Contract drivers say algorithms terminate them by email -- even when they have done nothing wrong. From a report: Stephen Normandin spent almost four years racing around Phoenix delivering packages as a contract driver for Amazon.com. Then one day, he received an automated email. The algorithms tracking him had decided he wasn't doing his job properly. The 63-year-old Army veteran was stunned. He'd been fired by a machine. Normandin says Amazon punished him for things beyond his control that prevented him from completing his deliveries, such as locked apartment complexes. He said he took the termination hard and, priding himself on a strong work ethic, recalled that during his military career he helped cook for 250,000 Vietnamese refugees at Fort Chaffee in Arkansas. "I'm an old-school kind of guy, and I give every job 110%," he said. "This really upset me because we're talking about my reputation. They say I didn't do the job when I know damn well I did." Normandin's experience is a twist on the decades-old prediction that robots will replace workers. At Amazon, machines are often the boss -- hiring, rating and firing millions of people with little or no human oversight.

Amazon became the world's largest online retailer in part by outsourcing its sprawling operations to algorithms -- sets of computer instructions designed to solve specific problems. For years, the company has used algorithms to manage the millions of third-party merchants on its online marketplace, drawing complaints that sellers have been booted off after being falsely accused of selling counterfeit goods and jacking up prices. Increasingly, the company is ceding its human-resources operation to machines as well, using software not only to manage workers in its warehouses but to oversee contract drivers, independent delivery companies and even the performance of its office workers. People familiar with the strategy say Chief Executive Officer Jeff Bezos believes machines make decisions more quickly and accurately than people, reducing costs and giving Amazon a competitive advantage.

I sometimes talk about "the family of geeks" — how our shared experiences can bring us together.

But if that's true, there's been a death in the family.... Manatee County Administrator Scott Hopes, who is also an epidemiologist, said six unvaccinated employees, including five in the IT department, tested positive for the virus within a two-week period.

The two IT employees who died last week were identified in local media and obituaries as Mary Knight, 58, and Alphonso Cox, 53.

Hopes said that the one IT employee, 23, exposed to the virus who was vaccinated did not get infected. "This particular outbreak demonstrates the effectiveness, I believe, with the vaccine," he said to reporters Monday. "All of the cases were non-vaccinated. They were unvaccinated." He added in a news release, "Individual employees in the IT Department who were known to be fully vaccinated and who were in close proximity of those who were infected did not contract COVID-19."

But even with the outbreak, masks will remain optional for staffers returning this week, with unvaccinated workers being "encouraged but not required, to follow covid-19 prevention measures...." Manatee County, located in southwest Florida, has fully vaccinated 43 percent of its eligible population. The Manatee Board of County Commissioners repealed coronavirus safety requirements last month and strongly recommended that people visiting the County Administration Building "use their best judgment" to protect themselves from a potential spread of the virus...

When the second employee died Thursday, the decision was made to shut down the building the next day so it could be disinfected. "When you have that many cases, and you have a 40 percent fatality rate, you have to worry," Hopes said to Florida Politics. "I would prefer not to have any more employee funerals." Yet the county announced over the weekend that "face masks will be optional for the public and employees inside the facility...."

Funerals and celebration-of-life events for Knight and Cox are scheduled to take place later this week.
Thanks to Slashdot reader luis_a_espinal (a Florida-based software engineer) for sharing the story. Country administrator Hopes is concerned, reports the Sarasota Herald-Tribune, because "Of the first five cases, all were sick enough to be hospitalized or died. That's not the normal COVID variant that we saw last year." And yet... As officials work to control the outbreak, questions have been raised about how far the county can go to keep employees safe — including whether it can inquire about employees' vaccination status, since the recent victims so far have not been fully vaccinated... "We are allowed to ask," Hopes said. "But they don't have to tell us, and whatever their response is, we are not to ask any further." Manatee County School District General Counsel Mitch Teitelbaum said the school district had the same understanding of privacy laws...

[The county-owned seaport] Port Manatee had reported three new cases of COVID-19 on Monday, spurring fears that the virus was continuing to spread among the county's workforce. On Tuesday, port spokeswoman Virginia Zimmerman said the three cases had been an "aberration" and that there are not any additional cases to report. Zimmerman said the port does not inquire about employees' vaccination status, and that the port "encourages, but does not require, staff to be vaccinated."

While the county scrambles to mitigate the spread of the virus, Hopes said many county employees are grieving the loss of their coworkers.

"These weren't just colleagues," Hopes said. "These people have basically lived at work together for 20 years, and this happened quickly."

"When Red Hat killed off CentOS Linux in a highly controversial December 2020 announcement, Gregory Kurtzer immediately announced his intention to recreate CentOS with a new distribution named after his deceased mentor," Ars Technica reported in February.

And this week, "The Rocky Enterprise Software Foundation has announced general availability (GA) of Rocky Linux 8.4," reports ZDNet. "It's an important milestone because it's the first Rocky Linux general availability release ever." Huge companies, including Disney, GoDaddy, Rackspace, Toyota and Verizon, relied on CentOS, and they were reportedly not happy about RedHat's decision... It turns out that Kurtzer's decision has been a popular one. Besides quickly building up an army of hundreds of contributors for the project, Rocky Linux 8.4 - which follows the May 18 release of Red Hat's RHEL 8.4 - was downloaded at least 10,000 times within half a day of its release... "If we extrapolate the count to include our other mirrors we are probably at least 3-4x that (if not even way more)!" boasts Kurtzer in a LinkedIn post. "Lots of reports coming in of people and organizations already replacing their CentOS systems (and even other Linux distributions) with Rocky. The media is flying off the hook and business analysts also validating to me personally that Rocky Linux might soon be the most utilized Linux operating system used in enterprise and cloud!"

Rocky Linux 8.4 took seven months for the newly formed community to release, and is available for x86_64 and ARM64 (aarch64) architecture hardware in various ISOs.
"Sufficient testing has been performed such that we have confidence in its stability for production systems," explains a blog post at RockyLinux.org, adding that free community support is available through the forums as well as live chat avaiable through IRC and Rocky Linux Mattermost. "Paid commercial support is currently available through CIQ..."

"Corporations come and go, their interests as transient as they are self-serving. But a community persists, and that's who we dedicate Rocky Linux to: you." Rocky is more than the next free and open, community enterprise operating system. It's a community. A commitment to an ideal bigger than the sum of its parts, and a promise that our principles — embedded even within our repositories and ISOs — are immutable...

This is just the beginning, and the Rocky Enterprise Software Foundation is more than just Rocky Linux — it's a home for those that believe that open source isn't just a switch that can be toggled at will, and that projects that many rely on not be subject to the whims of a few. To this point, you can easily find all of our sources, our build infrastructure, Git repositories, and everything else anyone would need to fork our work and ensure that it continues if need be...

When we announced our release candidate, we asked you to come build the next free, open, community enterprise operating system with us. Now we're asking you for more: join us as we build our community.
They also thanked 11 sponsors and partners for contributing "resources, financial backing, software, and infrastructure."

Bleeping Computer reports: Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control IPs.

G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec community in tracing and analyzing the malicious drivers bearing the seal of Microsoft... This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process.
G Data writes: We forwarded our findings to Microsoft who promptly added malware signatures to Windows Defender and are now conducting an internal investigation. At the time of writing it is still unknown how the driver could pass the signing process.
In a Friday blog post, Microsoft said it was contacting other antivirus software vendors "so they can proactively deploy detections," but also emphasized the attack's limited scope: The actor's activity is limited to the gaming sector specifically in China and does not appear to target enterprise environments. We are not attributing this to a nation-state actor at this time. The actor's goal is to use the driver to spoof their geo-location to cheat the system and play from anywhere. The malware enables them to gain an advantage in games and possibly exploit other players by compromising their accounts through common tools like keyloggers.

It's important to understand that the techniques used in this attack occur post exploitation, meaning an attacker must either have already gained administrative privileges in order to be able to run the installer to update the registry and install the malicious driver the next time the system boots or convince the user to do it on their behalf.

We will be sharing an update on how we are refining our partner access policies, validation and the signing process to further enhance our protections. There are no actions customers should take other than follow security best practices and deploy Antivirus software such as Windows Defender for Endpoint.

NASA has released a new video explaining the complicated, hour-long process required for the Mars rover to take a selfie (which was actually a composite of 62 separate images stitched together).

And meanwhile, CNN reports that its Ingenuity helicopter completed its eighth flight this week, "and even got a software update to fix an annoying issue that impacted some of its previous outings." On its latest outing, Ingenuity flew 525 feet (160 meters) to the south and southeast to a new airfield. This was the copter's third flight of the operations demo phase, in which Ingenuity is proving its usefulness as an aerial scout without interfering with the Perseverance rover's science mission — searching for evidence of ancient life on Mars... Ingenuity continues to do well, and the team is planning for more flights that will push its capabilities. And the helicopter is doing even better now that its troublesome "watchdog" software issue has been fixed. That was deployed before the eighth flight...

Ingenuity is also due for a navigation computer software update that will fix the issue that occurred during the chopper's sixth flight. Images captured by the navigation camera, which feed into the helicopter's navigation computer, had timing delays. Those images help Ingenuity to track its location, among other critical factors during flight. When the incorrect times and images were associated, it caused the chopper to wobble in the air. Ingenuity was able to land safely, but the team wants to prevent the issue from happening again so the chopper doesn't spiral out of control. It's also why the helicopter didn't capture any color images during its last two flights.

Famed software engineer Miguel de Icaza confirmed on Twitter that you will be able to sideload Android APKs in Windows 11. Android Authority reports: Yesterday, Microsoft surprised us all by announcing that Windows 11 will support native Android app installation. Using the Microsoft Store, you'll be able to search for, install, and use Android apps right on your PC. This is possible through an integration of the Amazon App Store. However, a big question loomed over the announcement: would you be able to sideload Android APKs on Windows 11? Sideloading apps would allow you to install Android programs from outside the Microsoft Store, which would give you a much larger potential library.

It seems the answer to that question is "yes," at least according to famed engineer Miguel de Icaza. Miguel is responsible for numerous software projects, including GNOME, and currently works at Microsoft. However, his Twitter bio explicitly says "Working at Microsoft, not speaking for them," so we need to take this news with some skepticism. Of course, it's not quite clear how sideloading Android APKs on Windows 11 will work. Will you be able to simply download an APK as you would an EXE, double-click it, and install it? Or will there be some sort of workaround protocol? We'll need to wait to see how this develops.

An anonymous reader quotes a report from Ars Technica: For years, security researchers and cybercriminals have hacked ATMs by using all possible avenues to their innards, from opening a front panel and sticking a thumb drive into a USB port to drilling a hole that exposes internal wiring. Now, one researcher has found a collection of bugs that allow him to hack ATMs -- along with a wide variety of point-of-sale terminals -- in a new way: with a wave of his phone over a contactless credit card reader. Josep Rodriguez, a researcher and consultant at security firm IOActive, has spent the last year digging up and reporting vulnerabilities in the so-called near-field communications reader chips used in millions of ATMs and point-of-sale systems worldwide. NFC systems are what let you wave a credit card over a reader -- rather than swipe or insert it -- to make a payment or extract money from a cash machine. You can find them on countless retail store and restaurant counters, vending machines, taxis, and parking meters around the globe.

Now Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems' firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message. Rodriguez says he can even force at least one brand of ATMs to dispense cash -- though that "jackpotting" hack only works in combination with additional bugs he says he has found in the ATMs' software. He declined to specify or disclose those flaws publicly due to nondisclosure agreements with the ATM vendors. "You can modify the firmware and change the price to one dollar, for instance, even when the screen shows that you're paying 50 dollars. You can make the device useless, or install a kind of ransomware. There are a lot of possibilities here," says Rodriguez of the point-of-sale attacks he discovered. "If you chain the attack and also send a special payload to an ATM's computer, you can jackpot the ATM -- like cash out, just by tapping your phone."

Rodriguez says he alerted the affected vendors -- which include ID Tech, Ingenico, Verifone, Crane Payment Innovations, BBPOS, Nexgo, and the unnamed ATM vendor -- to his findings between seven months and a year ago. Even so, he warns that the sheer number of affected systems and the fact that many point-of-sale terminals and ATMs don't regularly receive software updates -- and in many cases require physical access to update -- mean that many of those devices likely remain vulnerable. "Patching so many hundreds of thousands of ATMs physically, it's something that would require a lot of time," Rodriguez says.

AmiMoJo writes: Security researchers have found four major security vulnerabilities in the BIOSConnect feature of Dell SupportAssist, allowing attackers to remotely execute code within the BIOS of impacted devices. According to Dell's website, the SupportAssist software is 'preinstalled on most Dell devices running Windows operating system,' while BIOSConnect provides remote firmware update and OS recovery features. The chain of flaws discovered by Eclypsium researchers comes with a CVSS base score of 8.3/10 and enables privileged remote attackers to impersonate Dell.com and take control of the target device's boot process to break OS-level security controls. "Such an attack would enable adversaries to control the device's boot process and subvert the operating system and higher-layer security controls," Eclypsium researchers explain in a report shared in advance with BleepingComputer. "The issue affects 129 Dell models of consumer and business laptops, desktops, and tablets, including devices protected by Secure Boot and Dell Secured-core PCs," with roughly 30 million individual devices exposed to attacks.

The House Judiciary Committee advanced a bill to prevent companies like Amazon.com, Apple, Facebook and Alphabet's Google from favoring their own products, a measure that critics warned could complicate the use of Apple's own apps on its iPhone or shopping on Amazon. From a report: The legislation was the fifth bill out of six being taken up by the committee in a session that ran for nearly 20 hours into early Thursday morning, before breaking until later in the day. The measure, sponsored by antitrust subcommittee Chair David Cicilline, advanced on a narrowly bipartisan 24-20 vote. The marathon session featured recurring clashes over whether software giant Microsoft would be subject to the committee's four bills focused on the biggest tech companies. The criteria for a "covered platform" in those proposals are based on market capitalization, monthly users and whether other businesses depend on the company's services. The extensive back and forth featured debate about antitrust principles, content moderation, freedom of speech and even how legislation should define a foreign adversary. These discussions didn't fall along party lines, and in some cases showed disagreement among Democrats and found Republicans pitted against each other.

The specs required to run Microsoft's new Windows 11 OS are only slightly higher than Windows 10's current requirements. All you'll need is a 64-bit CPU (or SoC), 4GB of RAM, and 64GB of storage. The Verge reports: This marks the end of Windows support for older 32-bit hardware platforms, even though it will continue to run 32-bit software. The fastest way to find out if your system can handle Windows 11 is to download Microsoft's PC Health App, which will automatically tell you if your specs and settings are ready for the new OS. The system requirements listed by Microsoft are [available here].

Microsoft, which has unveiled a new version of Windows for the first time in six years, said it will integrate its Teams chat and videoconferencing software directly into the operating system. From a report: Teams has seen a huge surge in users during the pandemic, boosting Microsoft in a product category where it's been trying to catch up with Slack and Zoom. The latest personal computer operating system, Windows 11, also features a new design and will offer changes to the app store.

An anonymous reader shares a report: Blender is one of the most important open source projects, as the 3D graphics application suite is used by countless people at home, for business, and in education. The software can be used on many platforms, such as Windows, Mac, and of course, Linux. Today, Ubuntu-maker Canonical announces it will offer paid enterprise support for Blender LTS. Surprisingly, this support will not only be for Ubuntu users. Heck, it isn't even limited to Linux installations. Actually, Canonical will offer this support to Blender LTS users on Windows, Mac, and Linux.

Proof-assistant software handles an abstract concept at the cutting edge of research, revealing a bigger role for software in mathematics. From a report: Mathematicians have long used computers to do numerical calculations or manipulate complex formulas. In some cases, they have proved major results by making computers do massive amounts of repetitive work -- the most famous being a proof in the 1970s that any map can be coloured with just four different colours, and without filling any two adjacent countries with the same colour. But systems known as proof assistants go deeper. The user enters statements into the system to teach it the definition of a mathematical concept -- an object -- based on simpler objects that the machine already knows about.

A statement can also just refer to known objects, and the proof assistant will answer whether the fact is 'obviously' true or false based on its current knowledge. If the answer is not obvious, the user has to enter more details. Proof assistants thus force the user to lay out the logic of their arguments in a rigorous way, and they fill in simpler steps that human mathematicians had consciously or unconsciously skipped. Once researchers have done the hard work of translating a set of mathematical concepts into a proof assistant, the program generates a library of computer code that can be built on by other researchers and used to define higher-level mathematical objects. In this way, proof assistants can help to verify mathematical proofs that would otherwise be time-consuming and difficult, perhaps even practically impossible, for a human to check. Proof assistants have long had their fans, but this is the first time that they had a major role at the cutting edge of a field, says Kevin Buzzard, a mathematician at Imperial College London who was part of a collaboration that checked Scholze and Clausen's result. "The big remaining question was: can they handle complex mathematics?" says Buzzard. "We showed that they can."

Apple is raising fears about letting users install applications outside the company's App Store, an issue being targeted by lawmakers and regulators that also played a prominent role in its recent trial against Epic Games. From a report: The company said Wednesday on its website that requiring apps to be downloaded from the App Store protects consumers against scams, keeps their privacy secure and provides developers payment for their work. All those benefits could disappear if apps can be downloaded from third-party app stores with lesser protections or users get an app from a website or PC and "sideload" it onto the phone. The timing of Apple's push back isn't coincidental.

The U.S. House Judiciary Committee Wednesday is scheduled to discuss six proposed antitrust bills, including one sponsored by Rhode Island Democrat Representative David Cicilline, a Democrat from Rhode Island and chairman of the antitrust subcommittee that, if passed into law, could call for Apple to open up to third-party app stores and provide all of its iPhone technologies to third-party software makers. "It shall be unlawful for a person operating a covered platform, in or affecting commerce, to restrict or impede the capacity of a business user to access or interoperate with the same platform, operating system, hardware and software features that are available to the covered platform operator's own products, services, or lines of business," according to an early copy of the bill.

"Allowing sideloading would degrade the security of the iOS platform and expose users to serious security risks not only on third-party app stores, but also on the App Store," the Cupertino, California-based technology giant said on its website. "Because of the large size of the iPhone user base and the sensitive data stored on their phones -- photos, location data, health and financial information -- allowing sideloading would spur a flood of new investment into attacks on the platform."

Senior executives at a French spyware firm have been indicted for the company's sale of surveillance software to authoritarian regimes in Libya and Egypt that resulted in the torture and disappearance of dissidents. MIT Technology Review reports: While high-tech surveillance is a multibillion-dollar industry worldwide, it is rare for companies or individuals to face legal consequences for selling such technologies -- even to notorious dictatorships or other dangerous regimes. But charges in the Paris Judicial Court against leaders at Amesys, a surveillance company that later changed its name to Nexa Technology, claim that the sales to Libya and Egypt over the last decade led to the crushing of opposition, torture of dissidents, and other human rights abuses. The former head of Amesys, Philippe Vannier, and three current and former executives at Nexa technologies were indicted for "complicity in acts of torture" for selling spy technology to the Libyan regime. French media report that Nexa president Olivier Bohbot, managing director Renaud Roques, and former president Stephane Salies face the same charges for surveillance sales to Egypt.

The charges were brought by brought by the Crimes Against Humanity and War Crimes unit of the court, but the case began 10 years ago when Amesys sold its system for listening in on internet traffic to the Libyan dictator Muammar Gaddafi. Six victims of the spying testified in France about being arrested and tortured by the regime, an experience that they say is a direct result of these spying tools. In 2014, the company sold surveillance software to Egyptian president Abdel al-Sisi shortly after he took control of the country in a military coup. The complaints, filed by the International Federation for Human Rights, or FIDH, and the French League for Human Rights, allege that the company did not have government permission to sell its technologies to Libya or Egypt because oversight was weak and at times nonexistent. The claims led to an independent judicial investigation against Amesys/Nexa, which is still ongoing. Next, the judges will decide whether to send the case to criminal court or dismiss it if there is not sufficient evidence -- but the indictment is a major step forward and points toward the prospect that the judges will view the evidence as potentially strong enough to support a criminal trial.

Microsoft's market capitalization hit $2 trillion for the first time. GeekWire reports: The Redmond, Wash.-based tech giant trails only Apple among the world's most valuable companies. Apple became the first publicly traded U.S. company to reach the $2 trillion mark in August. Fellow Seattle-area giant Amazon, valued Tuesday at $1.77 trillion, is also approaching the $2 trillion club. Microsoft stock was up 1.1% Tuesday and is up more than 20% this year.

The company continues to see growing demand for its cloud services as the pandemic has accelerated technology adoption. It beat quarterly expectations with $41.7 billion in revenue for the March quarter, up 19% year-over-year -- its biggest revenue growth since 2018 -- and profits of $15.5 billion, up 44%. A Wedbush report last month projected more growth ahead for Microsoft, with Azure's cloud momentum "still in its early days" and the company "firmly positioned to gain more market share vs. AWS in this cloud arms race." Microsoft also continues to invest heavily in its gaming business; add new features to its Teams collaboration software; and is staying active in the M&A arena with its $19.7 billion acquisition of Nuance Communications and reported interest in Discord and Pinterest.

Alphabet's Google plans to shut down a long-running program aimed at entry-level engineers from underrepresented backgrounds after participants said it enforced "systemic pay inequities," according to internal correspondence seen by Reuters. From the report: Google confirmed it was replacing the Engineering Residency with a new initiative, saying it is "always evaluating programs to ensure they evolve and adapt over time to meet the needs of our employees." Google last year pledged to improve retention for underrepresented employee groups. Critics have long argued that Google and its tech industry peers favor white, Asian and male workers in hiring, promotions and pay. Companies have grown more attuned to concerns about workforce diversity since the Black Lives Matter protests a year ago.

The Google residency, often referred to as "Eng Res," has since 2014 given graduates from hundreds of schools a chance to work on different teams, receive training and prove themselves for a permanent job over the course of a year. It offered a cohort of peers for bonding, three former residents said. Residents were Google's "most diverse pool" of software engineers and came "primarily from underrepresented groups," according to a June 2020 presentation and an accompanying letter to management that one source said over 500 current and former residents signed.

For many professionals, Hawaii seems a dream spot for remote work. But pulling off remote work in the Aloha state takes more than a plane ticket and a laptop. From a report: The pandemic devastated the state's economy. According to the Hawaii Tourism Authority, visitor arrivals fell 97.6% between August 2019 and August the following year. Employment in the state's leisure and hospitality sector, which accounts for nearly one in five jobs, fell 53% between February and August 2020, according to the Pew Center. Thanks in part to state initiatives -- including pre-arrival coronavirus testing for visitors and marketing campaigns wooing remote workers -- tourism is on the rebound. In April, visitors reached nearly 500,000, compared with roughly 4,500 in April 2020. One program, called Movers and Shakas (named after the friendly Y-shaped hand gesture with extended thumb and pinkie that means "hang loose"), was launched in December with local business leaders. It offers free airfare to remote workers who commit to staying at least a month and participate in volunteer activities. The program's 50 spots attracted 90,000 applications. Applications for the second round will open this month.

As it is elsewhere, reliable Wi-Fi is the litmus test for many. Some areas of the Hawaiian islands, especially rural regions, lack robust broadband or cellular infrastructure. Tomasz Janczuk, a 45-year-old based in the Seattle area who owns and operates a software-development firm, chose the three Big Island hotels that he and his family lived in for a month based on Wi-Fi strength. During an off-road excursion, Mr. Janczuk got a call from an employee about a service outage at his company. He pulled over and had to climb on top of his Jeep for sufficient reception to help troubleshoot the problem. "If there's no Wi-Fi, you have to fall back on cellphones, and that is quite spotty out there," said Mr. Janczuk, who also carried a hot spot. Some workers find that Hawaii's spectacular surroundings -- which drew them in the first place -- can be a distraction. Jasmyn Franks, a social-media strategist for an advertising agency in Kansas City, Mo., began working in mid-May from the palm-tree-filled backyard of her aunt's house in Mililani, a mountainous city on Oahu. Ms. Franks, 30, said initially, the first five to 10 minutes of every conference call were taken up with colleagues admiring her background. "So, there was a point where I was just like, 'OK, let's just take this to the corner or something where it kind of looks like I'm at the house.'"

"In 2016 North Korean hackers planned a $1bn raid on Bangladesh's national bank," reports the BBC, "and came within an inch of success — it was only by a fluke that all but $81m of the transfers were halted, report Geoff White and Jean H Lee...

"It all started with a malfunctioning printer..." It was located inside a highly secure room on the 10th floor of the bank's main office in Dhaka, the capital. Its job was to print out records of the multi-million-dollar transfers flowing in and out of the bank. When staff found it wasn't working, at 08:45 on Friday 5 February 2016, "we assumed it was a common problem just like any other day," duty manager Zubair Bin Huda later told police. "Such glitches had happened before." In fact, this was the first indication that Bangladesh Bank was in a lot of trouble. Hackers had broken into its computer networks, and at that very moment were carrying out the most audacious cyber-attack ever attempted. Their goal: to steal a billion dollars.

To spirit the money away, the gang behind the heist would use fake bank accounts, charities, casinos and a wide network of accomplices.... When the bank's staff rebooted the printer, they got some very worrying news. Spilling out of it were urgent messages from the Federal Reserve Bank in New York — the "Fed" — where Bangladesh keeps a US-dollar account. The Fed had received instructions, apparently from Bangladesh Bank, to drain the entire account — close to a billion dollars. The Bangladeshis tried to contact the Fed for clarification, but thanks to the hackers' very careful timing, they couldn't get through... The bank's HQ in Dhaka was beginning two days off. And when the Bangladeshis began to uncover the theft on Saturday, it was already the weekend in New York... And the hackers had another trick up their sleeve to buy even more time. Once they had transferred the money out of the Fed, they needed to send it somewhere. So they wired it to accounts they'd set up in Manila, the capital of the Philippines. And in 2016, Monday 8 February was the first day of the Lunar New Year, a national holiday across Asia...

They had had plenty of time to plan all of this, because it turns out the Lazarus Group had been lurking inside Bangladesh Bank's computer systems for a year... Once inside the bank's systems, Lazarus Group began stealthily hopping from computer to computer, working their way towards the digital vaults and the billions of dollars they contained... But they still had one final hurdle to clear — the printer on the 10th floor. Bangladesh Bank had created a paper back-up system to record all transfers made from its accounts. This record of transactions risked exposing the hackers' work instantly. And so they hacked into the software controlling it and took it out of action.

With their tracks covered, at 20:36 on Thursday 4 February 2016, the hackers began making their transfers — 35 in all, totalling $951m, almost the entire contents of Bangladesh Bank's New York Fed account.
There's more to the story — it's a whole episode on a 10-episode BBC World Service podcast which they're calling an example of "the new front line in a global battleground: a murky nexus of crime, espionage and nation-state power-mongering. And it's growing fast."

The story has a surprise ending — but alongo the way, the BBC's article points out that the consequences for the bank's governor were almost instant. "He was asked to resign," says U.S.-based cyber-security expert Rakesh Asthana. "I never saw him again."

"Everything from Visual Studio Code to Microsoft Edge and Teams package links were affected," reports Windows Central. They note Azure's status page (which now shows the issue lasting for more than 22 hours), though however long it lasted, "it's a virtual eternity for those whose entire ecosystem is crippled by such an outage."

According to Ars Technica, starting on Wednesday, "packages.microsoft.com — the repository from which Microsoft serves software installers for Linux distributions including CentOS, Debian, Fedora, OpenSUSE, and more — went down hard..." The outage impacted users trying to install .NET Core, Microsoft Teams, Microsoft SQL Server for Linux (yes, that's a thing) and more — as well as Azure's own devops pipelines.

We first became aware of the problem Wednesday evening when we saw 404 errors in the output of apt update on an Ubuntu workstation with Microsoft Teams installed. The outage is somewhat better-documented at this .NET Core issue report on Github, with many users from all around the world sharing their experiences and theories...

The entire repository cluster that serves all Linux packages for Microsoft was completely down — issuing a range of HTTP 404 (content not found) and 500 (Internal Server Error) messages for any URL — for roughly 18 hours. Microsoft engineer Rahul Bhandari confirmed the outage roughly five hours after it was initially reported, with a cryptic comment about the infrastructure team "running into some space issues."

Eighteen hours after the issue was detailed, Bhandari said that the mirrors were once again available — although with temporarily degraded performance, likely due to cold caches.