An anonymous reader quotes a report from The New York Times: Shortly after coronavirus vaccines were rolled out about a year ago, women started reporting erratic menstrual cycles after receiving the shots. Some said their periods were late. Others reported heavier bleeding than usual or painful bleeding. Some postmenopausal women who hadn't had a period in years even said they had menstruated again. A study published on Thursday found that women's menstrual cycles did indeed change following vaccination against the coronavirus (Warning: source may be paywalled; alternative source). The authors reported that women who were inoculated had slightly longer menstrual cycles after receiving the vaccine than those who were not vaccinated.

Their periods themselves, which came almost a day later on average, were not prolonged, however, and the effect was transient, with cycle lengths bouncing back to normal within one or two months. For example, someone with a 28-day menstrual cycle that starts with seven days of bleeding would still begin with a seven-day period, but the cycle would last 29 days. The cycle ends when the next period starts and would revert to 28 days within a month or two. The delay was more pronounced in women who received both vaccine doses during the same menstrual cycle. These women had their periods two days later than usual, the researchers found. [...] One serious drawback of the study, which focused on U.S. residents, is that the sample is not nationally representative and cannot be generalized to the population at large. The data were provided by a company called Natural Cycles that makes an app to track fertility. Its users are more likely to be white and college educated than the U.S. population overall; they are also thinner than the average American woman -- weight can affect menstruation -- and do not use hormonal contraception. "I want to make sure we dissuade people from those untrue myths out there about fertility effects," said Dr. Hugh Taylor, the chair of the department of obstetrics, gynecology and reproductive sciences at Yale School of Medicine. "A cycle or two where periods are thrown off may be annoying, but it's not going to be harmful in a medical way."

With that said, postmenopausal women who experience vaginal bleeding or spotting, whether after vaccination or not, should be evaluated by a physician, says Dr. Taylor. It may be a sign they have a serious medical condition.

Popcorn Time, the once-popular app that made watching pirated movies and television shows almost as easy as using Netflix, has shut down. Bloomberg News: The app debuted in 2014 and within a year became one of the most popular services for accessing illegal video content. Popcorn Time's creators deserted the service shortly after its introduction, and emails released after a hack of Sony Group indicated law enforcement may have played a role. But the app's code was open-source, and other developers jumped in to release new versions. In 2015, a developer associated with Popcorn Time told Bloomberg that the service wasn't responsible for piracy because it didn't host any stolen material itself. The software instead offered a link to computers around the world hosting the content through the file-sharing system BitTorrent. "The torrent world was here with millions of users way before us and will be here with BILLIONS of users way after us," he said at the time.

A pair of non-fungible token projects are testing the boundary between plagiarism and parody. From a report: Digital marketplace OpenSea has banned the PHAYC and Phunky Ape Yacht Club (or PAYC) collections, both of which are based on the same gimmick: selling NFTs with mirrored but otherwise identical versions of high-priced Bored Ape Yacht Club avatars. Now the dueling projects are selling their apes while dodging bans from other marketplaces, becoming the latest example of how the NFT world handles copied art. Bored Ape Yacht Club (or BAYC) NFTs are some of the most expensive crypto art assets -- they recently overtook CryptoPunks as the highest-priced NFT avatars with the cheapest available ape selling for $217,000. Like other avatars, though, anybody can technically copy or modify the associated ape picture. So PAYC and PHAYC simply flip the right-facing BAYC avatars to face left, associate them with cryptocurrency tokens, and resell them.

PAYC announced its launch in early December with a loose mission statement promoting decentralization and denigrating "rich douchebags" who had (allegedly) taken over the original ape market. It called back to CryptoPhunks, a similar project that flipped and resold expensive CryptoPunks images earlier this year. Early arrivals could mint left-facing apes for free starting December 28th, while others paid a fee of .042 ETH (currently around $157). PHAYC launched shortly after with a tongue-in-cheek website describing the project as "a limited NFT collection where the token itself offers no membership and no allegiance," an inversion of the promise made by BAYC creator Yuga Labs. One PHAYC community member described the project to CoinDesk as "a satirical take on the current state of NFTs and members of the NFT community who might be taking the NFT market a little too seriously."

U.S. President Abraham Lincoln pardoned a soldier in the Civil War, and in 1998 that document was re-discovered. But "It was the date that made the document significant," writes Ars Technica: April 14, 1865, "meaning the pardon was likely one of the last official acts of President Lincoln, since he was assassinated later that same day at Ford's Theater in Washington, D.C. The pardon was broadly interpreted as evidence for a historical narrative about the president's compassionate nature: i.e., his last act was one of mercy."

But now scientists at America's National Archives have conducted a new analysis (published in the journal Forensic Science International: Synergy), and "confirmed that the date was indeed forged (although the pardon is genuine)." An archivist named Trevor Plante became suspicious of the document, noting that the ink on the "5" in "1865" was noticeably darker. It also seemed as if another number was written underneath it. Then Plante consulted a seminal collection of Lincoln's writings from the 1950s. The pardon was there, but it was dated April 14, 1864 — a full year before Lincoln was assassinated by John Wilkes Booth. Clearly the document had been altered sometime between the 1950s and 1998 to make the pardon more historically significant..

Investigators naturally turned to the man who made the discovery for further information. They began corresponding with Thomas Lowry [a retired psychiatrist turned amateur historian] in 2010. Initially, Lowry seemed cooperative, but when he learned about the nature of the investigation, he stopped communicating with the Office of the Inspector General, thereby arousing suspicion. So the investigators knocked on the historian's door one January morning in 2011 for an interview. Shortly thereafter, the National Archives released a statement that Lowry had confessed to altering the date on the pardon. Lowry confessed to bringing a fountain pen into the research room, along with fade proof, pigment-based ink, and changing the "4" in "1864" to a "5." Lowry couldn't be charged with any crime because the statute of limitations for tampering with government property had run out, but he was barred from the National Archives for life.

But there's a twist: Lowry soon recanted, claiming he had signed the confession under duress from the National Archives investigators...
Long-time Slashdot reader waspleg writes that Ars Technica "goes through the analysis of how it was verified to be a forgery using several techniques," including ultraviolet light and X-ray fluorescence analysis to study chemicals in the ink. From the article: An examination under magnification and reflective fiber optic lighting showed the ink used to write the "5" was indeed different in overall color compared to the other numbers in the date. Furthermore, "Vestiges of ink from a scratched away number can be seen below and beside the darker '5,' as well as smeared across the paper," the authors wrote. Additional analysis under raking light — a technique that accentuates hills and valleys in the paper texture — revealed abrasions to the paper under and around the "5" that were not observed anywhere else on the document. The team also determined that the paper around the "5" is thinner than everywhere else, and that ink residue of the scratched-away "4" were caught in the abraded paper fibers, clearly visible using transmitted light microscopy...
"The authors also concluded that there is no way to restore the document to its original state without causing further damage."

Tech-driven changes are coming fast and furiously to airports, including advancements in biometrics that verify identity and shorten security procedures for those passengers who opt into the programs. From a report: If it's been a year or more since you traveled, particularly internationally, you may notice something different at airports in the United States: More steps -- from checking a bag to clearing customs -- are being automated using biometrics. Biometrics are unique individual traits, such as fingerprints, that can be used to automate and verify identity. They promise both more security and efficiency in moving travelers through an airport where, at steps from check-in to boarding, passengers are normally required to show government-issued photo identification. In the travel hiatus caused by the pandemic, many airports, airlines, tech companies and government agencies like the Transportation Security Administration and United States Customs and Border Protection continued to invest in biometric advancements. The need for social distancing and contactless interactions only added to the urgency.

"The technologies have gotten much more sophisticated and the accuracy rate much higher," said Robert Tappan, the managing director for the trade group International Biometrics + Identity Association, who called the impetus to ease crowds and reduce contact through these instruments "COVID-accelerated." Many of the latest biometric developments use facial recognition, which the National Institute of Standards and Technology recently found is at least 99.5 percent accurate, rather than iris-scanning or fingerprints. "Iris-scanning has been touted as the most foolproof," said Sherry Stein, the head of technology in the Americas for SITA, a Switzerland-based biometrics tech company. "For biometrics to work, you have to be able to match to a known trusted source of data because you're trying to compare it to a record on file. The face is the easiest because all the documents we use that prove your identity -- driver's licenses, passports etc. -- rely on face." Shortly after 9/11, Congress mandated an entry and exit system using biometric technology to secure U.S. borders. Some travelers have expressed concerns about privacy, and while companies and agencies using the technology say they do not retain the images, the systems largely rely on willing travelers who agree to their use.

An anonymous reader quotes a report from The Hill: The Chinese rideshare app Didi announced Friday that it will delist from the New York Stock Exchange just months after its initial public offering. The company's brief announcement on the microblog Weibo noted plans to relist on Hong Kong's exchange, but gave few other details. Didi had been valued at nearly $70 billion after its first day of trading in June, but has since seen its shares collapse amid a crackdown from Beijing. [China says the company broke data privacy laws and posed cybersecurity risks.]

Chinese authorities announced a probe of the company's data security practices shortly after its listing, but that investigation has not yet been closed. The company, which successfully held Uber out of its domestic market, owns a vast trove of data on Chinese users. The company's market capitalization now sits at roughly $38 billion. Its shares tumbled even further Friday following the news of the delisting. "Didi's repatriation to [Hong Kong] is a significantly worrying indicator for the larger US-Sino economic relationship," Brock Silvers, chief investment officer at Kaiyuan Capital in Hong Kong, told CNN. "Beijing essentially forced Didi's hand. [...] Didi's repatriation looks likely to be the start of a trend, and the market should expect that others will follow. Equity investors may not wait for the other shoe to drop."

"Chinese founders previously looked to [New York] for a number of reasons, including looser listing standards, often higher multiples and a domicile beyond Beijing's financial [and] regulatory grasp," Silvers added. "That calculus has rapidly changed, and today's companies -- especially established market leaders or those in certain tech sectors -- will likely face increasing pressure to list on China-controlled exchanges."

Friday Rockstar Games issued an update in the Announcements section of the company's web site "regarding the unexpected technical issues that came to light as part of the launch of Grand Theft Auto: The Trilogy — The Definitive Edition." (See Slashdot's earlier coverage here and here.)

"Firstly, we want to sincerely apologize to everyone who has encountered issues playing these games..." the Rockstar Games Team wrote: The Grand Theft Auto series — and the games that make up this iconic trilogy — are as special to us as we know they are to fans around the world. The updated versions of these classic games did not launch in a state that meets our own standards of quality, or the standards our fans have come to expect.

We have ongoing plans to address the technical issues and to improve each game going forward. With each planned update, the games will reach the level of quality that they deserve to be.

A new Title Update is on the way in the coming days for all versions of Grand Theft Auto: The Trilogy — The Definitive Edition that will address a number of issues. We will update everyone as soon as it is live.

In the meantime, it pains us to mention that we are hearing reports of members of the development teams being harassed on social media. We would kindly ask our community to please maintain a respectful and civil discourse around this release as we work through these issues.

While one of the goals of the Definitive Editions was to allow players to enjoy these games on modern platforms for many years to come, we also understand that some of you would still like to have the previous classic versions available for purchase.

We will be adding the classic PC versions of Grand Theft Auto III, Grand Theft Auto: Vice City, and Grand Theft Auto: San Andreas back to the Rockstar Store shortly as a bundle. Additionally, everyone who has purchased Grand Theft Auto: The Trilogy — The Definitive Edition for PC from the Rockstar Store through June 30, 2022, will receive these classic versions in their Rockstar Games Launcher library at no additional cost. We will update everyone as soon as these are back in the Rockstar Store.

Once again, we'd like to thank everyone for their patience and understanding while we work through these updates to ensure these games meet everyone's justifiably high standards.

An anonymous reader shares a report: "The goal is to become HBO faster than HBO can become us." That's Netflix executive Ted Sarandos in 2013, shortly before his company made its jump into original content with House of Cards. And not just original content -- glossy big-budget content made by a famous director, featuring (at the time) a famous actor. HBO-style content. Even if you don't follow the media business closely, you probably know what happened after that: With House of Cards, Netflix proved, quite quickly, that it could make shows as good as the stuff the fabled pay TV network makes. And then Netflix started making a lot more stuff, and consumers liked that, too. And now Netflix is the company that every other media company wants to emulate -- and it's the chief reason every big media company is trying to decide whether it needs to buy or sell to every other big media company.

But it didn't have to go that way. In 2005, two years before Netflix got into the streaming business, some HBO executives were pushing the company to do the same thing. They wanted HBO to use the internet to sell subscriptions directly to consumers instead of wholesaling their product to the big cable TV distributors. A year later, after passing on that idea, HBO considered another move that would have rewritten media history: Some of its executives wanted HBO to buy Netflix, which at the time was a DVD rent-by-mail business worth around $1 billion. Netflix is now worth some $300 billion.

An anonymous reader quotes a report from Motherboard: The South Korean Ministry of Justice has provided more than 100 million photos of foreign nationals who travelled through the country's airports to facial recognition companies without their consent, according to attorneys with the non-governmental organization Lawyers for a Democratic Society. While the use of facial recognition technology has become common for governments across the world, advocates in South Korea are calling the practice a "human rights disaster" that is relatively unprecedented. "It's unheard-of for state organizations -- whose duty it is to manage and control facial recognition technology -- to hand over biometric information collected for public purposes to a private-sector company for the development of technology," six civic groups said during a press conference last week.

The revelation, first reported in the South Korean newspaper The Hankyoreh, came to light after National Assembly member Park Joo-min requested and received documents from the Ministry of Justice related to a April 2019 project titled Artificial Intelligence and Tracking System Construction Project. The documents show private companies secretly used biometric data to research and develop an advanced immigration screening system that would utilize artificial intelligence to automatically identify airport users' identities through CCTV surveillance cameras and detect dangerous situations in real time. Shortly after the discovery, civil liberty groups announced plans to represent both foreign and domestic victims in a lawsuit.

"We, the NGOs, urge the government to immediately stop the establishment of a biometric monitoring system that is not only illegal but also significantly violates international human rights norms," wrote Advocates for Public Interest Law, MINBYUN -- Lawyers for a Democratic Society, the Institute for Digital Rights, the Joint Committee with Migrants in Korea, and the Korean Progressive Network Jinbonet, in a press release that was translated and provided to Motherboard. Attorneys claim the project directly violates South Korea's Personal Information Protection Act, a law that strictly limits the processing of personal information in the country. Still, the Ministry has yet to announce plans to halt the program, which was scheduled to be completed in 2022.

Kotaku reports: Grand Theft Auto: The Trilogy — Definitive Edition was released on November 11 on all major platforms including the Switch. However, for folks who bought the game on PC, they've been unable to play the game since just shortly after it was released. Now three days later, [PC] fans are still unable to access the game they bought days ago with no update from Rockstar on when the GTA Trilogy will become playable again.

The remastered Grand Theft Auto trilogy has had a very, very rocky launch, with players across all platforms reporting various graphical bugs, gameplay glitches, and other annoying changes and tweaks to the classic PS2-era games. But while players on Xbox One or PS5 or Switch are dealing with annoying bugs and odd visual problems, players on PC are left unable to play any of the games included in the collection.
In a review Screen Rant writes that all three games "look better here than they ever have before." But... The visual improvements don't discount the fact that there are a lot of things missing in Grand Theft Auto: The Trilogy — Definitive Edition, including basic functions like the series' iconic cinematic camera mode which premiered in GTA 3. Gone also from GTA 3 is the top-down camera angle which was added in to please players coming over from GTA 2. Both of these camera angles were also missing in previous re-releases of GTA 3, but not including them in what is called the Definitive Edition feels like a mistake.
On the plus side, they write that "Some new but fun inclusions also make returning to Liberty City, Vice City, and San Andreas enjoyable, like San Andreas' updated bridge facts or the new cheat which lets players turn on Big Head Mode in all GTA Trilogy games if they enter the Konami code. The ability to instantly restart missions after being killed, busted, or otherwise failing is also much appreciated."

But Eurogamer reports that unhappy fans are now review-bombing the newly-released game on Metacritic: At the time of writing, the trilogy has 2000+ user reviews on the aggregate site. Of the 2054 reviews recorded by PC users on Metacritic, the combined score is a miserable 0.5. It peaks at 1.0 for PS5 players, but otherwise, most other platforms boast a similarly low score...

"This is it! This is the end of Rockstar, this is just too much," opines one particularly unhappy Xbox One customer, who has the highest number of "helpful" points.... "This so-called definitive edition is one of the most pathetic remasters of all time, especially considering how amazing Rockstar used to be. They were the top. They were the best there ever was. They showed other developers what can be done. I just can't believe that the end of Rockstar would be like this..."

Rockstar is now being inundated with refund requests as the Grand Theft Auto: The Trilogy — The Definitive Edition backlash intensifies.
Oh, and one more thing. IGN reports that the game also appears to contain files for the infamous deleted sex mini-game "Hot Coffee."

Shortly after Thursday's release of Grand Theft Auto: The Definitive Edition, the Rockstar Games Launcher on PC went down, leaving most Rockstar titles unplayable, reports PC Gamer.

They also identified possible issues explaining why: Firstly, the Trilogy has shipped with internal developer comments visible on the code, such as... "This shit doesn't work the way they wrote it below so we'll just show the text and place the blip at the beginning of the mission...."

Coders leaving funny comments is one thing: even if you might not want the public to see it, who really cares. However some dataminers have found that Vice City and San Andreas may have shipped with songs that have technically been 'removed' from the game because the licenses have expired... The presence of unlicensed music could in theory be a big headache for Rockstar. While the music may not be accessible to the average user, it is in the product's files and can be accessed using certain tools. And, oh yeah, without the appropriate license.
One dataminer told the site that the audio codec used in these games is the open source OGG-VORBIS, and for Grand Theft Auto: San Andreas, "EVERY song is there." And then Thursday the official Twitter feed for Rockstar Support announced their Games Launcher was "temporarily offline for maintenance." PC Gamer reported it remained down for more than 16 hours.

Friday night Rockstar Support announced their Launcher was now back online — but that GTA: The Trilogy — The Definitive Edition "is unavailable to play or purchase as we remove files unintentionally included in these versions.

"We're sorry for the disruption and hope to have correct ones up soon."

Last month 49-year-old Glen de Vries travelled with William Shatner into space with two other crewmembers on Blue Origin's sub-orbital capsule.

Today NBC News announced de Vries "was one of two men killed Thursday in a plane crash in New Jersey, officials said." Glen de Vries, 49, of New York City, and Thomas P. Fischer, 54, of Hopatcong, New Jersey, died following the small aircraft crash shortly before 3 p.m. in Hampton Township, according to New Jersey State Police...

De Vries co-founded software company Medidata Solutions, which specializes in management of electronic data from clinical trials. He also served as a trustee for Carnegie Mellon University in Pittsburgh. "We will truly miss Glen, but his dreams — which we share — live on: we will pursue progress in life sciences & healthcare as passionately as he did," Medidat said in a statement.
Newsweek reports that upon his return to earth, de Vries told a Pittsburgh TV station that space travel "is something we need to make accessible in an equitable way, to as many people on the planet as possible." In a tweet on Friday, Blue Origin wrote, "We are devastated to hear of the sudden passing of Glen de Vries."

"He brought so much life and energy to the entire Blue Origin team and to his fellow crewmates," the tweet continued. "His passion for aviation, his charitable work, and his dedication to his craft will long be revered and admired."

"New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks," reports BleepingComputer.

Cybersecurity company Lookout said on its blog that they'd spotted the malware on Google Play "and prominent third-party stores such as the Amazon Appstore and the Samsung Galaxy Store.... To protect Android users, Google promptly removed the app as soon as we notified them of the malware." We named the malware "AbstractEmu" after its use of code abstraction and anti-emulation checks to avoid running while under analysis. A total of 19 related applications were uncovered, seven of which contain rooting functionality, including one on Play that had more than 10,000 downloads...

This is a significant discovery because widely-distributed malware with root capabilities have become rare over the past five years. As the Android ecosystem matures there are fewer exploits that affect a large number of devices, making them less useful for threat actors... By using the rooting process to gain privileged access to the Android operating system, the threat actor can silently grant themselves dangerous permissions or install additional malware — steps that would normally require user interaction. Elevated privileges also give the malware access to other apps' sensitive data, something not possible under normal circumstances...

AbstractEmu does not have any sophisticated zero-click remote exploit functionality used in advanced APT-style threats, it is activated simply by the user having opened the app. As the malware is disguised as functional apps, most users will likely interact with them shortly after downloading... By rooting the device, the malware is able to silently modify the device in ways that would otherwise require user interaction and access data of other apps on the device.
"Apps bundling the malware included password managers and tools like data savers and app launchers," reports BleepingComputer, "all of them providing the functionality they promised to avoid raising suspicions..."

Lookout's blog post said they'd spotted people affected by the malware in 17 different countries.

The Government Accountability Office today called for a reevaluation of the proposals submitted by Amazon Web Services and Microsoft in connection with a $10 billion cloud contract to enhance the National Security Agency's technology environment. From a report: The $10 billion NSA contract, code-named WildandStormy, was awarded to public cloud market leader AWS earlier this year. Rival Microsoft, which also competed for the deal, filed a protest with the GAO shortly after AWS was named the winner. The agency's decision today represents a win for Microsoft. "GAO found certain aspects of the agency's evaluation to be unreasonable and, in light thereof, recommended that NSA reevaluate the proposals consistent with the decision and make a new source selection determination," Ralph White, managing associate general counsel for the Procurement Law Division at the GAO, told Nextgov in a statement. "GAO's decision expresses no view as to the relative merits of the AWS and Microsoft proposals." Microsoft submitted its protest to the GAO on July 21. The company followed up the move on Sept. 2 by sending a document known as a supplemental protest. According to Nextgov, the decision that the GAO issued today in response to Microsoft's filings is under a protective order because thereâ(TM)s classified information involved. However, officials reportedly plan to release an unclassified decision down the line that will be accessible for the public.

"Unplanned thruster firings by a Russian spacecraft briefly knocked the International Space Station off-kilter Friday, the second such incident in less than three months," reports Space.com: The spacecraft involved today was the Soyuz MS-18, which is scheduled to bring cosmonaut Oleg Novitskiy, film director Klim Shipenko and actor Yulia Peresild back to Earth early Sunday morning (Oct. 17)... "Within 30 minutes, flight controllers regained attitude control of the space station, which is now in a stable configuration," NASA officials wrote in an update this afternoon. "The crew was awake at the time of the event and was not in any danger."

The orbiting lab briefly tilted from its normal orientation this morning by 57 degrees, according to the Russian news agency Interfax, which cited communications between Novitskiy and Vladimir Solovyov, the flight director of the station's Russian segment.

Space station managers don't yet know what caused the anomalously long firing... It's also unclear why the MS-18's thrusters stopped firing, though the station's handlers have some ideas. "We think — and we haven't got confirmation — we think the thrusters stopped firing because they reached their prop[ellant] limit," NASA flight director Timothy Creamer told agency astronauts shortly after the thrusters shut down, according to The New York Times. "Moscow is checking into it and doing their data analysis."

Mark Forkner, Boeing's 737 Max chief technical pilot during the aircraft's development, has been charged with misleading aviation regulators about safety issues blamed for two fatal crashes of the 737 Max. According to the U.S. Department of Justice, "he faces a maximum penalty of 20 years in prison on each count of wire fraud and 10 years in prison on each count of fraud involving aircraft parts in interstate commerce." Slashdot reader McGruber shares an excerpt from the press release: A federal grand jury in the Northern District of Texas returned an indictment charging Mark A. Forkner, former Chief Technical Pilot for The Boeing Company (Boeing), with deceiving the Federal Aviation Administration's Aircraft Evaluation Group (FAA AEG) in connection with the FAA AEG's evaluation of Boeing's 737 MAX airplane, and scheming to defraud Boeing's U.S.based airline customers to obtain tens of millions of dollars for Boeing.

As alleged in the indictment, Forkner provided the agency with materially false, inaccurate, and incomplete information about a new part of the flight controls for the Boeing 737 MAX called the Maneuvering Characteristics Augmentation System (MCAS). Because of his alleged deception, a key document published by the FAA AEG lacked any reference to MCAS. In turn, airplane manuals and pilot-training materials for U.S.-based airlines lacked any reference to MCAS -- and Boeing's U.S.-based airline customers were deprived of important information when making and finalizing their decisions to pay Boeing tens of millions of dollars for 737 MAX airplanes.

On or about Oct. 29, 2018, after the FAA AEG learned that Lion Air Flight 610 -- a 737 MAX -- had crashed near Jakarta, Indonesia, shortly after takeoff and that MCAS was operating in the moments before the crash, the FAA AEG discovered the information about the important change to MCAS that Forkner had withheld. Having discovered this information, the FAA AEG began reviewing and evaluating MCAS. On or about March 10, 2019, while the FAA AEG was still reviewing MCAS, the FAA AEG learned that Ethiopian Airlines Flight 302 -- a 737 MAX -- had crashed near Ejere, Ethiopia, shortly after takeoff and that MCAS was operating in the moments before the crash. Shortly after that crash, all 737 MAX airplanes were grounded in the United States.

The official Wizard of New Zealand, perhaps the only state-appointed wizard in the world, has been cast from the public payroll, spelling the end to a 23-year legacy. From a report: The Wizard, whose real name is Ian Brackenbury Channell, 88, had been contracted to Christchurch city council for the past two decades to promote the city through "acts of wizardry and other wizard-like services," at a cost of $16,000 a year. He has been paid a total of $368,000.

The Wizard, who was born in England, began performing acts of wizardry and entertainment in public spaces shortly after arriving in New Zealand in 1976. When the council originally tried to stop him, the public protested. In 1982, the New Zealand Art Gallery Directors Association said he had become a living work of art, and then, in 1990, the prime minister at the time, Mike Moore, asked that he consider becoming the Wizard of New Zealand. "I am concerned that your wizardry is not at the disposal of the entire nation," Moore wrote on his official letterhead.

Apple said today that one of the reasons it does not allow app sideloading or the use of third-party app stores on iOS is because of privacy and security reasons, pointing to the fact that Android sees between 15 to 47 times more malware compared to its app ecosystem. The Record reports: Apple says that the reason its iOS devices are locked into the App Store as the only way to install applications is for security reasons, as this allows its security teams to scan applications for malicious content before they reach users. Apple cited statements from multiple sources (DHS, ENISA, Europol, Interpol, NIST, Kaspersky, Wandera, and Norton), all of which had previously warned users against installing apps from outside official app stores, a process known as app sideloading.

Apple's report then goes on to list multiple malware campaigns targeting Android devices where the threat actors asked users to sideload malicious apps hosted on internet sites or third-party app stores. [...] The list includes a host of threats, such as mundane adware, dangerous ransomware, funds-stealing banking trojans, commercial spyware, and even nation-state malware, which Apple said threat actors have spread by exploiting the loophole in Android's app installation process that allows anyone to install apps from anywhere on the internet. Today's 31-page report (PDF) is the second iteration of the same report, with a first version (PDF) being published back in June, shortly after EU authorities announced their investigation.

The role of Microsoft's .NET Foundation, set up for the governance and support of open-source .NET and related projects, has been questioned by a former board member who resigned in frustration. Here's an excerpt from The Register's report: Rodney Littles II is a software engineer at Megsoft Consulting and core maintainer of an open-source project, ReactiveUI, which is a .NET Foundation project. The .NET Foundation was formed in 2014 and describes itself as "an independent, non-profit organization established to support an innovative, commercially friendly, open-source ecosystem around the .NET platform." Littles joined the .NET Foundation board in August 2020. In his campaign pitch he spoke of a "serious disconnect in the .NET ecosystem" in that Microsoft promotes .NET open source but that the community around it is not healthy. "Maintainers of .NET OSS that Microsoft wants to help thrive are still in rough shape," he said. The sustainability of open-source projects was a key concern, as was expanding the .NET open-source ecosystem.

Littles resigned from the .NET Foundation board ahead of its elections in September. He intended to say nothing in public about it, but changed his mind when the foundation posted that "we wish him all the best as he refocuses on his personal life." Concerned friends contacted him, resulting in this post, where he explains some of the background to his resignation and said: "I am fine. No issue in my personal life took me away from the board." According to Littles' post, "the .NET Foundation was not concerned about its membership" and "hasn't been transparent with the community about anything." He asked the foundation: "Are you here to enforce Microsoft's will on .NET Open Source, or are you here to help foster and promote a healthy community?" He added: "The scoreboard doesn't look good for the latter... I watched Microsoft kill an Open Source Project, while my friends in the community demanded the Foundation say something, I felt powerless to do anything. It was clear the reasons I joined the Foundation weren't important."

We asked Littles about his experience of being on the board. He joined, he told us, with the awareness that the previous board "was not a fully functioning board... it didn't seem coherent, it didn't seem that it was a board moving towards a goal. They put up the maturity model which I had a very big issue with." Project Maturity was a pilot including "maturity profiles," designed to improve software quality. The project was abandoned shortly after its introduction after community members complained that it was over-reaching, with board member Ben Adams acknowledging that "we didn't then open this discussion up to all projects, to find out if it was acceptable to them, or if there was a better way. This was wrong." Littles told us: "My problem with the maturity model was it seemed too Microsoft bureaucratic... member projects would have to provide a service level agreement for consumers of those libraries... it was elitist and exclusionary. I felt the model should have been more about how do we open up a path for a small open-source library to go from a one-person labour of love to a library that the community can depend on? I felt the focus was more on overseeing and dictating versus nurturing and helping."

Microsoft engaged in some strange behavior with regard to its WinGet project, finding out all the details of an existing open-source project called AppGet by dangling the prospect of a job at Microsoft for its creator, but then in effect killing that open-source project though borrowing many of its ideas. Littles was more than disappointed. "The foundation, which is supposed to be the champion for open source, said nothing," Littles told us. "The foundation remained silent and to me, that was extremely loud... that is what made me wake up and realize the foundation doesn't care about the community or incidents like this... the community was in outrage behind this and the Foundation that's supposed to be Microsoft's open source arm said nothing." AppGet was not a .NET Foundation project, but Little felt that "if you're here for open source, you cannot be exclusionary, you cannot say it's not a foundation project so we don't care."

An anonymous reader quotes a report from Reuters: When a senior executive at virtual private network company ExpressVPN admitted to working on behalf of a foreign intelligence service to hack American machines last week, it stunned employees at his new company, according to interviews and electronic records. What ExpressVPN said after the U.S. Justice Department's deferred prosecution agreement disturbed some employees further. The company had known about Dan Gericke's history as a mercenary hacker for the United Arab Emirates. The VPN provider said it had no problem with the former intelligence operative protecting the privacy of its customers. In fact, the company had repeatedly given Gericke more responsibility at ExpressVPN even as the FBI investigation of his conduct pressed toward its conclusion.

Gericke was named chief technology officer in August, according to an internal email at the time, and remains in the post. Shortly after the court filings showed Gericke and two other former U.S. intelligence operators agreeing to pay a fine and give up any future classified work, he emailed his colleagues at ExpressVPN. "I can imagine that this kind of news is surprising or even uncomfortable," Gericke wrote in the message obtained by Reuters, then assured them that he had used his skills to protect consumers from threats to their security and privacy.

When senior company executives during a regular online question-and-answer session last Friday with employees accepted queries about Gericke's deal and then discussed the sale announced days earlier of the company to British-Israeli digital security software provider Kape Technologies PLC, the workforce vented its anger. One employee wrote anonymously on an internal chat board: "This episode has eroded consumer's trust in our brand, regardless of the facts. How do we intend to rebuild our reputation?" Asked about the controversy, ExpressVPN said in a statement that the exchange was part of a regular monthly session between management and employees. "As a company, we value openness, dialogue and transparency -which includes robust debate and incisive questioning," the company said. It said it had not known of the federal investigation or the details of Gericke's work in UAE, and it said that country's surveillance campaign was "completely antithetical to our mission."

At ExpressVPN's session with leaders Friday, the second-most supported question also concerned him. "As an individual I have a problem accepting that Dan was hired despite disclosing past actions. These actions are not small thing we can easily forget or accept. Don't they go against all the things XV stands for?" that person asked. To Reuters, the company responded: "It's only through clear commitment and contributions to our mission that Daniel has been able to earn senior leadership roles within the company and the full confidence of our co-founders."