SoylentNews

An Anonymous Coward writes:

Noted pianist McCoy Tyner just passed. Perhaps best known for five years with John Coltrane in the early 1960s, he also recorded with his own band for many years. This is probably the obit of record,
https://www.nytimes.com/2020/03/06/arts/music/mccoy-tyner-dead.html

Along with Bill Evans, Herbie Hancock, Chick Corea and only a few others, Mr. Tyner was one of the main expressways of modern jazz piano. Nearly every jazz pianist since Mr. Tyner’s years with Coltrane has had to learn his lessons, whether they ultimately discarded them or not.

Mr. Tyner’s manner was modest, but his sound was rich, percussive and serious, his lyrical improvisations centered by powerful left-hand chords marking the first beat of the bar and the tonal center of the music.

That sound helped create the atmosphere of Coltrane’s music and, to some extent, all jazz in the 1960s. (When you are thinking of Coltrane playing “My Favorite Things” or “A Love Supreme,” you may be thinking of the sound of Mr. Tyner almost as much as that of Coltrane’s saxophone.)

To a great extent he was a grounding force for Coltrane. In a 1961 interview, about a year and a half after hiring Mr. Tyner, Coltrane said: “My current pianist, McCoy Tyner, holds down the harmonies, and that allows me to forget them. He’s sort of the one who gives me wings and lets me take off from the ground from time to time.”

He was featured on Marian McPartland's Piano Jazz show,
https://www.npr.org/2008/09/12/94547798/mccoy-tyner-on-piano-jazz

One of your AC's long time favorites is the driving piano on Ole', https://www.youtube.com/watch?v=qUSMON8eO9Y

Original Submission

DannyB wrote in with a submission which became:

Ilya Dudkin at Skywell Software has a story

Top 7 Dying Programming Languages to Avoid Studying in 2019 –2020.

Each language gets a paragraph's treatment as to why he thinks these languages are dead or dying. Those languages are:

• Visual Basic
• Objective-C
• Perl
• COBOL
• CoffeeScript
• Scala
• Lisp

Do you agree with his assessment? Are there any other language(s) you would add to the list?

Original Submission

[Editor's note: We had been gathering together COVID-19 stories for eventual release as a round-up story. I lack time at the moment to personally gather all those together with this most recent submission. We will run the next round-up in the next few days. But given the significance of this submission, I wished not to delay it from being immediately released to the community. --martyb]

DeathMonkey writes:

World Health Organization declares the coronavirus outbreak a global pandemic:

The World Health Organization declared COVID-19 a global pandemic on Wednesday as the new coronavirus, which was unknown to world health officials just three months ago, has rapidly spread to more than 121,000 people from Asia, the Middle East, Europe and the United States.

“In the past two weeks the number of cases outside China has increased thirteenfold and the number of affected countries has tripled,” WHO Director-General Dr. Tedros Adhanom Ghebreyesus said at a press conference at the organization’s headquarters in Geneva. “In the days and weeks ahead, we expect to see the number of cases, the number of deaths and the number of affected countries to climb even higher.”

Tedros said several countries have demonstrated the ability to suppress and control the outbreak, but he scolded other world leaders for failing to act quickly enough or drastically enough to contain the spread.

“We’re deeply concerned both by the alarming levels of spread and severity, and by the alarming levels of inaction,” he said, just before declaring the pandemic. “We have rung the alarm bell loud and clear.”

[Ed. addition follows.]

Also at Ars Technica and cnet.

For those who might not be aware of the distinction, Wikipedia helpfully provides these summaries:

An epidemic (what we have had up to now with COVID-19):

An epidemic (from Greek ἐπί epi "upon or above" and δῆμος demos "people") is the rapid spread of infectious disease to a large number of people in a given population within a short period of time, usually two weeks or less.

[...]An epidemic may be restricted to one location; however, if it spreads to other countries or continents and affects a substantial number of people, it may be termed a pandemic.[1] The declaration of an epidemic usually requires a good understanding of a baseline rate of incidence; epidemics for certain diseases, such as influenza, are defined as reaching some defined increase in incidence above this baseline.[2] A few cases of a very rare disease may be classified as an epidemic, while many cases of a common disease (such as the common cold) would not.

By comparison, a pandemic (which has just now been announced for COVID-19):

A pandemic (from Greek πᾶν pan "all" and δῆμος demos "people") is an epidemic of disease that has spread across a large region; for instance multiple continents, or worldwide. A widespread endemic disease that is stable in terms of how many people are getting sick from it is not a pandemic. Further, flu pandemics generally exclude recurrences of seasonal flu. Throughout history, there have been a number of pandemics, such as smallpox and tuberculosis. One of the most devastating pandemics was the Black Death, which killed an estimated 75–200 million people in the 14th century. The current pandemics are HIV/AIDS and Coronavirus disease 2019 (COVID-19).[1][2] Other recent pandemics are the 1918 influenza pandemic (Spanish flu), and the 2009 flu pandemic (H1N1).

Original Submission

DannyB writes:

NASA OIG: Tell Congress that moon rocket is over budget and behind schedule:

NASA's moon rocket has reached a point in cost overruns and delays that should trigger Congressional review, a report by the NASA Inspector General says.

The NASA Office of Inspector General said the Space Launch System rocket being developed to fly astronauts to the moon exceeded cost and schedule baselines by more than 30 percent at the end of fiscal year 2019. That 30 percent threshold should prompt Congressional attention, the OIG said, though NASA disagreed.

"NASA continues to struggle managing SLS (Space Launch System) Program costs and schedule as the launch date for the first integrated SLS/Orion mission slips further," according to the report released Tuesday. "Rising costs and delays can be attributed to challenges with program management, technical issues, and contractor performance."

<sarcasm>News of SLS being behind schedule and over budget will come as a shock to many. But we should take comfort that no problem is so great it cannot be solved by throwing more taxpayer money at it.</sarcasm>

Original Submission

DannyB writes:

Windows has a new wormable vulnerability, and there's no patch in sight:

The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that's used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren't available, and Tuesday's advisory gave no timeline for one being released.

[...] In the meantime, Microsoft said vulnerable servers can be protected by disabling compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 server. Users can use the following PowerShell command to turn off compression without needing to reboot the machine:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

That fix won't protect vulnerable client computers from attack. Microsoft also recommended users block port 445, which is used to send SMB traffic between machines.

[...] Jake Williams, a former NSA hacker and the founder of security firm Rendition Security, said in a Twitter thread that both those factors would likely buy vulnerable networks time.

"The TL;DR here is that this IS serious, but it isn't WannaCry 2.0," he wrote. "Fewer systems are impacted and there's no readily available exploit code. I'm not thrilled about another SMB vuln, but we all knew this would come (and this won't be the last). Hysteria is unwarranted though."

As if admins who are trying to support all the additional people who are trying to work remotely — thanks to COVID-19 — had nothing else to worry about.

Original Submission

mrpg submitted a link which became the inspiration for:

Microsoft takes down millions of zombie bots:

Microsoft has said it was part of a team that dismantled an international network of zombie bots.

The network call Necurs infected over nine million computers and one of the world's largest botnets.

Necurs was responsible for multiple criminal scams including stealing personal information and sending fake pharmaceutical emails.

[...] Tom Burt, Microsoft's vice-president for customer security and trust, said in a blog post that the takedown of Necurs was the result of eight years of planning and co-ordination with partners in 35 countries.

He wrote that the steps taken will "ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyber-attacks."

[...] Necurs first appeared in 2012.

It is believed to have had a network of more than nine million zombie computers.

To grow this network Necurs used a domain generation algorithm that created random domain names the group turned into websites. It used these sites to send instructions to its army of infected computers.

Microsoft and its partners were able to crack Necurs' algorithm and predict what domain names it would be using in the months ahead and block them.

Original Submission

upstart writes in with an IRC submission for Bytram:

High-Severity Flaws Plague Intel Graphics Drivers:

Intel patched six high-severity flaws in its graphics drivers, as well as other vulnerabilities in its NUC firmware, and a load value injection vulnerability that could allow attackers to steal sensitive data.

Intel has issued security patches for six high-severity vulnerabilities in its Windows graphics drivers which, if exploited, could enable escalation of privilege, denial of service (DoS) and information disclosure.

The graphics driver is software that controls how graphic components work with the rest of the computer. Intel develops graphics drivers for Windows OS to communicate with specific Intel graphics devices, for instance. In addition to these six high-severity flaws, Intel stomped out 17 vulnerabilities overall in its graphics drivers on Tuesday. Separately, Intel addressed a load value injection (LVI) vulnerability (CVE-2020-0551), which it ranked as medium severity, that researchers say could allow attackers to steal sensitive data.

The most severe of these is a buffer-overflow vulnerability (CVE-2020-0504) existing in Intel graphic drivers before versions 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. The flaw scores 8.4 out of 10 on the CVSS scale, making it high-severity. If exploited, this flaw "may allow an authenticated user to potentially enable a denial of service via local access," said Intel.

upstart writes in with an IRC submission for Bytram:

Gastronauts: Developing food ready for the next space race:

For the new space race, astronauts and space tourists will want to eat a little better than the corn beef sandwiches, applesauce and high-calorie cubes of protein, fat and sugar consumed by NASA scientists in the 1960s.

But how to provide genuinely exciting and mouth-watering food that can also stir up happy memories of a home millions of miles away in the confines of zero gravity and restricted room of a space shuttle?

That's the challenge four academics led by Professor Marianna Obrist, Professor of Multisensory Experiences at the University of Sussex, have attempted to meet in their paper "Space Food Experiences: Designing Passenger's Eating Experiences for Future Space Travel Scenarios."

upstart writes in with an IRC submission for SoyCow4275:

Virgin Media Data Breach Exposes Info of 900,000 Customers:

Virgin Media announced today that the personal information of roughly 900,000 of its customers was accessed without permission on at least one occasion because of a misconfigured and unsecured marketing database.

[...] According to an ongoing investigation, Virgin Media discovered on February 28, 2020, that the exposed database was accessible from at least April 19, 2019, and it was recently accessed by an unauthorized party at least once although the company doesn't know "the extent of the access or if any information was actually used."

Lutz Schüler, CEO of Virgin Media, said in a press release that the company "immediately solved the issue by shutting down access to this database, which contained some contact details of approximately 900,000 people, including fixed-line customers representing approximately 15% of that customer base."

"The database did not include any passwords or financial details, such as credit card information or bank account numbers, but did contain limited contact information such as names, home, and email addresses and phone numbers," he added.

We are now contacting those affected to inform them of what happened. We urge people to remain cautious before clicking on an unknown link or giving any details to an unverified or unknown party. - Lutz Schüler, CEO of Virgin Media

Original Submission

upstart writes in with an IRC submission for SoyCow4275:

Check Point chap: Small firms don't invest in infosec then hope they won't get hacked. Spoiler alert: They get hacked:

"I don't want to have a job any more," said Check Point's Dan Wiley, sitting in a fashionably nondescript London coffee shop. "I don't want to have to do my job. It means that we failed."

Far from being depressed, Wiley was expressing the forlorn hope that infosec as a field would be less dominated by malicious persons trying to make a fast buck by scamming honest folk and businesses out of their hard-earned money.

As Check Point's incident response head honcho, Wiley has full visibility into what the infosec company's operations involve. Increasingly, he said, it's turning into staving off more of the same attacks against Check Point's customers.

"Same attacks as 2019," he said, referring to what he's seen so far this year, "but the volume and the aggressiveness is increasing. Ransomware is still a very hot topic. BEC [business email compromise], equally hot, plus Office 365. Breaches of remote-access solutions. Citrix, RDP, Cisco VPN, Fortinet VPN, all of the remote-access systems are being fairly aggressively targeted."

If the list of attack types and vectors sounds familiar, that's because it is. Far from the olden days when script kiddies would pwn an unsecured server just to digitally graffiti over it, today's crooks are out for one thing only: money. As Wiley told The Register, the range of attack types is decreasing while the number of attacks themselves is up.

I feel like Moses a little bit or Noah. 'Yeah, the flood's coming. Oh we're in the flood, people!'

Check Point handled 2,000 incidents last year and based on January and February's attack volumes, the incident response director expects that to double.

"Especially," he said, "here in Europe for SMEs, it's very clear that management has not invested in security and is hedging their bets, playing the odds or whatever term you want to use, on not getting breached. The reality is they will get breached. They're not investing in the controls or systems or capabilities to be able to defend themselves."

A senior exec at a security company that is stoking security fears to sell more security, who's have thunk it. But he has a point.

Original Submission

Top VPN Software Had a Major Security Flaw

upstart writes in with an IRC submission for SoyCow4275:

Top VPN software had a major security flaw:

One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.

Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.

The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.

• What's the truth about the NordVPN breach? Here's what we now know
• Bug bounties have made these hackers millionaires
• NordVPN boosts security with new bug bounty program

UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.

"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.

Also at:

NordVPN HTTP POST bug exposed customer information, no authentication required:

Original Submission #1  Original Submission #2 

Arthur T Knackerbracket has found the following story:

Satellite operator Iceye is now making videos that can show the Earth's surface through cloud and at night.

The short, 20-second movies are an extension of the standard still radar images it already produces.

In the examples released by the Finnish company on Monday, planes are seen taxiing across Britain's Heathrow airport and heavy plant vehicles are observed working in a Utah mine.

The videos are said to be a first for a commercial space operator.

The Mighty Buzzard writes:

The fine folks at the CBC bring us the following report:

Participants in Ontario's prematurely cancelled basic income pilot project were happier, healthier and continued working even though they were receiving money with no-strings attached.

That's according to a new report titled Southern Ontario's Basic Income Experience, which was compiled by researchers at McMaster and Ryerson University, in partnership with the Hamilton Roundtable for Poverty Reduction.

The report shows nearly three-quarters of respondents who were working when the pilot project began kept at it despite receiving basic income.

That finding appears to contradict the criticism some levelled at the project, saying it would sap people's motivation to stay in the workforce or seek employment.

That's an interesting way of looking at it. An alternative viewpoint could be that over a quarter of the people who were working before the UBI trial stopped working. Unclear are the benefits that resulted from their new spare time — such as providing support to an ailing family member.

Original Submission

An Anonymous Coward writes:

Open Source Initiative bans co-founder, Eric S Raymond:

Last week, Eric S Raymond (often known as ESR, author of The Cathedral and the Bazaar, and co-founder of the Open Source Intiative) was banned from the Open Source Intiative[sic] (the "OSI").

Specifically, Raymond was banned from the mailing lists used to organize and communicate with the OSI.

For an organization to ban their founder from communicating with the group (such as via a mailing list) is a noteworthy move.

At a time when we have seen other founders (of multiple Free and Open Source related initiatives) pushed out of the organizations they founded (such as with Richard Stallman being compelled to resign from the Free Software Foundation, or the attempts to remove Linus Torvalds from the Linux Kernel – both of which happened within the last year) it seems worth taking a deeper look at what, specifically, is happening with the Open Source Initiative.

I don't wish to tell any of you what you should think about this significant move. As such I will simply provide as much of the relevant information as I can, show the timeline of events, and reach out to all involved parties for their points of view and comments.

The author provides links to — and quotations from — entries on the mailing list supporting this. There is also a conversation the author had with ESR. The full responses he received to his queries are posted, as well.

Original Submission

takyon writes:

On February 28, SpaceX's SN01 Starship prototype imploded and exploded during a pressurization test (Mk1 failed in November). A day later, Eric Berger from Ars Technica visited SpaceX's facilities in Boca Chica, Texas. Some highlights from the story include:

• SN01 was not destined to fly, only to serve as a platform for static fire testing. (Elon Musk had previously tweeted that the wrong settings were used on the welding equipment used to build SN01.)
• SN01's failure has been attributed to bad welding on the thrust puck, which is welded onto the bottom tank dome of Starship and connects the Raptor engines to the rest of the rocket.
• The quality team raised concerns about the thrust puck to an engineer who did not act upon them. They have been instructed to contact Musk directly with design concerns.
• SpaceX went on a hiring spree in February that doubled its workforce in Boca Chica to over 500. The goal is to build a production line for Starships.
• SpaceX aims to build a Starship every week by the end of 2020, with a goal of building one every 72 hours eventually.
• SpaceX engineers have built an in-house x-ray machine to look for imperfections in welds.
• Construction costs for a single Starship could eventually drop to as low as $5 million.
• The Boca Chica site will operate 24/7, with workers alternating between three and four 12-hour shifts per week.
• A 20 km flight is planned for this spring, and an orbital mission could happen before the end of 2020.

In other news:

• SpaceX to Raise Hundreds of Millions of Dollars Through a Funding Round That Will Value It at $36 Billion
• SpaceX Could Earn $30 Billion Annually From Starlink, 10x Of Sending ISS Supplies – Elon Musk
• SpaceX's latest Starship test was uneventful and that's great news for its flight debut
• Astronauts capture SpaceX cargo capsule with robot arm for final time

Original Submission