Tumblr has made an update it hinted at in September, changing its rules to allow nudity -- but not sexually explicit images -- on the platform. The Verge reports: The company updated its community guidelines earlier today, laying out a set of rules that stops short of its earlier permissive attitude toward sexuality but that formally allows a wider range of imagery. "We now welcome a broader range of expression, creativity, and art on Tumblr, including content depicting the human form (yes, that includes the naked human form). So, even if your creations contain nudity, mature subject matter, or sexual themes, you can now share them on Tumblr using the appropriate Community Label," the post says. "Visual depictions of sexually explicit acts remain off-limits on Tumblr."

A help center post and the community guidelines offer a little more detail. They say that "text, images, and videos that contain nudity, offensive language, sexual themes, or mature subject matter" is allowed on Tumblr, but "visual depictions of sexually explicit acts (or content with an overt focus on genitalia)" aren't. There's an exception for "historically significant art that you may find in a mainstream museum and which depicts sex acts -- such as from India's Sunga Empire," although it must be labeled with a mature content or "sexual themes" tag so that users can filter it from their dashboards.

"Nudity and other kinds of adult material are generally welcome. We're not here to judge your art, we just ask that you add a Community Label to your mature content so that people can choose to filter it out of their Dashboard if they prefer," say the community guidelines. However, users can't post links or ads to "adult-oriented affiliate networks," they can't advertise "escort or erotic services," and they can't post content that "promotes pedophilia," including "sexually suggestive" content with images of children. On December 17th, 2018, Tumblr permanently banned adult content from its platform. The site was owned by Verizon at the time and later sold to WordPress.com owner Automattic, which largely maintained the ban "in large part because internet infrastructure services -- like payment processors and Apple's iOS App Store -- typically frown on explicit adult content," reports The Verge.

Shutterstock appears to be removing images generated by AI systems like DALL-E and Midjourney. Motherboard reports: On Shutterstock, searches for images tagged "Midjourney" yielded several photos with the AI tool's unmistakable aesthetic, with many having high popularity scores and marked as "frequently used." But late Monday, the results for "Midjourney" seem to have been reduced, leaving mainly stock photos of the tool's logo. Other images use tags like "AI generated" -- one image, for example, is an illustration of a futuristic building with an image description reading "Ai generated illustration of futuristic Art Deco city, vintage image, retro poster." The image is part of a collection the artist titled "Midjourney," which has since been removed from the site. Other images marked "AI generated," like this burning medieval castle, seem to remain up on the site.

As Ars Technica notes, neither Shutterstock nor Getty Images explicitly prohibits AI-generated images in their terms of service, and Shutterstock users typically make around 15 to 40 percent of what the company makes when it sells an image. Some creators have not taken kindly to this trend, pointing out that these systems use massive datasets of images scraped from the web. [...] In other words, the generated works are the result of an algorithmic process which mines original art from the internet without credit or compensation to the original artists. Others have worried about the impacts on independent artists who work for commissions, since the ability for anyone to create custom generated artwork potentially means lost revenue.

An anonymous reader shares an excerpt from a report via Wired: Spiders and scorpions may seem like creatures that need to be crushed rather than conserved, but wildlife experts say a growing global pet trade is putting wild populations at risk, even though they help humans and ecosystems. Collectors are now trading more than 1,200 species of arachnids (the group that includes both spiders and scorpions), according to a new report out today in the journal Communications Biology, with 80 percent of them unmonitored and vulnerable to extinction. "These are species for which trade is completely legal, but there's no data on how sustainable it is," says Alice Hughes, an author of the study and an associate professor of biological sciences at the University of Hong Kong.

Hughes and her colleagues developed an algorithm to scan websites that sell spiders and scorpions online, including those that represent brick-and-mortar pet shops. Then they compared those to existing trading databases compiled by the US Fish and Wildlife Service and the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES). The researchers found that from 2000 to 2021, 77 percent of one species known as the emperor scorpion were collected from the wild, with 1 million imported into the US. More than half of the existing species of tarantulas are being traded, including 600,000 Grammostola tarantulas, a group that includes the Chilean rose tarantula, which is commonly found in pet stores. The study estimates that two-thirds of spiders and scorpions that are traded commercially were collected from the wild, rather than captive-bred.

Researchers like Hughes, who conducts field studies throughout southeast Asia, still do not have enough information about the abundance of arachnids worldwide; her study notes that there are more than a million invertebrate species on the planet that have been identified by biologists but fewer than 1 percent have been assessed by the International Union for Conservation of Nature (IUCN) as to their population status. And commercial trade is putting arachnids at risk before scientists can learn much about them. While spiders and scorpions may seem dangerous, they are usually not so if left alone. Arachnids also keep insect pests in check, and spider venoms have been found to contain antimicrobial, painkilling, and cancer-fighting compounds, making them potential candidates for new drug development.

Wikipedia points out that America's two largest-circulation publications are the two magazine sent out to over 38 million members of massive non-profit AARP (originally the American Association of Retired Persons).

It's now starting its own social network to compete with Facebook (which according to a recent survey is being used by over 72 million Americans over the age of 50), Ars Technica reports: The nonprofit funded the creation of Senior Planet Community, a social media network that encourages users to join pre-existing groups around shared interests, including gardening, travel, fitness, food, and technology. In that way, it feels more like a pared-down version of Reddit or a small collection of forums....

Besides its focus on the 50-plus set, Senior Planet Community stands apart from Facebook in that it's not commercial. The site has no advertising or membership fees. Unless the cost to run the site grows substantially, that probably won't present much of a problem. AARP isn't saying how much it has put into Senior Planet Community, but the organization is famously well-capitalized, with $2.3 billion in net assets and $1.7 billion in revenue in 2020.

At present, the site is bare-bones when compared with Facebook. There's no mobile app yet, though OATS [the affiliate organization that built the social network] says it hopes to develop one. The site is mobile-friendly at least, and all the requisite features are there, including groups, photo sharing, @-mentions, notifications, and direct messaging. As with all social networks, a looming question is how Senior Planet Community will handle moderation. The site has a relatively extensive list of "house rules" that encourages users to "be courteous" and "cite your sources." Posts about politics aren't forbidden, but the rules say posts can't stray off-topic, and users can't "attack individuals, social, ethnic, or political groups and figures." Users can report posts they think violate the rules. Currently, the user base is relatively small, so policing it should be straightforward.

"The moderating team keeps an eye on all comments, posts, and updates added to the platform from the backend.... " Suzanne Myklebust, OATS's director of communications, told Ars.

An anonymous reader quotes a report from Ars Technica: For years, printers have been encumbered with digital rights management systems that prevent users from buying third-party ink and toner cartridges. Printer companies have claimed that their chip-enabled cartridges can "enhance the quality and performance" of their equipment, provide the "best consumer experience," and "protect [the printers] from counterfeit and third-party ink cartridges." Left unsaid is the fact that requiring first-party cartridges also ensures a recurring revenue stream. It's an old business model -- Gillette sold its razor handles cheaply to sell more razors, for example -- and it's one that printer companies have enthusiastically embraced. Lexmark, HP, Canon, Brother, and others all effectively require users to purchase first-party ink and toner. To enforce the use of first-party cartridges, manufacturers typically embed chips inside the consumables for the printers to "authenticate." But when chips are in short supply, like today, manufacturers can find themselves in a bind. So Canon is now telling German customers how to defeat its printers' warnings about third-party cartridges.

"Due to the worldwide continuing shortage of semiconductor components, Canon is currently facing challenges in procuring certain electronic components that are used in our consumables for our multifunction printers (MFP)," a Canon support website says in German. "In order to ensure a continuous and reliable supply of consumables, we have decided to supply consumables without a semiconductor component until the normal supply takes place again." [...] The software on these printers comes with a relatively simple way to defeat the chip checks. Depending on the model, when an error message occurs after inserting toner, users can press either "I Agree," "Close," or "OK." When users press that button, the world does not end. Rather, Canon says users may find that their toner cartridge doesn't give them a low-toner warning before running empty. "Although there are no negative effects on print quality when consumables are used without electronic components, certain additional functions, such as the detection of the toner level, may be impaired," Canon's support site says.

An anonymous reader quotes a report from Ars Technica: Google's reputation for aggressively killing products and services is hurting the company's brand. Any new product launch from Google is no longer a reason for optimism; instead, the company is met with questions about when the product will be shut down. It's a problem entirely of Google's own making, and it's yet another barrier that discourages customers from investing (either time, money, or data) in the latest Google thing. The wide public skepticism of Google Stadia is a great example of the problem. A Google division with similar issues is Google Cloud Platform, which asks companies and developers to build a product or service powered by Google's cloud infrastructure. Like the rest of Google, Cloud Platform has a reputation for instability, thanks to quickly deprecating APIs, which require any project hosted on Google's platform to be continuously updated to keep up with the latest changes. Google Cloud wants to address this issue, though, with a new "Enterprise API" designation.

Enterprise APIs basically get a roadmap that promises stability for certain APIs. Google says, "The burden is on us: Our working principle is that no feature may be removed (or changed in a way that is not backwards compatible) for as long as customers are actively using it. If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible." If Google needs to change an API, customers will now get a minimum of one year's notice, along with tools, documentation, and other materials. Google goes on to say, "To make sure we follow these tenets, any change we introduce to an API is reviewed by a centralized board of product and engineering leads and follows a rigorous product lifecycle evaluation."

Despite being one of the world's largest Internet companies and basically defining what modern cloud infrastructure looks like, Google isn't doing very well in the cloud infrastructure market. Analyst firm Canalys puts Google in a distant third, with 7 percent market share, behind Microsoft Azure (19 percent) and market leader Amazon Web Services (32 percent). Rumor has it (according to a report from The Information) that Google Cloud Platform is facing a 2023 deadline to beat AWS and Microsoft, or it will risk losing funding. Ex-Googler Steve Yegge laid out the problems with Google Cloud Platform last year in a post titled "Dear Google Cloud: Your Deprecation Policy is Killing You." Google's announcement seems to hit most of what that post highlights, like a lack of documentation and support, an endless treadmill of API upgrades, and Google Cloud's general disregard for backward compatibility. Yegge argues that successful platforms like Windows, Java, and Android (a group Yegge says is isolated from the larger Google culture) owe much of their success to their commitment to platform stability. AWS is the market leader partly because it's considered a lot more stable than Google Cloud Platform.

It's now being called "the single biggest global ransomware attack on record," with thousands of victims in at least 17 different countries breached with ransomware Friday, reports the Associated Press, citing new details provided by cybersecurity researchers.

An affiliate of the Russia-linked gang REvil deployed the ransomware "largely through firms that remotely manage IT infrastructure for multiple customers." A broad array of businesses and public agencies were hit by the latest attack, apparently on all continents, including in financial services, travel and leisure and the public sector — though few large companies, the cybersecurity firm Sophos reported... The Swedish grocery chain Coop said most of its 800 stores would be closed for a second day Sunday because their cash register software supplier was crippled. A Swedish pharmacy chain, gas station chain, the state railway and public broadcaster SVT were also hit. In Germany, an unnamed IT services company told authorities several thousand of its customers were compromised, the news agency dpa reported...

CEO Fred Voccola of the breached software company, Kaseya, estimated the victim number in the low thousands, mostly small businesses like "dental practices, architecture firms, plastic surgery centers, libraries, things like that." Voccola said in an interview that only between 50-60 of the company's 37,000 customers were compromised. But 70% were managed service providers who use the company's hacked VSA software to manage multiple customers. It automates the installation of software and security updates and manages backups and other vital tasks...

Dutch researchers said they alerted Miami-based Kaseya to the breach and said the criminals used a "zero day," the industry term for a previously unknown security hole in software. Voccola would not confirm that or offer details of the breach — except to say that it was not phishing. "The level of sophistication here was extraordinary," he said. When the cybersecurity firm Mandiant finishes its investigation, Voccola said he is confident it will show that the criminals didn't just violate Kaseya code in breaking into his network but also exploited vulnerabilities in third-party software...

Kaseya, which called on customers Friday to shut down their VSA servers immediately, said Sunday it hoped to have a patch in the next few days.
The attacks may have been timed to exploit America's three-day weekend celebrating the nation's founding, according to experts interviewed by the Associated Press. America's National Security advisor is now urging all who believed they were compromised to alert the FBI.

"The attack comes less than a month after Biden pressed Russian President Vladimir Putin to stop providing safe haven to REvil and other ransomware gangs whose unrelenting extortionary attacks the U.S. deems a national security threat."

UPDATE: Bleeping Computer notes the exploited vulnerability "had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers."

In a statement today, DIVD posted that "During the last 48 hours, the number of Kaseya VSA instances that are reachable from the internet has dropped from over 2,200 to less than 140 in our last scan today... A good demonstration of how a cooperative network of security-minded organizations can be very effective during a nasty crisis."

China kicked off an investigation into alleged monopolistic practices at Alibaba Group and summoned affiliate Ant Group to a high-level meeting over financial regulations, escalating scrutiny over the twin pillars of billionaire Jack Ma's internet empire. From a report: The probe announced Thursday marks the formal start of the Communist Party's crackdown on the crown jewel of Ma's sprawling dominion, spanning everything from e-commerce to logistics and social media. The pressure on Ma is central to a broader effort to rein in an increasingly influential internet sphere: Draft anti-monopoly rules released November gave the government wide latitude to restrain entrepreneurs who until recently enjoyed unusual freedom to expand their realms. Once hailed as drivers of economic prosperity and symbols of the country's technological prowess, Alibaba and rivals like Tencent Holdings face increasing pressure from regulators after amassing hundreds of millions of users and gaining influence over almost every aspect of daily life in China.

The State Administration for Market Regulation is investigating Alibaba, the top antitrust watchdog said in a statement without further details. Regulators including the central bank and banking watchdog will separately summon affiliate Ant to a meeting intended to drive home increasingly stringent financial regulations, which now pose a threat to the growth of the world's biggest online financial services firm. Ant said in a statement on its official WeChat account it will study and comply with all requirements. Ma, the flamboyant co-founder of Alibaba and Ant, has all but vanished from public view since Ant's initial public offering got derailed last month. As of early December, the man most closely identified with the meteoric rise of China was advised by the government to stay in the country, a person familiar with the matter has said.

According to The Wall Street Journal, the mobile streaming service Quibi is exploring strategic options including a possible sale. "It is also considering raising more money or going public through a merger with a specially formed company that could help it fund deals," adds CNET. From the report: It declined to comment directly on the report, but Quibi said in a statement that it "has successfully launched a new business and pioneered a new form of storytelling and state-of-the-art platform." It added that CEO Meg Whitman and founder Jeffrey Katzenberg "are committed to continuing to build the business in the way that gives the greatest experience for customers, greatest value for shareholders and greatest opportunity for employees."

An anonymous reader quotes a report from Ars Technica: Earlier this week, an advertising agency emerged with a video bragging about an ad-campaign concept: We'll invade gaming-filled Twitch chat rooms and post ads for your brand for cheap. The attached video was exactly the kind of cringe you might expect from "brand engages with video game culture," with edgy yet inoffensive quotes, footage of fake games, and digitally altered voices. But what looked like a fake ad concept has turned out to be very real -- and after examining how Twitch works, the whole thing looks like a possible FTC violation.

The ad campaign, run by the Ogilvy agency on behalf of Burger King, relied on a common Twitch trope of donating to game-streaming hosts. "Affiliate" Twitch users are eligible to receive cash from viewers, either in the form of flat-rate subscriptions or variable one-time donations, and hosts often encourage this by adding text-to-voice automation to the process. So if you pay a certain amount, a voice will read your statement out loud -- and hosts usually retroactively react to weird and offensive statements made by these systems instead of pre-screening them. (They're busy playing a game, after all.) Ogilvy's promotion revolved around the low cost of entry for these text-to-voice prompts. Their ads, written to promote a fast-food chain, were attached to specific dollar amounts. One example, as explained by Twitch streamer Ross "RubberNinja" O'Donovan (not to be confused with that other Ninja), went as follows: "I just donated $5 to tell you that you can spend $5 and get [a combined meal on our app]. It seems like a twisted strategy." O'Donovan went on to post his disdain for American fast food and compared it to what he ate when he lived in Australia, which prompted Ogilvy's "THE_KING_OF_STREAM" account to donate another $5 and make a joke about Australian food. Ogilvy had described the ad campaign as run by a "bot," implying automation, but O'Donovan's example implies some form of human control and curation in terms of reacting to Twitch host pushback.

In a Thursday report, Kotaku's Nathan Grayson went sniffing around to discover many other examples of Ogilvy's ads playing out on real Twitch channels over the course of the week -- and the Kotaku report quoted pretty much all of those hosts decrying this practice. [...] More crucially for Ogilvy and Burger King, however, is the matter of how those ads appeared: as sneaky "fan" declarations in chat rooms. Though the campaign was largely run by the aforementioned "THE_KING_OF_STREAM" account and appeared as such in Twitch chat rooms, it wasn't in any way represented by Twitch as a sponsor's account, nor were the posts labeled as "#ad" or other clear markings. As O'Donovan and other streamers have made clear, that kind of transparency would have gotten such chat statements instantly deleted or modded for violating individual channel rules. While the Federal Trade Commission (FTC) has clear guidance about "deceptive" online advertising, and it demands that channel hosts comply with FTC guidance to make sure sponsored statements are easily identified, Ogilvy may have slipped through the FTC's current guidance cracks.

BuzzFeed News has found that a Facebook contractor was paid thousands of dollars in bribes by a shady affiliate marketer to reactivate ad accounts that had been banned due to policy violations. From the report: A company spokesperson confirmed that an unnamed worker was fired after inquiries from BuzzFeed News sparked an internal investigation. The person in question was based in the company's Austin office, according to information obtained by BuzzFeed News. The individual was paid to reactivate ad accounts connected to Ads Inc., a San Diego-based marketing firm BuzzFeed News previously revealed was running a sophisticated Facebook scam that involved placing more than $50 million in ads that typically made false claims about celebrities. The ads were part of a scheme that tricked consumers into signing up for an expensive monthly subscription for a product that was initially marketed as a free trial. Ads Inc. announced it was shutting down in October as a result of the BuzzFeed News investigation.

Chat messages obtained by BuzzFeed News, as well as information from former Ads Inc. employees, show how former Ads Inc. CEO Asher Burke and the Facebook insider conspired to reactivate banned ad accounts, further exposing Facebook users to scams by pitching dubious products. A former Ads Inc. employee told BuzzFeed the company had more than one person inside Facebook who would turn ads back on for a fee. "To be honest there were a few people that would flip ads back on," they told BuzzFeed News. They said that the Facebook mole (or moles) wouldn't receive their money if the reactivated ads didn't run for at least two days. Facebook declined to comment on whether it suspects others helped reactivate ads but said its investigation is ongoing. "This behavior is absolutely prohibited under our policies and the individual is no longer working with Facebook," a Facebook spokesperson said in an emailed statement. "We're continuing to investigate the allegations and will take any further necessary action."

"At least 20 web hosting providers have hastily notified customers today, Saturday, December 7, that they plan to shut down on Monday, giving their clients two days to download data from their accounts before servers are shut down and wiped clean," reports ZDNet.

And no refunds are being provided: All the services offer cheap low-end virtual private servers [and] all the websites feature a similar page structure, share large chunks of text, use the same CAPTCHA technology, and have notified customers using the same email template. All clues point to the fact that all 20 websites are part of an affiliate scheme or a multi-brand business ran by the same entity...

As several users have pointed out, the VPS providers don't list physical addresses, don't list proper business registration information, and have no references to their ownership... A source in the web hosting industry who wanted to remain anonymous told ZDNet that what happened this weekend is often referred to as "deadpooling" -- namely, the practice of setting up a small web hosting company, providing ultra-cheap VPS servers for a few dollars a month, and then shutting down a few months later, without refunding customers.

"This is a systemic issue within the low-end market, we call it deadpooling," the source told us. "It doesn't happen often at this scale, however."
ZDNet provided this alphabetical list of the 20 companies: ArkaHosting, Bigfoot Servers, DCNHost, HostBRZ, HostedSimply, Hosting73, KudoHosting, LQHosting, MegaZoneHosting, n3Servers, ServerStrong, SnowVPS, SparkVPS, StrongHosting, SuperbVPS, SupremeVPS, TCNHosting, UMaxHosting, WelcomeHosting, X4Servers.

However, "A user who was impacted by his VPS provider's shutdown also told ZDNet that the number of VPS providers going down is most likely higher than 20, as not all customers might have shared the email notification online, with others."

Cable executives like Charter CEO Tom Rutledge are insisting that cord cutting is slowing down. "I think in aggregate they're going to slow down," said Rutledge. "Because I think most single-family homes have big TVs in them and that's where you get sports, that's where you get news, that's where you get live TV like this. It's still going to be under price pressure. I'm not saying the category isn't under pressure. But I think the rate of decline will slow."

Techdirt reports that "there's no actual evidence to support that conclusion," and that cord cutting "has only been accelerating and breaking records throughout 2019." From the report: [W]ith a number of high profile streaming alternatives like Disney+ and Apple TV+ having launched this month, there's absolutely no indication that trend is going to change. That's something being made clear at research firms like UBS, which is actually predicting that things will be getting slightly better for AT&T, and marginally worse for cable giants like Charter: "UBS predicted that the U.S. pay TV industry will lose another 6.2 million video subscribers in 2020, down slightly from the 6.4 million the analyst firm predicts will be lost in total this year. If that loss comes to bear it will represent a 6.7% rate of decline, ahead of 6.2% in 2019 and well ahead of 1.2% in 2018 when video subscriber losses totaled 1.2 million. 'We now expect industry losses to remain in the 6-7% per year range for the medium term, suggesting worsening trends in domestic core affiliate into next year,' wrote UBS analyst John Hodulik in a research report. He said that improvement at AT&T will likely be offset by worsening trends for cable providers and other MVPDs."

The irony here is that Rutledge's prediction would actually be true if cable giants were willing to compete on price and customer service. But they're not, so the losses are likely to continue, especially with new services like Disney+ jumping into the fray at a measly $6 a month.

GoDaddy removed a cluster of more than 15,000 fraudulent websites discovered by a researcher at Palo Alto Networks' Unit 42 analysis team. From a report: The scam, which sold products like weight loss pills, used breached websites to add legitimacy to its sales and involved using fake celebrity endorsements. Jeff White, the researcher at Unit 42, started researching the network of sites more than 2 years ago when he noticed spam messages that looked visually similar and used similar language. The products were sold on commission as part of an affiliate marketing program and used low initial pricing and tiny print to get people signed up for costly subscriptions. The sales took place on hacked GoDaddy websites, where hackers had set up subdomains on legitimate websites.

Bobby Guerra, a Democratic member of the Republican-controlled Texas House of Representatives, filed a bill last week that would prohibit wireless carriers from throttling mobile internet service in disaster areas. "A mobile Internet service provider may not impair or degrade lawful mobile Internet service access in an area subject to a declared state of disaster," the bill says. If passed, it would take effect on September 1, 2019. Ars Technica reports: The bill, reported by NPR affiliate KUT, appears to be a response to Verizon's throttling of an "unlimited" data plan used by Santa Clara County firefighters during a wildfire response in California last year. But Guerra's bill would prohibit throttling in disaster areas of any customer, not just public safety officials. Wireless carriers often sell plans with a set amount of high-speed data and then throttle speeds after a customer has passed the high-speed data limit. Even with so-called "unlimited" plans, carriers reserve the right to throttle speeds once customers use a certain amount of data each month.

Despite the Verizon/Santa Clara incident, Federal Communications Commission Chairman Ajit Pai has taken no action to prevent further incidents of throttling during emergencies. Pai's repeal of Obama-era net neutrality rules allows throttling as long as the carrier discloses it, and the commission is trying to prevent states from imposing their own net neutrality rules.

PUBG, an affiliate of South Korean studio Bluehole, is suing the Korean unit of North Carolina-based Epic Games, arguing that its smash hit Fortnite copies many of the characteristics of its own PlayerUnknown's Battlegrounds. The suit, alleging copyright infringement, was filed in South Korea. From a report: PUBG introduced its game last year and it became a huge hit as players embraced the Hunger Games-style concept in which 100 players race to kill each other until there's a sole survivor. But the game's features have been embraced by rivals, prompting earlier legal action. Fortnite has a similar concept of 100 people competing with each other, but differs by letting players build fortifications similar to Minecraft and using more cartoon-like graphics aimed at younger players "This is a measure to protect our copyrights," PUBG said, declining to provide further details. Epic Games didn't immediately respond to requests for comment. The two companies have a complicated relationship. Epic Games provides PUBG with its Unreal Engine technology, which was used to create PlayerUnknown's Battlegrounds. The software is instrumental in building games and is the industry-standard for professional games developers. Both companies are also partly owned by Tencent Holdings, China's internet giant.

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.

Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.

An anonymous reader writes: "Google engineers have added two new features to the Chrome browser that will alert users of extensions that hijack proxy settings or the new tab page," reports Bleeping Computer. Google has been testing these two techniques sparingly with a small subset of users for more than a year, but they have now landed in Google Canary. The techniques are used by malicious Chrome extensions to hijack traffic and insert ads, or to redirect search traffic to affiliate search engine programs. The addition of these popup alerts are part of Google's plan to fight malicious Chrome extensions that have been starting to plague the Web Store.

Wired magazine did a profile on The New York Times in its this month's issue. Talking about the paper's transition from print to more digital-focus than ever, author Gabriel Snyder wrote, "It's to transform the Times' digital subscriptions into the main engine of a billion-dollar business, one that could pay to put reporters on the ground in 174 countries even if (OK, when) the printing presses stop forever." Veteran journalist Om Malik analyzes the numbers: -> The company reported revenue of nearly $1.6 billion in 2016 -- remarkably consistent with prior years.
-> Print advertising revenue dipped by $70 million year-over-year to $327 million in 2016.
-> Digital advertising revenue, while a meaningful portion of the Times' revenue, did not grow enough to offset vanishing print ad dollars.
-> Total digital ad revenue in 2016 was $206 million, up only 6% from the prior year.
-> The key revenue driver for the New York Times has been its digital subscription business, which added more than half a million paid subscribers in 2016. Thanks in part to interest around the presidential election, the newspaper added 276,000 new digital subscribers in Q4, the single largest quarterly increase since 2011 (the year the pay model was launched).

The Times' digital success is hinged upon two major drivers: affiliate revenues from services like the Wirecutter and digital subscriptions. Advertising might be a good short term bandaid, but the company needs to focus on how to evolve away from it even more aggressively. The Times needs to simplify their sign-up experience and make it easier for people to pay for the subscriptions. As of now, it is like the sound you hear when scratching your nails on a piece of glass.