sandbagger writes: BioShock: After Midnight is an original story detailing events that took place in Rapture before the protagonist of the first BioShock game arrived at the city of Rapture. It's a sprawling noir story, following a private eye, an Adam fiend whose fallen in love with Atlas, and the crazed cult members of Sofia Lamb.

An anonymous reader quotes a report from ZDNet: After more than two years since it's been used the last time, the Chinese government deployed an infamous DDoS tool named the "Great Cannon" to launch attacks against LIHKG, an online forum where Hong Kong residents are organizing anti-Beijing protests. [...] DDoS attacks with the Great Cannon have been rare, mainly because they tend to generate a lot of bad press for the Chinese government. But in a report published today, AT&T Cybersecurity says the tool has been deployed once again. This time, the Great Cannon's victim was LIHKG.com, an online platform where the organizers of the Hong Kong 2019 protests have been sharing information about the locations of daily demonstrations. The site is also a place where Hong Kong residents congregate to recant stories of Chinese police abuse and upload video evidence.

AT&T Cybersecurity says the first Great Cannon DDoS attacks targeted LIHKG on August 31, while the last one being recorded on November 27. AT&T Cybersecurity researcher Chris Doman said the August attacks used JavaScript code that was very similar to the one spotted in the 2017 attacks on Mingjingnews.com. According to LIHKG, the site received more than 1.5 billion requests per hour during the August attack, compared to the site's previous traffic record that was only a meager 6.5 million requests per hour.

An anonymous reader quotes a report from Ars Technica: IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East] -- not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group" -- also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign.

In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool -- obfuscated to hide its intent -- to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware. "While X-Force IRIS cannot attribute the activity observed during the destructive phase of the ZeroCleare campaign," the researchers noted, "we assess that high-level similarities with other Iranian threat actors, including the reliance on ASPX web shells and compromised VPN accounts, the link to ITG13 activity, and the attack aligning with Iranian objectives in the region, make it likely this attack was executed by one or more Iranian threat groups."

An anonymous reader writes: "Dutch prosecutors have asked a judge for a three-year prison sentence for a local politician who doubled as a hacker and breached the personal iCloud accounts of more than 100 women, stealing and then leaking sexually explicit photos and videos online," reports ZDNet. The hacker (VVD politician Mitchel van der K.) is believed to have been part of the Celebgate (TheFappening) movement. Between 2015 and 2017, van der K. used credentials leaked at other sites to hack into iCloud accounts belonging to acquaintances and Dutch celebrities, from where he stole nudes and sex tapes. Some he leaked online, some he kept for himself. Victims included acquaintances, but also local celebrities, such as Dutch YouTube star Laura Ponticorvo and Dutch field hockey star Fatima Moreira de Melo. After he was arrested, van der K. claimed he was forced to hack his victims by other hackers, an excuse which the prosecution quickly knocked down, pointing out that half of his victims were friends and acquaintances, and not celebrities that would be of interest to other hackers. Days before he was arrested, van der K. was also elected to his city's council, a position from which he resigned.

Russia is to set up a new online site for its national encyclopedia after President Vladimir Putin said Wikipedia was unreliable and should be replaced. From a report: The move will ensure people can find "reliable information that is constantly updated on the basis of scientifically verified sources of knowledge," a government resolution said. Putin last month proposed replacing the crowd-sourced online encyclopedia Wikipedia with an electronic version of the Great Russian Encyclopaedia - the successor to the Soviet Union's main encyclopedia. "This, at any rate, would be reliable information offered in a modern form," Putin said then. Further reading: Putin Signs Law Making Russian Apps Mandatory On Smartphones, Computers.

Jimmy Wales' new social network WT.Social started November with just 1,500 members. Four weeks later, it's skyrocketed up to 345,680 members -- and that's just the beginning.

Next year Wales plans to hire journalists, with the site's users acting as their "editors-in-chief," fulfilling the dreams Wales had for the site's earlier incarnation as a crowd-sourced news platform Wikitribune, reports the journalism magazine Press Gazette: Wikitribune originally employed about ten to 12 journalists who created content and hit publish on stories for the site. But the whole editorial team was laid off in October last year after Wales told them costs were unsustainable with not enough money coming in from crowdfunding and no major investors. [On WT.Social] he instead enabled thousands of users to publish articles, a right that had previously been limited to Wikitribune's staff journalists....

"[T]here was a real feeling that this site was a journalists' website and you as a member are allowed to help them as a junior mini-journalist on the side. And that just didn't really work. Whereas to really foster that sense of community engagement and moral ownership of what they're doing, you kind of want to reverse that and say actually the journalists are here to serve whatever you're interested in so send them out, get them busy, you be the editor-in-chief and direct their work....

"We'll say: 'Here are some of the most active communities, you work for them -- what do they need you to do? What are the things that they want you to look into? Who do they want you to go and hunt down and interview?' So it's really putting journalists at the disposal of people who are in a certain area."
Wales tell the Press Gazette that his original WikiTribune site had had a design that was "too intimidating" for non-journalists. "People felt like 'okay I have to go and write a whole big piece, edit it, publish it, all of that' rather than just sharing, interacting in a much more casual way..."

"So far [on WT Social] that's proven to be overwhelmingly true," Wales added. On his new site users are signed up for four "subwikis" by default -- Internet News, Long Reads, Fighting Misinformation, and Upcoming Newsworthy Events -- and this has started some good conversations. "People come on the platform and they're discussing things, sharing things, writing things in a much more fluid way."


WT.Social is currently looking for volunteer laravel or vue developers, as well as admins, and there's even a paid position as a community assistant.

dryriver writes: Everybody seems to think these days that kids desperately need to learn how to code when they turn six years old. But this ignores a glaring fact -- the biggest shortage in the future labor market is not people who can code competently in Python, Java or C++, it is people who can actually discover or invent completely new and better ways of doing things, whether this is in CS, Physics, Chemistry, Biology or other fields. If you look at the history of great inventors, the last truly gifted, driven and prolific non-corporate inventor is widely regarded to be Nikola Tesla, who had around 700 patents to his name by the time he died. After Tesla, most new products, techniques and inventions have come out of corporate, government or similar structures, not from a good old-fashioned, dedicated, driven, independent-minded, one-person inventor who feverishly dreams up new things and new possibilities and works for the betterment of humanity.

How do you teach inventing to kids? By teaching them the methods of Genrikh Altshuller, for example. Seriously, does teaching five to seven year olds 50-year-old CS/coding concepts and techniques do more for society than teaching kids to rebel against convention, think outside the box, turn convention upside down and beat their own path towards solving a thorny problem? Why does society want to create an army of code monkeys versus an army of kids who learn how to invent new things from a young age? Or don't we want little Nikola Teslas in the 21st Century, because that creates "uncertainty" and "risk to established ways of doing things?"

Password data and other personal information belonging to as many as 2.2 million users of two websites -- one a cryptocurrency wallet service and the other a gaming bot provider -- have been posted online, according to Troy Hunt, the security researcher behind the Have I Been Pwned breach notification service. Ars Technica reports: One haul includes personal information for as many as 1.4 million accounts from the GateHub cryptocurrency wallet service. The other contains data for about 800,000 accounts on RuneScape bot provider EpicBot. The databases include registered email addresses and passwords that were cryptographically hashed with bcrypt, a function that's among the hardest to crack.

The person posting the 3.72GB Gatehub database said it also includes two-factor authentication keys, mnemonic phrases, and wallet hashes, although GateHub officials said an investigation suggested wallet hashes were not accessed. The EpicBot database, meanwhile, purportedly included usernames and IP addresses. Hunt said he selected a representative sample of accounts from both databases to verify the authenticity of the data. All of the email addresses he checked were registered to accounts of the two sites. [...] While there were 2.2 million unique addresses in the two dumps, it's possible that corresponding password hashes or other data isn't included with each one.

dryriver writes: In an episode of the BBC's Tomorrow's World broadcasted all the way back in 1984, a presenter shows hands-on how a laser hologram of a real-world object can be recorded onto a transparent plastic medium, erased again by heating the plastic with an electric current, and then re-recorded differently. The presenter states that computer scientists are very interested in holograms because the future of digital data storage may lie in them. This was 35 years ago. Holographic data storage for PCs, smartphones, etc. still is not available commercially. Why is this? Are data storage holograms too difficult to create? Or did nobody do enough research on the subject, getting us all stuck with mechanical hard disks and SSDs instead? Where are the hologram drives that appeared "so promising" three decades ago?

"Iran, one of the countries most strongly identified with the rise cyber terrorism and malicious hacking, appears now to be using an iron fist to turn on its own," reports TechCrunch: The country has reportedly shut down nearly all internet access in the country in retaliation to escalating protests that were originally ignited by a rise in fuel prices, according to readings taken by NetBlocks, a non-governmental organization that monitors cybersecurity and internet governance around the world...

The protests arose in response to a decision by the state to raise the price of gas in the country by 50%. As this AP article points out, Iran has some of the cheapest gas in the world -- in part because it has one of the world's biggest crude oil reserves -- and so residents in the country see cheap gas as a "birthright." Many use their cars not just to get around themselves but to provide informal taxi services to others, so -- regardless your opinion on whether using fossil fuels is something to be defended or not -- hiking up the prices cuts right to ordinary people's daily lives, and has served as the spark for protest in the country over bigger frustrations with the government and economy, as Iran continues to struggle under the weight of U.S. sanctions.

Clamping down on internet access as a way of trying to contain not just protesters' communication with each other, but also the outside world, is not an unprecedented move; it is part and parcel of how un-democratic regimes control their people and situations. Alarmingly, its use seems to be growing. Pakistan in September cut off internet access in specific regions response to protests over conflicts with India. And Russia -- which has now approved a bill to be able to shut down internet access should it decide to -- is now going to start running a series of drills to ensure its blocks work when they are being used in live responses.
On Twitter, NetBlocks reported yesterday that realtime network data "shows connectivity at 7% of ordinary levels after twelve hours of progressive network disconnections."

An anonymous reader quotes a report from The Verge: On Thursday, 2020 Democratic presidential candidate Andrew Yang put out a sweeping new tech policy proposal with a number of controversial proposals, including taxing digital ads and launching a new department to regulate algorithms on social networks. [...] In his Thursday blog post, Yang argues that his opponents' calls to break-up big tech firms like Facebook and Google fall short of protecting consumers from companies that prioritize "profits over our well-being." Yang's broad tech policy plan attacks the issues plaguing tech from four different angles: promoting a healthy relationship with tech, data ownership and privacy, fighting disinformation, and empowering the federal government with new guidelines and resources to tackle these issues.

Ever since the 2016 election, platforms like Facebook and Twitter have been under fire by public advocates and lawmakers for their failures to remove disinformation from their platforms. In his tech proposal, Yang piggybacks on his digital ads VAT, suggesting that if it were implemented, there would be less false information on social media because platforms would become subscription-based and not be forced to accept advertising at all, let alone misleading political ads. There would also be significant new restrictions on how platforms like Facebook can target users with content. Any algorithms used by "platforms that allow political advertisements or the sharing of news stories" would be required to be open source or at least confidentially shared with Yang's "Department of the Attention Economy." All ads would have to be clearly labeled as such. Yang says he would amend Section 230 of the Communications Decency Act -- one of the most pivotal laws governing the internet -- but didn't specify what his amendment would look like.

He also pledges to pass a "Digital Bill of Rights, ensuring ownership of data, control over how it's used, and compensation for its use" if he is elected president. Consumers could choose to opt in to have their data collected. "But then you should receive a share of the economic value generated from your data," Yang says.

Wikipedia co-founder Jimmy Wales has launched a social network called WT:Social. It has no financial association with Wikipedia and operates on donations, not advertising. The Next Web reports: WT:Social went live last month and is currently nearing 50,000 users. The company is rolling out access slowly; when I signed up, I was approximately number 28,000 on the waitlist. Alternatively, you can pay 13 bucks a month or 100 a year to get access right away.

In comments to the Financial Times, Wales said "The business model of social media companies, of pure advertising, is problematic. It turns out the huge winner is low-quality content." You don't say. WT:Social's interface is rather sparse at the moment, featuring a simple feed comprised of news stories and comments below them. News is a big part of the network; it's a spinoff of Wales' previous project, WikiTribune, which sought to be a global news site comprised of professional journalists and citizen contributors. Both WikiTribune and WT:Social emphasize combatting fake news, highlighting evidence-based coverage over the focus on "engagement" seen on other networks. Each story posted to the network makes prominent where the article comes from, as well as sources and references.

You can also join various "SubWikis" that are essentially like Facebook groups or subreddits, which filter content to stories of a given topic. You can also add hashtags to a post or follow hashtags for more specific interests that might span more than one SubWiki. Posts are currently sorted chronologically, but the site plans to add an upvote system for users to promote quality stories.

theodp writes: Q. What's the difference between Andrew Carnegie and Google? A. Andrew Carnegie used his wealth to help build libraries, while Google's using its wealth to get libraries to help build its brands. "In advance of Computer Science Education Week (CSEdWeek)," announced the American Library Association (ALA), "an annual event to get students excited about coding, ALA will be awarding $300 mini-grants to school and public libraries that facilitate a program for youth during Computer Science Education Week, December 9-15, 2019, using Google's CS First Hour of Code activity. This year, youth can use their imagination to turn a real-life hero into a superhero using code. Code Your Hero is an activity that honors the everyday heroes in our students' lives who use their powers to better their communities. Libraries Ready to Code is an initiative of the American Library Association (ALA) and sponsored by Google, which aims to ensure libraries have the resources, capacity, and inspiration to embrace activities that promote computational thinking (CT) and coding among our nation's youth."

Last month, the ALA announced it had received a $2 million Google.org grant to develop library entrepreneurship centers. In advance of last December's CSEdWeek, Google announced a $1 million sponsorship to the ALA, creating a pool of micro-funds that local libraries could access to bring digital skills training to their community in conjunction with the Libraries Lead with Digital Skills and Libraries Ready to Code ALA-Google joint initiatives.

The operator of the Wayback Machine allows Wikipedia's users to check citations from books as well as the web. From a report: The reason people rely on Wikipedia, despite its imperfections, is that every claim is supposed to have citations. Any sentence that isn't backed up with a credible source risks being slapped with the dreaded "citation needed" label. Anyone can check out those citations to learn more about a subject, or verify that those sources actually say what a particular Wikipedia entry claims they do -- that is, if you can find those sources. It's easy enough when the sources are online. But many Wikipedia articles rely on good old-fashioned books. The entry on Martin Luther King Jr., for example, cites 66 different books. Until recently, if you wanted to verify that those books say what the article says they say, or if you just wanted to read the cited material, you'd need to track down a copy of the book. Now, thanks to a new initiative by the Internet Archive, you can click the name of the book and see a two-page preview of the cited work, so long as the citation specifies a page number.

You can also borrow a digital copy of the book, so long as no else has checked it out, for two weeks -- much the same way you'd borrow a book from your local library. (Some groups of authors and publishers have challenged the archive's practice of allowing users to borrow unauthorized scanned books. The Internet Archive says it seeks to widen access to books in "balanced and respectful ways.") So far the Internet Archive has turned 130,000 references in Wikipedia entries in various languages into direct links to 50,000 books that the organization has scanned and made available to the public. The organization eventually hopes to allow users to view and borrow every book cited by Wikipedia, with the ultimate goal being to digitize every book ever published.

haaz (Slashdot reader #3,346) tells us that history has just been made as part of the Children's Miracle Network Hospitals annual online game-playing fundraiser, Extra Life:
A man from Milwaukee, Wisconsin is trying to play pinball long enough to break the standing Guinness World Record for Longest Marathon Pinball Play of 30 hours 10 minutes.

He's using Extra Life's gaming/DIY fundraising site to webcast his attempt and raise money for Children's Hospital of Wisconsin. He gets a five minute break every hour, and yes, he's wearing an adult diaper.
Just minutes ago on Twitter, the Children's Hospital of Wisconsin announced he'd beaten the record. And lots of other fundraising game-playing marathons are happening around the world today, including one in Canada -- and many of them are being streamed online.

The event began in 2008, and over the last four years has raised close to $10 million each year. As one gaming site put it, "Let's help the future programmers of our cyborg overlords fulfill their mission by streaming some video games for the kids this weekend!"

Last week, NordVPN disclosed a server hack that leaked crypto keys. While the scope of the breach is still being determined, Ars Technica's Dan Goodin reports that NordVPN users' passwords were exposed and at least one site still features user credentials, which include email addresses, plain-text passwords, and expiration dates associated with the accounts. An anonymous Slashdot reader shares an excerpt from his report: I received a list of 753 credentials on Thursday and polled a small sample of users. The passwords listed for all but one were still in use. The one user who had changed their password did so after receiving an unrequested password reset email. It would appear someone who gained unauthorized access was trying to take over the account. Several other people said their accounts had been accessed by unauthorized people. Over the past week, breach notification service Have I Been Pwned has reported at least 10 lists of NordVPN credentials similar to the one I obtained. While it's likely that some accounts are listed in multiple lists, the number of user accounts easily tops 2,000. What's more, a large number of the email addresses in the list I received weren't indexed at all by Have I Been Pwned, indicating that some compromised credentials are still leaking into public view. Most of the Web pages that host these credentials have been taken down, but at the time this post was going live, at least one remained available on Pastebin, despite the fact Ars brought it to NordVPN's attention more than 17 hours earlier.

Without exception, all of the plain-text passwords are weak. In some cases, they're the string of characters to the left of the @ sign in the email address. In other cases, they're words found in most dictionaries. Others appear to be surnames, sometimes with two or three numbers tacked onto the end. These common traits mean that the most likely way these passwords became public is through credential stuffing. That's the term for attacks that take credentials divulged in one leak to break into other accounts that use the same username and password. Attackers typically use automated scripts to carry out these attacks.

ScienceAlert reports on a new study published in the journal eLife that explains for the first time how ants are immune to traffic jams, even under crowded conditions. From the report: By cooperating in a self-organized system, researchers have found that Argentine ants (Linepithema humile) can adapt to different road conditions and prevent clogging from ever occurring. All it takes is a little selflessness and restraint - something we humans should maybe consider. Filming 170 repeat experiments, researchers observed how this particular species of ant moved along a bridge between their nest and a food source. The experiments included different widths of bridge (5 mm, 10 mm, and 20 mm), holding anywhere between 400 and 25,600 ants. Throughout the process, data was collected on traffic flow, the speed of the ants, and the number of collisions that occurred. What the authors found was surprising: these ants appeared to be immune to traffic jams.

"The exact nature of the mechanisms used by Argentine ants to keep the traffic flowing in this study remains elusive," they write, "yet when density on the trail increases, ants seemed to be able to assess crowding locally, and adjusted their speed accordingly to avoid any interruption of traffic flow." In fact, compared to humans, these ants could load up the bridge with twice the capacity without slowing down. When humans are walking or driving, the flow of traffic usually begins to slow when occupancy reaches 40 percent. Argentine ants, on the other hand, show no signs of slowing, even when the bridge occupancy reached 80 percent. And they do this through self-imposed speed regulation. When it's moderately busy, for instance, the authors found the ants actually speed up, accelerating until a maximum flow or capacity is reached. Whereas, when a trail is overcrowded, the ants restrained themselves and avoided joining until things thinned out. Plus, at high density times like this, the ants were found to change their behavior and slow down to avoid more time-wasting collisions.

theodp writes: It'll be interesting to see how Microsoft employees wary of empowering the military react to Wednesday's news of an Intel and Microsoft-led alliance that aims to enlist an army of JROTC high school students to fight the war for CS talent, with support from U.S. lawmakers. From the press release: Today, at the 2019 CSforALL Summit, leaders representing CSforALL and Air Force Junior ROTC announced JROTC-CS, an innovative new initiative that could dramatically increase the number of U.S. high school students taking an Advanced Placement computer science course, particularly among underrepresented populations like minority and female students. This public-private partnership is supported by an Advisory Consortium of industry and education organizations including founding members Intel Corporation, Microsoft, Capital One, Lockheed Martin, Snap Inc., the Air Force Association's Cyberpatriot, and the College Board. More than 500,000 cadets at 3,400 high schools across the U.S. and abroad participate in JROTC programs administered by each of the military services. Only 32% of these cadets have access to Advanced Placement (AP) Computer Science Principles in their school, according to 2018-19 College Board data. The JROTC-CS initiative seeks to access this untapped human resource to address the national talent shortage in computing and cybersecurity and increase career opportunities for JROTC cadets, who are a highly diverse population — more than half are minority students and 40% are female. Additionally, JROTC is strongly represented in schools serving economically disadvantaged communities. [...] The JROTC-CS initiative is designed to complement the innovative, bi-partisan JROTC Cyber Training Act passed by the U.S. House of Representatives as part of the 2020 House National Defense Authorization Act (NDAA) on July 12.

An anonymous reader quotes Popular Mechanics: An assistant professor from the University of New South Wales Sydney in Australia has developed a new method for multiplying giant numbers together that's more efficient than the "long multiplication" so many are taught at an early age. "More technically, we have proved a 1971 conjecture of Schönhage and Strassen about the complexity of integer multiplication," associate professor David Harvey says in this video...

Schönhage and Strassen predicted that an algorithm multiplying n-digit numbers using n * log(n) basic operations should exist, Harvey says. His paper is the first known proof that it does...

The [original 1971] Schönhage-Strassen method is very fast, Harvey says. If a computer were to use the squared method taught in school on a problem where two numbers had a billion digits each, it would take months. A computer using the Schönhage-Strassen method could do so in 30 seconds. But if the numbers keep rising into the trillions and beyond, the algorithm developed by Harvey and collaborator Joris van der Hoeven at École Polytechnique in France could find solutions faster than the 1971 Schönhage-Strassen algorithm.

"It means you can do all sorts of arithmetic more efficiently, for example division and square roots," he says. "You could also calculate digits of pi more efficiently than before. It even has applications to problems involving huge prime numbers.
"The question is, how deep does n have to be for this algorithm to actually be faster than the previous algorithms?" the assistant professor says in the video. "The answer is we don't know.

"It could be billions of digits. It could be trillions. It could be much bigger than that. We really have no idea at this point."

Five years after CBS publicized the fact that the Air Force still used eight-inch floppy disks to store data critical to operating the Air Force's intercontinental ballistic missile command, the aerial and space warfare service branch decided it was time to officially retire them. Ars Technica reports: The system, once called the Strategic Air Command Digital Network (SACDIN), relied on IBM Series/1 computers installed by the Air Force at Minuteman II missile sites in the 1960s and 1970s. Despite the contention by the Air Force at the time of the 60 Minutes report that the archaic hardware offered a cybersecurity advantage, the service has completed an upgrade to what is now known as the Strategic Automated Command and Control System (SACCS), as Defense News reports. SAACS is an upgrade that swaps the floppy disk system for what Lt. Col. Jason Rossi, commander of the Air Force's 595th Strategic Communications Squadron, described as a "highly secure solid state digital storage solution." The floppy drives were fully retired in June.

But the IBM Series/1 computers remain, in part because of their reliability and security. And it's not clear whether other upgrades to "modernize" the system have been completed. Air Force officials have acknowledged network upgrades that have enhanced the speed and capacity of SACCS' communications systems, and a Government Accountability Office report in 2016 noted that the Air Force planned to "update its data storage solutions, port expansion processors, portable terminals, and desktop terminals by the end of fiscal year 2017." But it's not clear how much of that has been completed.