An anonymous reader quotes a report from Ars Technica: DDoS mitigation provider Netscout said on Wednesday that it has observed DDoS-for-hire services adopting a new amplification vector. The vector is the Datagram Transport Layer Security, or D/TLS, which (as its name suggests) is essentially the Transport Layer Security for UDP data packets. Just as TLS prevents eavesdropping, tampering, or forgery of TLS packets, D/TLS does the same for UDP data. DDoSes that abuse D/TLS allow attackers to amplify their attacks by a factor of 37. Previously, Netscout saw only advanced attackers using dedicated DDoS infrastructure abusing the vector. Now, so-called booter and stressor services -- which use commodity equipment to provide for-hire attacks -- have adopted the technique. The company has identified almost 4,300 publicly reachable D/LTS servers that are susceptible to the abuse.

The biggest D/TLS-based attacks Netscout has observed delivered about 45Gbps of traffic. The people responsible for the attack combined it with other amplification vectors to achieve a combined size of about 207Gbps. [...] The 4,300 abusable D/TLS servers are the result of misconfigurations or outdated software that causes an anti-spoofing mechanism to be disabled. While the mechanism is built in to the D/TLS specification, hardware including the Citrix Netscaller Application Delivery Controller didn't always turn it on by default. Citrix has more recently encouraged customers to upgrade to a software version that uses anti-spoofing by default.

Besides posing a threat to devices on the Internet at large, abusable D/TLS servers also put organizations using them at risk. Attacks that bounce traffic off one of these machines can create full or partial interruption of mission-critical remote-access services inside the organization's network. Attacks can also cause other service disruptions. Netscout's Hummel and Dobbins said that the attacks can be challenging to mitigate because the size of the payload in a D/TLS request is too big to fit in a single UDP packet and is, therefore, split into an initial and non-initial packet stream.

"We are uncovering better ways of developing software by doing it and helping others do it," declared the Agile Manifesto, nearly 20 years ago. "Through this work we have come to value..."

* Individuals and interactions over processes and tools
* Working software over comprehensive documentation
* Customer collaboration over contract negotiation
* Responding to change over following a plan

Today a new ZDNet article asks how far the tech industry has come in achieving the vision of its 12 principles — and why Agile is often "still just a buzzword." The challenge arises "because many come to agile as a solution or prescription, rather than starting with the philosophy that the Agile Manifesto focused on," says Bob Ritchie, VP of Software at SAIC. "Many best practices such as automated test-driven development, automated builds, deployments, and rapid feedback loops are prevalent in the industry. However, they are frequently still unmoored from the business and mission objectives due to that failure to start with why."

Still, others feel we're still nowhere near achieving the vision of the original Agile Manifesto. "Absolutely not at a large scale across enterprises," , says Brian Dawson, DevOps evangelist with CloudBees. "We are closer and more aware, but we are turning a tanker and it is slow and incremental. In start-ups, we are seeing much more of this; that is promising because they are the enterprises of the future." Agile initiatives "all too often are rolled out from, and limited to, project planning or the project management office. To support agile and DevOps transformation, agile needs to be implemented with all stakeholders."

Some organizations turn to agile "as a panacea to increase margins by cutting cost with a better, shinier development process," Ritchie cautions. "Others go even further by weaponizing popular metrics associated with agile capacity planning such as velocity and misclassifying it as a performance metric for an individual or team. In these circumstances, the promises of the manifesto are almost certainly missed as opportunities to engage and collaborate give way to finger pointing, blame, and burnout." What's missing from many agile initiatives is "ways to manage what you do based on value and outcomes, rather than on measuring effort and tasks," says Morris. "We've seen the rise of formulaic 'enterprise agile' frameworks that try to help you to manage teams in a top-down way, in ways that are based on everything on the right of the values of the Agile Manifesto. The manifesto says we value 'responding to change over following a plan,' but these frameworks give you a formula for managing plans that don't really encourage you to respond to change once you get going."

New submitter LeeLynx shares a report from The Register: A new group called the "Inclusive Naming Initiative" has revealed its existence and mission "to help companies and projects remove all harmful and unclear language of any kind and replace it with an agreed-upon set of neutral terms." Akamai, Cisco, the Cloud Native Computing Foundation, IBM, the Linux Foundation, Red Hat, and VMware are all participants. The group has already offered a Word replacement list that suggests alternatives to the terms whitelist, blacklist, slave, and master. There's also a framework for evaluating harmful language that offers guidance on how to make changes.

Red Hat's post announcing its participation in the Initiative links to a dashboard listing all instances of terms it wants changed and reports over 330,000 uses of "Master" and 105,000 uses of "Slave," plus tens of thousands and whitelists and blacklists. Changing them all will be a big job, wrote Red Hat's senior veep and CTO Chris Wright. "On a technical level, change has to be made in hundreds of discrete communities, representing thousands of different projects across as many code repositories," Wright wrote. "Care has to be taken to prevent application or API breakage, maintain backward compatibility, and communicate the changes to users and customers." The Initiative nonetheless hopes to move quickly, with its roadmap calling for best practices to be defined during Q1 2021, case studies to be available in Q3 2021 and a certification program delivered in Q4 2021.

An anonymous reader quotes a report from The New York Times: Chinese hackers infiltrated the Vatican's computer networks in the past three months , a private monitoring group has concluded, in an apparent espionage effort before the beginning of sensitive negotiations with Beijing. The attack was detected by Recorded Future, a firm based in Somerville, Mass. The Chinese Communist Party has been waging a broad campaign to tighten its grip on religious groups, in what government leaders have periodically referred to as an effort to "Sinicize religions" in the country.

China officially recognizes five religions, including Catholicism, but the authorities often suspect religious groups and worshipers of undermining the control of the Communist Party and the state, and of threatening the country's national security. Chinese hackers and state authorities have often used cyberattacks to try to gather information on groups of Buddhist Tibetans, Muslim Uighurs and Falun Gong practitioners outside China. But this appears to be the first time that hackers, presumed by cybersecurity experts at Recorded Future to be working for the Chinese state, have been publicly caught directly hacking into the Vatican and the Holy See's Study Mission to China, the Hong Kong-based group of de facto Vatican representatives who have played a role in negotiating the Catholic Church's status. The Vatican and Beijing are expected to start talks in September over control of the appointment of bishops and the status of houses of worship as part of a renewal of a provisional agreement signed in 2018 that revised the terms of the Catholic Church's operations in China. One of the attacks, which began in early May, was hidden inside a document that appeared to be a legitimate letter from the Vatican to Msgr. Javier Corona Herrera, the chaplain who heads the study mission in Hong Kong," reports The New York Times.

"It was an artful deception: an electronic file that looked as if it was on the official stationery of Archbishop Edgar Pena Parra. The letter carried a message from Cardinal Pietro Parolin, the Vatican's secretary of state, the pope's second in command and an old China hand who has defended the deal. In his message, Cardinal Parolin expressed the pope's sadness about the death of a bishop. It is unclear whether the letter was fabricated or a real document that the attackers had obtained and then linked to malware that gave them access to the computers of the Hong Kong church offices and the Vatican's mail servers. Recorded Future concluded that the attack was most likely connected to negotiations over the extension of the 2018 agreement."

The Los Angeles Times published an op-ed by the executive director of Access Now, a global organization that works to protect privacy, free expression, digital security and human rights among internet users. Now that the sale of the .org registry has been blocked, he explains why that matters. As the pandemic has shown, it has been left to civil society organizations, and individual volunteers, to step up and fill the gaps left by governments and corporations. Large organizations such as Doctors Without Borders, the International Red Cross and the United Nations provide direct, immediate support to hospitals and healthcare professionals. Neighborhood and grass-roots organizations have distributed meals and provided accommodation and friendship to the sick and vulnerable. These organizations range in size, mission, effectiveness and reach, but have two elements in common: They're working toward the betterment of society, and their websites end in dot-org...

From downloading government health guidelines to online learning to connecting with isolated friends and family, the internet has become a lifeline. It has become the town square, the hospital and the schoolyard all at once. Now was clearly the time to protect it, not sell it off to private equity.... Private companies cannot be trusted to not "increase the rent" on small organizations. Private companies do not spend $1.1 billion on an internet domain unless there is profit to be made...

What happens next isn't clear. If the Internet Society no longer wants to control the dot-org domain, an alternative will need to be found... To find this special home, we'll need an open process, innovative ideas and committed partners — all of which we've built over the last few, wild months.

Slashdot reader northar writes:
Subtitling project Amara closes its repository as focus is shifting... Amara was AGPL up until going private.

While future improvements to the code base from the Participatory Culture Foundation (PCF) will not be public, a copy of the last public code base has been preserved at Gitlab, should anyone be interested in the work done up until now. Note that no support is given from PCF for this code
From Amara's official statement on the move: The Participatory Culture Foundation began as a nonprofit in 2006 with a focus on creating open source software to ensure that emerging video technologies were accessible to all.... For an organization like PCF, which relies on revenue generated from sustainability initiatives to fund social impact work, we believe the risk to these initiatives outweighs the potential or perceived public benefit from maintaining open code.

Releasing software as open source unfortunately does not provide protection against well-funded technology firms that are driven by profit... Without the proper market position and resources, a smaller organization that relies on revenue from software they build can be outmaneuvered or overpowered with the very technology they created (assuming their code is open source). This is not only a threat to smaller organizations, but has also become a bigger debate that much larger companies are also hashing out. For venture-funded or publicly traded firms, the open source approach can be a calculated risk that makes business sense. But for less-capitalized organizations or nonprofits, like PCF, who lack significant market power, making software open source puts other more well-resourced players in position to leverage the technology in ways that may undermine the sustainability and/or the values of the original developer.

With these shifts in the computing landscape, PCF has not seen individuals or communities as the primary beneficiary of releasing Amara code as open source. Instead, we have unfortunately had firsthand experience with a venture-funded organization deploying code we created and using it in ways that we did not think aligned well with our values....

As we undertake this shift in 2020, we are aware that the computing landscape will continue to change and thus we remain open to newer and better strategies for making source code available in the long-term. Future strategies might include data trusts and/or new licenses that better align with our sustainability initiatives and mission.

"27 GNU project maintainers and developers have signed on to a joint statement asking for Richard Stallman to be removed from his leadership role at GNU," writes Slashdot reader twocows.

The statement argues that "Stallman's behavior over the years has undermined a core value of the GNU project: The empowerment of all computer users. GNU is not fulfilling its mission when the behavior of its leader alienates a large part of those we want to reach out to."

The Register reports: The GNU maintainer memo follows a statement issued by the Free Software Foundation on Sunday. The FSF said that because Stallman founded the GNU Project and the FSF, and until recently had led both, the relationship between the two organizations remains in flux. "Since RMS resigned as president of the FSF, but not as head of GNU, the FSF is now working with GNU leadership on a shared understanding of the relationship for the future," the FSF said.

Matt Lee, a free and open-source software developer and one of the 18 [now 27] signatories of the joint statement, said that the two organizations have been intertwined for so long -- the FSF provides GNU with financial, technical, and promotional assistance -- that their relationship is confusing. "For example, the GNU GPL is published by the FSF, not GNU," Lee said. "Key infrastructure that GNU relies on is owned by the FSF, and used by GNU and non-GNU projects alike."
ZDNet reports: Stallman's only comment on this situation so far has been: "As head of the GNU Project, I will be working with the FSF on how to structure the GNU Project's relationship with the FSF in the future."
LWN.net notes that the next day Stallman issued an additional statement: As Chief GNUisance, I'd like to reassure the community that there won't be any radical changes in the GNU Project's goals, principles and policies.

I would like to make incremental changes in how some decisions are made, because I won't be here forever and we need to ready others to make GNU Project decisions when I can no longer do so. But these won't lead to unbounded or radical changes.
But the Register notes that Stallman's personal web site has also changed the first headline across the top of its page. It used to promote the Free Software Foundation's giving guide, saying "If you participate in the commercial ritual of end-of-the-year presents, please avoid the digital products that would mistreat the people you give them to."

It nows says: I continue to be the Chief GNUisance of the GNU Project.

I do not intend to stop any time soon.

"It's that time of year again when we come together to support and celebrate the open source technologies we use and love," announces a post on Digital Ocean's blog. Hacktoberfest is a monthlong celebration of open source software. It was started at DigitalOcean as a way to foster a sense of community and encourage more participation in open source projects. To reward Hacktoberfest contributors, we've designed a limited edition T-shirt for those who complete the challenge each year. This year, the first 50,000 participants will be eligible to receive the limited edition shirt...

One of the enticing elements of this celebration is that you don't have to leave the comfort of your office or home to participate. But each year, more and more Hacktoberfest events have been organized since we introduced the Event Kit. In 2018 alone, there were 251 Hacktoberfest events. All of these took place during October and happened in 50 countries. With October five days away, we're already expecting to exceed last year's number of events! Wow... if you're in or around New York City, we invite you to join us at the Hacktoberfest kickoff celebration at the DigitalOcean headquarters...

This year, we're also hoping to drive awareness of the negative impacts many people around the world are experiencing due to the many environmental crises we're faced with -- and encourage participation in projects that are targeting these causes. We've identified a handful of projects on GitHub that focus on supporting the environment, which you can find in our Climate section. We hope you'll consider contributing to some of the impactful work being done by activists, scientists, and mission-driven organizations around the globe... Let's join forces to make a difference!
Last year's Hacktoberfest saw 401,231 pull requests on GitHub, according to the blog post.

Microsoft on Monday announced a long-term partnership with India's top telecom network Reliance Jio to reach "millions" of small and medium businesses clients in the key overseas market. From a report: The 10-year alliance between the two will see them launch new cloud data-centers in India to ensure "more of Jio's customers can access the tools and platforms they need to build their own digital capability," said Microsoft CEO Satya Nadella in a video appearance Monday. Three-year-old Reliance Jio has amassed more than 340 million subscribers in the country. "At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Core to this mission is deep partnerships, like the one we are announcing today with Reliance Jio. Our ambition is to help millions of organizations across India thrive and grow in the era of rapid technological change. Together, we will offer a comprehensive technology solution, from compute to storage, to connectivity and productivity for small and medium-sized businesses everywhere in the country," he added.

As part of the partnership, Nadella said, Jio and Microsoft will jointly offer Azure, Microsoft 365, and Microsoft AI platforms to more organizations in India, and also bring Azure Cognitive Services to more devices and in 13 Indian languages to businesses in the country. The solutions will be âoeaccessibleâ to reach as many people and organizations in India as possible, he added. The cloud services will be offered to businesses for as little as Rs 1,500 ($21) per month. The first two data-centers will be set up in Gujarat and Maharashtra by next year. Jio will migrate all of its non-networking apps to Microsoft Azure platform and promote its adoption among its ecosystem of startups, the two said in a joint statement.

Scientific Linux, a 14-year-old operating system based on Red Hat Enterprise Linux (RHEL) and which was maintained by some significant members of the scientific community such as The Fermi National Accelerator Laboratory and CERN, is being discontinued. From a report: While current versions (6 and 7) will continue to be supported, future development has permanently ended, with the organizations instead turning to CentOS -- another distro based on RHEL. "Scientific Linux is driven by Fermilab's scientific mission and focused on the changing needs of experimental facilities. Fermilab is looking ahead to DUNE and other future international collaborations. One part of this is unifying our computing platform with collaborating labs and institutions," said James Amundson, Head of Scientific Computing Division, Fermi National Accelerator Laboratory.

SpaceX notched its 19th launch of the year Monday, lofting 64 small spacecraft from 34 organizations into low Earth orbit. A Falcon 9 rocket lifted off from Vandenberg Air Force Base on California's central coast at about 10:34 a.m. local time. The customer was Spaceflight Industries, a Seattle-based company that organized the launch on behalf of several clients. From a report: The Spaceflight SSO-A: SmallSat Express mission includes 15 microsats and 49 cubesats from commercial and government entities, including universities, startups and a middle school, according to the SpaceX press kit. The payloads -- which vary from technology demonstrations and imaging satellites to educational-research endeavors -- are from 17 countries, including the U.S., Brazil, India and South Korea.

SpaceX said a series of six deployments would occur about 13 to 43 minutes after takeoff, then Spaceflight would command its own deployment sequences over a period of six hours. The Falcon 9's first stage has flown twice before: in May 2018 and again in August. SpaceX recovered it Monday on "Just Read the Instructions," a droneship in the Pacific Ocean. SpaceX also attempted to recover the rocket's fairing, which encloses the payload, with Mr. Steven, a boat designed to capture it in a massive net.

More than a dozen tech NGOs and human rights groups have issued an open letter calling on Google to stop work on a censored search engine project in China. From a report: Organizations including Amnesty International, Human Rights Watch, the Electronic Frontier Foundation, Access Now and others released the letter to Google CEO Sundar Pichai on Tuesday, saying the tech giant's plans to release a censored version of its search engine app to users in China represent an "alarming capitulation by Google on human rights." The project, dubbed Dragonfly, was first reported by The Intercept earlier this month. According to audio of a staff meeting, obtained by the New York Times, Pichai said that "if we were to do our mission well, we are to think seriously about how to do more in China. However, he went on to say that Google was "not close to launching a search product in China."

From a research paper [PDF]: Many workers care about more than financial compensation in their job. Nonmonetary incentives often matter, too. A firm's mission and the design of one's job can create meaning and purpose for employees. As a result, firms will have reason to care about meaning of work. We believe economists can usefully contribute to the debate about the implications of meaningful work. We are not arguing that financial compensation is unimportant. Lazear (in this volume) provides an excel- lent review of monetary incentives in certain organizations. But we believe that in order to manage modern organizations and understand the future of work, studying workers' nonmonetary motives will be crucial.

An anonymous reader quotes CSO: "The strategy around Zero Trust boils down to don't trust anyone. We're talking about, 'Let's cut off all access until the network knows who you are. Don't allow access to IP addresses, machines, etc. until you know who that user is and whether they're authorized,'" says Charlie Gero, CTO of Enterprise and Advanced Projects Group at Akamai Technologies in Cambridge, Mass... The Zero Trust model of information security basically kicks to the curb the old castle-and-moat mentality that had organizations focused on defending their perimeters while assuming everything already inside didn't pose a threat and therefore was cleared for access. Security and technology experts say the castle-and-moat approach isn't working. They point to the fact that some of the most egregious data breaches happened because hackers, once they gained access inside corporate firewalls, were able move through internal systems without much resistance...

Experts say that today's enterprise IT departments require a new way of thinking because, for the most part, the castle itself no longer exists in isolation as it once did. Companies don't have corporate data centers serving a contained network of systems but instead today typically have some applications on-premises and some in the cloud with users -- employees, partners, customers -- accessing applications from a range of devices from multiple locations and even potentially from around the globe... The Zero Trust approach relies on various existing technologies and governance processes to accomplish its mission of securing the enterprise IT environment. It calls for enterprises to leverage micro-segmentation and granular perimeter enforcement based on users, their locations and other data to determine whether to trust a user, machine or application seeking access to a particular part of the enterprise... Zero Trust draws on technologies such as multifactor authentication, Identity and Access Management (IAM), orchestration, analytics, encryption, scoring and file system permissions. Zero Trust also calls for governance policies such as giving users the least amount of access they need to accomplish a specific task.
"Most organizational IT experts have been trained, unfortunately, to implicitly trust their environments," says the chief product officer at an IAM/PIM solutions supplier.

"Everybody has been [taught] to think that the firewall is keeping the bad guys out. People need to adjust their mindset and understand that the bad actors are already in their environment."

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.
Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."

schwit1 writes: NASA has issued a request for proposals from private companies or organizations to take over the operation of the Spitzer Space Telescope after 2019. SpaceNews reports: "NASA's current plans call for operating Spitzer through March of 2019 to perform preparatory observations for the James Webb Space Telescope. That schedule was based on plans for a fall 2018 launch of JWST, which has since been delayed to the spring of 2019. Under that plan, NASA would close out the Spitzer mission by fiscal year 2020. That plan was intended to save NASA the cost of running Spitzer, which is currently $14 million a year. The spacecraft itself, though, remains in good condition and could operating well beyond NASA's current plan. 'The observatory and the IRAC instrument are in excellent health. We don't have really any issues with the hardware,' said Lisa Storrie-Lombardi, Spitzer project manager, in a presentation to the committee Oct. 18. IRAC is the Infrared Array Camera, an instrument that continues operations at its two shortest wavelengths long after the spacecraft exhausted the supply of liquid helium coolant. The spacecraft's only consumable is nitrogen gas used for the spacecraft's thrusters, and Storrie-Lombardi said the spacecraft still had half its supply of nitrogen 14 years after launch." The way a private organization could make money on this is to charge astronomers and research projects for observation time. This could work, since there is usually a greater demand for research time than available observatories.

Due to "an increased awareness of cyber vulnerabilities with DJI products," the U.S. Army is asking all units to discontinue the use of DJI drones. The news comes from an internal memo obtained by the editor of SUAS News. It notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017. The Verge reports: SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search. Pomaski also point out, correctly, that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, this data can be stored on servers in the U.S., Hong Kong, and China. This data can include videos, photos, and audio recorded by your phone's microphone, and telemetry data detailing the height, distance, and position of your recent flights. DJI provided the following statement to The Verge: "People, businesses and governments around the world rely on DJI's products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have 'issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.' We are surprised and disappointed to read reports of the U.S. Army's unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."

An anonymous reader quotes Space.com: A SpaceX Falcon 9 rocket carrying the 10 satellites for Iridium Communications is scheduled to liftoff from Vandenberg Air Force Base in California at 1:25 p.m. PDT (4:25 p.m. EDT/2025 GMT). The live webcast is expected to begin about 1 hour before the opening of the launch window, and you can watch it on SpaceX's website, or at Space.com. This is the second of eight planned Iridium launches with SpaceX. The launches will deliver a total of 75 satellites into space for the $3 billion Iridium NEXT global communications network. "Iridium NEXT will replace the company's existing global constellation in one of the largest technology upgrades ever completed in space," according to a statement from Iridium. "It represents the evolution of critical communications infrastructure that governments and organizations worldwide rely upon to drive business, enable connectivity, empower disaster relief efforts and more."
After the mission the booster rocket will attempt to land on a droneship. The droneships name is "Just Read The Instructions."

Google today launched a new technology to help news organizations and online platforms identify and swiftly remove abusive comments on their websites. The technology, called Perspective, will review comments and score them based on how similar they are to comments people said were "toxic" or likely to make them leave a conversation. From a report on BBC: The search giant has developed something called Perspective, which it describes as a technology that uses machine learning to identify problematic comments. The software has been developed by Jigsaw, a division of Google with a mission to tackle online security dangers such as extremism and cyberbullying. The system learns by seeing how thousands of online conversations have been moderated and then scores new comments by assessing how "toxic" they are and whether similar language had led other people to leave conversations. What it's doing is trying to improve the quality of debate and make sure people aren't put off from joining in.

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."