped seed infection across Louisiana and the South... Even now, America remains in the dark. Most infected people are never tested. There is little capacity to trace and isolate the contacts to those who do test positive. After the lockdowns expired, new cases spiked once again.

Read more of this story at Slashdot.

A bulleted list in reverse order of stuff I'm looking at.

• Have to test to see if it still works with Slack. I suspect it does. Here are the docs for posting to Slack from Radio3.
• I'm removing the UI for the features that ping updates for the feed in custom ways. You can use rssCloud, which is specified in the feed Radio3 keeps for you. If you've built a system that depends on this please let me know.
• OPML archive for the original settings dialog is here.
• I'm removing Facebook and Wordpress from the user interface. Trying to preserve as much of the code as possible, so if we ever can resume the connection with one or both, it will be as painless as possible.

Future possible use for Manhattan. A huge museum for how a centralized economy and cultural system worked before all that was blown apart by the net and a virus.

I'm starting to work on the UI of Radio3 now that the server issues seem settled. Logging my work here. Will get more formal later.

Strider- (Slashdot reader #39,683) shares a story from Reuters: Canada's Supreme Court on Friday ruled in favor of a driver in a gig economy case that paves the way for a class action suit calling for Uber Technologies Inc to recognize drivers in Canada as company employees. UberEats driver David Heller had filed a class action suit, challenged by Uber, aiming to secure a minimum wage, vacation pay and other benefits like overtime pay. Drivers are now classified as independent contractors and do not have such benefits. A lower court had already ruled that Uber's contracts included an arbitration clause that was "invalid and unenforceable," Reuters, reports, and it was Uber's attempt to appeal of that ruling that was dismissed by Canada's Supreme Court in an 8-1 vote. Reuters notes that "The arbitration process, which must be conducted in the Netherlands where Uber has its international headquarters, costs about C$19,000 ($14,500)." Meanwhile, CNN also reports that Uber and Lyft "could soon be forced to reclassify their drivers in California as employees or cease operating in the state as part of an escalating legal battle over a new law impacting much of the on-demand economy." California Attorney General Xavier Becerra and a coalition of city attorneys intend to file for a preliminary injunction this week to force the two ride-hailing companies to comply with the new state law, according to a press release issued Wednesday... "It's time for Uber and Lyft to own up to their responsibilities and the people who make them successful: their workers," said Becerra in a statement concerning the injunction the state is intending to file. "Misclassifying your workers as 'consultants' or 'independent contractors' simply means you want your workers or taxpayers to foot the bill for obligations you have as an employer.

Read more of this story at Slashdot.

Seen on an airplane recently.

Friday IBM Research updated their open source "IBM Differential Privacy Library," a suite of new lightweight tools offering "an array of functionality to extract insight and knowledge from data with robust privacy guarantees." "Most tasks can be run with only a single line of code," brags a new blog post (shared by Slashdot reader IBMResearch), explaining how it works: This year for the first time in its 230-year history the U.S. Census will use differential privacy to keep the responses of its citizens confidential when the data is made available. But how does it work? Differential privacy uses mathematical noise to preserve individuals' privacy and confidentiality while allowing population statistics to be observed. This concept has a natural extension to machine learning, where we can protect models against privacy attacks, while maintaining overall accuracy. For example, if you want to know my age (32) I can pick a random number out of a hat, say ±7 — you will only learn that I could be between 25 and 39. I've added a little bit of noise to the data to protect my age and the US Census will do something similar. While the US government built its own differential privacy tool, IBM has been working on its own open source version and today we are publishing our latest release v0.3. The IBM Differential Privacy Library boasts a suite of tools for machine learning and data analytics tasks, all with built-in privacy guarantees. Our library is unique to others in giving scientists and developers access to lightweight, user-friendly tools for data analytics and machine learning in a familiar environment... What also sets our library apart is our machine learning functionality enables organisations to publish and share their data with rigorous guarantees on user privacy like never before... Also included is a collection of fundamental tools for data exploration and analytics. All the details for getting started with the library can be found at IBM's Github repository.

Read more of this story at Slashdot.

An anonymous reader quotes ADTmag: The Eclipse Foundation this week announced Jakarta EE 9 Milestone 1, the final version of the enterprise Java specification before the first Release Candidate (RC). The Jakarta EE 9 release marks the final transition away from the javax.* namespace (which Oracle refused to give up) to Eclipse's jakarta.*. This release updates all the APIs to use jakarta.* in package names. In fact, Mike Milinkovich, executive director of the Eclipse Foundation, says that transition is really what this release is all about. "The main purpose...is to provide a release that is very similar to Java EE 8," Milinkovich told ADTmag, "with everything converted to the jakarta.* namespace. We're providing a stable technical conversion platform, so all the tools and frameworks in the ecosystem that are using, say, javax.servlet, can make the change with confidence." Giving the ecosystem solid footing for the transition from the Java EE coffee cup to the Jakarta EE sailboat is the Foundation's way of setting the stage for rapid innovation, Milinkovich said, once the transition is largely complete. "These technologies have been around for an awfully long time," he added, "and we had to provide folks with a stable platform for the conversion. At the same time, thanks to a contribution from IBM, we have the Eclipse Transformer Project, which is going to provide runtime enablement. If someone has an application they don't want to recompile, and that application is using the javax.* namespace, they will be able to run it on top of a Jakarta-compatible app server. That's going to provide binary compatibility for apps, going forward..."

Read more of this story at Slashdot.

I've spent a lot of time trying to figure out how to say this, and then this morning it just came out in a series of tweets. No need to unroll it, here's the text in a single blog post.

In my humble opinion, it's no coincidence that #BLM has huge momentum now when we have the most racist president in generations. Just as it's no coincidence that the most racist president followed the first African-American president.

It appears we're going to flip back to the positive direction, so the question is what do we want.

The big issues are imho:

1. Voting rights.
2. Health care.
3. Climate crisis.

Even more immediate: Assume the US govt is going to spend $10 trillion in the next year to keep the US from crashing. Should that money go to the 1% (where it would go by default, imho) or should we focus on making sure the money goes to solve the critical problems.

That money could restructure health care so it works for everyone. It could start the transition to a green economy. It could certainly help assure voting rights, and therefore a fairer government in future years, and maybe prevent the flipping back and forth.

I'm very concerned that we will end up settling for symbolic victories, removal of the stars and bars from the Mississippi state flag, removal of monuments, and nothing material will change. Symbolism is important, but we have big non-symbolic problems to solve.

The focus has been on changing minds and attitudes. I am open to that in every way. I learned a tremendous amount from the 1619 podcast. More of that please. I am reading the People's History of the United States -- again, eye-opening.

But you can't change people who don't want to change. This is why the approach that pundits are taking, saying we have to change people, they have to understand what it's like to be X, as a prerequisite for real change, that's not a good approach.

We can find win-wins right now. Restructuring health care won't just help people of color, it will help everyone. But imho is is a #BLM issue.

Voting rights matter, even if it only re-enfranchises African-Americans, because many of us want the kind of government African-Americans will vote for.

It doesn't have to be either/or, in fact if it is, we will all lose. Repubs will continue to dominate, and all the resources will continue to flow to the 1%.

There will be a lot of change in the next year. This is a pivotal time. We must organize, black, white, all genders, all races, ages, erase the wedges and act in all our interests to save lives, and overcome the challenges in front of us.

Let's find our inner-Americans, and fight to live up to the promise of our nation.

A high school computer science teacher claims there's an "unacknowledged failure" of America's computer science (CS) classes at the high school and junior high school level. "Visit classrooms and you'll find students working with robotic sensors, writing games and animations in Scratch, interfacing with Arduino microcontrollers, constructing websites, and building apps with MIT App Inventor... "Look underneath the celebratory and self-congratulatory remarks, however, and you'll find that, although contemporary secondary education is quite good at generating initial student interest, it has had much less success at sustaining that engagement beyond a few weeks or months, and has frankly been ineffectual in terms of (a) measurable learning for the majority of students; (b) boosting the number of students who take a second CS course, either in high school or college; and (c) adequately preparing students for CS college study." Long-time Slashdot reader theodp writes: In " A New Pedagogy to Address the Unacknowledged Failure of American Secondary CS Education ," high school computer science teacher Scott Portnoff argues that a big part of the problem is the survey nature of today's most popular high school CS course offerings — Exploring Computer Science (ECS) and AP Computer Science Principles (AP CSP) — both of whose foundational premise is that programming is just one of many CS topics. "Up until a decade ago," Portnoff explains, "introductory high school computer science classes were synonymous with programming instruction, period. No longer." This new status quo in secondary CS education, Portnoff argues, resulted from baseless speculation that programming was what made Java-based AP CS A inaccessible, opposed to, say, an uninspiring or pedagogically ineffective version of that particular curriculum, or a poorly prepared instructor. It's quite a departure from the 2011 CSTA K-12 Computer Science Standards, which made the case for the centrality of programming in CS education ("Pedagogically, computer programming has the same relation to studying computer science as playing an instrument does to studying music or painting does to studying art. In each case, even a small amount of hands-on experience adds immensely to life-long appreciation and understanding"). This teacher believes that programming languages are acquired rather than learned, just like any other human language — and concludes the solution is multi-year courses focused on one programming language until proficiency is fully acquired. For this reason, for the last seven years he's also been making his students memorize small programs, and then type them out perfectly, arguing that "the brain subconsciously constructs an internal mental representation of the syntax rules implicitly by induction from the patterns in the data."

Read more of this story at Slashdot.