Security researcher Brian Krebs wants you to know... "New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let's just get this out of the way right now: It wasn't me." The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with [a domain that begins with brian . krebsonsecurity... Not a safe domain.] Shadowserver has been tracking wave after wave of attacks targeting flaws in Exchange that Microsoft addressed earlier this month in an emergency patch release. The group looks for attacks on Exchange systems using a combination of active Internet scans and "honeypots" — systems left vulnerable to attack so that defenders can study what attackers are doing to the devices and how.

David Watson, a longtime member and director of the Shadowserver Foundation Europe, says his group has been keeping a close eye on hundreds of unique variants of backdoors (a.k.a. "web shells") that various cybercrime groups worldwide have been using to commandeer any unpatched Exchange servers. These backdoors give an attacker complete, remote control over the Exchange server (including any of the server's emails)... Shadowserver's honeypots saw multiple hosts with the Babydraco backdoor doing the same thing: Running a Microsoft Powershell script that fetches the file "krebsonsecurity.exe"... Oddly, none of the several dozen antivirus tools available to scan the file at Virustotal.com currently detect it as malicious. The Krebsonsecurity file also installs a root certificate, modifies the system registry, and tells Windows Defender not to scan the file. Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute.

Shadowserver found more than 21,000 Exchange Server systems that had the Babydraco backdoor installed. But Watson said they don't know how many of those systems also ran the secondary download from the rogue Krebsonsecurity domain. "Despite the abuse, this is potentially a good opportunity to highlight how vulnerable/compromised MS Exchange servers are being exploited in the wild right now, and hopefully help get the message out to victims that they need to sign up our free daily network reports," Watson said.

"If I worked in tech antitrust policy, I would really want to understand why all the cases against Microsoft 20 years ago were such an unqualified failure." That's what venture capitalist Benedict Evans (formerly an Andreessen Horowitz partner), is asking regulators on Twitter.

"You won, yet achieved nothing, and then Microsoft's dominance went away anyway. Why?"

Long-time Slashdot reader theodp notes the thread of reminiscent reactions from Microsoft employees prompted this response on the blog of software developer Dave Winer "to lament the collateral damage of a winner-take-all mentality." "Microsoft could've played a senior role, and helped the rest of us add all kinds of editors and databases to the web, and at least try to bring across some of the GUI innovations of the 1980s. Instead all that was lost. Today, decades later, because of the chaos Microsoft brought us then, the editors on the web still suck. They are really inferior. Far less useful than the editors we had before the web.

"What if Microsoft had chilled and brought together the best minds from the PC era and asked some basic questions like how are we going to make the web better for everyone, at least as good as what we had before. What a time that would have been to do just that. But they acted like spoiled children."
But are we facing the same issues today? In The End of Silicon Valley as We Know It?, geek publishing icon/seed investor Tim O'Reilly checks in on tech's latter-day missed opportunities: The extractive behavior the tech giants exhibit has been the norm for modern capitalism since Milton Friedman set its objective function in 1970: "The social responsibility of business is to increase its profits"...

It's a sad time for Silicon Valley, because we are seeing not only the death of its youthful idealism but a missed opportunity. Paul Cohen, the former DARPA program manager for AI, made a powerful statement a few years ago at a meeting of the National Academy of Sciences that we both attended: "The opportunity of AI is to help humans model and manage complex interacting systems." That statement sums up so much of the potential that is squandered when firms like Google, Amazon, and Facebook fall prey to the Friedman doctrine rather than setting more ambitious goals for their algorithms.

I'm not talking about future breakthroughs in AI so much as I'm talking about the fundamental advances in market coordination that the internet gatekeepers have demonstrated. These powers can be used to better model and manage complex interacting systems for the good of all. Too often, though, they have been made subservient to the old extractive paradigm."

Slashdot reader rushtobugment quotes a story from Hot Hardware: One of the software options for running a Raspberry Pi module is Raspberry Pi OS (formerly Raspbian), the officially supported Debian-based operating system put out by The Raspberry Pi Foundation. It has been around since 2015 without too much complaint. However, a recent update has some Raspberry Pi OS users up in arms over a key change involving Microsoft.

The latest update installs a Microsoft apt respository on all any machine running Raspberry Pi OS, and does it without any admin consent. As discovered by Reddit user fortysix_n_2, the official reason is an endorsement of Microsoft's integrated development environment, Visual Studio Code, which is fine and dandy. However, it's claimed this even gets installed on headless devices that used a light image without a GUI. As a result, every time you do an "apt update" on your Pi device, the OS pings Microsoft.

"By having this repo, every time an install of Raspberry Pi OS is updated it will ping a Microsoft server. Microsoft will know you're using Raspberry Pi OS/likely Raspberry Pi owner and your IP address...." fortysix_n_2 explains.
Or, as a headline explains on the Windows Central blog, "Microsoft repo silently added to Raspberry Pi OS, folks begin the freak out..."

"As one particularly vocal commenter pointed out, modifying the sources.list in Linux without consent just doesn't happen. It also doesn't just apply to new images, it has been built out to be added to existing machines, too."

UPDATE: An anonymous Slashdot reader spotted Raspberry Pi founder Eben Upton's response to the controversy on Twitter. When asked if the foundation could be more transparent, like publishing a blog post about the repositories to be included, Upton responded:

"I can't understand why you think this was a controversial thing to do. We do things of this sort all the time without putting out a blog post about how to opt out."

Jalopnik shares a story for our times: Adobe's Flash, the web browser plug-in that powered so very many crappy games, confusing interfaces, and animated icons of the early web like Homestar Runner is now finally gone, after a long, slow, protracted death. For most of us, this just means that some goofy webgame you searched for out of misplaced nostalgia will no longer run. For a select few in China, though, the death of Flash meant being late to work, because the city of Dalian in northern China was running their railroad system on it.

Yes, a railroad, run on Flash, the same thing used to run "free online casinos" and knockoff Breakout games in mortgage re-fi ads...

Hell, YouTube used to run on Flash until 2015. It wasn't all stupid little web games but, that said, I can't for the life of me fathom why anyone would want to run a freaking railroad network on it, with physical, multi-ton moving railcars full of human beings on it. So, when Adobe finally killed Flash-based content from running, this Tuesday Dalian's railroad network found itself ground to a halt for 20 hours.

The railroad's technicians did get everything back up and running, but the way they did this is fascinating, too. They didn't switch the rail management system to some other, more modern codebase or software installation; instead, they installed a pirated version of Flash that was still operational. The knockoff version seems to be known as "Ghost Version." This, along with installing an older version of the Flash player to work with the knockoff Flash server setup, "solved" the problem, and the railroad was back up and running.
UPDATE: ZDNet reports that "later reports from Chinese media clarified that railway traffic never stopped in Dalian because of the Flash end-of-life": However, the reports also admitted that there's some truth in the original report and that, indeed, some internal traffic statistics system had stopped working at the rail station on Jan. 12, when Adobe blocked Flash content from working.

Daniel Miessler, a widely respected infosec professional in San Francisco, writes about design and user experience choices Google has made across its services in recent years: I've been writing for probably a decade about how bad Google's GUI is for Google Analytics, Google Apps, and countless of their other properties -- not to mention their multiple social media network attempts, like Google+ and Wave. Back then it was super annoying, but kind of ok. They're a hardcore engineering group, and their backend services are without equal. But lately it's just becoming too much.

1. Even Gmail is a cesspool at this point. Nobody would ever design a webmail interface like that, starting from scratch.
2. What happened to Google Docs? Why does it not look and behave more like Notion, or Quip, or any of the other alternatives that made progress in the last 5-10 years?
3. What college course do I take to manage a Google Analytics property?
4. Google just rolled out Google Analytics 4 -- I think -- and the internet is full of people asking the same question I am. "Is this a real rollout?"

[...] My questions are simple:
1. How the hell is this possible? I get it 10 years ago. But then they came out with the new design language. Materialize, or whatever it was. Cool story, and cool visuals. But it's not about the graphics, it's about the experience.
2. How can you be sitting on billions of dollars and be unable to hire product managers that can create usable interfaces?
3. How can you run Gmail on an interface that's tangibly worse than anything else out there?
4. How can you let Google Docs get completely obsoleted by startups?

I've heard people say that Google has become the new Microsoft, or the new Oracle, but damn -- at least Microsoft is innovating. At least Oracle has a sailing team, or whatever else they do. I'm being emotional at this point.

Google, you are made out of money. Fix your fucking interfaces. Focus on the experience. Focus on simplicity. And use navigation language that's similar across your various properties, so that I'll know what to do whether I'm managing my Apps account, or my domains, or my Analytics. You guys are awesome at so many things. Make the commitment to fix how we interact with them.

Windows Central reports: Microsoft is working on a software solution that would allow app developers to bring their Android apps to Windows 10 with little to no code changes by packaging them as an MSIX and allowing developers to submit them to the Microsoft Store. According to sources familiar with the matter, the project is codenamed 'Latte' and I'm told it could show up as soon as next year. The company has toyed with the idea of bringing Android apps to Windows 10 before via a project codenamed Astoria that never saw the light of day. Project Latte aims to deliver a similar product, and is likely powered by the Windows Subsystem for Linux (WSL.) Microsoft will need to provide its own Android subsystem for Android apps to actually run, however.

Microsoft has announced that WSL will soon get support for GUI Linux applications, as well as GPU acceleration which should aid the performance of apps running through WSL. It's unlikely that Project Latte will include support for Play Services, as Google doesn't allow Play Services to be installed on anything other than native Android devices and Chrome OS. This means that apps which require Play Services APIs will need to be updated to remove those dependencies before they can be submitted on Windows 10.

ZDNet reports: At the Microsoft Build 2020 virtual developers' conference, CEO Satya Nadella announced that Windows Subsystem for Linux (WSL) 2.0 would soon support Linux GUIs and applications. That day is closer now than ever before. At the recent X.Org Developers Conference, Microsoft partner developer lead Steve Pronovost revealed that Microsoft has made it possible to run graphical Linux applications within WSL.

It's always been possible to run Linux graphical programs such as the GIMP graphics editor, Evolution e-mail client, and LibreOffice on WSL. But it wasn't easy. You had to install a third-party X Window display server, such as the VcXsrv Windows X Server in Windows 10, and then do some tuning with both Windows and Linux to get them to work together smoothly. The X Window System underlies almost all Linux graphical user interfaces. Now, Microsoft has ported a Wayland display server to WSL. Wayland is the most popular X Window compatible server. In WSL2, it connects the graphical Linux applications via a Remote Desktop Protocol (RDP) connection to the main Windows display. This means you can run Linux and Windows GUI applications simultaneously on the same desktop screen....

Craig Loewen, Microsoft WSL Program Manager, added in a Twitter thread that the key differences between using a third-party X server and the built-in Wayland server is that: "You don't need to start up or start the server, we'll handle that for you." In addition, it comes with "Lovely integration with Windows," such as drop shadows and Linux icon support. Loewen also said you can run a Linux web browser in it. "We haven't tested it extensively with a full desktop environment yet, as we want to focus on running often asked for apps first, and primarily IDEs [integrated development environment] so you can run those in a full Linux environment," he said.

Don't get too excited about it just yet, though. Loewen continued, "We don't yet have an ETA for the beta channel, however, this work will be available in general for Insiders to try within the next couple of months."

LWN.net re-visits the emacs-devel mailing list, where the Emacs 28 development cycle has revived discussions about how to make the text editor more "modern" and attractive to new users: A default dark theme may not be in the future, leading one to think that there may yet be hope for the world in general. But there does seem to be general agreement that Emacs could benefit from a better, more centralized approach to color themes, rather than having color names hard-coded throughout various Elisp packages. From that, a proper theme engine could be supported, making dark themes and such easily available to those who want them...

Another area where Emacs is insufficiently "modern", it seems, has to do with keyboard and mouse bindings. On the keyboard side, users have come to expect certain actions from certain keystrokes; ^X to cut a selection, ^V to paste it, etc. These bindings are easily had by turning on the Cua mode, but new users tend not to know about this mode or how to enable it. Many participants in the discussion said that this mode should be on by default. That, of course, would break the finger memory of large numbers of existing Emacs users, who would be unlikely to appreciate the disruption. Or, as Richard Stallman put it:

It is not an option to change these basic key bindings to imitate other, newer editors. It would create a different editor that we Emacs users would never switch to. It is unfortunate that the people who implemented the newer editors chose incompatibility with Emacs....

The situation with mouse behavior is similar; as several participants in the discussion pointed out, users of graphical interfaces have come to expect that a right-button click will produce a menu of available actions. In Emacs, instead, that button marks a region ("selection"), with a second click in the same spot yanking ("cutting") the selected text. Many experienced Emacs users have come to like this behavior, but it is surprising to newcomers. The right mouse button with the control key held down does produce a menu defined by the current major mode, but that is evidently not what is being requested here; that menu, some say, should present global actions rather mode-specific ones.

Stallman suggested offering a "reshuffled mode" that would bring the context menu to an unadorned right-button click, and which would add some of the expected basic editing commands there as well. This would be relatively easy to do, he said, since mouse bindings are separate from everything else. Besides, as he noted, the current mouse behavior was derived from "what was the standard in X Windows around 1990"; while one wouldn't want to act in haste, it might just be about time for an update.
Other proposed changes involved "discoverability," including the default enabling of various modes, although to incorporate them into GNU Emacs "would often require the author to sign copyrights over to the Free Software Foundation, which is not something all authors are willing to do..."

New submitter bondman writes: Windows 95 was released a full quarter century ago today, on August 24th, 1995. Long gone, nearly forgotten? I'm surprised to not have come across a retrospective article yet. I've linked to the Wikipedia article.

As for me I still haven't grown to re-like The Rolling Stones "Start Me Up" yet. I got so sick of hearing it with all the pre-launch and post-launch hype, as the song was tied heavily to the Win 95 launch event. Microsoft paid the Stones a princely sum to use it.

I still remember how exciting it was to see the full-length, full-screen video included on the installation CD-ROM, "Buddy Holly" by Weezer. Mind-blowing to watch a whole music video on your computer. Crappy resolution by our standards today, and a very limited palette to my memory. But as I said, amazing in the day.

Windows 95 had many fans and many critics. At the time, I recall it as an exciting OS (or GUI on top of DOS, if you prefer). PC users were riveted to all the magazine and other media coverage pre-launch. I remember it fondly (with all the obligatory respect due Mac OS, the Amiga, and all the other early GUIs of course).

Nvidia, Intel and AMD have announced their support for Microsoft's new effort to bring graphics processor support to the Windows 10 Windows Subsystem for Linux to enhance machine-learning training. From a report: GPU support for WSL arrived on Wednesday in the Dev Channel preview of Windows 10 build 20150 under Microsoft's reorganized testing structure, which lets it test Windows 10 builds that aren't tied to a specific future feature release. Microsoft announced upcoming GPU support for WSL a few weeks ago at Build 2020, along with support for running Linux GUI apps. The move on GPU access for WSL is intended to bring the performance of applications running in WSL2 up to par with those running on Windows. GPU compute support is the feature most requested by WSL users, according to Microsoft. The 20150 update includes support for Nvidia's CUDA parallel computing platform and GPUs, as well as GPUs from AMD and Intel. It also supports DirectML (Direct Machine Learning), Microsoft's Windows 10 API for hardware-accelerated machine learning.

An anonymous reader quotes a report from VentureBeat: It's finally happening. Microsoft is giving developers a command line interface to install their favorite tools. That's right -- at Build 2020 today, Microsoft announced Windows Package Manager in preview. This is not simply about helping developers build for Windows. It's about helping developers and businesses embrace Windows. Microsoft is on a mission to get developers to love using Windows over macOS and Linux. Part of that mission involves releasing tools like Windows Terminal for enterprises and improving WSL for anyone who needs Linux while they code. Another part is helping developers (and IT admins) set up their Windows environments as effortlessly as possible. In a similar vein, Microsoft today also threw in highly requested features for PowerToys: Run and Keyboard Remapper. But the former is definitely the bigger news.

Windows Package Manager is a command line interface for searching, viewing, and installing commonly used developer tools. Developers list their applications in a GitHub repository; the package manager grabs and installs them. Even better, Windows Package Manager is open source -- Microsoft is asking for developers to help improve it.

At Build 2020 today, Microsoft gave developers a slew of new tools to coax them into using Windows over macOS or Linux. From a report: Windows Terminal is now out of preview for enterprises, and Windows Subsystem for Linux (WSL) 2 is getting support for GPUs, Linux GUI apps, and a simplified install experience. Microsoft even released a Windows Package Manager in preview. Windows 10 runs on 1 billion monthly active devices (PCs, Xbox One consoles, and HoloLens devices), making it a massive platform for developers to target. [...] Microsoft today released Windows Terminal 1.0, which means it is stable for enterprise use. The open source application features multiple tabs, panes, tear-away windows, shortcuts, Unicode and UTF-8 character support, emojis, ligatures, extensions, GPU-accelerated text rendering engine, and custom themes, styles, and configurations. Windows Terminal is for users of PowerShell, Cmd, WSL, and other command-line tools. Microsoft also unveiled WSL improvements today, including support for GPUs, Linux GUI apps, and a simplified install experience. WSL is a compatibility layer for running Linux binary executables natively on Windows. Microsoft first shared it was working on WSL 2 a year ago at Build 2019. WSL 2 is slated to arrive in the next major Windows 10 update coming later this month (brilliantly called the Windows 10 May 2020 Update), but it won't have these new features. In the second half of the year, WSL 2 will get support for GPU compute workflows.

The Washington Post describes it as "the next internet." Wikipedia defines it as "a collective virtual shared space...including the sum of all virtual worlds, augmented reality, and the Internet." But it was Neal Stephenson who named it "the metaverse" in his 1992 science fiction novel Snow Crash.

Are we closer to seeing it happen? The Washington Post reports: In the past month, office culture has coalesced around video chat platforms like Zoom, while personal cultural milestones like weddings and graduations are being conducted in Nintendo's Animal Crossing: New Horizons. The Metaverse not only seems realistic — it would probably be pretty useful right about now. The Metaverse reality is still years, possibly decades, away. But Epic Games CEO Tim Sweeney has been publicly pushing for its creation, and he isn't alone in his desire to push for the Metaverse, where the online world echoes and fulfills real-world needs and activities. Constructing the virtual Internet space is Silicon Valley's macro goal, many of whom are obsessed with Neal Stephenson's 1992 book, "Snow Crash," which defined the term.

In recent years, Facebook, Google and Samsung have all made heavy investments in cloud computing and virtual reality companies in anticipation of a Metaverse... But it's Epic Games, with Fortnite, that has the most viable path forward in terms of creating the Metaverse, according to an essay by venture capitalist and former Amazon executive Matthew Ball... [The article also notes other "traits" of the metaverse in Minecraft and Roblox.] The most widely agreed core attributes of a Metaverse include always being live and persistent — with both planned and spontaneous events always occurring — while at the same time providing an experience that spans and operates across platforms and the real world. A Metaverse must also have no real cap on audience, and have its own fully functioning economy... Fortnite hasn't reached Metaverse status yet. But Fortnite as a social network and impossible-to-ignore cultural phenomenon, Ball says, provides Epic Games a key advantage for leading in the Metaverse race. Fortnite draws a massive, willing and excited audience online to engage with chaotically clashing intellectual properties... "This organic evolution can't be overemphasized," Ball writes in his essay. "If you 'declared' your intent to start a Metaverse, these parties would never embrace interoperability or entrust their IP. But Fortnite has become so popular and so unique that most counterparties have no choice but to participate... Fortnite is too valuable a platform...."

The current swarm to an online-only social and capitalist economy has only highlighted the current Internet's failings, and what the Metaverse needs to do, Ball said. Big sites like Facebook, Google and Amazon continue to dominate online activity, as do larger streaming services like YouTube and Netflix. But each location requires its own membership and has separate ecosystems. "Right now, the digital world basically operates as though every restaurant and bar you go to requires a different ID card, has a different currency, requires their own dress codes and has their own units [of service and measurement]," Ball said. "It is clear that this really advantages the biggest services. People are just sticking to the big games, really. However there's a clear argument that reducing network lock-in can really raise all boats here."

Sweeney said as much in his DICE Summit keynote speech February. If the game industry wants to reshape the Internet and move away from Silicon Valley's walled gardens, Sweeney stressed that publishers need to rethink economies in the same way email was standardized... "We need to give up our attempts to each create our own private walled gardens and private monopoly and agree to work together and recognize we're all far better off if we connect our systems and grow our social graphs together.
Neal Stephenson answered questions from Slashdot readers back in 2004.

The Pirate Bay returned to the clear web this week after a month-long hiatus. However, the structure of the infamous torrent index presented an access problem to users of the popular anti-malware software MalwareBytes, which persistently blocked an essential element of the platform due to the presence of "a few" cryptocurrency miners on a secondary domain. TorrentFreak reports: The problem lay in The Pirate Bay's setup. Aside from cosmetic changes to some pages, the site sends requests to another domain (apibay.org) in order to present torrents to the user on thepiratebay.org. However, those accessing the main domain with Malwarebytes installed were greeted with blank torrent pages after the security software blocked apibay.org. Any warning of this type, especially concerning trojans, should be of concern to users of any site. However, dumping trojans on users hasn't been the modus operandi of The Pirate Bay thus far, so TorrentFreak contacted Malwarebytes to find out what was causing the alert.

Manager of WebProtection Labs at MalwareBytes Andres Ortiz informs TorrentFreak that the issue was caused by the presence of "a few" cryptocurrency miners, not on thepiratebay.org, but on a sub-directory of apibay.org, the domain from where TPB appears to present its torrent results. The analysis for just one example miner is shown [here]. After examining the apibay.org domain once again, MalwareBytes has now confirmed that the miners have been removed so in response, they will push an update to their users to stop TPB's indexes from being blocked moving forward. However, if any party reintroduces the miners, it's certainly possible that the site will be rendered inaccessible once again.

Phoronix reports on a new concern about Qt, the free and open-source widget toolkit for creating GUIs and cross-platform applications: Wednesday a KDE developer who serves on the board of the KDE Free Qt Foundation commented that The Qt Company is evaluating restricting new releases to paying customers for 12 months. That was said to be under consideration due to COVID19 / coronavirus impacting their finances and needing to boost short-term revenues... [Slashdot editor's note: the comment also claims the Qt Company "says that they are willing to reconsider the approach only if we offer them concessions in other areas."] This comes months after The Qt Company already shifted to make Qt long-term support releases customer-only, among other steps to boost their commercial business at the beginning of the year.

Following all the speculation and concerns from the statement by KDE's Olaf Schmidt-Wischhöfer, The Qt Company released this very brief statement:

There have been discussions on various internet forums about the future of Qt open source in the last two days. The contents do not reflect the views or plans of The Qt Company.

The Qt Company is proud to be committed to its customers, open source, and the Qt governance model.
But in the event of a one-year freeze on free releases, Phoronix now reports, "several individuals and projects are already expressing interest in a Qt fork should it come to it." The hope is first and foremost that The Qt Company and KDE / KDE Free Qt Foundation can reach a mutual agreement without this embargo on future releases, which would effectively close up its development... Among those backing the concept of forking Qt as a last resort if necessary has been developers from consulting firm KDAB, the Qute browser developer, and the QGIS project as one of the leading geographic information system software packages, among many KDE developers themselves.

The mailing list thread is quite active in talking about the possible fork if necessary, including aspects like web-hosting down to what such a fork should be called ("Kt" seems to be a popular choice so far with several different members in the community).

An anonymous reader quotes a report from Bleeping Computer: A new cyber attack is hijacking router's DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers. As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker's control. "If your browser is randomly opening to a page promoting a COVID-19 information app, then you need to login to your router and make sure you configure it to automatically receive its DNS servers from your ISP," the report says. It also recommends you set a strong password for your router and to disable remote administration.

"Finally, if you downloaded and installed the COVID-19 app, you should immediately perform a scan on your computer for malware. Once clean, you should change all of the passwords for sites whose credentials are saved in your browser and you should change the passwords for any site that you visited since being infected."

An anonymous reader quotes a report from TechCrunch: In a great example of what can happen when smart, technically-oriented people come together in a time of need, an open-source hardware project started by a group including Irish entrepreneur Colin Keogh and Breeze Automation CEO and co-founder Gui Calavanti has produced a prototype ventilator using 3D-printed parts and readily available, inexpensive material. The ventilator prototype was designed and produced in just seven days, after the project spun up on Facebook and attracted participation from over 300 engineers, medical professionals and researchers.

The prototype will now enter into a validation process by the Irish Health Services Executive (HSE), the country's health regulatory body. This will technically only validate it for use in Ireland, which ironically looks relatively well-stocked for ventilator hardware, but it will be a key stamp of approval that could pave the way for its deployment across countries where there are shortages, including low-income nations. The group behind the ventilator also recently changed the focus of their Facebook community, renaming the group from the Open Source Ventilator Project to the Open Source COVID19 Medical Supplies community. They're looking at expanding their focus to finding ways to cheaply and effectively build and validate other needed equipment, including protective gear like masks, sanitizer and protective face guards for front-line healthcare workers.

jrepin writes: The KDE community today announced the release of Plasma 5.18. This version of the popular desktop environment is the latest long-term supported release and brings an emoji selector, user feedback capabilities, a global edit mode, and improvements to System Settings, the Discover software manager, widgets, GTK integration and much more. The full Plasma 5.18.0 changelog is available here.

The Verge has been investigating Samsung's "artificial human" project Neon, which seems to be about creating realistic human avatars: A tweet from the project's lead and some leaked videos pretty much confirm this -- although they don't give us nearly enough information to judge how impressive Neon is. The lead of Neon, computer-human interaction researcher Paranav Mistry, tweeted this image, apparently showing one of the project's avatars. Mistry says the company's "Core R3" technology can now "autonomously create new expressions, new movements, new dialog (even in Hindi), completely different from the original captured data...."

In a recent interview, Mistry made clear he thinks "digital humans" will be a major technology in the 2020s... "While films may disrupt our sense of reality, 'virtual humans' or 'digital humans' will be reality. A digital human could extend its role to become a part of our everyday lives: a virtual news anchor, virtual receptionist, or even an AI-generated film star."
Reddit users also found the URLs for videos in the source code on Neon's home page -- and though the videos have since been removed, some of the footage has been archived and analyzed on YouTube.

When it comes to firewalls, most system administrators prefer to use a graphical user interface (GUI) rather than a command-line interface (CLI), a new academic study published over the summer has revealed. From a report: Despite the many preconceptions that system administrators are almost all ardent CLI users, firewall GUIs won by a pretty large margin in a survey compiling results from more than 300 respondents. Almost 60% of sysadmins said they "preferred" GUIs over CLIs, and 70% said they "used" GUIs on a daily basis. The survey showed that while CLIs might be popular in some circles, they are not the most ideal interface for managing a complex security software suite like a firewall. The survey, which included more than 15 questions that also sought to discover the reasoning behind each answer, revealed that "usability" was the main reason why system administrators tended to prefer and use firewalls more than CLIs.