Categories
LifeStyle Nature

Extreme fire danger in California, record cold and snow from Texas to Montana

Extreme and rare fire danger is being issued for California early Monday and throughout the day.
source

Categories
Uncategorized

U.S. Issues Sanctions on Russian Center Involved in Potentially Deadly Cyberattacks

Advertisement
Supported by
The penalties were aimed at a Russian research center that developed tools used in a cyberattack on a Saudi petrochemical plant, which took out the safety controls used to prevent an explosion.
By
The United States on Friday imposed economic sanctions against a Russian government research organization that was responsible for a potentially deadly cyberattack on a Saudi petrochemical facility in 2017.
The sanctions did not name the target, but its description of the attack matched with a hacking that year of Petro Rabigh, the Saudi oil giant, that shut off the safety systems that are used to prevent an explosion. The attackers may have succeeded had a mistake in their code not inadvertently shut down the plant.
Private cybersecurity researchers have called the group that pulled off the attacks “the most dangerous threat activity publicly known.”
According to the sanctions, Russia’s State Research Center of the Russian Institute of Chemistry and Mechanics built the custom tools used in a spate of 2017 attacks on oil facilities in the Middle East as well as attempted hackings of at least 20 electric facilities in the United States. The tools, officials said, had the “capability to cause significant physical damage and loss of life.”
The Russian Embassy did not immediately respond to a request for comment.
The first attack on Petro Rabigh, in August 2017, compromised industrial controllers made by Schneider Electric, which keep equipment operating safely by regulating voltage, pressure and temperature. Russian hackers used their access to shut off the safety locks in those controllers, leading investigators to believe the attack was most likely intended to cause an explosion that would have killed people.
The episode prompted an investigation by the National Security Agency, the F.B.I., the Department of Homeland Security and the Pentagon’s Defense Advanced Research Projects Agency, as well as investigators at Schneider, the security firm FireEye’s Mandiant security team and Dragos, a security firm that specializes in industrial control security.
“Explicitly calling out attacks on industrial control systems is very important,” said Nathan Brubaker, a senior analyst at Mandiant, which first connected the attacks to the Russian research lab in 2018. “The longer you let this activity go, the more OK it becomes, which is really dangerous when you are talking about systems that are core to human life.”
Schneider controllers are used in more than 18,000 plants around the world, including nuclear and water treatment facilities, oil and gas refineries, and chemical plants.
“Such systems provide for the safe emergency shutdown of industrial processes at critical infrastructure facilities in order to protect human life,” Treasury Department officials said in their statement on Friday announcing the sanctions.
After the cyberattack on Petro Rabigh, private investigators caught the same group targeting energy companies in Northern Europe and conducting digital drive-bys of more than a dozen electric companies in the United States, looking for ways to gain access to their systems.
“They’re not only sophisticated, but they’re the only actor who has tried to cross the line into killing people,” said Robert M. Lee, the chief executive of Dragos. “Not only did they demonstrate the capability but the intent to hurt people, which no other actor had done.”
They came days after the Justice Department unsealed charges against six Russian military intelligence officers accused of aggressive cyberattacks on the 2017 French elections, the 2018 Winter Olympics and power grids in Ukraine, as well as another 2017 attack that hit companies like Merck, Mondelez, FedEx and Pfizer and caused billions of dollars of damage.
On Thursday, the F.B.I. and the Cybersecurity and Infrastructure Security Agency accused the same Russian hackers who have been making incursions into the American power grid of hacking state and local systems, including some election support systems.
Federal prosecutors have publicly played down the timing of the indictments and sanctions, but some officials said privately that they were intended to send a clear message that American officials are closely tracking Russia’s information-warfare systems ahead of the Nov. 3 presidential election, whether they are poised to hack election systems, amplify America’s political fissures or get inside the minds of voters.
The sanctions did not name the Russian hackers behind the attacks. As a result of Friday’s actions, Russia’s government-connected research center and people connected to it will have any assets or properties they hold in the United States frozen.
The sanctions also expose anyone who does business or research with the center to similar punishment. “Nobody internationally is going to touch them now,” Mr. Lee said.
Advertisement

source

Categories
Uncategorized

SAP Casts a Cloud Over Software

The pandemic’s duration weighs on the software giant’s outlook and could affect even the hottest cloud names.
source

Categories
Uncategorized

Dragging and Dropping Meta Boxes Might Not Be So Simple in WordPress 5.6

If you have been testing the latest development version of WordPress in the past week or so, you may have noticed that the ability to drag and drop meta boxes seemingly disappeared. This is not a bug. Nine days ago, lead developer Andrew Ozz committed a change that requires end-users to click the “screen options” tab to expose the ability to rearrange meta boxes.
Ozz opened the original ticket and has spearheaded the effort to change how users interact with meta boxes. The issue he would like to solve stems from a change in WordPress 5.5. WordPress’s last major release introduced visible “drop zones” in cases where a meta box container did not contain any meta boxes. These zones let users know that they can move meta boxes into those areas. This change was to fix a regression from a previous release. Needless to say, it was a rabbit hole of changes to chase down. Nevertheless, the problems with meta boxes were presumably fixed in WordPress 5.5.
Ozz opened the ticket to remove the always-visible drop zones when no meta boxes were present. The argument is that the ability to move meta boxes around the screen is technically a “screen option.” Thus, it should only be triggered when the end-user has opened the screen options tab.
Another side issue is that he wanted to address accidental dragging, which he described as more common on laptops with trackpads than other devices.
Some readers may be thinking that meta boxes are going the way of the dinosaur. For those users who have migrated to 100% usage of the block editor, there is a good chance that their only interaction with meta boxes is on the Dashboard admin screen. For users on the classic editor, meta boxes are tightly interwoven into their day-to-day workflow. Many plugins also use the meta box system on custom admin screens.
The biggest counter-argument is that, because meta boxes look and feel like draggable elements, the ability to do so should be active at all times.
The point of contention is primarily about whether dragging and dropping meta boxes is technically a screen option. One side sees the WordPress 5.5 implementation as a broken user experience. The other side sees the new method as broken.
Without user data to back it up, no one can say which method is truly the best option. However, changes to a standard user experience that is more than a decade old are likely to be problematic for a large number of users.
This seems like one of those if-it-ain’t-broke-don’t-fix-it situations. With years of muscle memory for existing users and an expectation for how meta boxes should work, relegating the ability to drag them around the interface to the little-used screen options tab is a regression. At the very least, it is a major change that needs heavy discussion and testing before going forward.
“Nothing breaks, per se,” said John James Jacoby, the lead developer for BuddyPress and bbPress. “Nothing fatal errors. Nothing visually looks different. Yet, a critical user interface function has now gone missing. In my WP User Profiles plugin, for example, there are 15 registered meta boxes. Previous to this change, users with the device and dexterity to use a mouse/pointer/cursor could rearrange those meta boxes with simple dragging and dropping. After this change, no user can rearrange them without first discovering how to unlock the interface to enable rearranging.”
The problem is illustrated by the following screenshot from the WP User Profiles plugin. Each of the highlighted boxes represents areas where end-users would typically be able to click to drag a meta box around the screen. If the current change is not reverted, many users may believe the plugin is broken when they upgrade to WordPress 5.6.
“Is there a plan for letting existing users know that moving metaboxes is now only when Screen Options is open?” asked Helen Hou-Sandì, the core tech lead for 5.6, in the ticket. “I’m not sure I would ever discover that as an existing user and would be convinced everything was broken if I updated with no context.”
The current solution is to drop a note in the “What’s New” section of the WordPress 5.6 release notes to let users know of the change, which may not be visible enough for most users to see. If it does go through, ideally, users would be welcomed with an admin pointer that describe the change directly in their WordPress admin interface.
There are also accessibility impacts to consider. Joe Dolson, a core WordPress committer and member of the accessibility team, said the user experience for keyboard users would become difficult and that the feature would be harder to discover.
“I can’t see a way in which this change, as currently implemented, improves the experience for anybody,” he said. “The proposal from the accessibility team is how we could compromise to reduce the visual impact of the movers without compromising the usability of the system at this extreme level; but just not doing this would be something I’d find entirely acceptable, as well.”
So far, most people who have chimed in on the ticket have given numerous reasons for why this is not a good idea. There is almost no public support for it at this time. However, it currently remains in the latest development/trunk version of WordPress. If not reverted in the coming weeks, it will land in WordPress 5.6.
This is a huge waste of time…
Report
Your email address will not be published. Required fields are marked *









This site uses Akismet to reduce spam. Learn how your comment data is processed.
Enter your email address to subscribe to this blog and receive notifications of new posts by email.


WordPress Tavern is a website about all things WordPress. We cover news and events, write plugin and theme reviews, and talk about key issues within the WordPress ecosystem…read more →
Proudly powered by WordPress.

source