Music

Why Amanda Palmer Left the Music 'Industry' For Crowdfunding (digitaltrends.com) 105

Amanda Palmer says abandoning the commercial music industry for a subscription model made it possible to take more chances, like a new album with psychedelia artist Edward Ka-Spel. An anonymous reader quotes Digital Trends: I spent my whole life in this music industry trying to figure out how to sell what I'm making. But I don't "sell" anymore -- I just have this magical net of supporters who are supporting me whether I choose to make a record with Edward or make a record with my dad, which I did last year... [S]ometimes, you absolutely want to do ridiculous, noncommercial stuff. The Patreon patrons have been a godsend in that sense. I've had to continually re-educate myself that this isn't about selling music. It's about making music. I got so used to those two being inseparable that it took a lot of psychological work to divorce the processes.
She says her supporters "haven't just promised; they've put down their credit card." And Neil Gaiman, her husband, also strongly endorses the freedom to experiment. "If, as an artist, you ever listen to your fans' demands, and their demands are always insisting you make the last thing they liked again, you would go nowhere."
The Almighty Buck

Up To 1.4M More Fake Wells Fargo Accounts Possible (siliconvalley.com) 91

An anonymous reader quotes the Bay Area Newsgroup: Wells Fargo may have opened as many as 3.5 million bogus bank accounts without its customers' permission, attorneys for customers suing the bank have alleged in a court filing, suggesting the bank may have created far more fake accounts than previously indicated. The plaintiffs' new estimate of bogus bank accounts is about 1.4 million, or 67%, higher than the original estimate -- disclosed last year as part of a settlement with regulators -- that up to 2.1 million accounts were opened without customers' permission... The attorneys covered a period from 2002 to 2017, rather than the previously scrutinized five-year stretch from 2011 to some time in 2016 in which the bank acknowledged setting up unauthorized accounts.
Wells Fargo terminated 5,300 employees for creating fake accounts, and their CEO now acknowledges that "we had an incentive program and a high-pressure sales culture within our community bank that drove behavior that many times was inappropriate and inconsistent with our values." In a possibly-related story, Wells Fargo plans to shut 450 branches over the next two years.
Security

Researchers Find New Version Of WanaDecrypt0r Ransomware Without A Kill Switch (vice.com) 98

Remember that "kill switch" which shut down the WannCry ransomware? An anonymous reader quotes Motherboard: Over Friday and Saturday, samples of the malware emerged without that debilitating feature, meaning that attackers may be able to resume spreading ransomware even though a security researcher cut off the original wave. "I can confirm we've had versions without the kill switch domain connect since yesterday," Costin Raiu, director of global research and analysis team at Kaspersky Lab told Motherboard on Saturday... Another researcher confirmed they have seen samples of the malware without the killswitch.
Government

Did The UK Police Hire Foreigners To Hack Hundreds of Activists? (bbc.co.uk) 72

Big Hairy Ian shared this story from the BBC: Undercover counter-extremism officers used hackers in India to access the emails of journalists and environmental activists, it has been claimed... The Independent Police Complaints Commission said it had received an anonymous letter, which alleged covert officers from the Metropolitan Police's National Domestic Extremism and Disorder Intelligence Unit contacted Indian police officers for help to enlist hackers. The letter alleges the hackers accessed the email accounts of hundreds of people, including members of political and environmental pressure groups and journalists.
"The letter said the monitoring included the 'email accounts of radical journalists who reported on activist protests (as well as sympathetic photographers) including at least two employed by the Guardian newspaper,'" the Guardian reports, adding that the letter provided the names of 10 campaigners -- and the passwords for their accounts.
Earth

French President-Elect Macron Urges Action On Climate Change (newsweek.com) 174

After Sunday's election in France, Macron's victory "is likely to be a boon for the French digital economy and its startup scene," writes a foreign policy think tank blog, "but the country's frosty relationship with U.S. tech companies is likely to remain over the next five years." Yet even before he was elected as France's new president, Emmanuel Macron was already warning the U.S. that withdrawing from the international Paris Climate change agreement could cost America its brightest innovators. Thelasko writes: French President elect Emmanuel Macron has a message to U.S. scientists and engineers working on climate change. "Please, come to France. You are welcome. It's your nation. We like innovation. We want innovative people. We want people working on climate change, energy renewables and new technologies. France is your nation."
Newsweek reports this week that without America's involvement, the Paris Climate agreement "will have no way of meeting its goals of reducing global net carbon emissions" -- but that Macron could persuade the U.S. to honor its agreement. ("It reportedly took just one phone call conversation between Canadian Prime Minister Justin Trudeau and the president for Trump to reconsider withdrawing entirely for NAFTA, another international agreement signed into law prior to his tenure in the Oval Office.") And in the meantime, Macron has also promised not to cut France's energy-research budget, and will even reinforce it "to accelerate our initiative."
Microsoft

Microsoft Finally Bans SHA-1 Certificates In Its Browsers (zdnet.com) 38

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.
Android

Google's 'Project Treble' Could Lead To Faster Android Updates (arstechnica.com) 83

Thelasko quotes a report from Ars Technica: Ahead of Google I/O, Google has just dropped a bombshell of a blog post that promises, for real this time, that it is finally doing something about Android's update problems. "Project Treble" is a plan to modularize the Android OS, separating the OS framework code from "vendor specific" hardware code. In theory, this change would allow for a new Android update to be flashed on a device without any involvement from the silicon vendor. Google calls it "the biggest change to the low-level system architecture of Android to date," and it's already live on the Google Pixel's Android O Developer Preview. This is not a magic bullet that will solve all of Android's update problems, however. After an update is released, Google lists three steps to creating an Android update:

1. Silicon manufacturers (Qualcomm, Samsung Exynos, etc) "modify the new release for their specific hardware" and do things like make sure drivers and power management will still work.
2. OEMs (Samsung, LG, HTC) step in and "modify the new release again as needed for their devices." This means making sure all the hardware works, rebranding Android with a custom skin, adding OEM apps, and modifying core parts of the Android OS to add special features like (before 7.0) multi-window support.
3. Carriers add more apps, more branding, and "test and certify the new release."

Microsoft

As World Reacts To WanaDecrypt0r, Microsoft Issues Patch For Old Windows Systems (bleepingcomputer.com) 150

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.
Television

HBO's 'Silicon Valley' Joins The Push For A Decentralized Web (ieee.org) 115

Tekla Perry writes: HBO's fictional Silicon Valley character Richard Hendricks sets out to reinvent the Internet into something decentralized. ["What if we used all those phones to build a massive network...we could build a completely decentralized version of our current Internet with no firewalls, no tolls, no government regulation, no spying. Information would be totally free in every sense of the word."] That sound a lot like what Brewster Kahle, Tim Berners-Lee, and Vint Cerf have been calling the decentralized web. Kahle tells IEEE Spectrum about how closely HBO's vision matches his own, and why he's happy to have this light shined on the movement.
In 2015 Kahle pointed out the current web isn't private. "People, corporations, countries can spy on what you are reading. And they do." But in a decentralized web, "the bits will be distributed -- across the net -- so no one can track the readers of a site from a single point or connection."

He tells IEEE Spectrum that though the idea is hard to execute, a lot of people are already working on it. "I recently talked to a couple of engineers working for Mozilla, and brought up the idea of decentralizing the web. They said, 'Oh, we have a group working on that, are you thinking about that as well?'"
Bug

Google Found Over 1,000 Bugs In 47 Open Source Projects (helpnetsecurity.com) 55

Orome1 writes: In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects... So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg -- and the list goes on...
Google launched the program in December and wants more open source projects to participate, so they're offering cash rewards for including "fuzz" targets for testing in their software. "Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice that amount, if the proceeds are donated to a charity.
United States

The Woman Who Saved Manhattan From a Freeway Running Through It (bbc.com) 171

dryriver quotes a report from BBC: A massive freeway project dreamed up by city planner Robert Moses would have destroyed Greenwich Village and altered much of Lower Manhattan if not for one woman's efforts -- those of Jane Jacobs. As vast tracts of this U.S. journalist's adopted New York were razed to make way for theoretically fast-flowing urban freeways potted about with soulless high-rise housing projects for the urban poor, Jane Jacobs, skeptical of grand plans and nobody's victim, took on the City of New York through her urgent writing and by galvanizing protest groups who took to the streets of Manhattan to save the city from being dismembered, disinfected and depopulated. Robert Moses wanted to clean up New York while investing heavily in its infrastructure: its public parks, swimming pools, bridges, playgrounds, parkways, Shea Stadium, Lincoln Center and the United Nations headquarters. For many years, New York's intellectual elite supported such developments, including the destruction of working-class neighborhoods Moses saw as "cancerous growths" in need of surgical removal. He accrued ever more power and pushed through and proposed ever more radical schemes -- notably expressways that sliced through quarters of the city like blunt knives. This powerful and disdainful planner made enemies, and none more so than Jane Jacobs.
DRM

FSF Supports Today's Boston March Against DRM In HTML5 (defectivebydesign.org) 89

Atticus Rex writes: A small artist-led group called Ethics in Tech is joining the long-simmering struggle between streaming video giants and Internet freedom activists over whether the Web should include Digital Rights Management in its technical standards. This Saturday, Ethics in Tech will lead a march on the W3C, the body -- led by Web inventor Tim Berners-Lee -- that decides on Web standards.
The Free Software Foundation is promoting the march, and their "Defective By Design" site is sharing this quote from the march's organizers. Dear W3C: we demand you comply with UNESCO and international civil and political rights. Halt EME -- ensure the protection of a secure, accessible, and open web. Make ethical standards or stand on the wrong side of history.
Moon

NASA Won't Fly Astronauts On First Orion-SLS Test Flight Around the Moon (space.com) 92

An anonymous reader quotes a report from Space.com: The first flight of NASA's next-generation heavy-lift rocket, the Space Launch System (SLS), is now scheduled for 2019 and will not include a human crew, agency officials said today (May 12). As of 2016, NASA had planned for the SLS' first flight to take place in 2018, without a crew on board. But the transition team that the Trump administration sent to the agency earlier this year asked for an internal evaluation of the possibility of launching a crew atop the SLS inside the agency's Orion space capsule. Robert Lightfoot, NASA's acting administrator, said during a news conference today that, based on the results of this internal evaluation, a crewed flight would be "technically feasible," but the agency will proceed with its initial plan to make the rocket's first flight uncrewed. The internal evaluation "really reaffirmed that the baseline plan we had in place was the best way for us to go," Lightfoot said. "We have a good handle on how that uncrewed mission will actually help [the first crewed mission of SLS] be a safer mission when we put crew on there." SLS' first flight will be called Exploration Mission 1, or EM-1, and will send an uncrewed Orion capsule (which has already made one uncrewed test flight, aboard a United Launch Alliance Delta IV Heavy rocket) on a roughly three-week trip around the moon. The first crewed flight, EM-2, was originally scheduled to follow in 2021.
Security

'Accidental Hero' Finds Kill Switch To Stop Wana Decrypt0r Ransomware (theguardian.com) 182

"An 'accidental hero' has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations..." writes The Guardian. An anonymous reader quotes their report: A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a "kill switch" in the malicious software that was based on a cyber-weapon stolen from the NSA. The kill switch was hardcoded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to -- just as if it was looking up any website -- and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early Friday morning (Pacific Time), stopping the rapid proliferation of the ransomware.
You can read their first-person account of the discovery here, which insists that registering the domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..." Friday they also tweeted a map from the New York Times showing that registering that domain provided more time for U.S. sites to patch their systems. And Friday night they added "IP addresses from our [DNS] sinkhole have been sent to FBI and ShadowServer so affected organizations should get a notification soon. Patch ASAP."

UPDATE: Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking that site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

Slashdot Top Deals