Technology

It takes two to tango, says SaaS vendor

Maine has accused Workday of showing "no accountability" for its part in a flawed process to replace the US state's HR system.…

Colourful PowerBook 170 was a one-off for Japanese women's golf tournament

Another piece of Apple history has been put on the block, this time it's the turn of a weird - and in some eyes, possibly wonderful - limited edition of the PowerBook 170.…

According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network. Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

Read more of this story at Slashdot.

Keep using the provided tools, NCSC says

Conservative MP Tom Tugendhat has publicly claimed GCHQ sources told him Gmail was more secure than Parliament’s own Microsoft Office 365 deployment – but both Parliament and a GCHQ offshoot have told him to stop being silly.…

Filling the void left by Huawei

Smaller telco kit makers should provide 25 per cent of the equipment used in Britain's 5G networks following the removal of Huawei, according to the recently formed UK.gov-backed Telecoms Diversification Task Force.…

'A huge Tetris' as biz struggles prepping kit for relocation under renewed COVID lockdown

OVH is yet to bring all customers affected by its Strasbourg data center fire back online – and the French cloud operator's CFO has described ongoing restoration efforts as a "real nightmare."…

AI algorithms in large-scale astronomy are mandatory, study says

A neural network has helped astronomers catalog a whopping 27 million galaxies collected from one of the largest astronomical surveys probing the mysterious nature of dark energy.…

Ride-sharing, food-delivering, payment-processing, home-insuring and money-lending org thanks COVID for pumping up its financials

Singaporean superapp Grab announced yesterday that it plans to go public in the United States – through a $39.6bn merger with a Special Purpose Acquisition Company (SPAC).…

The FCC is encouraging netizens to use its internet speed mobile app in an effort to finally get accurate broadband data across the United States. The Register reports: In an announcement on Monday, the telecoms regulator noted that "the app provides a way for consumers to test the performance of their mobile and in-home broadband networks" and "provides the test results to the FCC." It stops far short of saying that the data will be used to make policy decisions, however, saying only that the figures gathered "will help to inform the FCC's efforts to collect more accurate and granular broadband deployment data." The public push doesn't mean that things are going to get better soon. Big Cable has aggressively -- and successfully -- argued in the past that data provided by users over an app is not sufficiently robust to form the basis of governmental decisions. And so the FCC will have to use the results as a way to push for change rather than use the data to make direct decisions. Everybody, including numerous states, cities, congressfolk and the GAO, know that the official FCC data provided by ISPs is not worth the paper it's written on. But broader usage of the app should expose just how inaccurate official figures are, which should in turn provide enough impetus for change. The bigger question is whether enough progress is made in the next four years to make any difference.

Read more of this story at Slashdot.

When Andy inherited some C# code from a contracting firm, he gave it a quick skim. He saw a bunch of methods with names like IsAvailable or CanPerform…, but he also saw that it was essentially random as to whether or not these methods returned bool or string.

That didn't seem like a good thing, so he started to take a deeper look, and that's when he found this.

public ActionResult EditGroup(Group group) { string fleetSuccess = string.Empty; bool success = false; if(action != null) { fleetSuccess = updateGroup(group); } else { fleetSuccess = Boolean.TrueString; } success = updateExternalGroup(group); fleetSuccess += "&&&" + success; if (fleetSuccess.ToLower().Equals("true&&&true")) { GetActivityDataFromService(group, false); } return Json(fleetSuccess, JsonRequestBehavior.AllowGet); }

So, updateGroup returns a string containing a boolean (at least, we hope it contains a boolean). updateExternalGroup returns an actual boolean. If both of these things are true, than we want to invoke GetActivityDataFromService.

Clearly, the only way to do this comparison is to force everything into being a string, with a &&& jammed in the middle as a spacer. Uh, for readability, I guess? Maybe? I almost suspect someone thought they were inventing their own "and" operator and didn't want it to conflict with & or &&.

Or maybe, maybe their code was read aloud by Jeff Goldblum. "True, and-and-and true!" It's very clear they didn't think about whether or not they should do this.

hljs.initHighlightingOnLoad(); [Advertisement] Utilize BuildMaster to release your software with confidence, at the pace your business demands. Download today!

Alibaba was just the beginning, says regulator, as it forbids western web titans' favourite bullying behaviours

China’s State Administration for Market Regulation has warned 34 local web “platforms” to make sure they comply with local laws, and take care not to adopt western startups' aggressive tactics, or they may suffer the same kind of smackdowns recently inflicted on Alibaba.…

IT giant is learning to live with repeated sprints rather than mega-deals

Tata Consultancy Services won just seven new customers in its fiscal 2021, and went backwards on revenue and profit.…

Many European customers flee, Asia signs up in big numbers

Hong Kong-based CK Hutchison, operator of the '3' mobile brand, has told investors that COVID-19 cut its revenues by eight per cent and profits by 21 per cent, but it also found bright spots of business around the world.…

An anonymous reader quotes a report from ZDNet: Good news, disabled Australians! You'll soon be getting an app that will implement a welfare compliance regime designed by the people who brought you robo-debt. But don't worry, it'll have blockchain. No, this isn't good news at all. What makes it worse is that it's clear the government wants to extend technology-driven compliance to all Australians, with an emphasis on cracking down on your mistakes, not theirs. Kathryn Campbell, Secretary of the Department of Social Services, says the long-term plan is to have one app for all Commonwealth government services. "One to rule the world," she said last month, apparently oblivious to how evil that sounds. Senators are already worried that the disability app, intended to be used by participants in the National Disability Insurance Scheme (NDIS) to claim expenses against their support plan, will go the way of COVIDSafe: Millions of dollars spent on technology that doesn't really do the job. The intention was to fix a poor web experience, and allow claims to be made from a mobile device. But instead of simply creating a better website, in 2018, the Digital Transformation Agency (DTA) joined forces with CSIRO's Data61 and the Commonwealth Bank to trial blockchain-based smart money that would magically know whether the expense was legitimate or not. According to the CEO of the National Disability Insurance Agency (NDIA), Martin Hoffman, that pilot app has been "very popular and well-received," and the feedback has been "extremely positive." The app will be "fully available in the coming months, first on Google Play and then Apple's app store," he said. "Given the horrendously complex NDIS environment, defective processes and vulnerable people, there needs to be considerable caution in the application of blockchain technology," wrote former NDIS Technology Authority chief Marie Johnson in a submission [PDF] to the Parliamentary Joint Standing Committee on the NDIS. "Blockchain in itself -- as with other technology innovations -- does not address fundamental design and human rights issues. Ethics is paramount. The involvement of the Commonwealth Bank itself raises further ethics issues, given the value of participant data; the size of the market; and the yet to be realized emarket honey pot of data, funds and services." You can view the detailed "Making Money Smart: Empowering NDIS participants with Blockchain technologies" report here (PDF).

Read more of this story at Slashdot.

Remote-control malware wiped, deployments must still be patched

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday.…

Slashdot reader omfglearntoplay shares an excerpt from a BBC article that explores the new technologies that may have already introduced genetic errors to the human gene pool. The article starts by mentioning He Jiankui, a Shenzhen researcher who was sentenced to prison in late 2019 for creating the world's first genetically altered babies. From the report: Jiankui had made the first genetically modified babies in the history of humankind. After 3.7 billion years of continuous, undisturbed evolution by natural selection, a life form had taken its innate biology into its own hands. The result was twin baby girls who were born with altered copies of a gene known as CCR5, which the scientist hoped would make them immune to HIV. But things were not as they seemed. In the years since, it's become clear that Jiankui's project was not quite as innocent as it might sound. He had broken laws, forged documents, misled the babies' parents about any risks and failed to do adequate safety testing. However, arguably the biggest twist were the mistakes. It turns out that the babies involved, Lulu and Nana, have not been gifted with neatly edited genes after all. Not only are they not necessarily immune to HIV, they have been accidentally endowed with versions of CCR5 that are entirely made up -- they likely do not exist in any other human genome on the planet. And yet, such changes are heritable -- they could be passed on to their children, and children's children, and so on. In fact, there have been no shortage of surprises in the field. From the rabbits altered to be leaner that inexplicably ended up with much longer tongues to the cattle tweaked to lack horns that were inadvertently endowed with a long stretch of bacterial DNA in their genomes (including some genes that confer antibiotic resistance, no less) -- its past is riddled with errors and misunderstandings. More recently, researchers at the Francis Crick Institute in London warned that editing the genetics of human embryos can lead to unintended consequences. By analyzing data from previous experiments, they found that approximately 16% had accidental mutations that would not have been picked up via standard tests. Why are these mistakes so common? Can they be overcome? And how could they affect future generations?

Read more of this story at Slashdot.

A man who was falsely accused of shoplifting has sued the Detroit Police Department for arresting him based on an incorrect facial recognition match. The American Civil Liberties Union filed suit on behalf of Robert Williams, whom it calls the first US person wrongfully arrested based on facial recognition. The Verge reports: The Detroit Police Department arrested Williams in 2019 after examining security footage from a shoplifting incident. A detective used facial recognition technology on a grainy image from the video, and the system flagged Williams as a potential match based on a driver's license photo. But as the lawsuit notes, facial recognition is frequently inaccurate, particularly with Black subjects and a low-quality picture. The department then produced a photo lineup that included Williams' picture, showed it to a security guard who hadn't actually witnessed the shoplifting incident, and obtained a warrant when that guard picked him from the lineup. Williams -- who had been driving home from work during the incident -- spent 30 hours in a detention center. The ACLU later filed a formal complaint on his behalf, and the prosecutor's office apologized, saying he could have the case expunged from his records. The ACLU claims Detroit police used facial recognition under circumstances that they should have known would produce unreliable results, then dishonestly failed to mention the system's shortcomings -- including a "woefully substandard" image and the known racial bias of recognition systems.

Read more of this story at Slashdot.

eSentire warns of remote-access trojans masquerading as PDFs

More than 100,000 web pages hosted by Google Sites are being used to trick netizens into opening business documents booby-trapped with a remote-access trojan (RAT) that takes over victims' PCs and hands control to miscreants.…

April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers. Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.

Read more of this story at Slashdot.

An anonymous reader quotes a report from ZDNet: The Open Invention Network (OIN) defends the intellectual property (IP) rights of Linux and open-source software developers from patent trolls and the like. This is a global fight and now the OIN has a new, powerful allied member in China: Inspur. Inspur is a leading worldwide provider and China's leading data center infrastructure, cloud computing, and artificial intelligence (AI) server providers. While not a household name like Lenovo, Inspur ranks among the world's top-three server manufacturers. Inspur is only the latest of many companies to join the OIN. Besides such primarily hardware-oriented companies as Inspur, Baidu, China's largest search engine company, and global banks such as Barclays and the TD Bank Group, have joined the OIN. In 2021, companies far removed from traditional Linux companies such as Canonical, Red Hat, and SUSE all recognize Linux and OSS's importance. Donny Zhang, VP of Inspur information, said, "Linux and open source are critical elements in technologies which we are developing and provisioning. By joining the Open Invention Network, we are demonstrating our continued commitment to innovation, and supporting it with patent non-aggression in core Linux and adjacent open-source software." "Linux is rewriting what is possible in infrastructure computing," says OIN CEO Keith Bergelt. "OSS-based cloud computing and on-premise data centers are driving down the cost-per-compute while significantly increasing businesses' ability to provision AI and machine-learning (ML) capabilities. We appreciate Inspur's participation in joining OIN and demonstrating its commitment to innovation and patent non-aggression in open source."

Read more of this story at Slashdot.