news aggregator

Vulnerabilities in build systems, secrets in source code: developer environments are an attack target

Developer site Stack Overflow has published details of a breach dating back to May 2019, finding evidence that an intruder in its systems made extensive use of Stack Overflow itself to determine how to make the next move.…

Bill Gates and Melinda Gates write in their annual letter, shared by reader cusco: To prevent the hardship of this last year from happening again, pandemic preparedness must be taken as seriously as we take the threat of war. The world needs to double down on investments in R & D and organizations like CEPI that have proven invaluable with COVID-19. We also need to build brand-new capabilities that don't exist yet. Stopping the next pandemic will require spending tens of billions of dollars per year -- a big investment, but remember that the COVID-19 pandemic is estimated to cost the world $28 trillion. The world needs to spend billions to save trillions (and prevent millions of deaths). I think of this as the best and most cost-efficient insurance policy the world could buy. The bulk of this investment needs to come from rich countries. Low- and middle-income countries and foundations like ours have a role to play, but governments from high-income nations need to lead the charge here because the benefits for them are so huge. If you live in a rich country, it's in your best interest for your government to go big on pandemic preparedness around the world. Melinda wrote that COVID-19 anywhere is threat to health everywhere; the same is true of the next potential pandemic. The tools and systems created to stop pathogens in their tracks need to span the globe, including in low- and middle-income countries. To start, governments need to continue investing in the scientific tools that are getting us through this current pandemic -- even after COVID-19 is behind us. New breakthroughs will give us a leg up the next time a new disease emerges. It took months to get enough testing capacity for COVID-19 in the United States. But it's possible to build up diagnostics that can be deployed very quickly. By the next pandemic, I'm hopeful we'll have what I call mega-diagnostic platforms, which could test as much as 20 percent of the global population every week.

Read more of this story at Slashdot.

Arthur Levitt Jr., a former chairman of the U.S. Securities and Exchange Commission, writes at Bloomberg Opinion: They say history occurs first as tragedy, then as farce -- I fear we're about to see that in U.S. financial markets. Two decades ago, U.S. financial markets were riding all-time records. Day traders were using chat rooms to swap what they thought were reliable tips about stocks that were about to pop. Stocks with negative earnings were trading at astronomical valuations by almost any measure. People without any experience in stock market trading -- no less any understanding of how to read a financial statement or earnings report -- were confidently pouring dollars saved for college tuition or rent into short-term bets on companies they knew little to nothing about. And the surest sign of mania was this: People found stock market investing terribly entertaining. I remember high school students asking me for stock tips. It all came to a crashing end as the dot-com bubble burst, blowing up a few companies and several billion dollars of investor savings. And in retrospect, it seemed so obvious. All the signs of a market bubble were there. People chose not to pay attention. [...] By all indications, today's investors are repeating the same mistakes. Consider the following: Significant stock movements are now spurred by social-media-driven gossip about the company and short squeezes (when an investor betting against a stock is forced to pay up for shares to cover their position). Novice investors are learning about investing not through fundamental rules of the road (study the company and its leadership, read its filings, study its markets, consider its price-to-earnings ratios, evaluate its cash generation versus its debt load, review its earnings expectations versus reality, etc.) but rather through a casino-like focus on ticker symbols alone. It's quite common for novice investors on day-trading platforms to buy a stock for the same reason they might choose a specific color of sweater -- for aesthetic purposes only. This is all terribly familiar.[...] Now, with the benefit of hindsight and history, how do we not repeat the dot-com experience as a dark comedy? [...] WH Press Secretary said moments ago at a briefing that Biden team is "monitoring the situation" around GameStop.

Read more of this story at Slashdot.

It was a first mover for graph DBs, but cloud is full of rivals

Graph database swashbuckler Neo4j has joined a throng of NoSQL vendors in selling its technology core as a fully managed cloud database.…

A major vulnerability impacting a large chunk of the Linux ecosystem has been patched today in Sudo, an app that allows admins to delegate limited root access to other users. From a report: The vulnerability, which received a CVE identifier of CVE-2021-3156, but is more commonly known as "Baron Samedit," was discovered by security auditing firm Qualys two weeks ago and was patched earlier today with the release of Sudo v1.9.5p2. In a simple explanation provided by the Sudo team today, the Baron Samedit bug can be exploited by an attacker who has gained access to a low-privileged account to gain root access, even if the account isn't listed in /etc/sudoers -- a config file that controls which users are allowed access to su or sudo commands in the first place.

Read more of this story at Slashdot.

Nintendo faces a complaint from BEUC, a European consumer group, over what it calls "systematic problems" with the controllers for the company's popular Switch games console. BEUC said it filed a complaint with the European Union and national consumer protection organizations after evidence from users showed that in 88% of cases, "the game controllers broke within the first two years." A report adds: The group said some 25,000 gamers and other consumers across Europe, including France, Belgium and the Netherlands, complained about a "recurring technical problem with Nintendo Switch controllers, commonly referred to as 'Joy-Con Drift,' according to a statement on Wednesday. The problem causes a glitch where characters can move within games without any input from the user.

Read more of this story at Slashdot.

Europol-led op knocks 700 servers offline

EU police agency Europol has boasted of taking down the main botnet powering the Emotet trojan-cum-malware dropper, as part of a multinational police operation that included raids on the alleged operators’ homes in the Ukraine.…

Teenagers' mental health is being damaged by heavy social media use, a report has found. From a report: Research from the Education Policy Institute and The Prince's Trust said wellbeing and self-esteem were similar in all children of primary school age. Boys and girls' wellbeing is affected at the age of 14, but girls' mental health drops more after that, it found. A lack of exercise is another contributing factor - exacerbated by the pandemic, the study said. According to the research: One in three girls was unhappy with their personal appearance by the age of 14, compared with one in seven at the end of primary school. The number of young people with probable mental illness has risen to one in six, up from one in nine in 2017. Boys in the bottom set at primary school had lower self-esteem at 14 than their peers. The wellbeing of both genders fell during adolescence, with girls experiencing a greater decline, the report said.

Read more of this story at Slashdot.

What do we want? Better coverage! How do we want it? Without actual infrastructure

The UK government is looking to reform the laws governing how communications equipment is deployed and managed, in an effort to speed up the rollout of gigabit-capable connections.…

Apple has prioritized user privacy over targeted advertising, and Google is spelling out today what that means for itself as well as game and app developers. From a report: Apple is advocating its App Tracking Transparency (ATT) policy, which will require developers to ask for permission when they use personal data from other companies' apps and websites for advertising purposes, even if they already have user consent. It will ask users to opt-in if they will allow advertisers to use their data via the Identifier for Advertisers, or IDFA. Many tests show that many users won't allow it, and that means they won't be so easily tracked for advertising purposes. This change could have a huge impact on the mobile advertising ecosystem, as it could make it harder to target users efficiently with advertising. Eric Seufert, a user acquisition expert, said on Monday that he believes that Facebook could suffer a 7% revenue hit -- a loss of tens of billions of dollars over time -- as a result of the IDFA changes, and it's no secret that Facebook isn't happy about the impact on itself as well as small businesses. At our Driving Game Growth event on Tuesday, Facebook leaders pointed to the IDFA changes as creating uncertainty for mobile games in 2021. Google, which could also be impacted by the policy change, has stayed out of the fray -- until today. "Today we're sharing how Google is helping our community prepare, as we know that developers and advertisers in the iOS ecosystem are still figuring out how to adapt," said Christophe Combette, group product manager for Google Ads in a blog post.

Read more of this story at Slashdot.

Potentially 250,000 reasons UK nature conservation charity was targeted

The Woodland Trust, a peaceful British charity that looks after trees, was struck by a “cyber attack” before Christmas.…

If the folks who are responsible for beaming content to your eyeballs are to be believed, streamers are thirsty for more ads of all things. From a report: A survey of 4,526 adults in the U.S. and Canada published by TiVo today claims that a whopping 79% of the survey's respondents reported wanting to use a free and ad-supported service rather than pay for another one. While 81% said they wished Prime Video and Netflix offered free tiers with ads, 80% of respondents reported a difference in the quality of the content on many free, ad-supported platforms -- more specifically, that it's worse. That is, for the most part, true, an exception maybe being Peacock (if you really like NBC). On services like IMDb TV and Vudu, for example, you typically have to comb through a lot of so-so content to find something recent and decent to watch. A bunch of premium services like Hulu and CBS All Access do offer cheaper, ad-supported versions of their products, but those still both cost a few bucks a month for access.

Read more of this story at Slashdot.

TikTok has announced that it will lay off hundreds of workers in India, [Editor's note: the link may be paywalled; alternative source] seven months after the Chinese-owned video app was banned from what was once its biggest international market on national security grounds. From a report: The company, whose parent is Chinese tech group ByteDance, said in a statement on Wednesday that it would reduce its current headcount of 2,000 after its efforts to restore the app in India failed. "We have not been given a clear direction on how and when our apps could be reinstated," said TikTok. TikTok and other Chinese apps have been banned since June following a rise in tensions between New Delhi and Beijing.

Read more of this story at Slashdot.

That's 20 pence a pop for the 2.4 million calls made, many to Telephone Preference Service users

The UK’s data watchdog has issued £480,000 in financial penalties to four businesses that illegally made 2.4 million marketing calls to members of the public registered with the Telephone Preference Services (TPS).…

AMC shares skyrocketed as much as 260% in premarket trading on Wednesday as day traders piled into heavily shorted stocks for a third consecutive day. From a report: Frenzied buying also drove GameStop shares up as much as 147%, BlackBerry up 31%, and Bed Bath & Beyond up 27%. Amateur investors have gathered, most notably on Reddit forum r/wallstreet bets, to pinpoint stocks they can buy en masse and score fast profits. They frequently target stocks that are popular shorts, as driving their stock prices up can pressure short-sellers into buying shares back to cover their positions, which sends prices even higher. Day traders also see the strategy as a way to stick it to Wall Street. They have targeted hedge funds such as Melvin Capital, which had negative positions in 17 US-listed stocks at the last count. Four of those - GameStop, Bed Bath & Beyond, Dillard's, and Ligand Pharmaceuticals - jumped at least 10% in premarket trading on Wednesday.

Read more of this story at Slashdot.

Canadian uni educator apparently was an excellent teacher

Anyone with sufficient memory to recall their college days may remember suspecting some of the staff behind the lectern were barely breathing. One student in Canada however was rather surprised to learn a professor offering the gift of knowledge had, in fact, passed away two years earlier.…

Customer: 'It feels like a bit of a kick in the teeth'

Cloudy DevOps company GitLab has removed its $4.00 user/month Bronze/Starter tier, giving users the choice between paying for Premium at $19.00 or downgrading to the free tier and losing some features.…

An anonymous reader writes: Only about 1 in 10 companies expect all employees to return to their pre-pandemic work arrangements, according to a new survey. The National Association for Business Economics found that just 11 percent of survey respondents expect all staff members at their companies to return eventually. Around 65 percent of companies have allowed "most" or "all" of their staff members to work from home during the pandemic, and about half of respondents said they plan to continue the policies until the second half of the year. "For the most part, companies that are able to provide work-from-home are doing so and are continuing to do so," said Andrew Challenger, vice president of the executive outplacement and coaching firm Challenger, Gray & Christmas. Challenger said his conversations with human resources executives indicated a reluctance to mandate a return to the office while the virus is still circulating and parts of the country face surges. In some cases, local or state lockdowns, school and day care closings or restrictions on building capacities also limit employers' options. According to another recent survey, 31% of professionals from 42 tech companies said they're only putting in between three and four hours a day. However, the survey did not ask the workers to self-report productivity.

Read more of this story at Slashdot.

Also: First all-commercial crew named, Boeing readies Starliner again and NASA's ex-boss is off to private equity

In Brief The UK will be making its first major industrial contribution to the International Space Station (ISS) with the Columbus Ka-band Terminal (ColKa), which will be fitted to the Columbus laboratory module during a spacewalk by flight engineers Michael Hopkins and Victor Glover.…

EU puts 2.9bn euro ($3.5bn) behind European Battery Innovation project, expects companies to triple that

The European Union has announced a €2.9bn ($3.5bn, £2.57bn) state aid program to build a full production chain for battery tech, from the extraction of raw materials to the design and manufacturing of battery cells, and their recycling and disposal.…