Reuters reports: The White House on Sunday urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft Corp's Outlook email program, saying a recent software patch still left serious vulnerabilities. "This is an active threat still developing and we urge network operators to take it very seriously," a White House official said, adding that top U.S. security officials were working to decide what next steps to take following the breach... While Microsoft released a patch last week to shore up flaws in its email software, the remedy still leaves open a so-called back door that can allow access to compromised servers and perpetuating further attacks by others. "We can't stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted," the White House official said... The back channels for remote access can impact credit unions, town governments and small business, and have left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. Those affected appear to host Web versions of Microsoft's email program Outlook on their own machines instead of cloud providers, possibly sparing many major companies and federal government agencies, records from the investigation suggest... So far, only a small percentage of infected networks have been compromised through the back door, the source previously told Reuters, but more attacks are expected.

Read more of this story at Slashdot.

David Plummer is a retired Microsoft operating systems engineer, "going back to the MS-DOS and Windows 95 days." (He adds that in the early '90s he'd fixed a few handle leaks in the early source code of Linux, "and sent my changes off to Linus at Rutgers.") This weekend on YouTube he shared his thoughts on "the classic confrontation: Windows versus Linux," promising an "epic operating systems face-off." Some highlights: On Usability: "Linux's itself lacks a proper user interface beyond the command line. That command line can be incredibly powerful, particularly if you're adept with Bash or Zsh or similar, but you can't really describe it as particularly usable. Of course most distributions do come with a desktop user interface of some kind if you prefer, but as a bit of a shell designer myself, if I might be so bold, they're generally pretty terrible. At least the Mint distribution looks pretty nice. "Windows, on the other hand, includes by default a desktop shell interface that, if you set aside the entirely subjective design aesthetics, is professionally designed, usability tested and takes into consideration the varying levels of accessibility required by people with different limitations. In terms of usability, particularly if you do include accessibility in that metric, Windows comes out ahead..." On Updates: "Windows users are well served by a dedicated Windows Update team at Microsoft, but the process has occasionally had its hiccups and growing pains. It's very easy to update a Linux system, and while there's no professional team sitting by the big red phone ready to respond to Day Zero exploits, the updates do come out with reasonable alacrity, and in some cases you can even update the kernel without rebooting. "Keep in mind, however, that Linux is a monolithic kernel, which means that it's all one big happy kernel. Almost everything is in there. If they hadn't started to add that ability a few years back, you'd be rebooting for every driver install. The reality is that some parts of the Linux kernel are just going to require a reboot, just as some parts of the Windows system are going to as well. I think we can likely all agree, however, that Windows software is hardly selective about rebooting the system, and you're asked to do it far too often. "While we're on the topic of upgrades, we can't overlook the fact that upgrades are generally free in the Open Source world, unless you're using a pre-built distribution from a vendor. To it's credit, though, I don't remember the last time Microsoft actually charged for an operating system upgrade if you were just a normal end user or enthusiast. Still, this point goes to Linux." Plummer also says he agrees with that argument that open source software is more open to security exploits, "simply because, all else equal, it's easy to figure out where the bugs are to exploit in the first place," while proprietary software has professional test organizations hunting for bugs. "I think it's a bit of a fallacy to rely on the 'many eyeballs' approach..." Yet he still ultimately concludes Linux is more secure simply because the vast universe of Windows makes it a much more attractive target. Especially since most Windows users retain full administrator privileges...

Read more of this story at Slashdot.

"At the recent tinyML Summit 2021, Raspberry Pi co-founder Eben Upton teased the future of 'Pi Silicon'," writes Tom's Hardware, adding "It looks like machine learning could see a massive improvement thanks to Raspberry Pi's news in-house chip development team..." Raspberry Pi's in-house application specific integrated circuit team are working on the next iteration, and seems to be focused on lightweight accelerators for ultra low power machine learning applications. During Upton's talk at 40 minutes the slide changes and we see "Future Directions," a slide that shows three current generation 'Pi Silicon' boards, two of which are from board partners, SparkFun's MicroMod RP2040 and Arduino's Nano RP2040 Connect. The third is from ArduCam and they are working on the ArduCam Pico4ML which incorporates machine learning, camera, microphone and screen into a the Pico package. The last bullet point hints at what the future silicon could be. It may come in the form of lightweight accelerators possibly 4-8 multiply-accumulates (MACs) per clock cycle.

Read more of this story at Slashdot.

The Seattle Times reports: Haunted by the two deadly crashes of Boeing 737 MAX jets and his agency's role in approving the plane, veteran Federal Aviation Administration (FAA) safety engineer Joe Jacobsen is stepping forward publicly to give the victims' families "a firsthand account of what the truth is." In a detailed letter sent last month to a family that lost their daughter in the second MAX crash in Ethiopia two years ago this week, and in interviews with The Seattle Times, Jacobsen gave the first personal account by an insider of the federal safety agency's response to the MAX crashes... He believes additional system upgrades are needed beyond Boeing's fix for the MAX that was blessed by the FAA and other regulators. And Jacobsen argues that the plane would be safer if Boeing simply removed altogether the new software — the Maneuvering Characteristics Augmentation System (MCAS) — that went wrong in the two crashes that killed 346 people. Jacobsen also calls for the replacement of some of the people at "the highest levels of FAA management," whom he blames for creating a culture too concerned with fulfilling the demands of industry. In his letter and interview, Jacobsen also described in more depth than previously reported how an autothrottle system issue may have contributed to the crash in Ethiopia in March 2019. Boeing and the FAA said in separate statements they believe the MAX is fixed and safe, and that regulators worldwide have validated this conclusion... A week after the Lion Air crash on Oct. 29, 2018, Jacobsen received an email from a colleague asking if there was an issue paper on MCAS. "This was the first day that I heard about MCAS," he wrote. "We had no issue papers, and if we had, I would have been the engineer responsible for providing technical content and comment on such an issue paper." When he did get a look at the system, Jacobsen said he was "shocked to discover that the airplane was purposely designed and certified to use just one AOA (Angle of Attack) input for a flight critical function." If given the chance during the original certification, he's certain that he and "6 to 8 of our most experienced engineers in the Seattle office" would have identified that as a serious design flaw because there's "a long history of AOA sensor failures." Instead, Boeing minimized MCAS and kept the details of its assessment to itself... The article also argues that Boeing itself didn't grasp the danger of its system. "Michael Teal, 737 MAX chief engineer, testified to Congress that he first learned only after the Lion Air crash that MCAS relied on a single sensor.

Read more of this story at Slashdot.

If you've been on Twitter since 2006, you should get access to Spaces. Come on. We helped you build this thing. We can keep doing it.

Long-time Slashdot reader sproketboy shared a link to SvarDOS, "an open-source project that is meant to integrate the best out of the currently available DOS tools, drivers and games." From their site: DOS development has been abandoned by commercial players a very long time ago, mostly during early nineties. Nowadays, it survives solely through the efforts of hobbyists and retro-enthusiasts, but this is a highly sparse and unorganized ecosystem. SvarDOS aims to collect available DOS software, package it and make it easy to find and install applications using a network-enabled package manager (like apt-get, but for DOS and able to run even on a 8086 PC). Once installed, SvarDOS is a minimalistic DOS system that offers only the FreeDOS kernel and the most basic tools for system administration. It is up to the user to install additional packages. Care is taken so SvarDOS remains 8086-compatible, at least in its most basic (core) configuration. SvarDOS files are published under the terms of the MIT license. This applies only to SvarDOS-specific files, though - the packages supplied with SvarDOS may be subject to different licenses (GPL, BSD, Public Domain, Freeware...).

Read more of this story at Slashdot.

Our focus should be sharply on these three things.

1. Virus
2. Democracy
3. Climate

Every other issue is a distant non-priority. Yet of course the news keeps gravitating around things other than the mutating virus and people's refusal to mitigate, how we're going to get our republic back on solid ground, and what are we doing to radically change how we live so we can survive the climate catastrophes that are already here.

We can find a solution for the problem with Governor Cuomo. Have him wear a head camera 7 by 24. Every word is recorded, every image, from his point of view. It should be designed like one of those lights coal miners wear, and be streamed live to Facebook and YouTube. Everyone will see and hear everything Cuomo does.

Now we don't need to discuss this any further. Problem solved.

Virus, Democracy, Climate. If it doesn't have anything to do with these, it's a distraction. Distractions are necessary so we don't go insane. But understand that's what it is.

"iCloud has had the occasional service issue, but its latest problem appears to be highly... specific," writes Engadget: Actor and author Rachel True claims iCloud has effectively locked her out of her account due to the way her last name was written. Reportedly, her Mac thought lower-case "true" was a Boolean (true or false) flag, leading the iCloud software on the computer to seize up. The problem has persisted for over six months, she said. True said she'd spent hours talking to customer service, and that Apple hadn't stopped charging her for service. She could switch to the free tier, although she'd also lose most of her online storage if she did. True has apparently resorted to imploring desperately in tweets to both @Apple and @AppleSupport. "Now that I a layman have explained problem to you a giant computer company, could u fix...?" "A thing I've learned about life so far is I hate being the test case." "When I get a dog I'm naming it Boolean Bobby Drop Tables True"

Read more of this story at Slashdot.

He's the smartest strategist in the Democratic Party.

Quoted in the Guardian:

• “I’m not going to say that you must get rid of the filibuster. I would say you would do well to develop a Manchin-Sinema rule on getting around the filibuster as it relates to race and civil rights.”
• “You can’t filibuster the budget. That’s why we have reconciliation rules. We need to have civil and voting rights reconciliation. That should have had reconciliation permission a long, long time ago.”
• “If the headlines were to read that the John R Lewis Voting Rights Act was filibustered to death it would be catastrophic.”

ArghBlarg (Slashdot reader #79,067) shares some research from a senior application security engineer at GitLab: Michael Henrikson describes his investigations into Go package manager "supply chain" attacks and found at least one very suspicious package, typosquatting on one of the most popular logging libraries. The imposter package phones home to an IP he alleges belongs to the Chinese company Tencent, a good case for always going over your package imports, in any language, and ensuring you're either a) auditing them regularly, or b) keeping frozen vendored copies which you can trust. From the article: I honestly expected the list to be bigger, but I was of course happy to see that the Go ecosystem isn't completely infested (yet) with malicious typosquat packages... It looks like the author utfave wants to know the hostname, operating system, and architecture of all the machines using their version of urfave/cli. The function extracts the system information and then calls out to the IP address 122.51.124.140 belonging to the Chinese company Shenzhen Tencent Computer Systems via HTTP with the system information added as URL parameters. While this code won't give them any access to systems, it's highly suspicious that they collect this information and the actor can quickly change this code to call back with a reverse shell if they identify a system to be valuable or interesting... I think Go is in a better situation than other programming languages because the source of packages is always explicitly written every time they are used, but code editor automation could make typosquat attacks more likely to happen as the developer doesn't write the import paths manually as often.

Read more of this story at Slashdot.

In the areas where Amazon operates, "low-wage workers at other businesses have seen significant wage growth since 2018..." reports the New York Times, "and not because of new minimum-wage laws." The gains are a direct result of Amazon's corporate decision to increase starting pay to $15 an hour three years ago, which appears to have lifted pay for low-wage workers in other local companies as well, according to new research from economists at the University of California, Berkeley, and Brandeis University... [T]he research illustrates how difficult it can be for low-wage workers to command higher pay in the modern American economy — until a powerful outside actor, like a large employer or a government, intervenes. Most directly, there is little evidence in the paper that raising the minimum wage would lead to significant job loss, even in low-cost rural areas, a finding consistent with several recent studies. Other research, including a recent report from the Congressional Budget Office, has found a larger negative effect on jobs, although still smaller than many economists believed in the past. The authors of the latest study — Ellora Derenoncourt of Berkeley and Clemens Noelke and David Weil of Brandeis — studied Amazon, Walmart and Target, which operate in areas where wages tend to be low. But even in those places, the researchers found, wage increases by the large corporate employers appear to drive up wages without driving down employment. "When you have major changes in the wage policies of large actors in the labor market, this has ripple effects," Dr. Derenoncourt said in an interview. At the same time, Dr. Weil added, "the sky doesn't fall."

Read more of this story at Slashdot.

Slashdot reader b-dayyy quotes the Linux Security blog: While all Linux 'distros' — or distributed versions of Linux software — are secure by design, certain distros go above and beyond when it comes to protecting users' privacy and security. We've put together a list of our favorite specialized secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This "favorites" list cites six "excellent specialized secure Linux distros." Some highlights from the article: In a conversation with the LinuxSecurity editors, Qubes OS Community Manager Andrew David Wong elaborated, "Rather than attempting to fix all of the security bugs in software, Qubes assumes that all software is buggy and compartmentalizes it accordingly, so that when flaws are inevitably exploited, the damage is contained and the user's most valuable data is protected." A Kali Linux contributor provides some insight into the distro's history and the benefits it offers users: "Named after a Hindu goddess, Kali has been around for a long time — but it's still updated weekly, can be run in live mode or installed to a drive, and can also be used on ARM devices like Raspberry Pi." Obviously there's strong opinions among Slashdot readers. So share your own thoughts in the comments. What's the best Linux distro for enhanced privacy and security?

Read more of this story at Slashdot.

Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.

Tim Wu coined the phrase "net neutrality". He's the author of The Curse of Bigness: Antitrust in the New Gilded Age , and Bloomberg calls him an "outspoken advocate for aggressive antitrust enforcement against U.S. technology giants." They add that now the Columbia University media law professor "is joining the White House an adviser, signaling that the Biden administration is preparing to square off against the industry's biggest companies." Wu will join the National Economic Council as a special assistant on technology and competition policy, the White House said Friday. Wu's appointment elevates to a senior position in the administration a leading antitrust expert, favored by progressives, who has assailed the power of dominant tech companies like Alphabet Inc.'s Google and Facebook Inc. Both companies were sued by U.S. antitrust enforcers last year for allegedly abusing their monopoly power... After the Federal Trade Commission and state attorneys general sued Facebook in December, Wu wrote a column in the New York Times comparing Facebook's strategy of buying competitors to Standard Oil's tactics in the 19th century. "What the federal government and states are doing is reasserting a fundamental rule for all American business: You cannot simply buy your way out of competition," Wu wrote. "Facebook, led by its chief executive, Mark Zuckerberg, has taken that strategy to a smirking and egregious extreme, acquiring multiple companies to stifle the competitive threat they pose." Wu joins the Biden administration as tech giants are grappling with a reckoning in Washington that could transform the industry. The Facebook lawsuit could lead to the breakup of the company, while the Justice Department's complaint against Google targets the heart of its business — Internet search. Antitrust enforcers have also opened investigations of Apple Inc. and Amazon... Wu argued in his book, The Curse of Bigness: Antitrust in the New Gilded Age, that rising concentration across the economy has led to concentrated wealth and power as well as radicalized politics that threatens American democracy. A White House press briefing Friday included this response to a question about Biden's plans for big tech companies: The President has been clear — on the campaign, and, probably, more recently — that he stands up to the abuse of power, and that includes the abuse of power from big technology companies and their executives. And Tim will help advance the President's agenda, which includes addressing the economic and social challenges posed by the growing power of tech platforms; promoting competition and addressing monopoly and market power issues; expanding access to broadband for low-income and rural communities across the country... We don't have new policy to announce here... Just that the President believes, as he's talked about before, that it's important to promote competition and address monopoly and market power issues. Interestingly, last August Wu also wrote an op-ed in the New York Times titled "A TikTok Ban is Overdue," arguing that China's "extensive blocking, censorship and surveillance violate just about every principle of internet openness and decency. China keeps a closed and censorial internet economy at home while its products enjoy full access to open markets abroad..." The asymmetry is unfair and ought no longer be tolerated. The privilege of full internet access — the open internet — should be extended only to companies from countries that respect that openness themselves... [China] bans not only most foreign competitors to its tech businesses but also foreign sources of news, religious instruction and other information, while using the internet to promote state propaganda and engage in foreign electoral interference... Few foreign companies are allowed to reach Chinese citizens with ideas or services, but the world is fully open to China's online companies... The idealists who thought the internet would automatically create democracy in China were wrong. Some think that it is a tragic mistake for the United States to violate the principles of internet openness that were pioneered in this country. But there is also such a thing as being a sucker. If China refuses to follow the rules of the open internet, why continue to give it access to internet markets around the world...? We need to wake up to the game we are playing when it comes to the future of the global internet. The idealists of the 1990s and early '00s believed that building a universal network, a kind of digital cosmopolitanism, would lead to world peace and harmony. No one buys that fantasy any longer. But if we want decency and openness to survive on the internet — surely a more attainable goal — the nations that hold such values need to begin fighting to protect them.

Read more of this story at Slashdot.

Last week Firefox's official blog responded to some viral misinformation about the Firefox logo. "People were up in arms because they thought we had scrubbed fox imagery from our browser. Rest easy knowing nothing could be further from the truth..." Sure, it's stressful to have hundreds of thousands of people shouting things like "justice for the fox" in all-caps in your mentions for three days straight, but ultimately that means people are thinking about the brand in a way they might not have for years. .. The logo causing all the stir is one we created a while ago with input from our users. Back in 2019, we updated the Firefox browser logo and added the parent brand logo as a new logo for our broader product portfolio that extends beyond the browser... which represents the family of Firefox products we make outside of just the Firefox browser, like Firefox Monitor. It's not an icon you're going to see on a dock, phone's home screen or desktop, though. We didn't get rid of the fox then and have no plans to do so now, or ever. Plenty of folks jumped in to try and clear things up in the original thread, but once the "they killed the fox" meme caught momentum and became the "Firefox minimalist logo" meme, there was no stopping it. It spread to Instagram and then to Reddit. The memes became so pervasive that there were memes being made about how there were too many Firefox logo memes... Well, fear not, because no matter what you think you heard on the internet, the fox isn't leaving any time soon. For our Firefox Nightly users out there, we're bringing back a very special version of an older logo, as a treat. Stay tuned.

Read more of this story at Slashdot.