The state of California has lost again in its attempt to punish IMDb for ageism perpetrated by movie studios who seem to refuse to cast actresses above a certain age in choice roles. Techdirt reports: The law passed by the California legislature does one thing: prevents IMDb (and other sites, theoretically) from publishing facts about actors: namely, their ages. This stupid law was ushered into existence by none other than the Screen Actors Guild, capitalizing on a (failed) lawsuit brought against the website by an actress who claimed the publication of her real age cost her millions in Hollywood paychecks. These beneficiaries of the First Amendment decided there was just too much First Amendment in California. To protect actors from studio execs, SAG decided to go after a third-party site respected for its collection of factual information about movies, actors, and everything else film-related.

The federal court handling IMDb's lawsuit against the state made quick work of the state's arguments in favor of very selective censorship. In only six pages, the court destroyed the rationale offered by the government's finest legal minds. [...] Even if the law had somehow survived a First Amendment challenge, it still wouldn't have prevented studios from engaging in discriminatory hiring practices. If this was really the state's concerns, it would have stepped up its regulation of the entertainment industry, rather than a single site that was unsuccessfully sued by an actress, who speculated IMDb's publication of her age was the reason she wasn't landing the roles she wanted.

At the WWDC 2020 keynote today, Apple announced that the company is going to switch from Intel chips to Apple's own silicon, based on ARM architecture. They also announced that iPad and iPhone apps will be able to run natively on ARM-powered Macs. TechCrunch reports: First, you'll be able to compile your app to run both on Intel-based Macs and ARM-based Macs. You can ship those apps with both executables using a new format called Universal 2. If you've been using a Mac for a while, you know that Apple used the same process when it switched from PowerPC CPUs to Intel CPUs -- one app, two executables. As for unoptimized software, you'll still be able to run those apps. But its performances won't be as good as what you'd get from a native ARM-ready app. Apple is going to ship Rosetta 2, an emulation layer that lets you run old apps on new Macs.

When you install an old app, your Mac will examine the app and try to optimize it for your ARM processor. This way, there will be some level of optimization even before you open the app. But what if it's a web browser or a complicated app with just-in-time code? Rosetta 2 can also translate instructions from x86 to ARM on the fly, while you're running the app. And if you're a developer working on code that is going to run on servers, Apple is also working on a set of virtualization tools. You'll be able to run Linux and Docker on an ARM Mac.

As a bonus, users will also be able to access a much larger library of apps. "Mac users can for the first time run iOS and iPadOS apps on the Mac," Apple CEO Tim Cook said. While the company didn't share a lot of details, Apple isn't talking about Catalyst, its own framework that makes it easier to port iOS apps to macOS. You should be able to download and run apps even if the developer never optimized those apps for macOS.

After rejecting an update last week, Apple has approved a new version of the subscription email app Hey. From a report: The approval, which came last week, ahead of today's Apple Worldwide Developer Conference, is meant to lower the temperature after Apple's initial app rejection drew widespread condemnation from lawmakers and other developers. But the approval is also only temporary in spirit, meant to give Hey developer Basecamp time to develop a version of the app more in line with Apple's policies -- and Basecamp's approach to that challenge is very aggressive, as a letter posted to its website today details.

The "bespoke development" site Evrone.com (an IT outsourcing company) interviewed Ruby on Rails creator David Heinemeier Hansson (who is also co-founder and CTO of Basecamp -- and a racecar driver) shortly before he spoke at RubyRussia, Evrone's annual Moscow programming conference.

And they asked him an interesting question. As a man who's seen lots of Ruby code, "what makes code good or shitty? Anything that is obvious for you at first glance?" David Heinemeier Hansson: If the code is poorly written, usually it smells before you even examine the logic. Indentation is off, styles are mixed, care is simply not shown. Beyond that, learning how to write great code, is a life long pursuit. As I said in my RailsConf 2014 keynote, we're not software engineers, we're software writers. "Writing" is a much more suitable metaphor for what we do most of the time than "engineering" is. Writing is about clarity and presenting information in a clear-to-follow manner so that anybody can understand it.

There's no list of principles and practices that somebody can be taught and then they will automatically produce clear writing every time. If you want to be a good writer, it's not enough just to memorize the dictionary. Just knowing the words available to you, knowing the patterns of development is not going to make you a good developer. You have to develop an eye. You have to decide that the most important thing for your system is clarity. When you do decide that, you can start developing an eye.

The only way to become a good programmer, where, by definition, I define good programmers as somebody who writes software with clarity, is to read a lot of software and write a lot of software.
In 2016, David Heinemeier Hansson answered questions from Slashdot readers.

An anonymous reader quotes technology columnist Mike Melanson: The debate around adding generics to the Go programming language has been going on for years now, often with much resistance, but it's starting to look like one proposal finally has some backing and general acceptance from the greater Go community — much to the surprise of some involved.

Introduced this week in a blog post looking at the next step for generics, penned by Golang team members Ian Lance Taylor and Robert Griesemer, the first update in nearly a year on the topic explains that the generics design draft previously submitted for feedback has been refined, resulting in an updated design draft... For the time being, the team has introduced an experimentation tool that "permits people to type check and run code written using the version of generics described in the design draft" by translating generic code into ordinary Go code. It is meant to give users a feel of how the proposed design would, if accepted work, and they note that it will be implemented differently if so.

As for the proposal itself, it offers several levels of detail, from an abstract, to a high-level overview, to the full level of detail you might expect from such a document. As with everything Go, the design is intended to be fully backward compatible with Go 1, and the authors note that "as the term generic is widely used in the Go community, we will use it below as a shorthand to mean a function or type that takes type parameters.

"Don't confuse the term generic as used in this design with the same term in other languages like C++, C#, Java, or Rust; they have similarities but are not the same."
The article also notes that Go's package repository is now open source.

Stack Overflow asked 65,000 programmers for their favorite programming language, and this year Microsoft's TypeScript knocked Python from the #2 spot. So they interviewed Microsoft's principal engineering lead for the language "to find out what about TypeScript makes it so dang lovable." Q: Do you remember why the team came up with TypeScript, why you wanted to release something like this?

A: When I joined the team, there were a lot of people at Microsoft who wanted to develop JavaScript at what we call "application scale." Teams like TFS and Office wanted to build large JavaScript applications. A lot of those people had familiarity with statically-typed languages — C++, C#, Java, that kind of thing. They wanted to have that static typing available both for conceptual scalability and for the tooling...

Q: Was there a point where you saw an adoption point of no return? Was there something that came along where people were like, oh, yeah, we do TypeScript now?

A: Oh, it was definitely Google announcing that they were going to use TypeScript with Angular. That's kind of lost to time now. But if you look at the graphs for TypeScript, literally any graph — GitHub stars, downloads, pull requests — you can see the exact point when that Angular announcement came out. And the graph just changes. It never looks back... TypeScript shores up that last rough edge on JavaScript and gives you something that's just really fun to work with and runs everywhere. I think if TypeScript were a language that was built on top of a less universal language or a less fun language, I don't think it would be as successful. It's really taking something that's great and making it better...

I think my favorite thing that I see is people on the Internet saying, 'I did this huge refactoring in TypeScript and I was refactoring for three hours. And then I ran my code and it worked the first time.' In a dynamic language, that would just never, ever happen....

I would just say to people, if static types aren't a good fit for you, for either your programming style or the problem you're working on, just skip it. That's fine. It's okay. I won't be offended. If someone can get a thirty thousand line application that gets its job done without static types, I'm very impressed. That just seems really difficult. But kudos to those people who make it work. Python's the same way. Very few people have working Python type annotations, but Python is incredibly popular. I think the data speaks for itself — I think Python is number three in the survey... I guarantee you that a very small proportion of those Python developers have static types. Whatever your problem domain is, that might be the best fit for you.

"GitHub says it's open-sourcing its in-house linting tool, the GitHub Super Linter, to clean up code," reports ZDNet: Having a tool that checks source code for programming blunders and other errors is useful for developers. Now Microsoft-owned GitHub has released the 'Super Linter' to help developers avoid the hassles of setting up code repositories with multiple linters...

GitHub describes it as a "simple combination of various linters, written in bash, to help validate your source code" for the purpose of preventing broken code from being uploaded to a 'master' branch, the key branch that other branches in a tree are merged to... The Super Linter Action lets developers 'lint' or check their code base using popular linters for Python, JavaScript, Go, XML, YAML, and more programming languages. As such, GitHub engineer Lucas Gravley describes the Super Linter as the "one linter to rule them all".

"The GitHub Super Linter was built out of necessity by the GitHub Services DevOps Engineering team to maintain consistency in our documentation and code while making communication and collaboration across the company a more productive experience," says Gravley... "When you've set your repository to start running this action, any time you open a pull request, it will start linting the code case and return via the Status API. It will let you know if any of your code changes passed successfully, or if any errors were detected, where they are, and what they are," explains Gravley.

The Super Linter doesn't fix problems but does flag them, so developers can then go back and fix them before they reach the master branch.

From a report: Have you ever wondered why online ads appear for things that you were just thinking about? There's no big conspiracy. Ad tech can be creepily accurate. Tech giant Oracle is one of a few companies in Silicon Valley that has near-perfected the art of tracking people across the internet. The company has spent a decade and billions of dollars buying startups to build its very own panopticon of users' web browsing data. One of those startups, BlueKai, which Oracle bought for a little over $400 million in 2014, is barely known outside marketing circles, but it amassed one of the largest banks of web tracking data outside of the federal government. BlueKai uses website cookies and other tracking tech to follow you around the web. By knowing which websites you visit and which emails you open, marketers can use this vast amount of tracking data to infer as much about you as possible -- your income, education, political views, and interests to name a few -- in order to target you with ads that should match your apparent tastes. If you click, the advertisers make money.

But for a time, that web tracking data was spilling out onto the open internet because a server was left unsecured and without a password, exposing billions of records for anyone to find. Security researcher Anurag Sen found the database and reported his finding to Oracle through an intermediary -- Roi Carthy, chief executive at cybersecurity firm Hudson Rock and former TechCrunch reporter.

STERIS Corporation, a company that makes sterilization and other medical equipment, sent a letter to iFixit claiming their online database of repair manuals for ventilators and medical equipment violates their copyrights. Motherboard reports: "It has come to my attention that you have been reproducing certain installation and maintenance manuals relating to our products, documentation which is protected by copyright law," the letter said. The letter then went on to tell [Kyle Wiens, CEO of iFixit] to remove all Steris copyrighted material from the iFixit website within 10 days of the letter. As Motherboard reported in March, major manufacturers of medical devices have long made it difficult for their devices to be repaired through third party repair professionals. Manufacturers have often lobbied against right to repair legislation and many medical devices are controlled by artificial "software locks" that allow only those with authorization to make modifications.

"I'm disappointed that Steris is resorting to legal threats to stop hospitals from having access to information about how to maintain critical sterilization equipment during a pandemic," Wiens told Motherboard in an email. "No manufacturer should be stopping hospitals from repairing their equipment," Wiens said. "The best way to ensure patient safety is to make sure that equipment is being maintained regularly using the manufacturer's recommended procedures. The only way to do that is if hospitals have up to date manuals." With regards to the letter sent by Steris, Wiens said iFixit has not removed any material from its website. "We explained to Steris that what we did is a lawful and protected fair use under the U.S. Copyright act," Wiens said. "iFixit is protected by Section 512 of the Digital Millennium Copyright Act, which allows online platforms to host content contributed by users provided they comply with the Act's requirements, which iFixit does," a letter to Steris from the Electronic Frontier Foundation on behalf of iFixit said.

The European Commission announced Tuesday that it's launching two antitrust investigations into Apple's App Store rules and the Apple Pay platform. From a report: The Commission, the executive arm of the EU, said it will assess whether Apple's rules for app developers on the distribution of apps via the App Store breach EU competition rules. While companies can place their apps on the App Store at no cost, Apple charges companies 30% from in-app purchases and 30% on subscriptions for the first year, then 15% thereafter. Spotify, which competes directly with Apple Music, feels this is unfair and filed a formal complaint in March 2019. Kobo, an e-reader company that competes with Apple Books, has also filed a complaint. Executive Vice-President Margrethe Vestager, in charge of competition policy, said in a statement: "Mobile applications have fundamentally changed the way we access content. Apple sets the rules for the distribution of apps to users of iPhones and iPads. It appears that Apple obtained a 'gatekeeper' role when it comes to the distribution of apps and content to users of Apple's popular devices. We need to ensure that Apple's rules do not distort competition in markets where Apple is competing with other app developers, for example with its music streaming service Apple Music or with Apple Books. I have therefore decided to take a close look at Apple's App Store rules and their compliance with EU competition rules."

Ahead of Apple's Worldwide Developer Conference starting next week, the company has today launched a new version of its Apple Developer App to better support its plans for the virtual event. TechCrunch reports: Notably, the app has been made available for Mac for the first time, in addition to a redesign and other minor feature updates. With the needs of an entirely virtual audience in mind, Apple has redesigned the app's Discover section to make it easier for developers to catch up on the latest stories, news, videos and more, the company says. This section will be regularly updated with "actionable" content, Apple notes, including the latest news, recommendations on implementing new features, and information about inspiring engineers and designers, alongside new videos.

It has also updated its Browse tab where users search for existing sessions, videos, articles and news, including the over 100 technical and design-focused videos found in the WWDC tab. The WWDC tab has also been updated in preparation for the live event starting on Monday, June 22. The redesign has added a way to favorite individual articles, in addition to session content and videos. Plus it includes new iMessage stickers along with other enhancements and bug fixes. The app, which was previously available on iPhone, iPad and Apple TV, is also now offered on Mac.

"The terms 'allowlist' and 'blocklist' describe their purpose, while the other words use metaphors to describe their purpose," reads a change description on the source code for Android -- from over a year ago. 9to5Mac calls it "a shortened version of Google's (internal-only) explanation" for terminology changes which are now becoming more widespread.

And Thursday GitHub's CEO said they were also "already working on" renaming the default branches of code from "master" to a more neutral term like "main," reports ZDNet: GitHub lending its backing to this movement effectively ensures the term will be removed across millions of projects, and effectively legitimizes the effort to clean up software terminology that started this month.

But, in reality, these efforts started years ago, in 2014, when the Drupal project first moved in to replace "master/slave" terminology with "primary/replica." Drupal's move was followed by the Python programming language, Chromium (the open source browser project at the base of Chrome), Microsoft's Roslyn .NET compiler, and the PostgreSQL and Redis database systems... The PHPUnit library and the Curl file download utility have stated their intention to replace blacklist/whitelist with neutral alternatives. Similarly, the OpenZFS file storage manager has also replaced its master/slave terms used for describing relations between storage environments with suitable replacements. Gabriel Csapo, a software engineer at LinkedIn, said on Twitter this week that he's also in the process of filing requests to update many of Microsoft's internal libraries.
A recent change description for the Go programming language says "There's been plenty of discussion on the usage of these terms in tech. I'm not trying to have yet another debate." It's clear that there are people who are hurt by them and who are made to feel unwelcome by their use due not to technical reasons but to their historical and social context. That's simply enough reason to replace them.

Anyway, allowlist and blocklist are more self-explanatory than whitelist and blacklist, so this change has negative cost.
That change was merged on June 9th -- but 9to5Mac reports it's just one of many places these changes are happening. "The Chrome team is beginning to eliminate even subtle forms of racism by moving away from terms like 'blacklist' and 'whitelist.' Google's Android team is now implementing a similar effort to replace the words 'blacklist' and 'whitelist.'" And ZDNet reports more open source projects are working on changing the name of their default Git repo from "master" to alternatives like main, default, primary, root, or another, including the OpenSSL encryption software library, automation software Ansible, Microsoft's PowerShell scripting language, the P5.js JavaScript library, and many others.

Long-time Slashdot reader destinyland writes: Vintage computing enthusiasts have recreated NASA's legendary "Apollo Guidance Computer," the 1960s-era assembly-language onboard guidance and navigation computer for the Apollo missions to the moon. Unfortunately, the software had been lost for the Apollo 10 mission (a manned "dress rehearsal" mission which flew to the moon eight weeks before Neil Armstrong's famous moonwalk mission).

But spaceflight engineer Mike Stewart found a clever way to recreate it, according to one science show on YouTube. Stewart found a print-out of an earlier version of the program, and "with the help of a small army of volunteers, Mike hand-transcribed the source listing and all of its programs..." — all 1,735 pages of it. (Though what used to take 25 minutes to compile together on a Honeywell mainframe now takes less than a second on his modern laptop.) There were also NASA memos which described the change, later versions of the program which had implemented the changes — and most importantly, a recently-discovered NASA document giving the checksum for every version of every program run on the Apollo Guidance Computer. So Stewart was able to cut-and-paste carefully-chosen code and variables from later versions of the program — based on the clues in NASA's memos — until he'd recreated a program with the exact same checksum.

There's also a separate video about the Apollo 10 code, highlighting "lighthearted comments in very serious code." (For example, to warn off people who'd change their crucial constants, they'd actually included a Latin phrase — a play on a biblical quote which translates roughly to "Don't touch these.") The ignition routine that actually lights the descent engine for the moon landing is named BURNBABY. The comment accompanying it? "OFF TO SEE THE WIZARD."

Bjarne Stroustrup, the 69-year-old Danish creator of C++, just released a 168-page paper (published under a Creative Commons Attributions-NoDerivatives license) in the Proceedings of the ACM on Programming Languages, detailing the growth of C++ from its 21st birthday in 2006 up through the year 2020.

It begins by noting that by 2006, C++ "contained parts that had survived unchanged since introduced into C in the early 1970s as well as features that were novel in the early 2000s..." Originally, I designed C++ to answer to the question "How do you directly manipulate hardware and also support efficient high-level abstraction?" Over the years, C++ has grown from a relatively simple solution based on a combination of facilities from the C and Simula languages aimed at systems programming on 1980s computers to a far more complex and effective tool for an extraordinary range of applications... [T]his is also the story of the people involved in the evolution of C++, the way they perceived the challenges, interpreted the constraints on solutions, organized their work, and resolved their inevitable differences.
From the abstract: From 2006 to 2020, the C++ developer community grew from about 3 million to about 4.5 million. It was a period where new programming models emerged, hardware architectures evolved, new application domains gained massive importance, and quite a few well-financed and professionally marketed languages fought for dominance. How did C++ -- an older language without serious commercial backing -- manage to thrive in the face of all that?

This paper focuses on the major changes to the ISO C++ standard for the 2011, 2014, 2017, and 2020 revisions... Themes include efforts to preserve the essence of C++ through evolutionary changes, to simplify its use, to improve support for generic programming, to better support compile-time programming, to extend support for concurrency and parallel programming, and to maintain stable support for decades' old code... Specific language-technical topics include the memory model, concurrency and parallelism, compile-time computation, move-semantics, exceptions, lambda expressions, and modules.
"I hope other languages learn from C++'s successes," the paper concludes. "It would be sad if the lessons learned from C++'s evolution were limited to the C++ community."

The creators of the Kotlin programming language — the Czech software development company Jetbrains — announced results from their annual "State of the Developer Ecosystem" survey. This year's survey involved 19,696 developers in 18 countries, and found that:

• JavaScript is the most used overall programming language. Websites are the most common type of application developers work on.

• Python has overtaken Java in the list of programming languages used in the last 12 months. And it is also the most studied language. In the last 12 months 30% of respondents have started or continued to learn Python — even more than last year.

• Go, Kotlin, and Python are the top 3 languages developers are planning to adopt or migrate to.

JetBrains also gathered some statistics from programmers for a special section on Lifestyle and Fun:

• 65% said they preferred laptops, while 33% preferred desktops.
• 52% said they contributed to charity.
• 20% said they owned a cat; another 20% said they owned a dog.
• 16% said they owned cryptocurrency.

And when asked if they contributed to open-source projects:

• 44% said "No, but I would like to."
• 20% said "I have only contributed a few times."
• 16% said "Yes, from time to time (several times a year)."
• 11% said "Yes, regularly (at least once a month)."
• 4% said "No, and I would not like to."
• 3% said "I work full-time on open-source code and get paid for it."
• 2% said "I work full-time on open-source code but do not get paid for it."

Also interesting were the answers to the question: If your country's government replaced your courts with AI, would you trust it? The results were:

• Probably not (26%)
• Definitely not (24%)
• Maybe (26%)
• Probably yes (20%)
• Definitely yes (5%)

An anonymous reader writes: FreeBSD has has adopted a new LLVM-derived code of conduct. The code of conduct requires users to: be friendly and patient,
be welcoming,
be considerate,
be respectful,
be careful in the words that you choose and be kind to others,
when we disagree, try to understand why.

This isn't an exhaustive list of things that you can't do. Rather, take it in the spirit in which it's intended - a guide to make it easier to communicate and participate in the community. This code of conduct applies to all spaces managed by the FreeBSD project. This includes online chat, mailing lists, bug trackers, FreeBSD events such as the developer meetings and socials, and any other forums created by the project that the community uses for communication. It applies to all of your communication and conduct in these spaces, including emails, chats, things you say, slides, videos, posters, signs, or even t-shirts you display in these spaces. In addition, violations of this code outside these spaces may, in rare cases, affect a person's ability to participate within them, when the conduct amounts to an egregious violation of this code.

An anonymous reader quotes a report from Ars Technica: On Wednesday evening, ZFS founding developer Matthew Ahrens submitted what should have been a simple, non-controversial pull request to the OpenZFS project: wherever possible without causing technical issues, the patch removed references to "slaves" and replaced them with "dependents." This patch in question doesn't change the way the code functions -- it simply changes variable names in a way that brings them in conformance with Linux upstream device-mapper terminology, in 48 total lines of code (42 removed and 48 added; with one comment block expanded slightly to be more descriptive). But this being the Internet, unfortunately, outraged naysayers descended on the pull request, and the comments were quickly closed to non-contributors. I first became aware of this as the moderator of the r/zfs subreddit where the overflow spilled once comments on the PR itself were no longer possible. "The horrible effects of human slavery continue to impact society," writes Ahrens in his pull request. "The casual use of the term 'slave' in computer software is an unnecessary reference to a painful human experience." Ahrens' pull request has been reviewed by fellow lead developers Brian Behlendorf and Ryan Moeller and merged into the OpenZFS project repository.

On Wednesday, Magic: The Gathering publisher Wizards of the Coast took unprecedented measures to remove racist cards from its game. Seven cards in all, dating back to 1994, are now banned from play. Their images will also being removed from the game's official online database. Polygon reports: "The events of the past weeks and the ongoing conversation about how we can better support people of color have caused us to examine ourselves, our actions, and our inactions," Wizards said in a statement. "We appreciate everyone helping us to recognize when we fall short. We should have been better, we can be better, and we will be better." The list of now-banned cards is: Invoke Prejudice, Cleanse, Stone-Throwing Devils, Pradesh Gypsies, Jihad, Imprison, and Crusade.

One card in particular, Invoke Prejudice, was singled out. It shows a hooded executioner with a black axe. "If opponent casts a Summon spell that does not match the color of one of the creatures under your control, that spell is countered," says the card. It effectively kills off creatures that don't look like the creatures already on the table. Gatherer, the official online database of every Magic card ever published, displays the card at a web URL ending in "1488," numbers that are synonymous with white supremacy. All cards will be replaced online with a note that calls out their racist depictions, text, or a combination thereof.

Software developer Danny Bittman tweeted about how he's convinced that his eyesight was damaged from wearing a VR headset for hours a day. The BBC reports: Danny Bittman, who has worked as a virtual reality developer for four years, suggested it could have affected his eyesight. "Just had my first eye doctor visit in three years. Now I'm very worried about my future VR use. I have a new eye convergence problem that acts like dyslexia. The doc, a headset owner, is convinced my VR use caused this. He said "these glasses we usually prescribe to 40-year-olds," he tweeted. He went on to describe the problem: "My eyes jump when I read things like a screen or books. I've always had a small level of this but it's greatly intensified now. It's also linked to headaches and vertigo."

He said that the issue was about "prolonged use," and admitted that he could spend up to six hours a day wearing a headset, split into 30-minute sessions. Ceri Smith-Jaynes, from the Association of Optometrists, told the BBC: "We currently do not have any reliable evidence that VR headsets cause permanent deterioration in eyesight in children or adults. There have been some studies looking into the effects of short-term use of VR headsets only; these did not reveal a deterioration in eyesight. "However, some people do suffer from temporary symptoms such as nausea, dry, irritable eyes, headache or eyestrain." But she did have some advice about usage: "If you spend all day in VR without a break, you'll need time to readjust to the light and the different visual environment of the real world. I would suggest taking a five-to-ten minute break each hour, using that time to move about, blink and look out of a window, or take a short walk.

"A newly uncovered form of ransomware is going after Windows and Linux systems," reports ZDNet, "in what appears to be a targeted campaign." Named Tycoon after references in the code, this ransomware has been active since December 2019 and looks to be the work of cyber criminals who are highly selective in their targeting. The malware also uses an uncommon deployment technique that helps stay hidden on compromised networks. The main targets of Tycoon are organisations in the education and software industries.

Tycoon has been uncovered and detailed by researchers at BlackBerry working with security analysts at KPMG. It's an unusual form of ransomware because it's written in Java, deployed as a trojanised Java Runtime Environment and is compiled in a Java image file (Jimage) to hide the malicious intentions... [T]he first stage of Tycoon ransomware attacks is less uncommon, with the initial intrusion coming via insecure internet-facing Remote Desktop Protocol servers. This is a common attack vector for malware campaigns and it often exploits servers with weak or previously compromised passwords. Once inside the network, the attackers maintain persistence by using Image File Execution Options (IFEO) injection settings that more often provide developers with the ability to debug software. The attackers also use privileges to disable anti-malware software using ProcessHacker in order to stop removal of their attack...

After execution, the ransomware encrypts the network with files encrypted by Tycoon given extensions including .redrum, .grinch and .thanos — and the attackers demand a ransom in exchange for the decryption key. The attackers ask for payment in bitcoin and claim the price depends on how quickly the victim gets in touch via email.

The fact the campaign is still ongoing suggests that those behind it are finding success extorting payments from victims.