Long-time Slashdot reader destinyland writes: A new book identifies "26 Lines of Code That Changed the World." But its cheeky title also incorporates a comment from Unix's source code — "You are Not Expected to Understand This". From a new interview with the book's editor:

With chapter titles like "Wear this code, go to jail" and "the code that launched a million cat videos," each chapter offers appreciations for programmers, gathering up stories about not just their famous lives but their sometimes infamous works. (In Chapter 10 — "The Accidental Felon" — journalist Katie Hafner reveals whatever happened to that Harvard undergraduate who went on to inadvertently create one of the first malware programs in 1988...) The book quickly jumps from milestones like the Jacquard Loom and the invention of COBOL to bitcoin and our thought-provoking present, acknowledging both the code that guided the Apollo 11 moon landing and the code behind the 1962 videogame Spacewar. The Smithsonian Institution's director for their Center for the Study of Invention and Innovation writes in Chapter 4 that the game "symbolized a shift from computing being in the hands of priest-like technicians operating massive computers to enthusiasts programming and hacking, sometimes for the sheer joy of it."

I contributed chapter 9, about a 1975 comment in some Unix code that became "an accidental icon" commemorating a "momentary glow of humanity in a world of unforgiving logic." This chapter provided the book with its title. (And I'm also responsible for the book's index entry for "Linux, expletives in source code of".) In a preface, the book's editor describes the book's 29 different authors as "technologists, historians, journalists, academics, and sometimes the coders themselves," explaining "how code works — or how, sometimes, it doesn't work — owing in no small way to the people behind it."

"I've been really interested over the past several years to watch the power of the tech activists and tech labor movements," the editor says in this interview. "I think they've shown really immense power to effect change, and power to say, 'I'm not going to work on something that doesn't align with what I want for the future.' That's really something to admire.

"But of course, people are up against really big forces...."

An anonymous reader quotes a report from TorrentFreak: In May 2022, Italian police claimed that thousands of people had unwittingly subscribed to a pirate IPTV service being monitored by the authorities. When users tried to access illegal streams, a warning message claimed that they had already been tracked. With fines now being received through the mail, police are making some extraordinary claims about how this was made possible. [...] Today's general consensus is that hitting site operators is much more effective but whenever the opportunity appears, undermining user confidence should be part of the strategy. Italian police have been following the same model by shutting down pirate IPTV services (1,2,3) and warning users they're up next.

Letters recently sent to homes in Italy reveal that police were not bluffing. A copy letter obtained by Iilsole24ore identifies the send as the Nucleo Speciale Tutela Privacy e Frodi Tecnologiche, a Guardia di Finanza unit specializing in IT-related crime. It refers to an anti-IPTV police operation in May. The operation targeted around 500 pirate IPTV resources including websites and Telegram channels. At the time, police also reported that 310+ pieces of IPTV infrastructure, including primary and balancing servers distributing illegal streams, were taken offline. Police also claimed that a tracking system made it possible to identify the users of the pirate streams. The letter suggests extraordinary and potentially unprecedented tactics.

The letters state that Italian authorities were able to track the IPTV users by "arranging for the redirection of all Internet service providers' national connections" so that subscribers placed their orders on a police-controlled server configured to record their activity. In comments to Iilsole24ore, Gian Luca Berruti, head of investigations at the Guardia di Finanza, describes the operation as "decisive" in the fight against cybercrime. Currently deployed to Italy's National Cybersecurity Agency, Berruti references "innovative investigative techniques" supported by "new technological tools." Technical details are not being made public, but it's claimed that IPTV users were tracked by "tracing of all connections to pirate sites (IPs) combined, in real-time," and "cross-referencing telematic information with that derived from the payment mechanisms used." The police operation in May was codenamed Operazione:Dottor Pezzotto. A Telegram channel with exactly the same branding suffered a traffic collapse at exactly the same time. "The letters refer to an administrative copyright infringement fine of just 154 euros or 'in case of recidivism' a total of 1,032 euros," notes the report. "However, if people pay their fines within 60 days, the amounts are reduced to 51 euros and 344 euros respectively."

"Around 1,600 people are believed to have been targeted in this first wave of letters but according to Andrea Duillo, CEO of Sky Italia, this is just the start."

Frederick Brooks, the famed computer architect who discovered the software tar pit and designed OS/360, died Thursday. He also debunked the concept of the Mythical Man-Month in his book, writing: "Adding manpower to software project that is behind schedule delays it even longer."

A true icon, who won the Turing Award in 2000, Brooks was one of the great thinkers in computing. Industry tributes are pouring in the celebration of his contribution and life.

Further reading: His interview with Grady Booch for Computer History Museum [PDF].

346 people died in two separate crashes of the Boeing 737 MAX — one in 2018 and one in 2019. And then in 2021, a Boeing 737-500 crashed in Indonesia, killing all 62 people on board.

Thursday Indonesia's national transportation safety committee (KNKT) released its final report on that 737-500 crash. It found that after takeoff the plane's autothrottle system (which automatically adjusts power to the jet's two engines) became stuck on the right engine, "as a result of friction or binding within the mechanical system," according to the Seattle Times. The newspaper also notes that the same system "had repeatedly malfunctioned on the aircraft before the crash."

The report also blames an inadequate response from the pilots. As the jet climbed away from the runway in Jakarta and the pilots adjusted the autopilot mode to reduce thrust, the autothrottle duly eased back power to the left engine but the right engine continued at full power. The resultant asymmetric thrust caused the plane to turn to the left even as the pilots steered the control wheel to the right and the autopilot followed by moving control surfaces on the wing to roll right. Another system on the plane designed to monitor for asymmetric thrust also malfunctioned and delayed disengaging the autothrottle as it should have.

But as this was happening, the pilots were unaware of it. The pilots should have seen from the instrument panel attitude display that the plane was deviating from its flight path to the left. And they should have noted the right thrust lever not having moved backward like the left lever, alerting them to the asymmetric thrust. They apparently missed both clues.

Just under 5 minutes after takeoff, as the jet banked steeply left, a warning alert sounded in the cockpit: "BANK ANGLE." Two seconds after the alert sounded, at an altitude of 10,700 feet, the pilot in command disengaged the autopilot system to take manual control. This pilot, 54 years old with almost 18,000 hours of flight time, half of that in a 737, clearly didn't realize that the autopilot had been compensating and masking the effect of the asymmetric thrust in the engines. With the autopilot gone, the countering forces from the control surfaces on the wings were removed and "the yaw and roll forces of the asymmetric power rolled the aircraft to the left," the investigation report states.

The pilot was so unaware of what was happening that he steered the control wheel further left instead of right, which "increased the roll tendency of the aircraft to the left." The plane rolled more than 45 degrees left and went nose down.

At that moment, the autothrottle finally disengaged. But it was too late to recover. The flight data stopped recording as the plane crashed into the sea.

The report faults the pilots for their lack of recognition of the situation.

It blames "pilot automation complacency" (overreliance on the automated system) and "confirmation bias" (believing that the plane was steering right as commanded, when in fact it was rolling left).

The Indonesian safety authority found that Sriwijaya Air provided "inadequate" training for its pilots in upset recovery, which means righting an airplane if it inadvertently stalls, rolls or pitches to deviate from the intended flight position. Indonesia now mandates detailed upset recovery training for all airline pilots.

The KNKT report also states that the system that was supposed to monitor the 737's autothrottle for asymmetric thrust and disengage it — the Cruise Thrust Split Monitor — may have been misrigged by maintenance personnel, or its failure may have been due to a sensor fault providing an incorrect value for the positions of the control surfaces on the wings to the autothrottle computer.

The report notes that Boeing is issuing a bulletin to all 737 operators requiring repetitive inspections of the control surface sensors. An Airworthiness Directive that will make this mandatory is pending from the Federal Aviation Administration.

Thursday the Kudelski Group's cybersecurity division released "a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes."

"Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted." Even if the presence of the Shufflecake software itself cannot be hidden — and hence the presence of secret volumes is suspected — the number of volumes is also hidden. This allows a user to create a hierarchy of plausible deniability, where "most hidden" secret volumes are buried under "less hidden" decoy volumes, whose passwords can be surrendered under pressure. In other words, a user can plausibly "lie" to a coercive adversary about the existence of hidden data, by providing a password that unlocks "decoy" data.

Every volume can be managed independently as a virtual block device, i.e. partitioned, formatted with any filesystem of choice, and mounted and dismounted like a normal disc. The whole system is very fast, with only a minor slowdown in I/O throughput compared to a bare LUKS-encrypted disk, and with negligible waste of memory and disc space.

You can consider Shufflecake a "spiritual successor" of tools such as Truecrypt and Veracrypt, but vastly improved. First of all, it works natively on Linux, it supports any filesystem of choice, and can manage up to 15 nested volumes per device, so to make deniability of the existence of these partitions really plausible.
"The reason why this is important versus "simple" disc encryption is best illustrated in the famous XKCD comic 538," quips Slashdot reader Gaglia (in the original submission. But the big announcement from Kudelski Security Research calls it "a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes.

"Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.... The current release is still a non-production-ready prototype, so we advise against using it for really sensitive operations. However, we believe that future work will sensibly improve both security and performance, hopefully offering a really useful tool to people who live in constant danger of being interrogated with coercive methods to reveal sensitive information.

An anonymous reader quotes a report from Ars Technica: In late October, a Swedish software engineer named Linus Akesson unveiled a playable accordion -- called "The Commodordion" -- he crafted out of two vintage Commodore 64 computers connected with a bellows made of floppy disks taped together. A demo of the hack debuted in an 11-minute YouTube video where Akesson plays a Scott Joplin ragtime song and details the instrument's creation.

A fair amount of custom software engineering and hardware hackery went into making the Commodordion possible, as Akesson lays out in a post on his website. It builds off of earlier projects (that he says were intentionally leading up to this one), such as the Sixtyforgan (a C64 with spring reverb and a chromatic accordion key layout) and Qwertuoso, a program that allows live playing of the C64's famous SID sound chip.

So how does the Commodordion work? Akesson wired up a custom power supply, and when he flips the unit on, both Commodore 64 machines boot (no display necessary). Next, he loads custom music software he wrote from a Commodore Datasette emulator board into each machine. A custom mixer circuit board brings together the audio signals from the two units and measures input from the bellows to control the volume level of the sound output. The bellows, composed of many 5.25-inch floppy disks cut and taped into shape, emit air through a hole when squeezed. A microphone mounted just outside that hole translates the noise it hears into an audio envelope that manipulates the sound output to match. The Commodordion itself does not have speakers but instead outputs its electronic audio through a jack.

"Kathleen Booth, who has died aged 100, co-designed of one of the world's first operational computers and wrote two of the earliest books on computer design and programming," the Telegraph wrote this week.

"She was also credited with the invention of the first assembly language, a programming language designed to be readable by users." In 1946 she joined a team of mathematicians under Andrew Booth at Birkbeck College undertaking calculations for the scientists working on the X-ray crystallography images which contributed to the discovery of the double helix shape of DNA....

To help the number-crunching involved Booth had embarked on building a computing machine called the Automatic Relay Calculator or ARC, and in 1947 Kathleen accompanied him on a six-month visit to Princeton University, where they consulted John von Neumann, who had developed the idea of storing programs in a computer. On their return to England they co-wrote General Considerations in the Design of an All Purpose Electronic Digital Computer, and went on to make modifications to the original ARC to incorporate the lessons learnt.

Kathleen devised the ARC assembly language for the computer and designed the assembler.

In 1950 Kathleen took a PhD in applied mathematics and the same year she and Andrew Booth were married. In 1953 they cowrote Automatic Digital Calculators, which included the general principles involved in the new "Planning and Coding"programming style.

The Booths remained at Birkbeck until 1962 working on other computer designs including the All Purpose Electronic (X) Computer (Apexc, the forerunner of the ICT 1200 computer which became a bestseller in the 1960s), for which Kathleen published the seminal Programming for an Automatic Digital Calculator in 1958. The previous year she and her husband had co-founded the School of Computer Science and Information Systems at Birkbeck.
"The APE(X)C design was commercialized and sold as the HEC by the British Tabulating Machine Co Ltd, which eventually became ICL," remembers the Register, sharing a 2010 video about the machine (along with several links for "Further Reading.")

First released in 1998, the BSD-licensed software Zeek (originally named "Bro") is about to get more widely adopted, writes long-time Slashdot reader skinfaxi: Zeek, the open source network security monitoring platform, is being integrated into Windows and "is now deployed on more than one billion global endpoints," according to an announcement from Corelight.
From Corelight's press release: Corelight, the leader in open network detection and response, today announced the integration of Zeek, the world's most popular open source network security monitoring platform, as a component of Microsoft Windows and Defender for Endpoint. The integration will help security teams respond to the most challenging attacks by providing "richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities."

Originally created by Corelight co-founder and chief scientist Dr. Vern Paxson while at Lawrence Berkeley National Laboratory, Zeek transforms network traffic into compact and high-fidelity logs, file content, and behavioral analytics to accelerate security operations. Vital funding for Zeek came initially from the National Science Foundation and the US Department of Energy's Office of Science. As adoption increased, Corelight was founded to provide a financial model and corporate sponsor for the project....

"Microsoft is strongly committed to supporting open source projects and ecosystems," said Rob Lefferts, corporate vice president for Microsoft. "We're proud to be working with Zeek and are thrilled to bring this level of network intelligence and monitoring to our customers."

"This is an amazing development for Zeek and its community of contributors and users," said Paxson. "I never imagined that the tool I developed for network monitoring would find broader application in defending endpoints — but that's part of the creative magic of open source development.

"We are grateful for Microsoft's contributions and support, and we are excited that the project's impact, and that of the community of contributors, will increase so dramatically."

France has become the latest country to pull out of the controversial energy charter treaty (ECT), which protects fossil fuel investors from policy changes that might threaten their profits. The Guardian reports: Speaking after an EU summit in Brussels on Friday, French president, Emmanuel Macron, said: "France has decided to withdraw from the energy charter treaty." Quitting the ECT was "coherent" with the Paris climate deal, he added. Macron's statement follows a recent vote by the Polish parliament to leave the 52-nation treaty and announcements by Spain and the Netherlands that they too wanted out of the scheme.

The European Commission has proposed a "modernization" of the agreement, which would end the writ of the treaty's secret investor-state courts between EU members. That plan is expected to be discussed at a meeting in Mongolia next month. A French government official said Paris would not try to block the modernization blueprint within the EU or at the meeting in Mongolia. "But whatever happens, France is leaving," the official said. While France was "willing to coordinate a withdrawal with others, we don't see that there is a critical mass ready to engage with that in the EU bloc as a whole," the official added.

The French withdrawal will take about a year to be completed, and in that time, discussion in Paris will likely move on to ways of neutralizing or reducing the duration of a "sunset clause" in the ECT that allows retrospective lawsuits. Progress on that issue is thought possible by sources close to ongoing legal negotiations on the issue.

The Clearing House, a banking association and payments company owned by the largest commercial banks in the U.S., has joined the Open Invention Network (OIN) -- the world's largest patent nonaggression consortium. ZDNet reports: The OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the increase in patent troll attacks, the OIN is also defending companies from these assaults. You may not think financial companies and banks are subject to such attacks. I mean, TCH's roots go all the way back to 1853. Think again.

As Keith Bergelt, CEO of OIN, said in June, "The most sophisticated and compelling global banking and fintech companies have essentially become technology companies that employ open-source software to deliver their services at scale." Further, patent trolls "appear to be targeting them for this reason, along with the fact that financial services companies have not historically been active patent filers." That's because, historically, they've purchased most of their tech from third-party vendors.

That was then. This is now. Today, financial institutions generate more tech in-house, so they're more concerned about being granted patents, building patent portfolios, and related patent issues. Indeed, these days fintech businesses have their own Fintech Open Source Foundation (FINOS), the financial sector branch of the Linux Foundation. So, Bergelt said in a release Wednesday, "Advancements in financial services and fintech increasingly rely on open-source technologies. As the most experienced payment company in the US, and a keystone for the financial services industry, we are pleased that The Clearing House is committed to patent nonaggression in core Linux and adjacent open-source technologies."

Wikipedia describes Homestar Runner as "a blend of surreal humour, self-parody, and references to popular culture, in particular video games, classic television, and popular music." But after launching in 2000, the web-based cartoon became a cultural phenomenon, co-creator Mike Chapman remembered in 2017: On the same day we received a demo of a song that John Linnell from They Might Be Giants recorded for a Strong Bad Email and a full-size working Tom Servo puppet from Jim Mallon from Mystery Science Theater 3000.... The Homestar references in the Buffy and Angel finales forever ago were huge. And there was this picture of Joss Whedon in a Strong Bad shirt from around that time that someone sent us that we couldn't believe. Years later, a photo of Geddy Lee from Rush wearing a Strong Bad hat on stage circulated which similarly freaked us out. We have no idea if he knew what Strong Bad was, but our dumb animal character was on his head while he probably shredded 'Working Man' so I'll take it!
After a mutli-year hiatus starting around 2009, the site has only been updating sporadically — and some worried that the end of Flash also meant the end of the Flash-based cartoon and its web site altogether. But on the day Flash Player was officially discontinued — December 31st, 2020 — a "post-Flash update" appeared at HomestarRunner.com: What happened our website? Flash is finally dead-dead-dead so something drastic had to be done so people could still watch their favorite cartoons and sbemails with super-compressed mp3 audio and hidden clicky-clicky easter eggs...!

[O]nce you click "come on in," you'll find yourself in familiar territory thanks to the Ruffle Project. It emulates Flash in such a way that all browsers and devices can finally play our cartoons and even some games.... Your favorite easter eggs are still hidden and now you can even choose to watch a YouTube version if there is one.

Keep in mind, Ruffle is still in development so not everything works perfectly. Games made after, say 2007, will probably be pretty janky but Ruffle plans on ulitmately supporting those too one day. And any cartoons with video elements in them (Puppet Jams, death metal) will just show you an empy box where the video should be. But hang in there and one day everything will be just like it was that summer when we got free cable somehow and Grandma still lived in the spare bedroom.
And since then, new content has quietly been appearing at HomestarRunner.com. (Most recently, Thursday the site added a teaser for an upcoming Halloween video.)

The Homestar Runner wiki is tracking this year's new content, which includes:

• Strong Bad livestreaming his play of a text adventure (titled "Disk 4 of 12 — Vampire's Castle") on September 19th
• Strong Sad streaming a demo of the expando deck for Trogdor!! The Board Game (July 2)
• A Twitch parody in which Strong Bad livestreams a speedrun on a horrific beef-themed game (titled "Strong-Play: Marzipan Beef Reverser") on April 25th
• A new Strong Bad Email on April 1st

And past videos are now also being uploaded on the site's official YouTube channel.

From a report: Filmmaker Craig Zobel has been tapped by HBO Max to direct the first two episodes of The Penguin, its much-awaited Batman spinoff. He will also serve as executive producer of the show, with Lauren LeFranc writing the script. Starring in The Penguin is Colin Farrell, who played the villainous Oswald Cobblepot in The Batman earlier this year. The Penguin will focus its attention on Cobblepot's notorious past and trace his rise to power in Gotham.

Zobel is already part of the family, having previously directed The Mare of Easttown for HBO Max. The prolific director also applied his talents to episodes of Westworld, The Leftovers, and American Gods...

If all goes according to schedule, viewers could be enjoying The Penguin by the end of 2023.
The article also notes that Zobel also helped co-create Homestar Runner in its original incarnation as a parody children's picture book.

It was Florida's deadliest hurricane in 87 years, tied for the fifth-strongest hurricane to make landfall in the continental U.S. and killing more than 100 people after veering south into unexpected areas.

But a Rutgers University health psychologist suggests other factors might've made Hurricane Ian more deadly: Ian also underwent rapid intensification, perhaps influenced by climate change, which meant that its wind speeds increased dramatically as it passed over the warm waters of the Gulf of Mexico before landfall.

Emergency managers typically need at least 48 hours to successfully evacuate areas of southwest Florida. However, voluntary evacuation orders for Lee County were issued less than 48 hours prior to landfall, and for some areas were made mandatory just 24 hours before the storm came ashore. This was less than the amount of time outlined in Lee County's own emergency management plan.

While the lack of sufficient time to evacuate was cited by some as a reason why they stayed behind, there are other factors that may also have suppressed evacuations in some of the hardest hit areas. In order to correctly follow evacuation orders, people need to first know their evacuation zone. Research from other areas of the country indicates that many people don't. That's why the evacuation zone locator websites in the affected counties were crucial. However, so many people were checking their zones that some of these websites crashed in the days before the storm.
The article asks whether the early voluntary evacuation order "lulled some residents into being less concerned" and ultimately compounded problems. "In areas where evacuation orders were issued later, people who weren't expecting to evacuate needed to find and understand this evacuation zone information quickly...."

"People need to know that they are in an area being asked to evacuate — and waiting until the storm is on its way to find out their zone may be too late. Emergency managers need to educate people in advance of imminent storms while also developing more robust websites to handle the queries in the days before the storm."

Fandom is rolling up a suite of entertainment and gaming content properties -- including TV Guide and Metacritic -- in a deal with digital-marketing company Red Ventures worth about $50 million. Variety reports: San Francisco-based Fandom acquired GameSpot, Metacritic, TV Guide, GameFAQs, Giant Bomb, Cord Cutters News and Comic Vine under the deal. The sites collectively attract 46 million monthly active users, according to Fandom. Financial terms of the pact were not disclosed; a source familiar with the deal pegged it "in the mid-eight figures," with Fandom paying the roughly $50 million for the properties in cash. Red Ventures had acquired TV Guide, Metacritic and GameSpot in 2020 as part of its $500 million deal to buy the CNET Media Group from Paramount Global.

Founded in 2004, Fandom today hosts more than 250,000 user-curated wiki pages spanning pop culture, gaming, TV and film -- reaching some 300 million monthly active users. Fandom was founded by Jimmy Wales, Wikipedia co-founder, and entrepreneur Angela Beesley Starling. In 2018, Fandom was sold to a company backed by venture-capital firm TPG headed by Jon Miller.

The latest deal continues Fandom's expansion beyond its wiki-based roots. In 2018, Fandom acquired ScreenJunkies, producers of the popular "Honest Trailer" series, from now-defunct digital media company Defy Media. The company acquired Curse Media in 2019 which brought together gaming wikis with integrated digital gaming tools. In 2021, Fandom acquired Fanatical, a an online video-game retailer. Fandom Productions, the content arm of Fandom, will house GameSpot, TV Guide and Metacritic, along with the Honest Trailers team and the weekly video news program "The Loop."

An anonymous reader quotes a report from Ars Technica: Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world. The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers' servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability.

Wednesday's GTSC post said the attackers are exploiting the zero-day to infect servers with webshells, a text interface that allows them to issue commands. These webshells contain simplified Chinese characters, leading the researchers to speculate the hackers are fluent in Chinese. Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including several advanced persistent threat groups known to be backed by the People's Republic of China. GTSC went on to say that the malware the threat actors eventually install emulates Microsoft's Exchange Web Service. It also makes a connection to the IP address 137[.]184[.]67[.]33, which is hardcoded in the binary. Independent researcher Kevin Beaumont said the address hosts a fake website with only a single user with one minute of login time and has been active only since August. The malware then sends and receives data that's encrypted with an RC4 encryption key that's generated at runtime. Beaumont went on to say that the backdoor malware appears to be novel, meaning this is the first time it has been used in the wild. People running on-premises Exchange servers "should apply a blocking rule that prevents servers from accepting known attack patterns," reports Ars. The rule can be found in Microsoft's advisory.

"For the time being, Microsoft also recommends people block HTTP port 5985 and HTTPS port 5986, which attackers need to exploit CVE-2022-41082."

A new treatment for amyotrophic lateral sclerosis, or ALS, has been approved by the US Food and Drug Administration. CNN reports: The FDA announced approval of Relyvrio, developed by Amylyx Pharmaceuticals, on Thursday. The oral medication works as a standalone therapy or when added to other treatments, according to the company, and it has been shown to slow disease progression. Patients and some advocacy groups had urged the FDA to approve the drug, as there are limited treatments available for ALS, and the agency granted priority review in December.

In November, Amylyx submitted a drug application to the FDA for the medication, then called AMX0035, as an oral ALS treatment, seeking approval based on a Phase 2 trial that included 137 people with ALS who received either the drug or a placebo for 24 weeks. The study was funded in part by a grant from the ALS Ice Bucket Challenge, the viral social media campaign that started in 2014 involving people dumping buckets of ice water over themselves to raise awareness and money around ALS. The trial also showed that the drug was generally well-tolerated, but there was a greater frequency of gastrointestinal events in the group getting the medication. Amylyx is now continuing to study its safety and efficacy in a Phase 3 trial. In March, the Peripheral and Central Nervous System Drugs Advisory Committee voted 6-4 that a single Phase 2 trial did not establish the conclusion that the drug is effective in treating ALS.

One key difference between the FDA advisory committee's March and September meetings is that in the later meeting, Amylyx indicated that if the drug was approved but its Phase 3 trial results fail to confirm the drug's benefits, the company would consider withdrawing the drug from the market, Lynch said. She added, however, that the company didn't say specifically what it would view as a failure. "So at the vote, the advisory committee members switched, and most of them said, 'Yes, we are now convinced that this product should be approved.' And when they were asked why they changed their minds, some of them said, 'Well, the company said they would withdraw,'" she said. "And they were also convinced by patients' testimonies that they very much want to try this drug." But overall, the FDA's approval was based on Phase 2 trial data, which, Lynch said, may send a message to other pharmaceutical companies that they don't need robust Phase 3 trial data to get products on the market. Although people with ALS want access to this promising drug, there are concerns that such a message could open the door more broadly to the approval of medications that have not been proved to work, says Holly Fernandez Lynch, an assistant professor of medical ethics and health policy at the University of Pennsylvania. "The FDA could later withdraw those products if needed, she said, but doing so without voluntary company agreement is 'a huge pain' and often requires a very lengthy process," reports CNN.

Saul Kripke, a math prodigy and pioneering logician whose revolutionary theories on language qualified him as one of the 20th century's greatest philosophers, died on Sept. 15 in Plainsboro, N.J. He was 81. The New York Times reports: His death, at Penn Medicine Princeton Medical Center, was caused by pancreatic cancer, according to Romina Padro, director of the Saul Kripke Center at the City University of New York, where Professor Kripke had been a distinguished professor of philosophy and computer science since 2003 and had capped a career exploring how people communicate. Professor Kripke's classic work, "Naming and Necessity," first published in 1972 and drawn from three lectures he delivered at Princeton University in 1970 before he was 30, was considered one of the century's most evocative philosophical books.

"Kripke challenged the notion that anyone who uses terms, especially proper names, must be able to correctly identify what the terms refer to," said Michael Devitt, a distinguished professor of philosophy who recruited Professor Kripke to the City University Graduate Center in Manhattan. "Rather, people can use terms like 'Einstein,' 'springbok,' perhaps even 'computer,' despite being too ignorant or wrong to provide identifying descriptions of their referents," Professor Devitt said. "We can use terms successfully not because we know much about the referent but because we're linked to the referent by a great social chain of communication."

The Pulitzer Prize-winning historian Taylor Branch, writing in The New York Times Magazine in 1977, said Professor Kripke had "introduced ways to distinguish kinds of true statements -- between statements that are 'possibly' true and those that are 'necessarily' true." "In Professor Kripke's analysis," he continued, "a statement is possibly true if and only if it is true in some possible world -- for example, 'The sky is blue' is a possible truth, because there is some world in which the sky could be red. A statement is necessarily true if it is true in all possible worlds, as in 'The bachelor is an unmarried man.'"

An anonymous reader quotes a report from Ars Technica: In January this year, an undersea volcano in Tonga produced a massive eruption, the largest so far this century. The mixing of hot volcanic material and cool ocean water created an explosion that sent an atmospheric shockwave across the planet and triggered a tsunami that devastated local communities and reached as far as Japan. The only part of the crater's rim that extended above water was reduced in size and separated into two islands. A plume of material was blasted straight through the stratosphere and into the mesosphere, over 50 km above the Earth's surface. We've taken a good look at a number of past volcanic eruptions and studied how they influence the climate. But those eruptions (most notably that of Mount Pinatubo) all came from volcanoes on land. Hunga Tonga may be the largest eruption we've ever documented that took place under water, and the eruption plume contained unusual amounts of water vapor -- so much of it that it actually got in the way of satellite observations at some wavelengths. Now, researchers have used weather balloon data to reconstruct the plume and follow its progress during two circuits around the globe.

Your vocabulary word of the day is radiosonde, which is a small instrument package and transmitter that can be carried into the atmosphere by a weather balloon. There are networks of sites where radiosondes are launched as part of weather forecasting services; the most relevant ones for Hunga Tonga are in Fiji and Eastern Australia. A balloon from Fiji was the first to take instruments into the eruption plume, doing so less than 24 hours after Hunga Tonga exploded. That radiosonde saw increasing levels of water as it climbed through the stratosphere from 19 to 28 kilometers of altitude. The water levels had reached the highest yet measured at the top of that range when the balloon burst, bringing an end to the measurements. But shortly after, the plume started showing up along the east coast of Australia, which again registered very high levels of water vapor. Again, water reached to 28 km in altitude but gradually settled to lower heights over the next 24 hours.

The striking thing was how much of it there was. Compared to normal background levels of stratospheric water vapor, these radiosondes were registering 580 times as much water even two days after the eruption, after the plume had some time to spread out. There was so much there that it still stood out as the plume drifted over South America. The researchers were able to track it for a total of six weeks, following it as it spread out while circling the Earth twice. Using some of these readings, the researchers estimated the total volume of the water vapor plume and then used the levels of water present to come up with a total amount of water put into the stratosphere by the eruption. They came up with 50 billion kilograms. And that's a low estimate, because, as mentioned above, there was still water above the altitudes where some of the measurements stopped. The recent findings appear in a new study published in the journal Science.

Long-time Slashdot reader theodp writes: A new study on the Impact of Programming on Primary Mathematics Learning (abstract only, full article $24.95 on ScienceDirect) is generating some buzz on Twitter amongst K-12 CS educator types. It concluded that:

1. Programming did not benefit mathematics learning compared to traditional activities
2. There's a negative though small effect of programming on mathematics learning
3. Mindful "high-road transfer" from programming to mathematics is not self-evident
4. Visual programming languages might distract students from mathematics activities

From the Abstract: "The aim of this study is to investigate whether a programming activity might serve as a learning vehicle for mathematics acquisition in grades four and five.... Classes were randomly assigned to the programming (with Scratch) and control conditions. Multilevel analyses indicate negative effects (effect size range 0.16 to 0.21) of the programming condition for the three mathematical notions.

"A potential explanation of these results is the difficulties in the transfer of learning from programming to mathematics."

The findings of the new study come 4+ years after preliminary results were released from the $1.5M 2015-2019 NSF-funded study Time4CS, a "partnership between Broward County Public Schools (FL), researchers at the University of Chicago, and [tech-bankrolled] Code.org," which explored whether learning CS using Code.org's CS Fundamentals curriculum may be linked to improved learning in math at the grade 3-5 level. Time4CS researchers concluded that the "quasi-experimental" study showed that "No significant differences in Florida State Assessment mathematics scores resulted between treatment and comparison groups."

Released 40 years ago, the 1982 movie Tron eventually spawned a 2010 sequel (plus a 19-episode animated series that aired on Disney XD between 2012 and 2013). But it also spawned a rollercoaster...

Tron Lightcycle Run first opened at Shanghai Disneyland in 2016. (You can find some ride-through footage on YouTube. Apparently riders race against a yellow lightcycle....)

And now the ride is finally coming to Florida, reports Cinemablend: Tron Lightcycle Run began its construction back in 2018 and while the E-ticket ride was massive, we expected things to move along as quickly as possible. However, then a little pandemic happened and that changed a lot. Construction was delayed and even after the parks reopened things were going quite slowly, but more recently things have picked up, and now we know when the ride will finally be open.

At the D23 Expo today Disney Parks Chairman Josh D'Amaro announced a Spring 2023 opening date for Tron Lightcycle Run..... Lightcycle Run has been undergoing testing with live riders of late, a video was shown during the presentation of Josh D'Amaro himself doing a run...
CNET quotes D'Amaro as saying the ride is "really close to being ready for showtime."