A group of more than 800 startups has sent a letter to the FCC chairman Ajit Pai saying they are "deeply concerned" about his decision to kill net neutrality -- reversing the Title II classification of internet service providers. The group, which includes Y Combinator, Etsy, Foursquare, GitHub, Imgur, Nextdoor, and Warby Parker, added that the decision could end up shutting their businesses. They add, via an article on The Verge: "The success of America's startup ecosystem depends on more than improved broadband speeds. We also depend on an open Internet -- including enforceable net neutrality rules that ensure big cable companies can't discriminate against people like us. We're deeply concerned with your intention to undo the existing legal framework. Without net neutrality, the incumbents who provide access to the Internet would be able to pick winners or losers in the market. They could impede traffic from our services in order to favor their own services or established competitors. Or they could impose new tolls on us, inhibiting consumer choice. [...] Our companies should be able to compete with incumbents on the quality of our products and services, not our capacity to pay tolls to Internet access providers."

The IT workers from the University of California's San Francisco campus who were replaced by an offshore outsourcing firm late last year intend to file a lawsuit challenging their dismissal. "It will allege that the tech workers at the university's San Francisco campus were victims of age and national origin discrimination," reports Computerworld. From the report: The IT employees lost their jobs in February after the university hired India-based IT services firm HCL. Approximately 50 full-time university employees lost their jobs, but another 30 contractor positions were cut as well. "To take a workforce that is overwhelmingly over the age of 40 and replace them with folks who are mainly in their 20s -- early 20s, in fact -- we think is age discrimination," said the IT employees' attorney, Randall Strauss, of Gwilliam Ivary Chiosso Cavalli & Brewer. The national origin discrimination claim is the result of taking a workforce "that reflects the diversity of California" and is summarily let go and is "replaced with people who come from one particular part of the world," said Strauss. The lawsuit will be filed in Alameda County Superior Court.

COBOL is a programming language invented by Hopper from 1959 to 1961, and while it is several decades old, it's still largely used by the financial sector, major corporations and part of the federal government. Mar Masson Maack from The Next Web interviews Daniel Doderlein, CEO of Auka, who explains why banks don't have to actively kill COBOL and how they can modernize and "minimize the new platforms' connections to the old systems so that COBOL can be switched out in a safe and cheap manner." From the report: According to [Doderlein], COBOL-based systems still function properly but they're faced with a more human problem: "This extremely critical part of the economic infrastructure of the planet is run on a very old piece of technology -- which in itself is fine -- if it weren't for the fact that the people servicing that technology are a dying race." And Doderlein literally means dying. Despite the fact that three trillion dollars run through COBOL systems every single day they are mostly maintained by retired programming veterans. There are almost no new COBOL programmers available so as retirees start passing away, then so does the maintenance for software written in the ancient programming language. Doderlein says that banks have three options when it comes to deciding how to deal with this emerging crisis. First off, they can simply ignore the problem and hope for the best. Software written in COBOL is still good for some functions, but ignoring the problem won't fix how impractical it is for making new consumer-centric products. Option number two is replacing everything, creating completely new core banking platforms written in more recent programming languages. The downside is that it can cost hundreds of millions and it's highly risky changing the entire system all at once. The third option, however, is the cheapest and probably easiest. Instead of trying to completely revamp the entire system, Doderlein suggests that banks take a closer look at the current consumer problems. Basically, Doderlein suggests making light-weight add-ons in more current programming languages that only rely on COBOL for the core feature of the old systems.

Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.

Facebook is pressing its enforcement against what it calls "information operations" -- bad actors who use the platform to spread fake news and false propaganda. From a report: The company, which published a report on the subject today, defines these operations as government-led campaigns -- or those from organized "non-state actors" -- to promote lies, sow confusion and chaos among opposing political groups, and destabilize movements in other countries. The goal of these operations, the report says, is to manipulate public opinion and serve geopolitical ends. The actions go beyond the posting of fake news stories. The 13-page report specifies that fake news can be motivated by a number of incentives, but that it becomes part of a larger information operation when its coupled with other tactics and end goals. Facebook says these include friend requests sent under false names to glean more information about the personal networks of spying targets and hacking targets, the boosting of false or misleading stories through mass "liking" campaigns, and the creation propaganda groups. The company defines these actions as "targeted data collection," "false amplification," and "content creation." Facebook plans to target these accounts by monitoring for suspicious activity, like bursts of automated actions on the site, to enact mass banning of accounts.

Nomx, a startup that offers an email client by the same name, bills itself as the maker of the "world's most secure email service." The startup goes on to suggest that "everything else is insecure." So it was only a matter of time before someone decided to spend some time on assessing how valid Nomx's claims are. Very misleading, it turns out. From a report on Motherboard: Nomx sells a $199 device that essentially helps you set up your own email server in an attempt to keep your emails away from mail exchange (or MX) -- hence the brand name -- servers, which the company claims to be inherently "vulnerable." Security researcher Scott Helme took apart the device and tried to figure out how it really works. According to his detailed blog post, what he found is that the box is actually just a Raspberry Pi with outdated software on it, and several bugs. So many, in fact, that Helme wrote Nomx's "code is riddled with bad examples of how to do things." The worst issue, Helme explained, is that the Nomx's web application had a vulnerability that allowed anyone to take full control of the device remotely just by tricking someone to visit a malicious website. "I could read emails, send emails, and delete emails. I could even create my own email address," Helme told Motherboard in an online chat. A report on BBC adds: Nomx said the threat posed by the attack detailed by Mr Helme was "non-existent for our users." Following weeks of correspondence with Mr Helme and the BBC Click Team, he said the firm no longer shipped versions that used the Raspberry Pi. Instead, he said, future devices would be built around different chips that would also be able to encrypt messages as they travelled. "The large cloud providers and email providers, like AOL, Yahoo, Gmail, Hotmail - they've already been proven that they are under attack millions of times daily," he said. "Why we invented Nomx was for the security of keeping your data off those large cloud providers. To date, no Nomx accounts have been compromised."

An anonymous reader writes: To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.

An anonymous reader quotes a report from Ars Technica: When NASA began developing a rocket and spacecraft to return humans to the Moon a decade ago as part of the Constellation Program, the space agency started to think about the kinds of spacesuits astronauts would need in deep space and on the lunar surface. After this consideration, NASA awarded a $148 million contract to Oceaneering International, Inc. in 2009 to develop and produce such a spacesuit. However, President Obama canceled the Constellation program just a year later, in early 2010. Later that year, senior officials at the Johnson Space Center recommended canceling the Constellation spacesuit contract because the agency had its own engineers working on a new spacesuit and, well, NASA no longer had a clear need for deep-space spacesuits. However, the Houston officials were overruled by agency leaders at NASA's headquarters in Washington, DC. A new report released Wednesday by NASA Inspector General Paul Martin sharply criticizes this decision. "The continuation of this contract did not serve the best interests of the agency's spacesuit technology development efforts," the report states. In fact, the report found that NASA essentially squandered $80.6 million on the Oceaneering contract before it was finally ended last year.