Suppose you want to distinguish between dismissing a dialog by pressing ESC and dismissing a dialog by clicking the Close button. One suggestion I saw was to call Get­Async­Key­State(VK_ESCAPE) to check whether the ESC is down.

In general, any time you see Get­Async­Key­State, you should be suspicious, since Get­Async­Key­State checks the state of the keyboard at the moment it is called, which might not be relevant to your window if it asynchronously lost keyboard focus, and which (from the point of view of your program) might even be from the future.

Recall that the system maintains two types of keyboard states. One is the synchronous keyboard state, which represents the state of the keyboard as far as your program is aware. If your program received a WM_KEYDOWN for the space bar, then Get­Key­State will report that the space bar is pressed. Even if the user releases the space bar, Get­Key­State will continue to report that the space bar is pressed until the program receives a WM_KEYUP for the space bar.

The idea here is that your program is processing an input stream, and due to the nature of multitasking and the physics of time, it’s possible that your program is catching up to input that actually occurred some time ago. For example, maybe the user typed ahead into the program while it was unresponsive, and now that the program has become responsive again, it is playing catch-up with all the typing that occurred 30 seconds ago.

If the program receives, say, a press of the F2 key and wants to know whether to do the Ctrl+F2 hotkey, it doesn’t know want to know whether the Ctrl key is down at the moment it is processing its input backlog. It wants to know whether the Ctrl key was down at the time the F2 was pressed.

Time	Event
1	User presses Ctrl
2	User presses F2
3	User releases F2
4	User releases Ctrl
5	Program receives Ctrl down
6	Program receives F2 down
7	Program uses Get­Async­Key­State to ask if Ctrl is down Answer: No Program does F2 action instead of Ctrl+F2

When the program asks via Get­Async­Key­State whether the Ctrl key is down, the answer is “No, it’s not down. It was released at some future point in time you haven’t learned about yet.” And so the program does its F2 action instead of Ctrl+F2, and you get a bug report that goes like “When the program is under heavy load, the Ctrl+F2 hotkey doesn’t work.”

Suppose your program wants to discard changes when the user dismisses the dialog with ESC but wants to save changes when the user dismisses the dialog with the Close button. Checking the asynchronous state of the ESC key will tell you whether the ESC is down right now, but not whether the ESC was down at the time the system generated the IDCANCEL. You’re going to get bugs like, “When the program is under heavy load, pressing ESC to dismiss the dialog sometimes saves the changes instead of discarding them.”

Of course, the bug report probably isn’t going to be so kind as to mention that the program was under heavy load or that the ESC accidentally saved the changes. It’ll probably just say “Sometimes I see changes that I’m sure I had discarded.” And you’ll have to figure out what the necessary conditions are for that bug to manifest itself.

Bonus chatter: I don’t know why people love to use Get­Async­Key­State so much. It has a longer, more cumbersome name than the largely-ignored Get­Key­State function. Maybe people think that the longer, more cumbersome name means that it’s somehow “more fancy”.

The post Customizing the ways the dialog manager dismisses itself: Detecting the ESC key, first (failed) attempt appeared first on The Old New Thing.

An anonymous reader quotes a report from Bloomberg: In early 2024, the agency that oversees cybersecurity for much of the US government issued a rare emergency order -- disconnect your Connect Secure virtual private network software immediately. Chinese spies had hacked the code and infiltrated nearly two dozen organizations. The directive applied to all civilian federal agencies, but given the product's customer base, its impact was more widely felt. The software, which is made by Ivanti Inc., was something of an industry standard across government and much of the corporate world. Clients included the US Air Force, Army, Navy and other parts of the Defense Department, the Department of State, the Federal Aviation Administration, the Federal Reserve, the National Aeronautics and Space Administration, thousands of companies and more than 2,000 banks including Wells Fargo & Co. and Deutsche Bank AG, according to federal procurement records, internal documents, interviews and the accounts of former Ivanti employees who requested anonymity because they were not authorized to disclose customer information. Soon after sending out their order, which instructed agencies to install an Ivanti-issued fix, staffers at the Cybersecurity and Infrastructure Security Agency discovered that the threat was also inside their own house. Two sensitive CISA databases -- one containing information about personnel at chemical facilities, another assessing the vulnerabilities of critical infrastructure operators -- had been compromised via the agency's own Connect Secure software. CISA had followed all its own guidance. Ivanti's fix had failed. This was a breaking point for some American national security officials, who had long expressed concerns about Connect Secure VPNs. CISA subsequently published a letter with the Federal Bureau of Investigation and the national cybersecurity agencies of the UK, Canada, Australia and New Zealand warning customers of the "significant risk" associated with continuing to use the software. According to Laura Galante, then the top cyber official in the Office of the Director of National Intelligence, the government came to a simple conclusion about the technology. "You should not be using it," she said. "There really is no other way to put it." That attack, along with several others that successfully targeted the Ivanti software, illustrate how private equity's push into the cybersecurity market ended up compromising the quality and safety of some critical VPN products, Bloomberg has found. Last year, Bloomberg reported that Citrix Systems Inc., another top VPN maker, experienced several major hacks after its private equity owners, Elliott Investment Management and Vista Equity Partners, cut most of the company's 70-member product security team following their acquisition of the company in 2022. Some government officials and private-sector executives are now reconsidering their approach to evaluating cybersecurity software. In addition to excising private equity-owned VPNs from their networks, some factor private equity ownership into their risk assessments of key technologies.

Read more of this story at Slashdot.

There are a few different built-in ways to close a dialog box in the classic Windows dialog manager. Let’s run them down.

First, there’s hitting the ESC key.

The ESC key, as with all keyboard navigation, is handled by the Is­Dialog­Message function. Assuming that the dialog control with focus did not use the WM_GET­DLG­CODE message to override default keyboard handling, the Is­Dialog­Message function converts the ESC to a simulated button click of whatever dialog control has the ID IDCANCEL. Specifically, the message is WM_COMMAND, the notification code is BN_CLICKED, the control ID is IDCANCEL, and the window handle is the handle to whatever dialog control has the ID IDCANCEL (or nullptr if there is no such control).

Exception: If there is a control whose ID is IDCANCEL, and that control is disabled, then the Is­Dialog­Message function merely beeps and otherwise ignores the ESC key.

Okay, what about the Close button in the title bar, the one that looks like an ×?

The Close button in the title bar, double-clicking the dialog box icon (if there is one), selecting Close from the system menu, and pressing Alt+F4 all behave the same way: They generate a WM_SYSCOMMAND message whose wParam & 0xFFF0 is SC_CLOSE. The default window procedure turns this into a WM_CLOSE message. The default dialog procedure responds to the WM_CLOSE in basically the same way that Is­Dialog­Message does: It generates a simulated button click of whatever dialog control has the ID IDCANCEL. Again, this is done by converting it to the WM_COMMAND message, with a notification code of BN_CLICKED, a control ID of IDCANCEL, and the handle to whatever dialog control has the ID IDCANCEL (or nullptr if there is no such control). It also has the same exception: If there is a control whose ID is IDCANCEL, and that control is disabled, then the default dialog procedure just beeps and otherwise ignores the message.

Now that we understand what happens, next time we can look at ways of customizing the behavior.

Bonus chatter: You can see from this that the dialog manager is wired to treat a control with the ID IDCANCEL as if it were a Cancel button, so if you have a Cancel button, give it the ID IDCANCEL. Conversely, if you have a control whose ID is IDCANCEL, it had better be a button if you know what’s good for you.

The post Exploring the signals the dialog manager uses for dismissing a dialog appeared first on The Old New Thing.

The Food and Drug Administration has reversed its shocking refusal to consider Moderna's mRNA flu vaccine for approval.

The refusal was revealed last week in a sharply worded press release from Moderna. Subsequent reporting found that the decision was made by political appointee Vinay Prasad, the Trump administration's top vaccine regulator, who overruled a team of agency scientists and a top career official in rejecting Moderna's application.

In an announcement Wednesday morning, Moderna said the FDA has now agreed to review its vaccine after the company held a formal (Type A) meeting with the FDA and proposed a change to the regulatory pathways used in the application.

"We appreciate the FDA's engagement in a constructive Type A meeting and its agreement to advance our application for review," Stéphane Bancel, Moderna's CEO, said in the announcement. "Pending FDA approval, we look forward to making our flu vaccine available later this year so that America's seniors have access to a new option to protect themselves against flu." The agency is expected to provide a decision on the vaccine by August 5, 2026.

Prasad's ostensible reason for initially refusing to review the application was based not on Moderna's vaccine, mRNA-1010, but on the established flu vaccine Moderna used for comparison in its Phase 3 trial. Moderna used licensed standard-dose influenza vaccines, including Fluarix, made by GlaxoSmithKline, in the trial, which involved nearly 41,000 adults aged 50 and older. In a letter to Moderna dated February 3, Prasad said this choice "does not reflect the best-available standard of care," and therefore the trial was not "adequate and well-controlled."

Moderna acknowledged that FDA scientists had previously suggested that the company use a recommended high-dose flu vaccine in trial participants 65 and older. But the agency ultimately signed off on the trial design with the uniform standard dose, calling it "acceptable." Moderna, meanwhile, agreed to add a comparison of a high-dose vaccine to some older participants and provide the FDA with additional analysis.

Anti-vaccine agenda

Agency insiders told reporters that a team of career scientists was ready to review the vaccine and held an hour-long meeting with Prasad to present the reasons for moving forward with the review. David Kaslow, a top career official responsible for reviewing vaccines, also wrote a memo detailing why the review should proceed. Prasad rejected the vaccine application anyway.

According to today's announcement, the FDA reversed that rejection when Moderna proposed splitting the application, seeking full approval for the vaccine's use in people aged 50 to 64 and an accelerated approval for use in people 65 and up. That latter regulatory pathway means Moderna will have to conduct an additional trial in that age group to confirm its effectiveness after it's on the market.

Andrew Nixon, spokesperson for the US Department of Health and Human Services, confirmed the reversal to Ars Technica. "Discussions with the company led to a revised regulatory approach and an amended application, which FDA accepted," Nixon said in a statement. "FDA will maintain its high standards during review and potential licensure stages as it does with all products."

The FDA typically takes a levelheaded approach to working with companies, rarely making surprising decisions or rejecting applications outright. While Prasad claimed the rejection was due to the control vaccine, the move aligns with the more extensive anti-vaccine agenda by anti-vaccine Health Secretary Robert F. Kennedy Jr.

Kennedy and the allies he has installed in federal positions are particularly hostile to mRNA technology. Moderna alone has already lost more than $700 million in federal contracts to develop pandemic vaccines. Next month, Kennedy's MAHA Institute is hosting an anti-vaccine event that alleges there's a "massive epidemic of vaccine injury." The event description claims without evidence that use of mRNA vaccines is linked to "rising rates of acute and chronic illness."

Vaccine makers and industry investors, meanwhile, are reporting that Kennedy's relentless anti-vaccine efforts are chilling the entire industry, with companies abandoning research and cutting jobs. In comments to The New York Times, Moderna's president, Stephen Hoge, said, "There will be less invention, investment, and innovation in vaccines generally, across all the companies."

Read full article

Comments

In a lawsuit filed Wednesday, the Environmental Protection Agency was accused of abandoning its mission to protect public health after repealing an "endangerment finding" that has served as the basis for federal climate change regulations for 17 years.

The lawsuit came from more than a dozen environmental and health groups, including the American Public Health Association, the American Lung Association, the Center for Biological Diversity (CBD), the Clean Air Council, the Environmental Defense Fund (EDF), the Natural Resources Defense Council (NRDC), the Sierra Club, and the Union of Concerned Scientists.

The groups have asked the US Court of Appeals for the District of Columbia Circuit to review the EPA decision, which also eliminated requirements controlling greenhouse gas emissions in new cars and trucks. Urging a return to the status quo, the groups argued that the Trump administration is anti-science and illegally moving to benefit the fossil fuel industry, despite a mountain of evidence demonstrating the deadly consequences of unchecked pollution and climate change-induced floods, droughts, wildfires, and hurricanes.

"Undercutting the ability of the federal government to tackle the largest source of climate pollution is deadly serious," Meredith Hankins, legal director for federal climate at NRDC, said in an EDF roundup of statements from plaintiffs.

The science is overwhelmingly clear, the groups argued, despite the Trump EPA attempting to muddy the waters by forming a since-disbanded working group of climate contrarians.

Trump is a longtime climate denier, as evidenced by a Euro News tracker monitoring his most controversial comments. Most recently, during a cold snap affecting much of the US, he predictably trolled environmentalists, writing on Truth Social, "could the Environmental Insurrectionists please explain—WHATEVER HAPPENED TO GLOBAL WARMING?"

The EPA's final rule summary bragged that "this is the single largest deregulatory action in US history and will save Americans over $1.3 trillion" by 2055. Supposedly, carmakers will pass on any savings from no longer having to meet emissions requirements, giving Americans more access to affordable cars by shutting down expensive emissions and EV mandates "strangling" the auto industry. Sounding nothing like an agency created to monitor pollutants, a fact sheet on the final rule emphasized that Trump's EPA "chooses consumer choice over climate change zealotry every time."

Critics quickly slammed Trump's claims that removing the endangerment finding would help the economy. Any savings from cheaper vehicles or reduced costs of charging infrastructure (as Americans ostensibly buy fewer EVs) would be offset by $1.4 trillion "in additional costs from increased fuel purchases, vehicle repair and maintenance, insurance, traffic congestion, and noise," The Guardian reported. The EPA's economic analysis also ignores public health costs, the groups suing alleged. David Pettit, an attorney at the CBD's Climate Law Institute, slammed the EPA's messaging as an attempt to sway consumers without explaining the true costs.

"Nobody but Big Oil profits from Trump trashing climate science and making cars and trucks guzzle and pollute more," Pettit said. "Consumers will pay more to fill up, and our skies and oceans will fill up with more pollution."

If the court sides with the EPA, "people everywhere will face more pollution, higher costs, and thousands of avoidable deaths," Peter Zalzal, EDF's associate vice president of clean air strategies, said.

EPA argued climate change evidence is "out of scope"

For environmentalists, the decision to sue the EPA was risky but necessary. By putting up a fight, they risk a court potentially reversing the 2009 Supreme Court ruling requiring the EPA to conduct the initial endangerment analysis and then regulate any pollution found from greenhouse gases.

Seemingly, that reversal is what the Trump administration has been angling for, hoping the case will reach the Supreme Court, which is more conservative today and perhaps less likely to read the Clean Air Act as broadly as the 2009 court.

It's worth the risk, according to William Piermattei, the managing director of the Environmental Law Program at the University of Maryland Francis King Carey School of Law. He told The New York Times that environmentalists had no choice but to file the lawsuit and act on the public's behalf.

Environmentalists "must challenge this," Piermattei said. If they didn’t, they'd be "agreeing that we should not regulate greenhouse gasses under the Clean Air Act, full stop." He suggested that "a majority of the public, does not agree with that statement at all."

Since 2010, the EPA has found that the scientific basis for concluding that "elevated concentrations of greenhouse gases in the atmosphere may reasonably be anticipated to endanger the public health and welfare of current and future US generations is robust, voluminous, and compelling." And since then, the evidence base has only grown, the groups suing said.

Trump used to seem intimidated by the "overwhelming" evidence, environmentalists have noted. During Trump's prior term, he notably left the endangerment finding in place, perhaps expecting that the evidence was irrefutable. He's now renewed that fight, arguing that the evidence should be set aside, so that courts can focus on whether Congress "must weigh in on 'major questions' that have significant political and economic implications" and serve as a check on the EPA.

In the EPA's comments addressing public concerns about the agency ignoring evidence, the agency has already argued that evidence of climate change is "out of scope" since the EPA did not repeal the basis of the finding. Instead, the EPA claims it is merely challenging its own authority to continue to regulate the auto industry for harmful emissions, suggesting that only Congress has that authority.

The Clean Air Act "does not provide EPA statutory authority to prescribe motor vehicle emission standards for the purpose of addressing global climate change concerns," the EPA said. "In the absence of such authority, the Endangerment Finding is not valid, and EPA cannot retain the regulations that resulted from it."

Whether courts will agree that evidence supporting climate change is "out of scope" could determine whether the Supreme Court's prior decision that compelled the endangerment finding is ultimately overturned. If that happens, subsequent administrations may struggle to issue a new endangerment finding to undo any potential damage. All eyes would then turn to Congress to pass a law to uphold protections.

EPA accused of abandoning its mission

By ignoring science, the EPA risks eroding public trust, according to Hana Vizcarra, a senior lawyer at the nonprofit Earthjustice, which is representing several groups in the litigation.

"With this action, EPA flips its mission on its head," Vizcarra said. "It abandons its core mandate to protect human health and the environment to boost polluting industries and attempts to rewrite the law in order to do so."

Groups appear confident that the courts will consider the science. Joanne Spalding, director of the Sierra Club's Environmental Law Program, noted that the early 2000s litigation from the Sierra Club brought about the original EPA protections. She vowed that the Sierra Club would continue fighting to keep them.

"People should not be forced to suffer for this administration's blind allegiance to the fossil fuel industry and corporate polluters," Spalding said. "This shortsighted rollback is blatantly unlawful and their efforts to force this upon the American people will fail."

Ankush Bansal, board president of Physicians for Social Responsibility, warned that courts cannot afford to ignore the evidence. The EPA's "devastating decision" goes "against the science and testimony of countless scientists, health care professionals, and public health practitioners," Bansal said. If upheld, the long-term consequences could seemingly bury courts in future legal battles.

"It will result in direct harm to the health of Americans throughout the country, particularly children, older adults, those with chronic illnesses, and other vulnerable populations, rural to urban, red and blue, of all races and incomes," Bansal said. "The increased exposure to harmful pollutants and other greenhouse gas emissions from fossil fuel production and consumption will make America sicker, not healthier, less prosperous, not more, for generations to come."

Read full article

Comments

Longtime Slashdot reader walterbyrd shares a report from ABC News: In a study of nearly 28 million older Americans, long-term exposure to fine particle air pollution raised the risk of Alzheimer's disease. That link held even after researchers accounted for common conditions like high blood pressure, stroke and depression. Fine particle air pollution, known as PM2.5, consists of tiny particles in the air that come from car exhaust, power plants, wildfires, and burning fuels, according to the American Lung Association. They are small enough to travel deep into the lungs and even reach the bloodstream. The research, conducted at Emory University and published in PLOS Medicine, tracked health data over nearly two decades to explore whether air pollution harms the brain indirectly by causing high blood pressure or heart disease, which, in turn, leads to dementia. However, these "middleman" conditions accounted for less than 5% of the connection between pollution and Alzheimer's, the research found. The researchers say this suggests that over 95% of the Alzheimer's risk comes from the direct impact of breathing in dirty air, likely through inflammation or damage to brain cells. "The relationship between PM2.5 and AD [Alzheimer's disease] has been shown to be pretty much linear," said Kyle Steenland, a professor in the departments of environmental health and epidemiology at the Rollins School of Public Health at Emory University, and senior author of the study. "The reason this is particularly important is that PM2.5 is known to be associated with high blood pressure, stroke and depression -- all of which are associated with AD. So, from a prevention standpoint, simply treating these diseases will not get rid of the problem. We have to address exposure to PM2.5."

Read more of this story at Slashdot.