IBM's Global Technology Services has posted a job ad calling for candidates with a "minimum 12+ years' experience in Kubernetes administration and management." From a report: Which is a little odd because the first GitHub commit for the project was made on June 7, 2014. And the feature freeze for version 1.0 was announced on May 22, 2015. Sharp-minded Reg readers will have recognised that -- absent time travel -- it is therefore not possible for anyone to have 12 years' experience with Kubernetes. The ad is sadly silent on just how IBM expects candidates will have found the time to accumulate a dozen years' experience in a six-year-old project.

Read more of this story at Slashdot.

Since WannaCry and NotPetya struck the internet just over three years ago, the security industry has scrutinized every new Windows bug that could be used to create a similar world-shaking worm. Now one potentially "wormable" vulnerability -- meaning an attack can spread from one machine to another with no human interaction -- has appeared in Microsoft's implementation of the domain name system protocol, one of the fundamental building blocks of the internet. From a report: As part of its Patch Tuesday batch of software updates, Microsoft today released a fix for a bug discovered by Israeli security firm Check Point, which the company's researchers have named SigRed. The SigRed bug exploits Windows DNS, one of the most popular kinds of DNS software that translates domain names into IP addresses. Windows DNS runs on the DNS servers of practically every small and medium-sized organization around the world. The bug, Check Point says, has existed in that software for a remarkable 17 years. Check Point and Microsoft warn that the flaw is critical, a 10 out of 10 on the common vulnerability scoring system, an industry standard severity rating. Not only is the bug wormable, Windows DNS software often runs on the powerful servers known as domain controllers that set the rules for networks. Many of those machines are particularly sensitive; a foothold in one would allow further penetration into other devices inside an organization. On top of all of that, says Check Point's head of vulnerability research Omri Herscovici, the Windows DNS bug can in some cases be exploited with no action on the part of the target user, creating a seamless and powerful attack. "It requires no interaction. And not only that, once you're inside the domain controller that runs the Windows DNS server, expanding your control to the rest of the network is really easy," says Omri Herscovici. "It's basically game over." Check Point found the SigRed vulnerability in the part of Windows DNS that handles a certain piece of data that's part of the key exchange used in the more secure version of DNS known as DNSSEC. That one piece of data can be maliciously crafted such that Windows DNS allows a hacker to overwrite chunks of memory they're not meant to have access to, ultimately gaining full remote code execution on the target server. (Check Point says Microsoft asked the company not to publicize too many details of other elements of the technique, including how it bypasses certain security features on Windows servers.)

Read more of this story at Slashdot.

Facing eight federal lawsuits and opposition from hundreds of universities, the Trump administration on Tuesday rescinded a rule that would have required international students to transfer or leave the country if their schools held classes entirely online because of the pandemic. From a report: The decision was announced at the start of a hearing in a federal lawsuit in Boston brought by Harvard University and the Massachusetts Institute of Technology. U.S. District Judge Allison Burroughs said federal immigration authorities agreed to pull the July 6 directive and "return to the status quo." A lawyer representing the Department of Homeland Security and U.S. Immigration and Customs Enforcement said only that the judge's characterization was correct. The announcement brings relief to thousands of foreign students who had been at risk of being deported from the country, along with hundreds of universities that were scrambling to reassess their plans for the fall in light of the policy. Under the policy, international students in the U.S. would have been forbidden from taking all their courses online this fall. New visas would not have been issued to students at schools planning to provide all classes online, which includes Harvard. Students already in the U.S. would have faced deportation if they didn't transfer schools or leave the country voluntarily.

Read more of this story at Slashdot.

China said on Tuesday it would place sanctions on Lockheed Martin for its involvement in arms sales to Taiwan, a move that could further escalate tensions between Beijing and Washington. hackingbear writes: "China firmly opposes US arms sales to Taiwan," Foreign Ministry spokesman Zhao Lijian said at a press conference. Taiwan is a self-ruled island, but China has long vowed to unify it with the mainland. The United States is one of Taiwan's main arms suppliers. The US State Department last week approved a request by Taiwan to upgrade its Patriot Surface-to-Air missiles at an estimated cost of $620 million, according to Taiwan's state-run Central News Agency. In response, China is imposing "sanctions on the main contractor of this arms sale, Lockheed Martin," Zhao said, without going into detail. The United States should "stop selling arms to Taiwan and cut its military ties to Taiwan, so it won't do further harm to bilateral relations between China and the United States," he added.

Read more of this story at Slashdot.

Joseph R. Biden Jr. announced on Tuesday a new plan to spend $2 trillion over four years to significantly escalate the use of clean energy in the transportation, electricity and building sectors, part of a suite of sweeping proposals designed to create economic opportunities and build infrastructure while also tackling climate change. DogDude shares a report: In a speech in Wilmington, Del., Mr. Biden built on his plans, released last week, for reviving the economy in the wake of the coronavirus crisis, with a new focus on enhancing the nation's infrastructure and emphasizing the importance of putting the United States on a path to significantly cut fossil fuel emissions. "These are the most critical investments we can make for the long-term health and vitality of both the American economy and the physical health and safety of the American people," he said, repeatedly criticizing President Trump's leadership on issues including climate and the pandemic. "When Donald Trump thinks about climate change, the only word he can muster is 'hoax.' When I think about climate change, the word I think of is 'jobs.'" The proposal is the second plank in Mr. Biden's economic recovery plan. His team sees an opportunity to take direct aim at Mr. Trump, who has struggled to deliver on his pledges to finance major improvements to American infrastructure. Republicans are sure to criticize the proposal as an attack on jobs in the energy sector -- but the plan will also test whether Mr. Biden has found a way to win over environmental activists and other progressives who have long been skeptical about the scope of his ambitions on climate. His plan outlines specific and aggressive targets, including achieving an emissions-free power sector by 2035 and upgrading four million buildings over four years to meet the highest standards for energy efficiency. The plan also calls for establishing an office of environmental and climate justice at the Department of Justice and developing a broad set of tools to address how "environmental policy decisions of the past have failed communities of color."

Read more of this story at Slashdot.

AMD finally brings a workstation-class -- in other words, security-conscious -- processor to challenge the Intel Xeon on the desktop with its Ryzen Threadripper Pro. With up to 64 cores, the pro version of AMD's multicore powerhouse Threadripper processors incorporates essentials like support for massive amounts of memory and board-level security, critical for uses which move a ton of sensitive data, ranging from aerospace visualization to Hollywood video editing and CGI rendering. The CPU debuts in Lenovo's ThinkStation P620; Lenovo has a limited exclusive on the processor. From a report: The CPU comes in four variants: 3945WX (12 cores, with the fastest single-core speeds), 3955WX (16 cores), 3975WX (32 cores) and 3995WX (64 cores). At the moment, to achieve core counts that high with the Intel Xeon, you have to use multiple CPUs. They all come with some of the perks of AMD's architecture, including support for PCI Gen4 -- in this case, up to 128 lanes. And the Pro versions add support for more types of memory, notably RDIMM and LRDIMM, over the high-end consumer-focused Threadripper, plus 8 memory channels vs. 4, which lets it support up to 2TB of memory. On the downside, while AMD supports faster internal transfers than Intel via PCI 4, it doesn't offer any high-speed external data transfer capabilities a la Thunderbolt 3. And in fact, the ThinkStation P620's fastest connections are USB 3.2 Gen 2 and 10Gb Ethernet.

Read more of this story at Slashdot.

The growth of partisan media masquerading as state and local reporting is a troubling trend we've seen emerge amid the financial declines of local news organizations. But what do these outlets mean for journalism in American communities? NiemanLab: Using previous research and news reports as a guide, we've mapped the locations of more than 400 partisan media outlets -- often funded and operated by government officials, political candidates, PACs, and political party operatives -- and found, somewhat unsurprisingly, that these outlets are emerging most often in swing states, raising a concern about the ability of such organizations to fill community information needs while prioritizing the electoral value of an audience. We found that while left-leaning sites prioritize statewide reporting, right-leaning sites are more focused on local reporting, suggesting different strategies for engaging with targeted audiences and indicating the potential for these sites to exacerbate polarization in local communities.

Read more of this story at Slashdot.

Preventing people from saying things you object to isn't the same thing as getting rid of the thinking behind it. I'd rather know what Tom Cotton dreams of than have it suppressed. Now I know how serious a threat he is.

The infamous spyware company NSO Group scored a major win in what critics are calling a "disgraceful ruling" in an Israeli court this week. From a report: The court ruled that NSO can keep exporting its hacking and surveillance tools, arguing that the human rights organization Amnesty International, which had sued the company in an attempt to block its exports, failed to prove that an NSO customer used its technology to spy on Amnesty staff. In 2018, as Motherboard reported at the time, Amnesty claimed to have found hackers spying on one of the organization's researchers using NSO spyware. After the incident, the organization sued NSO in Israel in an attempt to block the export of its surveillance technology. A Tel Aviv District Court judge dismissed the suit alleging Amnesty did not present enough evidence, and said Israel's Defence Ministry, which is tasked with overseeing the export of surveillance technologies, has the right safeguards in place to protect human rights.

Read more of this story at Slashdot.

Microsoft is adding support for custom email addressing to Office 365 email services, a feature it hopes to complete in Q3 2020. From a report: Custom email addresses are an optional feature that some email providers can support. The feature is described in the RFC 5233 internet standard. Officially known as subaddressing, this standard allows users to extend their email address using "tags" or the plus (+) character, hence its two alternative names of tagged addressing or plus addressing. For example, a user with the email address of username@domain.com can use the plus addressing feature to extend their email address to username+tag@domain.com. If the user's email address supports subaddressing, all emails sent to the username+tag@domain.com email will land in the user's username@domain.com inbox.

Read more of this story at Slashdot.

My email conversation with Allen Wirfs-Brock took an interesting turn. I had written about Really Simple JavaScript, an idea that the language would benefit from removing features. A path well-explored AWB pointed out.

In my last post I talked about various programming mottos that help with the design issues JavaScript has encountered. Then AWB commented about the design slogans that guide the evolution of JavaScript.

AWB on design slogans

• I’m big fan of design slogans. The one we used in TC39 about not breaking things was “Don’t break the web!” It’s a preservationist perspective. Much of the human digital heritage of the last 30 years and for the foreseeable future is stored as unmaintained web documents. Every breaking change to a web technology (JS, HTML, etc.) is likely to make part of our heritage permanently inaccessible.
• Another slogan we used frequently while I was active in TC39 was “consider the complexity budget.” The idea is that there are limits (whose bounds we don’t know) to the complexity that a programming language can accommodate and still remain useable, learnable, comprehensible, fun, etc. Every time a feature is added or a inconsistency is introduced we use up some of the complexity budget and it can never be recovered. So any such addition limits what do to the language in the future. Each proposed feature needs to be evaluated not just concerning its utility but also whether that utility is worth limiting future language design flexibility.
• This is something that I worry may have faded as TC39 has grown much larger and participants somewhat more transient. A person who is representing a company in a standards group is most likely to see a positive effect in their performance reviews if they get things added to the standard rather than for helping control complexity.
• Of course, committee-made decisions are always going to involve disagreements and compromises. In my JavaScript history paper. I have a short section (21.3.5) where I cover the deliberations that resulted in the inclusion of arrow functions.

DW on not breaking the web

• Don't break the web. That's a big one.
• That might be the biggest rule of all. For me, all my work really for my whole career has been directed at the web. Not breaking it is the one hope that the work won't have been for naught, as well as the work of millions of other people (of course my work is the most important heh).
• As you know, Google et al are hell-bent on breaking the web.
• I wouldn't be surprised if some of the people on your design committee come from companies who agree with Google on breaking the web. So maybe it would be good to have a bigger dialog on what "Don't break the web" really means. Of course the people at Google et al have never responded to anything I've written about that.

AWB on not breaking the web

• Most individuals (even those representing BigCos) who participant in web standards groups generally buy into "don't break the web."
• But to some, and in particular some big companies, it means don't break the 100 (or 1000) top web sites rather than don't break web legacy.
• Also some have higher or lower bars for exceptions to that rule.

DW on the behavior of guests

• Thanks Allen for the clarity. I fully agree with all of it.
• I have another motto that I'd love for the standards designers of today to contemplate. <BigCo> is a guest on the web, as we all are. Guests don't make the rules. That imho is the single most important thing about the web.
• Anyone who proposes to work at the center of the tech that implements the web in whatever decade it is should behave more and more as an archeologist, on Mars. You have to wear an attitude of non-contamination. The software version of a hazmat suit. Any little change could have huge unforseen consequences. The web today is so large and diverse, no one can understand all that it does. Whatever new feature is enabled by what you propose to add is worth a small fraction of what has been built on technology you've never seen or understood, or if you do, would consider arcane. You're free to innovate, but you have to do it in a sandbox you create, with rules you define. The web already has a rule.
• * Fill in the name of the bigco you work for.

News orgs mostly run op-eds from people who have climbed some societal ladder, therefore will be reluctant to tell the truth, for fear of upsetting their position in the hierarchy.

Something I learned from reading Lies, the idea of circling the wagons didn't come from anything the Indians or settlers did, rather it came from circus re-enactments, which took place in circular tents.

Trump is a perfect demo of why you don't want a king.

Amazon just reinvented the lowly shopping cart. The company on Tuesday unveiled the Amazon Dash Cart, which is infused with weight sensors and cameras that allow it to scan your items as you're placing them in the cart so you can skip the checkout line. From a report: The concept is kind of like a compact version of Amazon Go, a whole store that does away with the checkout experience by using hundreds of cameras on the ceiling to let customers pick up whatever items they want and walk out. "Our primary motivation for building this was to be able to save customers time," said Dilip Kumar, vice president of Amazon's physical retail and technology. "The alternative solutions are standing in the express checkout lanes or fumbling through self-checkout stations." Dash Carts will debut at Amazon's Woodland Hills, California, grocery store, when the location opens later this year. The company last November unveiled plans for the Woodland Hills store as the first location for a new supermarket chain that will be separate from its Whole Foods chain. The store will include conventional checkout lanes, too.

Read more of this story at Slashdot.