-- Leo's gemini proxy
-- Connecting to gemini.techrights.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Gemini version available ♊︎
Posted in News Roundup at 4:35 am by Dr. Roy SchestowitzContentsGNU/LinuxDistributionsDevices/EmbeddedFree Software/Open SourceLeftovers
There are a few Qualcomm Snapdragon 7c Chrome OS devices on the market today. But some might like to see the more powerful Snapdragon 8cx inside a Chromebook. Based on a code commit spotted by Chrome Unboxed, that wish may become reality: Snapdragon 8cx Chromebooks appear to be in the works.
With the largest data center chipmakers locking Russia out of next-generation devices, not to mention the withdrawal of mobile and software makers from that market, it is no surprise Russian researchers are on the fast track to develop ways around the new technologies that will drive the rest of the world.
This is important in the Russian context now, but these efforts are likely to spur similar efforts in China, which is also no stranger to sanctions of the tech variety – as we’ve seen in cases like Huawei, for instance.
The US government last week blocked key technology exports, including semiconductors, to Russia after the invasion of Ukraine. Chipmakers complying with the US export controls include AMD, Intel, TSMC, and GlobalFoundries, at least, with all suspending shipments of products to Russia. Dell, HP, and Lenovo have also stopped shipping products to the country, and Oracle and SAP suspended their business last night.
On this episode of This Week in Linux: GNOME 42, Lakka 4.0, PowerVR GPU Vulkan Drivers for Linux, Linux Mint Debian Edition 5, Ubuntu 22.04 LTS Gets Wayland By Default, OBS Studio via Steam But Not For Linux, CrossOver 21.2, Fish Shell 3.4, Samba 4.16, Mozilla’s MDN Plus Subscription & More, GitHub Is “Improving” Your Feed, & NPM Hit By More Purposeful Malware. All that and much more on Your Weekly Source for Linux GNews!
If you haven’t heard of Asahi, it’s a Linux distribution based on Arch Linux that aims to bring a polished Linux experience on Apple Silicon Macs (all the current M1 Macs, and any new Apple Silicon Macs that come in the future).
As a training architect at A Cloud Guru (ACG), I teach courses about all things Linux and specialize in hands-on lab-based learning. Before joining ACG, I worked as a Unix systems engineer at GE and IBM as well as a technical account manager and customer advocate for Red Hat. I’m hugely passionate about Linux, just as so many other engineers and enthusiasts are, not just because of its importance to our careers but its impact overall.
We (A&A) sell gigabit services, as both Ethernet and FTTP. We see other ISPs selling 950M or 900M, why? Will I get a gigabit?
Lslocks(8) is the Linux command that you usually use to list current file locks on a machine. Lslocks uses the kernel’s /proc/locks to find out about locks, and so is subject to various limitations /proc/locks has. It adds some conveniences to the raw /proc/locks information, but also has some limitations of its own on what information it can present when.
Infrastructure-as-code (IaC) is often seen as a deployment tool. Write code to describe your infrastructure – either at a low level like Terraform or Cloudformation, or at a high level like the AWS Cloud Development Kit (CDK). But Infrastructure-as-code is naturally part of the continuous deployment (CD) process, but increasingly is finding its way into continuous integration (CI).
Infrastructure-as-code is becoming build-as-code.
In this how-to, we’ll look at the zip command, a useful utility that enables us to specify lists of files, set a level of data compression and create compressed archives.
Whilst you become accustomed to these commands it’s good to work with example test files and directories and you should take extra care to ensure you are carefully following the instructions.
A framework that is not as well known as others but is very versatile to use is Play Framework. Today we will talk about it and learn how to install it on Debian 11.
Siege is a free web server stressing tool to install on Linux operating systems such as Ubuntu 22.04 using a command terminal for HTTP load testing and benchmarking. We can use it for stress testing by defining single or multiple URLs for simulated users. The result of the load test gives complete details of the number of hits recorded, bytes transferred, response time, concurrency, and return status. Siege supports HTTP/1.0 and 1.1 protocols, the GET and POST directives, cookies, transaction logging, and basic authentication.
Today I found out that the debian security team handles oldstable releases only for a year or so, after which the LTS team takes over, which is arguably less secure.
When I launch the application on the emulator, it crashes, and when I checked the logs it says “Cleartext HTTP traffic is * not allowed”. For this reason, I am not able to test the functionality of my app.
So far, in our series of posts about the winners of the fourth annual public domain game jam, Gaming Like It’s 1926, we’ve looked at Best Adaptation The Wall Across The River and Best Deep Cut The Obstruction Method. Today, it’s time for the winner of the Best Remix category: Dreaming The Cave by David Harris.
This week some of the in-progress work on touch gestures was merged, and now the edge swipe gesture to trigger KWin’s Overview and Desktop Grid effects will follow your fingers, just like you’d expect!
Big thanks to Marco Martin for implementing this improvement, which will be in Plasma 5.25. More is in the pipeline too, including finger-following touchpad gestures for the Overview effect and virtual desktop Slide effect. Hopefully I’ll be able to announce them as finished next week.
Prior to 3.4.4, the tray was a height of 28 pixels, but is now 30 pixels. I have increased ICON_PLACE_EDGE_GAP from 64 to 68, so the tray height can now be up to 32 pixels if desired.
I could probably support ICON_PLACE_EDGE_GAP=auto, which will automatically adjust the gap to suit whatever the tray height is. That could be something for the future, for now only want to do basic bug fixes.
I reported this bug in Easy 3.4.4:
https://forum.puppylinux.com/viewtopic.php?p=53243#p53243
In JWM-mode icon-free-desktop, after I had plugged in a CD, it did not show in the drives menu. As I never use optical media, I hadn’t noticed this bug.
In case you’re curious, the init system is the first process after the Linux Kernel comes into action in the boot process to initialize various device management, logging, and networking service. You may know them as daemons as well.
Technically, systemd solved numerous issues that made Linux distributions more reliable to use on desktop and massive server configurations.
OASIS is a Smart Home operating system based on ROS 2 that currently implements computer vision, input streaming, and general automation features, and can be integrated into Kodi media center.
The operating system was recently released by Garrett Brown (a.k.a. garbear or eigendude), who is also known for being the RetroPlayer developer from Team Kodi/XBMC, and provides a complete implementation of the Firmata protocol for communicating with Arduino boards, plus additional support for temperature and humidity sensors, I2C, servos, sonar, SPI, stepper motors, and 4-wire CPU fans.
On your first go with the Slide, you may wonder if Planet has met its match: the process can seem wobbly. However, you’ll soon learn to either push upwards with both thumbs on either edge or confidently grab it from the middle. Once in place, the screen doesn’t move a jot as you type. What’s more, thanks to some devious weight management, it will never topple over no matter how hard you prod the screen. It’s a great piece of design.
Another nice feature is the smart button on the left-hand side. Head into the dedicated Astro Settings section of Android’s Settings menu and you can program it in one of three ways: a short press, long press or double-press. For example, we set a short press to start the torch and a long press to launch BBC Sounds.
At this point, however, we must tackle the big problem for the Astro Slide compared to a normal phone: its bulk. It’s twice as thick and heavy as a typical phone, and that makes it far more noticeable in a trouser pocket. You might also feel self-conscious making phone calls with such a lump against your ear. It would be great for a future edition to lose a couple of millimetres from the base and for the lid to become even slimmer.
The status of the 4MLinux 39.0 series has been changed to STABLE. Edit your documents with LibreOffice 7.3.1 and GNOME Office (AbiWord 3.0.5, GIMP 2.10.30, Gnumeric 1.12.51), share your files using DropBox 143.4.4161, surf the Internet with Firefox 97.0.1 and Chromium 98.0.4758, send emails via Thunderbird 91.6.1, enjoy your music collection with Audacious 4.1, watch your favorite videos with VLC 3.0.16 and mpv 0.34.0, play games powered by Mesa 21.3.7 and Wine 7.4. You can also setup the 4MLinux LAMP Server (Linux 5.16.14, Apache 2.4.53, MariaDB 10.7.3, PHP 5.6.40 and PHP 7.4.28). Perl 5.34.0, Python 2.7.18, and Python 3.9.9 are also available.
As always, the new major release has some new features. FSP (File Service Protocol) server is now included out of the box (gFTP can be used as its GUI client). Many system-wide changes has been done to improve font rendering. The 4MLinux installation script has been patched to provide better handling of JBD partitions. New applications available as downloadable extensions: Bluefish (advanced text editor), Ventoy (utility used for writing image files), TripleA (strategy game written in Java). And finally, youtube-dl has been replaced with yt-dlp for better handling of YouTube videos.
4MLinux 39.0 is here almost four months after 4MLinux 38.0 to upgrade many of the core components and applications to some of their latest versions. As such, 4MLinux is now powered by the Linux 5.16 kernel series and ships with the Mesa 21.3.7 graphics stack.
New features in 4MLinux 39.0 include an FSP (File Service Protocol) server, improved font rendering, improved handling of JBD partitions by the installation script, as well as new apps available for download as extensions.
Coming more than three months after Debian GNU/Linux 11.2, the Debian GNU/Linux 11.3 release is here to provide the community with an up-to-date installation and live medium for new deployments of the Debian GNU/Linux 11 “Bullseye” operating system series.
Debian GNU/Linux 11.3 incorporates all the latest security updates and miscellaneous bug fixes released during this time for existing users through the main software repositories. In numbers, it includes a total of 92 miscellaneous bug fixes and no less than 83 security updates.
OK – so it wasn’t quite all done in one day – and since today is TZ change day in the UK, it might actually run into the TZ bump but I suspect that it will all be done very soon now. Very few glitches – everybody cheerful with what’s been done.
I did spot someone in IRC who had been reading the release notes – which is always much appreciated. Lots of security fixes overall in the last couple of months but just a fairly normal time, I think.
Since its first release in 2004, Ubuntu has produced releases twice per year and while the 20th anniversary of Ubuntu is only two years away, the release cycle hasn’t changed. Of course, a 6 month release cycle was nothing new when Ubuntu burst onto the scene. Fedora has been doing it for longer, though not following nearly as strict of a schedule. But there was a black horse on the horizon that carved its own niche from the already miniscule Gentoo user base. That distribution was Arch Linux.
While there are many positive qualities that would draw a user into the world of Arch, its headlining feature would be the one that remains the most relevant in today’s world of continuous integration and delivery and that’s its rolling release strategy. While I don’t think Judd Vinet could have predicted the proliferation of DevOps or the massive shift to cloud computing, it must be interesting to see that the entire industry is following the Arch strategy in all sorts of different places. One could even argue that Microsoft Windows has become a rolling release.
Neowin reports that after more than 17 years, Ubuntu is finally switching to the same “rolling” release cycles that helped popularize Arch Linux…
Since AMD and Intel GPUs already use the Wayland display server protocol as a standard session, the upcoming Ubuntu 22.04 LTS with Gnome 42 will also support this for Nvidia graphics cards. The desktop patch is responsible for switching from the X Window (X11) system to Wayland.
Our long-time followers will know how much we love PDAs, be them Linux evergreens, radical RISC-V experiments or somewhat exoteric Android/Linux hybrids. Not one, but two new homebrew PDAs were presented in these last weeks, the former based on a RISC-V design, the latter on the new Raspberry Pi Zero2 Wireless single board computer.
It is with a sense of inevitability that we can confirm somebody has managed to make Doom work on the diminutive RP2040-based Raspberry Pi Pico microcontroller board.
Running the ’90s first-person shooter game on hardware ranging from ATMs to pregnancy testers is very much a badge of honor for hardcore tinkerers and the surprise is perhaps not so much that the RP2040 hardware is up to the job, but that it has taken so long for someone to do it. After all, it is just over a year since the board first arrived.
A quick glance at online stores shows that the Pico is currently not made of unobtainium and actually in stock at outlets.
Happy 10th Birthday to the Open Source Robotics Foundation OSRF founders discuss changes they’ve seen over the last decade
SiFive is pulling in nearly $400m in funding this year between a new investment round and the proceeds of a business sale with the ambitious mission of eclipsing rival Arm – and the x86 world of Intel and AMD – with processor designs for everything from smartphones to servers.
The Silicon Valley-based chip designer said Wednesday it had raised a $175m Series F financing round at a more than $2.5bn valuation, only two days after announcing it would sell its OpenFive connectivity business to Alphawave for $210m so that the startup could focus on its RISC-V CPU cores.
SiFive’s total funding from investors, which includes SK Hynix as well as the venture arms of Intel, Qualcomm and Western Digital, now stands at more than $350m.
Hundreds of variations of open-source CPUs written in an HDL seem to float around the internet these days (and that’s a great thing). Many are RISC-V, an open-source instruction set (ISA), and are small toy processors useful for learning and small tasks. However, if you’re [Paul Campbell], you go for a high-end super-scalar, out-of-order, speculative, 8 IPC monster of a RISC-V CPU known as VRoom!.
RISC-V is an open, free ISA based on established Reduced Instruction Set Computing (RISC) principles. Members of the RISC-V Foundation have access to and participate in the development of the RISC-V ISA specifications and related hardware and software ecosystem.
The Timex Datalink was arguably the first usable smartwatch, and was worn by NASA astronauts as well as geek icons like Bill Gates. It could store alarms, reminders and phone numbers, and of course tell the time across a few dozen time zones. One of the Datalink’s main innovations was its ability to download information from your PC — either through flashing images on a CRT monitor or through a special adapter plugged into a serial port.
For the past week I’ve found myself focusing heavily on the mobile version of Lagrange.
For me staying in “heads down” mode is nothing new. Since 2020 it’s certainly been a nice respite, but after discovering BASIC on the C64 in the late 80s, deep focus in front of a computer has been my favorite pastime.
Using a modern smartphone comes with some privacy and security concerns. GrapheneOS aims to solve some of those problems. It’s a custom version of Android that puts privacy and security above all else.
Custom ROMs are not as prevalent in the Android world as they used to be, but there are still some solid ones kicking around. GrapheneOS is one such ROM. Let’s look at this privacy and security-focused take on Android.
In the early 1960s, Margaret Hamilton began her career as a pioneering programmer and systems designer. And when NASA launched a series of missions that led to the first astronauts on the moon, Hamilton was director of the Software Engineering Division at the Massachusetts Institute of Technology’s Instrumentation Laboratory, developing the mission’s onboard flight software.
That project included writing 40,000 lines of code for the moon-landing lunar module, and its “mothership,” the orbiting craft carrying the command and service modules.
Being a predominantly functional language, the fact that jq has a reduce function comes as no surprise. However, its structure and how it is wielded is a little different from what I was used to. I think this is partly due to how jq programs are constructed, as pipelines for JSON data to flow through.
I decided to write this post after reading an invocation of reduce in an answer to a Stack Overflow question, which had this really interesting approach to achieving what was desired: [...]
Arrays in Cobol are called tables, and they are a bit odd. For example the following code creates a 1D table with 5 elements in it, each of type x(5), or rather a “string” of 5 ascii characters.
A frequent complaint expressed on a certain website about Alpine is related to the deficiencies regarding the musl DNS resolver when querying large zones. In response, it is usually mentioned that applications which are expecting reliable DNS lookups should be using a dedicated DNS library for this task, not the getaddrinfo or gethostbyname APIs, but this is usually rebuffed by comments saying that these APIs are fine to use because they are allegedly reliable on GNU/Linux.
For a number of reasons, the assertion that DNS resolution via these APIs under glibc is more reliable is false, but to understand why, we must look at the history of why a libc is responsible for shipping these functions to begin with, and how these APIs evolved over the years. For instance, did you know that gethostbyname originally didn’t do DNS queries at all? And, the big question: why are these APIs blocking, when DNS is inherently an asynchronous protocol?
Before we get into this, it is important to again restate that if you are an application developer, and your application depends on reliable DNS performance, you must absolutely use a dedicated DNS resolver library designed for this task. There are many libraries available that are good for this purpose, such as c-ares, GNU adns, s6-dns and OpenBSD’s libasr. As should hopefully become obvious at the end of this article, the DNS clients included with libc are designed to provide basic functionality only, and there is no guarantee of portable behavior across client implementations.
JSON is a popular data storage format to exchange data between server and browser. It is derived from JavaScript and supported by many standard programming languages. It is a human-readable file format that anyone quickly understands if it prints with proper formatting. JSON data prints in a single line when no formatting is applied. But this type of output is not easier to understand. So, the formatted JSON data is very important in order for the reader to understand the structure of the data. Pretty print is used to format the JSON data. JSON data can be represented in a more readable form for humans by using pretty printing. There are many ways to apply pretty printing in JSON data. The ways to apply JSON pretty-printing using PHP are shown in this tutorial through various examples.
A couple days ago the SD card on a Raspberry Pi lost its beady little mind, and I ended up rebuilding the system from scratch. I generally build my own Perl (also from scratch) and then install the modules I need. So that I can have a log file to rummage through in the event of a problem, I start by configuring the CPAN client interactively, and then doing
$ cpan YAML 2>&1 | tee YAML.log $ cpan Bundle::CPAN 2>&1 | tee YAML.log
On a daily basis, I work on firmware for an embedded device that uses the Bridgetek FT800. It’s a nifty chip that takes commands over SPI/I2C and turns them into an image displayed on an LCD. It’s very useful for displaying user interfaces with simple microcontrollers. Bridgetek is actually a spinoff company from FTDI, and this kind of solution seems right up their alley — take something complicated like USB or a display controller, and create a simpler interface for dealing with it, such as UART/SPI/I2C.
This week’s Java roundup for March 14th, 2022, features news from OpenJDK, JDK 19, Spring Framework 6.0-M3 and 5.3.17, Spring Tools 4.14.0, Quarkus 2.7.5, Helidon 3.0-M1, March 2022 Payara Platform, Open Liberty 22.0.0.3 and 22.0.0.4-beta, Hibernate ORM 5.6.7, Hibernate Search 6.1.3 and 6.0.9, JobRunr 5.0-RC1, Apache Camel 3.11.6, Piranha 22.3.0, JReleaser update, and reasons why Java makes sense.
The image above is his acceptance speech for a lifetime achievement award at the Webby’s in 2013. His speech was itself a GIF, which you can see in the image above. This, in my opinion, shuts down all counterarguments.
India has been gearing up to become the ultimate digital partner, providing end-to-end, innovative and transformative solutions and services to enterprises across the globe. It faces a historic opportunity to transform into one of the world’s major technology hubs, a report by Asia-based Heinrich Foundation said recently.
In 1987, CompuServe needed to pump crisp graphics over slow dial-up modems. The technology it created to do so is very much with us today.
A new research center at the University of California, Berkeley, funded by alumni Eric and Wendy Schmidt, will tackle major environmental challenges including climate change and biodiversity loss by combining data science and environmental science. The Eric and Wendy Schmidt Center for Data Science and Environment will make its novel solutions publicly available to all and make sure they are practical and can be replicated and scaled for society’s benefit.
One of Britain’s largest unions, Unite, is calling on chip designer Arm’s management to pause an ongoing redundancy process and “open up the books” for closer inspection to reveal the company’s “true” financial health.
Arm CEO Rene Haas recently wrote to employees warning of a need to “stay competitive” and “remove duplication of work now that we are one Arm.”
He said this includes stopping work that is “no longer critical to our future success; and think about how we get work done.”
This particular story on researchers successfully making yeast-free pizza dough has been making the rounds. As usual with stories written from a scientific angle, it’s worth digging into the details for some interesting bits. We took a look at the actual research paper and there are a few curious details worth sharing. Turns out that this isn’t the first method for yeast-free baking that has been developed, but it is the first method to combine leavening and baking together for a result on par with traditional bread-making processes.
The past couple of years of the COVID pandemic have been rough in some unexpected ways, and it’s clear that our world will never be quite the same as it was beforehand. In our community, the hackerspaces are open again, and while the pandemic hasn’t gone away this year shows the promise of hosting the first major hacker camps to be held since 2019. We’re sure a number of you will be making your way to them. To give a taste of what is to come we’ve got a rare glimpse into hacker camps past.
If there’s any looming, unwritten rule of learning a programming language, it states that one must break in the syntax by printing Hello, World! in some form or another. If any such rule exists for game programming on a new microcontroller, then it is certainly that thou shalt implement Snake.
[Stavros Korokithakis] finds the experience of falling asleep to fairy tales soothing, and this has resulted in a fascinating project that indulges this desire by using machine learning to generate mildly incoherent fairy tales and read them aloud. The result is a fantastic sort of automated, machine-generated audible sleep aid. Even the logo is machine-generated!
We got a tip this week, and the tipster’s comments were along the lines of “this doesn’t look like it’s a finished work yet, but I think it’s pretty cool anyway”. And that was exactly right. The work in question is basically attaching a simple webcam to a CNC router and then having at it with OpenCV, and [vector76]’s application was cutting out freeform hand-drawn curves from wood. To amuse his daughter.
Robert Wille, Professor at the Technical University of Munich and CSO at the Software Competence Center, Hagenberg, considers the classical simulation of quantum circuits
A major testing company in the United States announced this week that it will now charge people without Medicare, private coverage, or other insurance a $125 out-of-pocket charge to receive a Covid-19 PCR test—a fresh example of how the U.S. remains an outlier among wealthy nations for refusing to provide universal healthcare for its people.
“Charging individuals for Covid testing—a basic public health tool is just willful stupidity.”
The team’s findings underscore the potentially dangerous prevalence of plastics in the world. From plastic waste in vulnerable ecosystems, to microplastics being consumed in our food, scientists believe plastic pollution can cause damage to cells and even disrupt hormone production.
While researchers don’t fully understand the impact plastics have on the human body, the team now hopes that they can build off of their research to discover its effects.
Another great day to be a Linux user.
A now-former Apple employee accused of causing the iGiant to lose more than $10m in a super-scam has been charged with conspiracy, laundering, and tax evasion.
Dhirendra Prasad, 52, of San Joaquin County, California, worked at Apple in the US from 2008 to 2018, spending most of his time as a procurer of components and services for his employer’s products. It’s claimed, among other things, he received bribes, put in parts orders for fake repairs, siphoned off components, and caused Apple to pay for stuff it never actually got, all while he profited on the side.
As prosecutors put it this month, Prasad allegedly exploited his position by “engaging in multiple different schemes to defraud Apple, including taking kickbacks, stealing parts, and causing Apple to pay for items and services it never received, resulting in a loss of more than $10,000,000.” He allegedly evaded tax on these ill-gotten gains, which he also laundered [PDF] and helped in the evasion of tax.
A jury in Texas on Wednesday acquitted a former Boeing technical pilot, Mark A. Forkner, of defrauding two of the company’s customers, serving the federal government a defeat in its only criminal case against an individual connected to the troubled Boeing 737 Max jet.
Germany’s BSI federal cybersecurity agency has warned the country’s citizens not to install Russian-owned Kaspersky antivirus, saying it has “doubts about the reliability of the manufacturer.”
Russia-based Kaspersky has long been a target of suspicious rumors in the West over its ownership and allegiance to Russia’s rulers.
In an advisory published today, the agency said: “The BSI recommends replacing applications from Kaspersky’s virus protection software portfolio with alternative products.”
It added: “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.”
The internet can be a dangerous place. Not a week goes by without a cyber attack taking place. Go H*ck Yourself: A Simple Introduction to Cyber Attacks and Defense by Bryson Payne shows you how many basic cyber attacks work, so you can learn to defend against them. Payne teaches how to perform a variety of hacks to show that they are easy to do.
The book’s eleven chapters begin with straightforward concepts, like using a browser’s inspect tool to make a password field display the password and gaining administrative access to a Windows or Mac using installation media. The third chapter explains how to use VirtualBox to create Kali Linux and Microsoft Windows virtual machines that will be used for the exercises in the following chapters.
The diffoscope maintainers are pleased to announce the release of diffoscope version 209. This version includes the following changes:
* Update R test fixture for R 4.2.x series. (Closes: #1008446) * Update minimum version of Black to prevent test failure on Ubuntu jammy.
The call to bypass bug bounty firms came from American researcher Katie Moussouris, the founder of Luta Security, and a well-known figure in the infosec industry.
In a thread on Twitter, Moussouris said: “Technically [there is] nothing stopping all [crackers] who participate in bug bounties from refusing to submit bugs via bounty platforms except the threat of being kicked off said platforms (that refuse to employ them all yet use [crackers] as their sole income source) just sayin’. Email the bugs.”
US federal agencies have warned of possible threats to American and international satellite communication (SATCOM) networks that could affect customers.
In a joint security alert, the US Cybersecurity and Infrastructure Security Agency (CISA) and FBI “strongly encourage” critical infrastructure operators, along with SATCOM network providers and customers, to put in place a series of mitigation steps to shore up their networks.
It was about 11 p.m. when a restless software developer in Texas discovered that his hobby website, a free public records search engine, had been mentioned in a news story about a massive data breach.
To his horror, the article said the “shadowy website” judyrecords.com — his website — had published hundreds of thousands of the State Bar of California’s confidential case files. The state bar declared that it had notified law enforcement.
The Lapsus$ extortion gang briefly alleged over the weekend it had compromised Microsoft.
The devil-may-care cyber-crime ring has previously boasted of breaking into Nvidia, Samsung, Ubisoft, and others. Its modus operandi is to infiltrate a big target’s network, exfiltrate sensitive internal data, and then make demands to prevent the public release of this material – and perhaps just release some of it anyway.
“We are aware of the claims and are investigating,” a Microsoft spokesperson told The Register on Monday.
On Saturday and Sunday, the crooks shared then deleted on Telegram screenshots suggesting they had broken into Microsoft’s internal DevOps environment, as spotted by infosec bod Dominic Alvieri. The screenshot shows internal projects including Bing and Cortana’s source code, and WebXT compliance engineering projects.
The Lapsus$ cyber-crime gang, believed to be based in Brazil, until recently was best known for attacks on that country’s Ministry of Health and Portuguese media outlets SIC Noticias and Expresso.
However, the gang is climbing up the ladder, swinging at larger targets in the tech industry. Over the past few weeks, those have included Nvidia, Samsung, and Argentine online marketplace operator Mercado Libre. Now, Lapsus$ is suspected of attacking game developer Ubisoft.
Lapsus$ in February compromised Nvidia, stealing a terabyte of data that included proprietary information and employee credentials, and dumping some of the data online. The crew also demanded the GPU giant remove limits on crypto-coin mining from its graphics cards, and open-source its drivers.
A cryptographic vulnerability in the Tonelli Shanks modular algorithm, which is used in popular cryptographic library OpenSSL, can lead to denial-of-service attacks and can “definitely be weaponized” in the current threat environment, according to an NSA official.
The bug — discovered by two Google employees, security researcher Tavis Ormandy and software engineer David Benjamin, and is being tracked under CVE-2022-0778 — affects the BN_mod_sqrt() function in OpenSSL, which is used to compute the modular square root and parses certificates that use elliptic curve public key encryption.
This process can be exploited if an attacker submits a certificate with broken curve parameters, thus triggering an infinite loop in the program and leading to a denial of service.
TAG initially detected Exotic Lily – which the researchers describe as a “resourceful, financially motivated threat actor” – in September 2021 exploiting a zero-day flaw in Microsoft MSHTML (tracked as CVE-2021-40444). Further investigation discovered that the group was acting as an IAB working with a Russian gang known as FIN12 by cybersecurity vendors Mandiant and FireEye, Wizard Spider by CrowdStrike, and DEV-0193 by Microsoft.
As Ukraine fights for survival against invading Russian forces, here’s a taste of some of the malware the nation’s Computer Emergency Response Team (CERT) is battling.
To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates. When these were downloaded and run by a victim, more malware was brought onto the machine, including Cobalt Strike Beacon, which can take over the PC with PowerShell scripts, log keystrokes, take screenshots, exfiltrate files, run other malicious code, attempt to traverse the network, and so on. Beacon is a legit tool developed by HelpSystems mainly for red-team professionals.
The advisory outlines various indicators of compromise (IoCs) that can help companies determine whether they have become AvosLocker victims, as well as a list of mitigation steps they can take. These range from developing a data recovery plan and implementing network segmentation to regularly backing up data, installing and updating antivirus software and installing updates and patches on operating systems.
Users of Western Digital’s EdgeRover app for Windows and Mac are advised to download an updated version to avoid a security flaw that might allow an attacker unauthorized access to directories and files.
The flaw, which was given the CVE identification number CVE-2022-22988, carries a Common Vulnerability Scoring System (CVSS) severity rating of 9.1, making it a critical weakness. It has now been addressed, however, with a modification to the way EdgeRover handles file and directory permissions.
↺ The secret police: Inside the app Minnesota police used to collect data on journalists at protests
n April of last year, a freelance photojournalist named J.D. Duggan was covering a protest in Brooklyn Center, Minnesota, a suburb of Minneapolis, when things took a disturbing turn. A few days earlier, a police officer in Brooklyn Center had shot and killed 20 year-old Daunte Wright, and a community wounded and incensed by George Floyd’s murder less than a year earlier took to the streets.
As Duggan was documenting the demonstrations, they say a “couple hundred” officers surrounded a group of protestors and journalists and told everyone to get on the ground. Officers sorted the press from the protestors, walked them to a parking lot, and began photographing them, one by one, with cell phones. Duggan estimates that a few dozen journalists were cataloged in the same manner that night before being released.
Google is working to prop up its healthcare efforts following internal project shakiness that led the Mountain View, California-based company to dismantle its Google Health business last year after its leader, David Feinberg, departed to become chief executive at EHR giant Cerner. Google Health was created in 2018 to bring the company’s health initiatives under a single umbrella but was disbanded in August following extensive restructuring and with little concrete to show in terms of disrupting the entrenched healthcare industry.
The Tesla founder joined the debate on censorship on major social media platforms, first posting a Twitter poll centered on the question: “Free speech is essential to a functioning democracy. Do you believe Twitter rigorously adheres to this principle?”
Roughly 70% of Musk’s 79.2 million followers soon weighed in with a resounding “No.”
Musk shared his thoughts on Twitter after being asked if a new platform is something he’d consider.
American and European Union leaders said on Friday that they had reached an “agreement in principle” to assure that it is legal to transfer personal data across the Atlantic, after a previous pact was struck down when a court found it did not do enough to shield Europeans from American surveillance programs.
President Biden said at a news conference in Brussels that the agreement included “unprecedented protections for data privacy and security for our citizens.”
The deal includes a way for Europeans to object if they feel that their privacy has been violated, including through an “independent Data Protection Review Court,” the White House said in a fact sheet released after the news conference. The deal still needs to be made final, the United States and the European Commission said in a joint statement, adding that the White House would put its commitments in an executive order.
The European Union and United States made a breakthrough in their yearslong battle over the privacy of data that flows across the Atlantic with a preliminary agreement Friday that paves the way for Europeans’ personal information to be stored in the U.S.
Hot on the heels of Microsoft’s report card from the Dutch department of Justice and Security comes news of rival messaging platform Zoom receiving a nod via a renewed Data Protection Impact Assessment (DPIA).
The assessment was performed by the Privacy Company and was commissioned by SURF (the purchasing organisation for Netherlands’ universities.)
The first assessment kicked off in 2020 and by May 2021 [PDF] concluded that there were nine high and three low data protection risks for users of the video conferencing platform.
These risks included worries about where personal data was actually being processed and the retention of customer data.
“Logs for network equipment in security critical functions shall be fully recorded and made available for audit for 13 months,” explained the code. Large ISPs have until 2025 to implement such logging, while smaller outfits have a full five years to get themselves up to speed.
Bucking those who warn that a push for regime change in Moscow could prolong the war in Ukraine and intensify the suffering of its people, U.S. President Joe Biden appeared to openly call for the overthrow of Russian Vladimir Putin on Saturday during a speech in Warsaw, Poland.
“Whenever the United States tried regime change, it didn’t turn out very well.”
The Dalai Lama is among 16 Nobel Peace Prize laureates who jointly issued an open letter Saturday calling for the immediate end of the attack on Ukraine and an explicit vow from both Russia and NATO forces that nuclear weapons of any kind will not be used as part of this conflict or any other.
“The invasion of Ukraine has created a humanitarian disaster for its people. The entire world is facing the greatest threat in history: a large-scale nuclear war, capable of destroying our civilization and causing vast ecological damage across the Earth.”
As the Ukraine war enters its second month it is close to a very violent stalemate. It is doing damage, however, far beyond the borders of that country or even of Europe—and not just with bullets and bombs.
“We are anonymous because we fear retaliation.” This text was part of a letter signed by 500 Google employees last October, in which they decried their company’s direct support for the Israeli government and military.
Would you be able to attack and take over your neighbor’s home over a boundary line dispute? Could you legally threaten their safety, no matter how angry you were? The answer is a resounding no. Then why is it that when a conflict transcends national boundaries, we have no clear and immediate recourse against aggression other than threatening or carrying out more violence in return?
The government in Ankara wants to become the fourth naval power in the Mediterranean, and after being kicked out of the „F35“ programme, the navy is turning to drones. Russia, however, could attack key production facilities.
The war in Ukraine is not, as some commentators rushed to declare, the “first social-media war”. Israel and Hamas have long sparred on Twitter as well as IRL. During Mr Putin’s previous invasion of Ukraine, in 2014-15, digital sleuths used selfies that Russian soldiers posted online to prove their presence on the battlefield in the Donbas region. (Russia subsequently barred soldiers from carrying smartphones while on duty.) Nor is the war in Ukraine the first conflict to appear on a new generation of social networks such as TikTok, which launched in 2016. Videos from the war in Syria have long circulated there; those interested could also find plenty of clips from Nagorno-Karabakh, the disputed enclave that Armenia and Azerbaijan fought over in 2020.
AI is a fantastic technology with a bright outlook. It is rather versatile and has potential applications in various fields, namely in the military. However, since there are many issues and limitations with AI as it currently exists, its use in military combat would be catastrophic. Despite this, AI could possibly yield excellent results in defense and reconnaissance, so long as it is aided by human intervention. AI is a relatively new technology that often requires humans to function properly. As long as humans have a say in AI, there should be less room for error and more room for improvement. Hopefully when these limitations in AI technology are improved, we could see the implementation of more effective and more ethical technology both within and outside of the battlefield.
Stephen Gillers, a law professor at N.Y.U. and a prominent judicial ethicist, described the revelations as “a game changer.” In the past, he explained, he had supported the notion that a Justice and his spouse could pursue their interests in autonomous spheres. “For that reason, I was prepared to, and did tolerate a great deal of Ginni’s political activism,” he said. But “Ginni has now crossed a line.” In an e-mail reacting to the texts, Gillers concluded, “Clarence Thomas cannot sit on any matter involving the election, the invasion of the Capitol, or the work of the January 6 Committee.”
About 200 young boys graduated from the Darul-Quran training camp operated by the Islamic State’s West Africa Province (ISWAP) in February, according to a report by the Institute of Security Studies (ISS)
Just months after French forces killed the local chief of the Islamic State (IS) group in the Sahel region, the jihadist group has stepped up its attacks along Mali’s restive borders with Niger and Burkina Faso, helped by France’s military pullout from Mali amid a spat with the country’s ruling junta. FRANCE 24′s expert in jihadist networks Wassim Nasr takes a closer look.
In the last six months of 2021, civilian killings rose 16 percent, according to a report by the United Nation’s peacekeeping mission in the troubled Sahel state, known as Minusma.
Mali, an impoverished nation of 21 million people, has over the past decade been wracked by a jihadist insurgency. Vast swathes of the country are in thrall to myriad rebel groups and militias.
Thousands of soldiers and civilians have been killed and hundreds of thousands of people have been forced to flee their homes.
“Finally, weapons from government sources regularly found their way into criminal hands for elephant poaching and for general banditry. Banditry had been an endemic issue in northern Mozambique for many years before the insurgency and illicit weapons were circulated for use by bandits.
“Over time insurgent armouries grew significantly. The bulk of this weaponry comes directly from Mozambican military sources, including weapons captured from security force camps, border posts and police armouries in towns and villages overrun by the insurgents and abandoned by Mozambican security forces in retreat.
The director of the Federal Bureau of Investigations warned the private sector to be on high alert for potential Russian cyberattacks.
While speaking at the Detroit Economic Forum on Tuesday, Christopher Wray urged private companies to alert the government with any cyberattacks they might experience in an effort to troubleshoot Russian [attacks].
Ukraine’s formidable military resistance to Russia’s invasion has stunned the world. But it’s not just on the battlefield that Kiev has upset expectations of a swift Kremlin conquest—it’s also done so in cyberspace. Ukraine’s unexpected dominance includes victories across an array of digital domains, particularly cyberwarfare and cybersecurity, as well as its sophisticated social media and messaging campaigns. Despite early Russian hacks of Ukrainian government sites, the momentum quickly shifted in the opposite direction. As Russia is now finding out, Ukraine wasn’t just prepared militarily when the first rumbles of war broke out on February 24. Kiev also had legions of cyber warriors ready for battle behind their keyboards.
Tesla reportedly fired an employee after he uploaded videos to YouTube critiquing the automaker’s autonomous driving software.
John Bernal, an ex-Tesla operator working on the Autopilot platform, runs a YouTube channel under the username AI Addict. He has filmed and shared several videos demonstrating the capabilities of Tesla’s still-in-development Full Self-Driving (FSD) product.
Bloomberg reported that Exxon simply doesn’t have enough pipelines to transport all the gas it produces from shale oil. How much Exxon is getting paid for pumping the resource to Bitcoin miners isn’t yet clear.
As the world weans itself off dirty fuels, it must switch to cleaner energy sources. The International Energy Agency (IEA), an official forecaster, predicts that wind and solar could account for 70% of power generation by 2050, up from 9% in 2020, if the world embarks on a course to become carbon-neutral by 2050. That translates into huge demand for the metals, such as cobalt, copper and nickel, that are vital for the technologies underpinning everything from electric cars to renewables; the IEA reckons that the market size of such green metals would increase almost seven-fold by 2030. And much like fossil-fuel reserves, these commodities are distributed unevenly (see chart 1). Some countries have none at all. Others are blessed with vast deposits.
In December 2021, the European Central Bank (ECB) published a report on “Central Bank Digital Currency: functional scope, pricing and controls” in its Occasional Paper Series, detailing various challenges for the Digital Euro. While the authors peripherally acknowledge the existence of token-based payment systems, the notion that a Digital Euro will somehow require citizens to have some kind of central bank account is pervasive in the paper. We argue that an account-based design cannot meet the ECB’s stated design goals and that the ECB needs to fundamentally change its mindset when thinking about its role in the context of the Digital Euro if it wants the project to succeed.
Europe’s lawmakers this week moved ahead with their proposed cryptocurrency regulations, having ditched a rule that might have banned financial services from dealing in Bitcoin and Ethereum.
The European Union is considering ways to regulate digital coins, particularly to stamp out money laundering, and as such in 2020 drew up a draft framework dubbed the Markets in Crypto Assets (MiCA) to achieve this. During the development of this red tape, an amendment was proposed that, depending on its interpretation, could have made it illegal for app and web services to handle transactions involving proof-of-work coins, such as Bitcoin and Ethereum.
In 2002, confidential intelligence sources informed ATF Agents of an Argentinean suspect brazenly selling machine guns, silencers and conversion kits over the internet. These firearms were being illegally imported into the United States and other countries. ATF agents quickly established email contact with the suspect and ordered machine guns and silencers, which were mailed disguised as machine parts.
Through innovative investigation techniques, ATF was able to positively identify the suspect and secure search warrants for postal records, electronic financial records and internet service providers. The investigation concluded that the suspect had been in business since 1999, and had sent or received over 6,500 email messages within a 30-day period. The U.S. Customs Service assisted in this investigation.
In the face of unprecedented right-wing attempts to censor and disappear works of literature, history and science from schools and libraries under the argument of being “harmful” to the United States. Librarians and their allies are now leaders of the opposition.
Number of requests to censor or ban books -Some of the best and classic of American literature – in educational institutions Has reached unprecedented levels, With at least 330 audit attempts in the three months between September and November 2021The American Library Association (ALA) estimates that number will double to 156 by 2020.
But while Vidgen’s story stayed live for the rest of the day, a few hours later, my post had disappeared with a notification that read, “Your post goes against our guidelines on adult sexual solicitation.”
This was particularly striking, given the similarity of our images, which had nearly identical posing and exposed skin (in fact, my chest was covered, so I was showing less than Vidgen).
The implicit message appeared to be that a man’s naked body could just exist, while a woman couldn’t be unclothed without it being inherently sexual.
Though I appealed the removal and had the post reinstated, within 24 hours it was taken down again with a second, far more ominous warning from the platform that my account was about to be deleted.
The anime industry continues to evolve in prolific ways, and there’s never been more diverse material to experience. Anime explores so many challenging and niche genres of content that it frequently feels as if there’s a series out there for every single person. The ongoing success of anime has also led to a much wider range of series that receive English dubs.
The sophistication of the anime dubbing industry has made great strides over the past few decades. That being said, there are some egregious instances – both from the past and the present – where the market for the anime’s English dub doesn’t mesh with the original Japanese demographic and changes need to be made. Censorship is never pleasant, even when it’s a necessary evil, and these are some of the most frustrating examples.
A proposal to ban the symbols of Russia’s military aggression [in Ukraine] has stirred passions in Estonia. Isamaa MPs have also proposed a Penal Code amendment. All of it should be reviewed before May 9. What are we going to do to keep society from splitting?
War propaganda is prohibited by law. Putin is waging a war of aggression in Ukraine, and I do not understand people who promote its symbols. If it is war propaganda, it will result in criminal responsibility. However, rushing to ban vague symbolism would create more confusion today. I am confident that the Estonian society is strong enough for truth to rise to the surface and isolated misunderstanding to fall to the bottom.
Ekho Moskvy, one of Russia’s leading media outlets, was taken off the air on March 1 amid a Russian crackdown on independent media covering Russia’s invasion of Ukraine.
While the Russian military seems to be failing to capture key cities, President Vladimir Putin is intensifying his two-decade crackdown on information. The Kremlin has shut down Russia’s last three independent media outlets, barred major social media platforms, created new laws against journalists who defy its propaganda and insisted on calling the war a “special military operation”. But Russia’s propaganda has also forced multiple journalists to dramatically quit.
The US has canceled Doha talks with the Taliban, after the the rulers of Afghanistan backtracked on allowing girls to attend secondary school. Female foreign ministers of 16 countries have also condemned the move.
“There are at least 18 gangs within the Los Angeles County Sheriff’s Department,” according to the investigation, and they are allegedly tied to the deaths of at least 19 people, all of whom were men of color. Castle’s reporting includes a database of names of deputies reportedly involved in these gangs. The department did not speak to the journalism outlet for the series.
Afghanistan’s Taliban rulers refused to allow dozens of women to board several flights, including some overseas, because they were traveling without a male guardian, two Afghan airline officials said Saturday.
The officials, who spoke on condition of anonymity for fear of repercussions from the Taliban, said dozens of women who arrived at Kabul’s international airport Friday to board domestic and international flights were told they couldn’t do so without a male guardian.
Judge Ketanji Brown Jackson faced almost 24 hours of often hostile interrogation over two days before the Senate Judiciary Committee as its members consider her for the U.S. Supreme Court. The 51-year-old federal appeals court judge is the first African-American woman nominated to the highest court, and also the first public defender. Her nomination is historic. But her presence, as a Black woman, poised to secure a lifelong appointment to one of the most powerful positions in the United States, proved to be just too much for many on that Senate panel. A small cohort of Republican senators relentlessly smeared Judge Jackson. She remained poised throughout, answering questions with calm authority.
Years ago, a caller named “Jeff from Denver” used to call my show complaining of a lack of progressive action and sold-out Dems in Colorado. One day I challenged him to show up at his local Democratic Party and do something about it instead of just complaining. He stopped calling, which made me think I’d offended him and he’d stopped listening.
Criminals are staging a devious new kind of kidnapping — and the FBI is stumped.
China’s internet regulator, the Cyberspace Administration of China (CAC), has taken unusually strong action against a social network that has long been considered a thorn in the side of the nation’s elites.
The site in question is Douban: a Reddit-like affair that started life as a forum to discuss books, music, and film. In the years since its 2005 founding, the site has become known for attracting users who express opinions that China’s government may well find displeasing. Commenters have, for example, generally been unafraid to share frank opinions of works considered to represent exceptional expressions of Chinese patriotism.
Besides VPNs, Russians are using encrypted messaging apps, email and radio to communicate, access blocked websites, and get information. Western technology experts have said the Russian actions amount to a “digital iron curtain” similar to China’s great firewall, and raise the risk the internet could split along geopolitical lines, digitally isolating people in some nations.
I heard an electric discharge, a bit like a Jacob’s ladder, immediately before a deafening crack of thunder. I’d never been so close to a lightning strike! All of the lights in the house went bright, then dimmed, then went back to normal. “Uh-oh,” I thought, “I’m in trouble now.” Everything in the house had been hit by a nasty surge and the oft-spoken aphorism that broadband services are now a utility to rank with water and electricity was suddenly very, very, real to me.
But it was electricity I worried about first. I use top of the line surge protectors so my most sensitive devices – computers and monitors, of which I have many – all seemed fine. But I’d overlooked two other connections that come into nearly every home: the antenna and the phone line.
The powers of technology giants like Facebook owner Meta, Google, Amazon and Apple could be severely curbed as the European Union Council and European Parliament have reached a provisional political agreement on the landmark Digital Markets Act (DMA).
The DMA, the process for which began some 16 months ago, defines clear rules governing large online platforms and aims to ensure that no large online platform that acts as a gatekeeper for a large number of users abuses its position to the detriment of other companies wishing to access such users.
The UK Competition and Markets Authority (CMA) merger inquiry into NortonLifeLock’s proposed $8bn acquisition of rival antivirus provider Avast has now closed, with the regulator concluding that a tie-up could indeed reduce competition in the marketplace.
“Advanced discussions” concerning a merger of the two security vendors first surfaced in July 2021, when NortonLifeLock investors were told that a combination with Avast “would bring together two companies with aligned visions, highly complementary business profiles and a joint commitment to innovation that helps protect and empower people to live their digital lives safely.”
With two Oscar nominations, “Parallel Mothers” is one of the contenders for the prestigious award ceremonies tomorrow. The Spanish film production company El Deseo will be delighted with the honor. However, it might be a bit confused as well, as the company inadvertently sent a takedown notice targeting the official Oscars website.
Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages. Permalink Send this to a friend
----------
➮ Sharing is caring. Content is available under CC-BY-SA.
-- Response ended
-- Page fetched on Fri Nov 1 00:07:26 2024