| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Thursday, 09 March
02:00
Will A.I. Steal all the Code and Take all the Jobs? Hackaday
New technology often brings with it a bit of controversy. When considering stem cell therapies, self-driving cars, genetically modified organisms, or nuclear power plants, fears and concerns come to mind as much as, if not more than, excitement and hope for a brighter tomorrow. New technologies force us to evolve perspectives and establish new policies in hopes that we can maximize the benefits and minimize the risks. Artificial Intelligence (AI) is certainly no exception. The stakes, including our very position as Earths apex intellect, seem exceedingly weighty. Mathematician Irving Goods oft-quoted wisdom that the first ultraintelligent machine is the last invention that man need make describes a sword that cuts both ways. It is not entirely unreasonable to fear that the last invention we need to make might just be the last invention that we get to make.
Artificial Intelligence and Learning
Artificial intelligence is currently the hottest topic in technology. AI systems are being tasked to write prose, make art, chat, and generate code. Setting aside the horrifying notion of an AI programming or reprogramming itself, what does it mean for an AI to generate code? It should be obvious that an AI is not just a normal program whose code was written to spit out any and all other programs. Such a program...
01:43
Security updates for Wednesday LWN.net
Security updates have been issued by Debian (apr), Fedora (c-ares), Oracle (curl, kernel, pesign, samba, and zlib), Red Hat (curl, gnutls, kernel, kernel-rt, and pesign), Scientific Linux (kernel, pesign, samba, and zlib), SUSE (libX11, python-rsa, python3, python36, qemu, rubygem-rack, xorg-x11-server, and xwayland), and Ubuntu (libtpms, linux-ibm, linux-raspi, linux-raspi, python3.7, python3.8, and sofia-sip).
00:54
Samba 4.18 Released With Performance Optimizations Phoronix
Samba 4.18 is out today as the popular open-source implementation of the SMB networking protocol that allows for file and print service interoperability with Microsoft Windows systems in an Active Directory (AD) environment...
00:28
Sickle cell disease is now curable, but the treatment is unaffordable Lifeboat News: The Blog
CRISPR gene editing has made it possible to cure sickle cell disease, which affects millions worldwide, but most people with the condition wont be able to afford the cost of the treatment.
00:27
Nvidia will soar 19% as the markets top semiconductor stock because their chips work most seamlessly with AI and they already have a head start, Credit Suisse says Lifeboat News: The Blog
Analysts at Credit Suisse have a price target of $275 on Nvidia, saying its hardware and software give it an edge over rivals in AI.
00:27
FDA to recall 2 more eyedrop brands due to contamination risks Lifeboat News: The Blog
U.S. health officials are alerting consumers about two more recalls of eyedrops due to contamination risks that could lead to vision problems and serious injury.
00:27
South Korea Maps Out Plan to Become Major Space Player by 2045 Lifeboat News: The Blog
South Koreas giant leap into space started with a small step on the internet.
With treaties banning certain tech transfers, South Koreas rocket scientists turned to a search service to find an engine they could mimic as the country embarked on an ambitious plan to build an indigenous space program. The nation launched its first home-grown rocket called Nuri in October 2021.
00:26
Computer Scientist Explains One Concept in 5 Levels of Difficulty Lifeboat News: The Blog
Computer scientist Amit Sahai, PhD, is asked to explain the concept of zero-knowledge proofs to 5 different people; a child, a teen, a college student, a grad student, and an expert. Using a variety of techniques, Amit breaks down what zero-knowledge proofs are and why its so exciting in the world of cryptography.
Amit Sahai, PhD, is a professor of computer science at UCLA Samueli School of Engineering.
Still havent subscribed to WIRED on YouTube? http://wrd.cm/15fP7B7
Listen to the Get WIRED podcast https://link.chtbl.com/wired-ytc-desc.
Want more WIRED? Get the magazine
https://subscribe.wired.com/subscribe/splits/wired/WIR_YouTuription_ZZ
Follow WIRED:
Instagram https://instagram.com/wired.
Twitter http://www.twitter.com/wired.
Facebook https://www.facebook.com/wired.
Get more incredible stories on science and tech with our daily newsletter: https://wrd.cm/DailyYT
00:24
They thought loved ones were calling for help. It was an AI scam Lifeboat News: The Blog
As impersonation scams in the United States rise, Cards ordeal is indicative of a troubling trend. Technology is making it easier and cheaper for bad actors to mimic voices, convincing people, often the elderly, that their loved ones are in distress. In 2022, impostor scams were the second most popular racket in America, with over 36,000 reports of people being swindled by those pretending to be friends and family, according to data from the Federal Trade Commission. Over 5,100 of those incidents happened over the phone, accounting for over $11 million in losses, FTC officials said.
Advancements in artificial intelligence have added a terrifying new layer, allowing bad actors to replicate a voice with just an audio sample of a few sentences. Powered by AI, a slew of cheap online tools can translate an audio file into a replica of a voice, allowing a swindler to make it speak whatever they type.
Experts say federal regulators, law enforcement and the courts are ill-equipped to rein in the burgeoning scam. Most victims have few leads to identify the perpetrator and its difficult for the police to trace calls and funds from scammers operating across the world. And theres little legal precedent for courts to hold the companies that make the tools accountable for their use.
00:24
Wayland Clients Can Now Survive Qt Wayland Crashes / Compositor Restarts Phoronix
A change merged to Qt this week can allow for Wayland clients to survive compositor restarts, such as when the compositor crashes...
00:22
A radical new theory about the origin of the universe may help explain our existence Lifeboat News: The Blog
The deeper you get into physics, the simpler it becomes. The starting point of this wonderful book about Stephen Hawkings biggest legacy (which no one outside of physics has heard of) is the problem of our insignificance. Make a change in almost any of the slippery, basic physical properties of the universe and were toast life would not be possible. If, for example, the universe had expanded even slightly more slowly than it did after the Big Bang it would have collapsed in on itself. Result? No us. A fraction faster and no galaxies would form, let alone habitable planets. In the incandescent beginning of the universe, each of these basic physical properties was as vacillating as a dream: they could have ended up being pretty much anything. How did they all, so sweetly, settle on the minuscule range of values that brought about us?
One answer is to say God did it. He deliberately selected our universe (and not one of the overwhelmingly more probable alternatives) to go forth and be fecund. Another suggestion is that all the possible universes that could exist do exist, now, at the same time trillions and trillions of them, humming about like bees and were just in one of the ones we could be in. This idea is called the multiverse. In a multiverse theres nothing special about the incredible unlikeliness of being. Leibnitz came up with the proposal first, adding piously that God has placed us in the best universe of all possible universes. People have been making fun of that since Voltaire. Another idea is that new worlds are being created endlessly, all equally real. Every time you make a cup of coffee, a multiplicity of alternative worlds splits off in which you made it with more milk, or added honey instead of sugar, or the coffee machine exploded and you didnt make it at all.
00:22
Scientists Observe Quasiparticles in Classical Systems for the First Time Lifeboat News: The Blog
Since the advent of quantum mechanics, the field of physics has been divided into two distinct areas: classical physics and quantum physics. Classical physics deals with the movements of everyday objects in the macroscopic world, while quantum physics explains the strange behaviors of tiny elementary particles in the microscopic world.
Many solids and liquids are made up of particles that interact with each other at close distances, leading to the creation of quasiparticles. Quasiparticles are stable excitations that act as weakly interacting particles. The concept of quasiparticles was introduced in 1941 by Soviet physicist Lev Landau and has since become a crucial tool in the study of quantum matter. Some well-known examples of quasiparticles include Bogoliubov quasiparticles in superconductivity, excitons in semiconductors.
Semiconductors are a type of material that has electrical conductivity between that of a conductor (such as copper) and an insulator (such as rubber). Semiconductors are used in a wide range of electronic devices, including transistors, diodes, solar cells, and integrated circuits. The electrical conductivity of a semiconductor can be controlled by adding impurities to the material through a process called doping. Silicon is the most widely used material for semiconductor devices, but other materials such as gallium arsenide and indium phosphide are also used in certain applications.
00:04
Links 08/03/2023: FEX 2303 Tagged and Investing in RSS Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Audioca...
-
00:00
How the EU Chips Act Could Build Innovation Capacity in Europe IEEE Spectrum
The European commission wants Europe to boost its share of
global semiconductor production to 20 percent by 2030, from 10
percent today. To that end, it is forwarding plans for more than 43
billion in public and private investment through a European Chips Act. To accomplish that increase
in chip capacity, the legislation will approve appropriations for
R&D, incentivize manufacturing, and take steps to make the
supply chain more secure. Jo De Boeck, chief strategy officer and
executive vice president at the Belgium-based nanoelectronics
R&D center imec, explained a proposed R&D structure and its
likely impact to engineers at the 2023 IEEE International Solid State Circuits
Conference (ISSCC) last month in San Francisco. The R&D
segment relies on the establishment of advanced pilot line
facilities, to enable a path from laboratory breakthrough to fab
production, and a network of competence centers, to build up
capacity for semiconductor design. De Boeck spoke with IEEE
Spectrums Samuel K. Moore at ISSCC.
IEEE Spectrum: What would you say are Europes strengths today in semiconductor manufacturing?
Jo De Boeck: Well, manufacturing holds quite a few things. So first and foremost, I think of semiconductor manufacturing equipment and materials. Think of [Netherlands-based extreme-ultraviolet lithography maker], ASML. If you move up to the manufacturing part, you have some of our integrated device manufacturers in analog and analog mixed-signal and power devices, which is, of course, quite a very important area of devices and production to be in. But clearlyand thats part of the reason for the Chips Acttheres no European manufacturing presence at the most advanced technology nodes..
That said, how much of the focus should be on getting that cutting-edge logic versus building on the strengths that you already have?
De Boeck: Well, if it means focusing on one is losing on the other, I think thats a bad choice to make. I think its important, first of all, to keep a long enough view in mind. 2030 is like tomorrow in this industry. So if were looking at getting 20 percent production in Europe by 2030 and you would aim that toward being leading e...
Wednesday, 08 March
23:51
How a Super-Earth Would Change the Solar System Centauri Dreams Imagining and Planning Interstellar Exploration
If there is a Planet Nine out there, I assume well find it soon. That would be a welcome development, in that it would imply the Solar System isnt quite as odd as it sometimes seems to be. We see super-Earths and current thinking seems to be that this is what Planet Nine must be in other stellar systems, in great numbers in fact. So it would stand to reason that early in its evolution our system produced a super-Earth, one that was presumably nudged into a distant, eccentric orbit by gravitational interactions.
The gap in size between Earth and the next planet up in scale is wide. Neptune is 17 times more massive than our planet, and four times its radius. Gas giant migration surely played a role in the outcome, and when considering stellar system architectures, its noteworthy as well that all that real estate between Mars and Jupiter seems to demand something more than asteroidal debris. To make sense of such issues, Stephen Kane (University of California, Riverside) has run a suite of dynamical simulations that implies we are better off without a super-Earth anywhere near the inner system.
Image: Artists concept of Kepler-62f, a super-Earth-size planet orbiting a star smaller and cooler than the sun, about 1,200 light-years from Earth. What effect would such a planet have in our own Solar System? Image credit: NASA Ames/JPL-Caltech/Tim Pyle.
Supposing a super-Earth did exist between Mars and Jupiter, Kanes simulations demonstrated the outcomes for a range of different masses, the results presented in a new paper in the Planetary Science Journal. The heavyweight of our system, Jupiters 318 Earth masses carry profound gravitational significance for the rest of the planets. Disturb Jupiter, these results suggest, and in some scenarios the inner planets, including our own, are ejected from the Solar System. Even Uranus and Neptune can be affected and perhaps ejected as well depending on the super-Earths location.
As the paper notes, the range of possibilities is wide:
several thousand simulations were conducted, producing a vast variety of dynamical outcomes for the solar system planets. The inner solar system planets are particularly vulnerable to the addition of the super-Eart...
23:26
Syxsense Platform: Unified Security and Endpoint Management The Hacker News
As threats grow and attack surfaces get more complex, companies continue to struggle with the multitude of tools they utilize to handle endpoint security and management. This can leave gaps in an enterprise's ability to identify devices that are accessing the network and in ensuring that those devices are compliant with security policies. These gaps are often seen in outdated spreadsheets that
23:25
US Restrictions See China's Chip Imports Plummet 27% in First Two Months of 2023 SoylentNews
The sanctions are having a huge impact:
[...] According to China's General Administration of Customs data published Tuesday (via The South China Morning Post), the country imported 67.6 billion integrated circuits (IC) in January and February. That's down 26.5% from the same period last year, and higher than the 15.3% fall recorded for the entirety of 2022.
The total value of these imports also declined, from $68.8 billion last year to $47.8 billion, a drop of 30.5%. That's partly due to chip prices that have fallen due to oversupply and the general economic downturn.
China's IC exports also fell in the first two months, down 20.9% to 37.3 billion units, while the total value of the exports dropped 25.8%.
The US has been tightening its restrictions on China's chip industry over the last 12 months, which the United States says will prevent its global rival from developing semiconductors for military applications, including supercomputers, nuclear weapons modeling, and hypersonic weapons.
October's restrictions on chipmaking tools from the Bureau of Industry and Security were some of the harshest, designed to cap China's logic chips at the 14-nanometre node, DRAM at 18nm, and 3D NAND flash at 128 layers. The US has also prohibited AMD and Nvidia from selling some of its high-performance AI-focused GPUs to China, including team green's A100 GPUs.
Read more of this story at SoylentNews.
23:05
IOCB_NOWAIT For Linux Pipes Yields 10~23x Performance Improvement Phoronix
In wanting to avoid waiting for pipes via the IOCB_NOWAIT option in order to further enhance IO_uring performance, Jens Axboe has implemented said functionality and in a simple test is seeing 10x to 23x performance improvements...
23:04
Shell command and Emacs Lisp code injection in emacsclient-mail.desktop Open Source Security
Posted by Gabriel Corona on Mar 08
emacsclient-mail.desktop is vulnerable to shell commandinjections and Emacs Lisp injections through a crafted
mailto: URI.
This has been introduced in Emacs 28.1:
http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c
A fix for shell command injection is currently included
in the upcoming 28.3 branch:...
23:01
DNS Resolver Quad9 Loses Global Pirate Site Blocking Case Against Sony TorrentFreak
In 2021, Sony Music obtained an injunction ordering DNS
resolver Quad9 to block the
popular pirate site Canna.to.
The injunction, issued by the District Court of Hamburg, required the Swiss DNS resolver to block its users from accessing the site to prevent the distribution of pirated copies of Evanescences album The Bitter Truth.
Quad9 Appeals Site Blocking Injunction
The Quad9 Foundation fiercely opposed the injunction. The not-for-profit foundation submitted an appeal to the Court hoping to overturn the blocking order, arguing that the decision set a dangerous precedent.
The DNS resolver stressed that it doesnt condone piracy. However, it believes that enforcing blocking measures through third-party intermediaries, that dont host any content, is a step too far.
This initial objection failed; the Regional Court in Hamburg upheld the blocking injunction last December. However, this was only a preliminary proceeding and Quad9 promised to continue the legal battle, warning of a broad impact on the Internet ecosystem.
Sony Files Main Proceeding
After Sonys preliminary victory, the music company initiated a main proceeding at the Leipzig court. This was the next step in the legal process and allowed both sides to provide more evidence and expert opinions.
Sony, for example, referenced earlier jurisprudence where Germanys Federal Court ruled that services such as YouTube can be held liable for copyright infringement if they fail to properly respond to copyright holder complaints.
Quad9s expert, Prof. Dr. Ruth Janal, contested this line of reasoning, noting that, under EU law, DNS resolvers shouldnt be treated in the same fashion as platforms that actually host content
Quad9 is more akin to a mere conduit service than a hosting provider, Prof. Janal countered. Courts could instead require Quad9 to take action through a no-fault injunction, a process thats already used in ISP blocking orders. In those cases, however, the intermediary isnt held liable for pirating users.
Court Confirms DNS Blocking Requiremen...
23:00
Stranded Motorist Effects Own Rescue Using a Drone and a Cell Phone Hackaday
If youre looking for a good excuse to finally buy a drone, you probably cant do better than claiming it can save your life.
Granted, you may never find yourself in the position of being stuck in a raging snowstorm in the middle of the Oregon wilderness, but if you do, this is a good one to keep in mind. According to news stories and the Lane County Sheriff Search and Rescue Facebook page, an unnamed motorist who was trying to negotiate an unmaintained road through the remote Willamette National Forest got stuck in the snow. This put him in a bad situation, because not only was he out of cell range, but nobody knew where he was or even that he was traveling, so he wouldnt be missed for days.
Thankfully, the unlucky motorist played all his cards right. Rather than wandering off on foot in search of help, he stayed with his vehicle, which provided shelter from the elements. Conveniently, he also happened to have a drone along with him, which provided him with an opportunity to get some help. After typing a detailed text message to a friend describing his situation and exact location, he attached the phone to his drone and sent it straight up a couple of hundred feet enough to get a line-of-sight connection to a cell tower. Note that the image above is a reenactment by the Search and Rescue team; its not clear how the resourceful motorist rigged up the drone, but were going to guess duct tape was involved.
When he brought the drone back down a few minutes later, he found that the queued text had been sent, and the cavalry was on the way. The Search and Rescue unit was able to locate him, and as a bonus, also found someone else nearby who had been stranded for days. So it was a win all around thanks to some clever thinking and a little technology.
22:57
CISA adds three new bugs to Known Exploited Vulnerabilities Catalog Security Affairs
US CISA added actively exploited flaws in Teclib GLPI, Apache Spark, and Zoho ManageEngine ADSelfService Plus to its Known Exploited Vulnerabilities Catalog.
US CISA added the following actively exploited flaws to its Known Exploited Vulnerabilities Catalog:
- CVE-2022-35914 (CVSS score: 9.8) Teclib GLPI Remote Code Execution Vulnerability
- CVE-2022-33891 (CVSS score: 8.8) Apache Spark Command Injection Vulnerability
- CVE-2022-28810 (CVSS score: 6.8) Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
The CVE-2022-35914 flaw is a PHP code injection vulnerability that resides in the /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2.
A remote, unauthenticated attacker can exploit this flaw, via a specially crafted message, to execute arbitrary code.
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A proof of concept (PoC) exploit code for this vulnerability was published on GitHub since December 2022.
Most of the attacks observed by cybersecurity firm GreyNoise originated from the U.S. and the Netherlands.
The CVE-2022-33891 flaw is a command injection vulnerability in the Apache Spark. In December 2022, Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices.
The variant spotted by Microsoft spreads by exploiting vulnerabilities in Apache and Apache Spark (CVE-2021-42013 and...
22:52
RADV Enables Variable Rate Shading For RDNA3, RadeonSI Lands More Fixes Phoronix
If you are an AMD Radeon RX 7900 series "RDNA3" GPU owner and don't mind running bleeding-edge open-source graphics driver code, you'll want to pull down today's Mesa 23.1-devel Git snapshot...
22:44
Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
While HDFC Bank has denied any data breach, its subsidiary, HDB Financial Services, has confirmed there was a cybersecurity-related incident which is being investigated.
This is a post from HackRead.com Read the original post: Hacker Leaks 73M Records from Indian HDFC Bank Subsidiary
22:39
Vanilla OS 2.0 Shifting From Ubuntu Base To Debian Sid Phoronix
One of the newer Linux distributions that has been making waves that aims to provide a pleasant Linux desktop experience, close to upstream, and is augmented by the growing selection of Flatpak packages. Now though the project has decided to move from Ubuntu Linux as its base over to Debian Sid...
22:23
Organoid intelligence (OI): the new frontier in biocomputing and intelligence-in-a-dish Lifeboat News: The Blog
Recent advances in human stem cell-derived brain organoids promise to replicate critical molecular and cellular aspects of learning and memory and possibly aspects of cognition in vitro. Coining the term organoid intelligence (OI) to encompass these developments, we present a collaborative program to implement the vision of a multidisciplinary field of OI. This aims to establish OI as a form of genuine biological computing that harnesses brain organoids using scientific and bioengineering advances in an ethically responsible manner. Standardized, 3D, myelinated brain organoids can now be produced with high cell density and enriched levels of glial cells and gene expression critical for learning. Integrated microfluidic perfusion systems can support scalable and durable culturing, and spatiotemporal chemical signaling.
22:22
Tesla Delivers FATAL BLOW As Analysts RAISE Price Targets Lifeboat News: The Blog
Join Patreon: https://www.patreon.com/solvingthemoneyproblem.
FREE One
Year Supply of Vitamin D + 5 AG1 Travel Packs https://athleticgreens.com/SMR
UNLOCK 300+ Exclusive Videos: https://www.patreon.com/solvingthemoneyproblem.
Oura
Ring https://ouraring.com/smr (Track your
sleep, readiness & activity)
My Tesla Stock Price Targets: https://www.patreon.com/posts/tesla-stock-bull-57460691/
Merch: https://solving-the-money-problem.creator-spring.com/
Twitter
https://twitter.com/stevenmarkryan.
AFFILIATE DISCLOSURE: I earn a commission on every purchase made through my links.
SUPPORT
THE CHANNEL ON PATREON
Patreon https://www.patreon.com/solvingthemoneyproblem.
BECOME A MEMBER OF THE CHANNEL
Join https://www.youtube.com/channel/UCagiBBx1prefrlsDzDxuA9A/join.
CHANNEL MERCH
Merch store https://solving-the-money-problem.creator-spring.com/
MERCH LINKS
TSLA
HODLR MERCH:
https://solving-the-money-problem.creator-spring.com/listingproduct=46
420
Funding Secured MERCH:...
22:12
Python 3.12 Alpha 6 Released With More Improvements Phoronix
Python 3.12 Alpha 6 was released on Tuesday as the newest development release toward this next major Python release...
21:57
CVE-2023-23638: Apache Dubbo Deserialization Vulnerability Gadgets Bypass Open Source Security
Posted by Albumen Kevin on Mar 08
Description:A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.
Credit:
yemoliR1ckyZKoishicxc (reporter)
References:
https://dubbo.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-23638
21:34
Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity The Hacker News
The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable institutions and universities, the re-infiltration in October 2022 involved the
20:48
China-linked APT Sharp Panda targets government entities in Southeast Asia Security Affairs
China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework.
CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia.
SoulSearcher loader, which eventually loads a new version of the Soul modular framework.The researchers pointed out that this is the first time the Soul malware framework is attributed to a known cluster of malicious activity, although it was previously used in attacks targeting the defense, healthcare, and ICT sectors in Southeast Asia. The researchers cannot exclude that the Soul framework is utilized by multiple threat actors in the area.
The connection between the tools and TTPs (Tactics, Techniques and Procedures) of Sharp Panda and the previously mentioned attacks in Southeast Asia might serve as yet another example of key characteristics inherent to Chinese-based APT operations, such as sharing custom tools between groups or task specialization, when one entity is responsible for the initial infection and another one performs the actual intelligence gathering. reads the analysis published by the experts.
CheckPoint researchers first identified Sharp Pandss activity at the beginning of 2021, at the time the APT group was targeting Southeast Asian government entities with spear-phishing attacks.
The attackers used a Word document with government-themed lures that relied on a remote template to download and run a malicious RTF document, weaponized with the infamous RoyalRoad kit.
Upon gained a foothold in the target system, the malware starts a chain of fileless loaders, including a custom DLL downloader called 5.t Downloader and a second-stage loader that delivers the final backdoor.
The last stage payload used in Sharp Panda campaigns at the time was the custom backdoor VictoryDll.
The experts detailed multiple campaigns aimed at entities in Southeast Asian countries, such as Vietnam, Indonesia, and Thailand. Across the yeats, the initial part of the infection chain (the use of Word documents, RoyalRoad RTF and 5.t Downloader) remained the same, but in early 2023 the VictoryDll backdoor was replaced with a new vers...
20:43
After Nearly a Decade in Development, Japan's New Rocket Fails in Debut SoylentNews
After Nearly a Decade in Development, Japan's New Rocket Fails in Debut
Japan's science minister said the failure was "extremely regrettable:
The launch of Japan's H3 rocket on Tuesday morning failed after the vehicle's second stage engine did not ignite.
In a terse statement on the failure, Japanese space agency JAXA said, "A destruct command has been transmitted to H3 around 10:52 a.m. (Japan Standard Time), because there was no possibility of achieving the mission. We are confirming the situation."
The Japanese space agency, in concert with the rocket's manufacturer, Mitsubishi Heavy Industries, has spent about $1.5 billion developing the H3 rocket over the last decade. Much of the challenge in building the new rocket involved development of a new LE-9 engine, which is fueled by liquid hydrogen and liquid oxygen, to power the first stage. This appeared to perform flawlessly. The second-stage engine that failed, the LE-5B, was a more established engine.
The country has sought to increase its share of the commercial launch market by building a lower-cost alternative to its older H2-A vehicle to more effectively compete with SpaceX's Falcon 9 booster. Mitsubishi's goal was to sell the H3 at $51 million per launch in its base configuration. This would allow the company to supplement its launches of institutional missions for the Japanese government with commercial satellites. Tuesday's debut flight of the H3 rocket carried the Advanced Land Observing Satellite-3 for the Japanese government. It was lost.
[...] The failure is just the latest challenge for the H3 rocket. A fundamental problem with the booster is that, even if it were to fly safely, the H3 rocket has no clear advantages over the Falcon 9, which now has a streak of more than 170 consecutive successful launches. The new H3 rocket is also fully expendable, unlike the Falcon 9 and many newer boosters in development in the United States and China.
Read more of this story at SoylentNews.
20:00
Moving Magnet Draws Stylish Shapes On Flexible Film Hackaday
[Moritz v. Sivers] has a knack for making his own displays, which are typically based on some obscure physical effect. Magnetic viewing films, those thin plastic sheets that change color in response to a magnetic field, are his latest area of interest, as you can see in his Magnetic Kinetic Art Display.
The overall idea of the display is similar to a kinetic sand art table, in which a ball traces out shapes in a pile of sand. In [Moritz]s project, the magnetic viewing film is the sand, and a 2 mm diameter magnet is the ball. The magnet is moved along the film by two sets of coils embedded inside a flex PCB mounted just below the film. One set of coils, on the top layer of the PCB, moves the magnet in the x direction, while a second set on the bottom layer moves it in the y direction.
...19:00
Hidden Chamber Revealed Inside Great Pyramid of Giza Terra Forming Terra
:focal(3185x2123:3186x2124)/https:/tf-cmsv2-smithsonianmag-media.s3.amazonaws.com/filer_public/98/0a/980a11c9-4e79-4905-86bb-f43a91523f73/gettyimage)
Better Than Laxatives: The King of Fruit Helps to Relieve Constipation Terra Forming Terra
Sudden Death Epidemic Explodes Terra Forming Terra
Chinese Lunar New Year Travel Plunged by 924 Million in 2023 Terra Forming Terra
...
18:57
Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments The Hacker News
High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are framework, marking a departure from the group's attack chains observed in 2021. Israeli cybersecurity company Check Point said the "
18:37
VMware NSX Manager bugs actively exploited in the wild since December Security Affairs
Security researchers warn of hacking attempts in the wild exploiting critical vulnerabilities in VMware NSX Manager.
Cyber security firm Wallarm is warning of ongoing attacks exploiting the critical flaws, tracked as CVE-2021-39144 (CVSS score of 9.8) and CVE-2022-31678 (CVSS score of 9.1), in VMware NSX Manager.
VMware NSX is a network virtualization solution that is available in VMware vCenter Server.
The flaws can lead to remote code execution by pre-authenticated attackers. The CVE-2022-31678 flaw is an XML External Entity (XXE) vulnerability. An unauthenticated user may exploit this issue to cause a denial-of-service condition or unintended information disclosure.
The remote code execution vulnerability CVE-2021-39144 resides in the XStream open-source library. Unauthenticated attackers can exploit the vulnerability in low-complexity attacks without user interaction.
Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of root on the appliance. reads the advisory published by the company.
VMware warned of the existence of a public exploit targeting the CVE-2021-39144 vulnerability in October 2022, shortly after its disclosure.
The virtualization giant pointed out the impacted product had reached end-of-life (EOL) status in January 2022.
Wallarm Detect this week warned that, since December 2022, they are observing threat actors exploiting the issues. According to the experts, the CVE-2021-39144 vulnerability was exploited over 40 thousand times over the last 2 months.
Active exploitation started on 2022-Dec-08 and keeps going. reads the advisory published by Wallarm Detect. Attackers are scanning from well-known data centers like Linode and Digital Ocean over 90% of the attacks are coming from their IP addresses.
If successfully exploited, the impact of these vulner...
18:27
CoC Extremism Has Cost Debian (and Its Derivatives) the Main KDE Maintainer Techrights
LaTeX and many other packages as well (orphaned due to people who don't even code)
Summary: As explained here many times before [1, 2, 3], people who contribute nothing (or very little, a minuscule/negligible amount) are driving out some of the most active and most important contributors; this leaves users in a tough place (maintainership waning)
18:01
IRC Proceedings: Tuesday, March 07, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-070323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-070323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-070323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-070323.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
18:00
After 17th Court Hearing, Woman With TB Ordered to Jail for Refusing Treatment SoylentNews
Washington judge issued an arrest warrant and ordered her to involuntary detention:
A judge in Washington issued an arrest warrant Thursday for a Tacoma woman who has refused to have her active, contagious case of tuberculosis treated for over a year, violating numerous court orders. The judge also upheld an earlier order to have her jailed, where she can be tested and treated in isolation.
On Thursday, the woman attended the 17th court hearing on the matter and once again refused a court order to isolate or comply with testing and treatmentan order that originally dates back to January 19, 2022. Pierce County Superior Court Judge Philip Sorensen rejected her objections to being treated and upheld a finding of contempt. Though it remains unclear what her objections are, the woman's lawyer suggested it may be a problem with understanding, according to The News Tribune. The Tacoma-Pierce County Health Department, however, argued that she "knowingly, willfully, and contemptuously violated this court's orders," noting the lengthy process and numerous proceedings and discussions in which interpreters, translated documents, and speakers of her native language were made available.
[...] As Ars previously reported, the court had renewed orders for her isolation and treatment on a monthly basis since January of 2022. The health department had always said it was approaching the problem cautiously, working to keep a "balance between restricting somebody's liberty and protecting the health of the community." It sees detention as the "very, very last option."
Read more of this story at SoylentNews.
17:31
Initial support for guided disk encryption in the installer OpenBSD Journal
The OpenBSD installer now has basic support for configuring disk encryption during the regular installation process. Previously, disk encryption needed to be set up manually by dropping to the shell from the installer.
Initial support, likely to be expanded upon, was committed
by Klemens Nanni (kn@) on . The commit reads,
Subject: CVS: cvs.openbsd.org: src From: Klemens Nanni <kn () cvs ! openbsd ! org> Date:
17:30
CISA's KEV Catalog Updated with 3 New Flaws Threatening IT Management Systems The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.8) - Apache Spark Command Injection Vulnerability
17:02
Dynamic host configuration, please OpenBSD Journal
Another piece from Florian Obser (florian@) just
came out, titled Dynamic
host configuration, please.
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more.
We also get an explanation of the various userland programs (most of them portable, some OpenBSD-specific) that make a modern OpenBSD laptop shine.
You can read the full piece here, Dynamic host configuration, please.
17:00
Pulling Data From HDMI RF leakage Hackaday
A long-running story in the world of electronic security has been the reconstruction of on-screen data using RF interference from monitors or televisions. From British TV detector vans half a century ago to 1980s scare stories about espionage, it was certainly easy enough to detect an analogue CRT with nothing more than an AM broadcast radio receiver. But can this still be done in the digital age? Its something [Windytan] has looked into, as she reconstructs images using leakage from HDMI cables.
16:42
Microsoft Employees Run for Board of the OSI, Forget to Disclose Working Full Time for Microsoft Techrights
Not even the first time. Later they write official blog posts on behalf of the OSI. Entryism defined.
Two of them are Linux Foundation, i.e. an openwashing front
group of proprietary software companies (the OSI is
also a front group of Microsoft since taking money from
Microsoft)
Microsoft not mentioned even once
Overt conflict of interest (Microsoft is attacking Open Source)
Summary: As noted in the last batch of Daily Links, OSI is a lost cause because it attacks the concept of Open Source in exchange for bribes from Microsoft. It even helps Microsoft in a lawsuit where Microsofts GPL violations are tackled.
16:30
Three crucial moments when founding a cybersecurity startup Help Net Security
With 10% of startups failing in the first year, making wise and future-proof decisions for your new cybersecurity venture is essential. Building the perfect cybersecurity startup As society adapts to an increasingly digital world, opportunities for cybercrime and attacks are also mounting. Consequently, more and more cybersecurity businesses are popping up, and the market is becoming more saturated with each quarter that passes. While theres no blueprint for building the perfect cybersecurity startup, there are More
The post Three crucial moments when founding a cybersecurity startup appeared first on Help Net Security.
16:00
How STEM education can solve talent shortages, improve cybersecurity Help Net Security
In this Help Net Security video, Avani Desai, CEO at Schellman, talks about how teaching STEM subjects like cybersecurity is essential for addressing the staffing crisis and ensuring that organizations have the talent to protect themselves from cyber threats in the years to come. In addition, teaching STEM subjects like cybersecurity can help promote diversity and inclusion in the tech industry. By providing opportunities for underrepresented groups to learn about cybersecurity and pursue careers in More
The post How STEM education can solve talent shortages, improve cybersecurity appeared first on Help Net Security.
15:30
Attackers exploit APIs faster than ever before Help Net Security
After combing through 350,000 reports to find 650 API-specific vulnerabilities from 337 different vendors and tracking 115 published exploits impacting these vulnerabilities, the results clearly illustrate that the API threat landscape is becoming more dangerous, according to Wallarm. API attack analysis for 2022 Researchers came to this conclusion based on the 2022 data, specifically these three trends: Attack growth In 2022 there was a huge increase in attacks against Wallarms customers APIs, which ballooned over More
The post Attackers exploit APIs faster than ever before appeared first on Help Net Security.
15:15
50 Years Later, Were Still Living in the Xerox Altos World SoylentNews
50 Years Later, We're Still Living in the Xerox Alto's World:
[...] I'm talking about the Xerox Alto, which debuted in the early spring of 1973 at the photocopying giant's newly established R&D laboratory, the Palo Alto Research Center (PARC). The reason it is so uncannily familiar today is simple: We are now living in a world of computing that the Alto created.
The Alto was a wild departure from the computers that preceded it. It was built to tuck under a desk, with its monitor, keyboard, and mouse on top. It was totally interactive, responding directly to its single user.
[...] The people who developed the Alto came to Xerox PARC from universities, industrial labs, and commercial ventures, bringing with them diverse experiences and skills. But these engineers and programmers largely shared the same point of view. They conceived and developed the Alto in a remarkable burst of creativity, used it to develop diverse and pathbreaking software, and then moved out of Xerox, taking their achievements, design knowledge, and experiences into the wider world, where they and others built on the foundation they had established.
[...] The type of computing they envisioned was thoroughly interactive and personal, comprehensively networked, and completely graphicalwith high-resolution screens and high-quality print output.
[...] Oddly, at the time, an expensive new laboratory was also immediately financially attractive: R&D expenditures were frequently counted as assets instead of business expenses, all with Wall Street's approval. The more you spent, the better your balance sheet looked.
Read more of this story at SoylentNews.
15:00
AI is taking phishing attacks to a whole new level of sophistication Help Net Security
92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress. Not surprisingly, 99% of cybersecurity leaders confess to being stressed about email security. Specifically, 98% are frustrated with their Secure Email Gateway (SEG), with 53% conceding that too many phishing attacks bypass it. The growing sophistication of phishing emails is a major threat to organizations and More
The post AI is taking phishing attacks to a whole new level of sophistication appeared first on Help Net Security.
14:30
Persona Graph proactively surfaces and blocks hidden fraud rings Help Net Security
Persona has launched Graph to help businesses stop online identity fraud. Leveraging advanced link analysis technology and a configurable query, Graph detects risky connections between users, enabling organizations to uncover and proactively block hard-to-detect fraud. Risk and compliance teams now have expert-level investigation capabilities to spot fraudsters and bad actors at scale, more quickly adapt to evolving fraud techniques, and stop incidents before they happen and take real-time actionall without requiring heavy engineering resources. As More
The post Persona Graph proactively surfaces and blocks hidden fraud rings appeared first on Help Net Security.
14:00
Powercore Aims to Bring the Power of EDM to Any 3D Printer Hackaday
The desktop manufacturing revolution has been incredible, unleashing powerful technologies that once were strictly confined to industrial and institutional users. If you doubt that, just look at 3D printing; with a sub-$200 investment, you can start making parts that have never existed before.
Sadly, though, most of this revolution has been geared toward making stuff from one or another type of plastic. Wouldnt it be great if you could quickly whip up an aluminum part as easily and as cheaply as you can print something in PLA? That day might be at hand thanks to Powercore, a Kickstarter project that aims to bring the power of electric discharge machining (EDM) to the home gamer. The principle of EDM is simple electric arcs can easily erode metal from a workpiece. EDM machines put that...
14:00
Akamai unveils new service and tools to help users reduce attack surface Help Net Security
Akamai Technologies has introduced the Akamai Hunt security service that enables customers to capitalize on the infrastructure of Akamai Guardicore Segmentation, Akamais global attack visibility, and expert security researchers to hunt and remediate the most evasive threats and risks in their environments. Akamai also released Agentless Segmentation, helping Akamai Guardicore Segmentation customers extend the benefits of zero trust to connected IoT and OT devices that arent capable of running host-based security software. As organizations embrace More
The post Akamai unveils new service and tools to help users reduce attack surface appeared first on Help Net Security.
13:40
Links 07/03/2023: Flathub in 2023 and Kdenlive 22.12.3 Techrights
Contents
-
GNU/Linux
-
Desktop/Laptop...
-
13:30
New Kensington privacy screens protect against visual hacking Help Net Security
Kensington has expanded its robust portfolio of data protection solutions with the launch of three new privacy screens. The SA270 Privacy Screen for Studio Display (K50740WW), SA240 Privacy Screen for iMac 24 (K55170WW), and MagPro Elite Magnetic Privacy Screen for MacBook Air 2022 (K58374WW), expand Kensingtons extensive portfolio of privacy screens that enable businesses to reduce the potential loss of confidential and sensitive data through visual hacking from laptops and computer screens. Hybrid and remote More
The post New Kensington privacy screens protect against visual hacking appeared first on Help Net Security.
12:32
Why do Businesses Need to Focus More on Cybersecurity HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
As technology continues to evolve, the need for businesses to focus more on cybersecurity is becoming increasingly important
This is a post from HackRead.com Read the original post: Why do Businesses Need to Focus More on Cybersecurity
12:29
Dutch Officials Warn That Big Telecom's Plan to Tax Big Tech is a Dangerous Dud SoylentNews
Dutch Officials Warn That Big Telecom's Plan To Tax 'Big Tech' Is A Dangerous Dud:
For much of the last year, European telecom giants have been pushing for a tax on Big Tech company profits. They've tried desperately to dress it up as a reasonable adult policy proposal, but it's effectively just the same thing we saw during the U.S. net neutrality wars: telecom monopolies demanding other people pay them an additional troll toll for no coherent reason.
To sell captured lawmakers on the idea, telecom giants have falsely claimed that Big Tech companies get a "free ride" on the Internet (just as they did during the U.S. net neutrality wars). To fix this problem they completely made up, Big Telecom argues Big Tech should be forced to help pay for the kind of broadband infrastructure upgrades the telecoms have routinely neglected for years.
It's a big, dumb con. But yet again, telecom lobbyists have somehow convinced regulators that this blind cash grab is somehow sensible, adult policy. Dutifully, European Commission's industry chief Thierry Breton (himself a former telecom exec) said last September he would launch a consultation on this "fair share" payment scheme in early 2023, ahead of any proposed legislation.
[...] But they're often not looking at the real problem. Both in the EU and North America, regulators routinely and mindlessly let telecom giants consolidate and monopolize an essential utility. Those monopolies then work tirelessly to drive up rates and crush competition. And, utilizing their lobbying power, they've also routinely gleamed billions in subsidies for networks they routinely half-complete.
[...] If the EU successfully implements such a scheme, you can be absolutely sure the next step will be the U.S., with captured regulators like Brendan Carr (who has been beating this idiotic drum for a few years now) at the front of the parade at Comcast's and AT&T's behest.
12:23
NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly
NEW 'Off The Wall' ONLINE
Posted 08 Mar, 2023 1:23:55 UTC
The new edition of Off The Wall from 03/07/2023 has been archived and is now available online.
11:48
4 Things You May Not Know About Performance Analytics Technology HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Managers are aware that they are being held accountable for their teams performance. How well their teams do
This is a post from HackRead.com Read the original post: 4 Things You May Not Know About Performance Analytics Technology
11:20
SANS Institute and Google collaborate to launch Cloud Diversity Academy Help Net Security
SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in collaboration with Google. This academy provides training and certifications to Black, Indigenous, and People of Color (BIPOC), women, and other underrepresented groups who are passionate about pursuing a technical career in cybersecurity. The SCDA aims to reduce the skills gap in the industry, with a particular focus on cloud security, while also creating a more diverse and inclusive workforce. Empowering communities that have been More
The post SANS Institute and Google collaborate to launch Cloud Diversity Academy appeared first on Help Net Security.
11:17
Section 702s Unconstitutional Domestic Spying Program Must End Deeplinks
A few months ahead of its expiration this fall, the Biden administration has announced its intention to seek renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA)an invasive and unconstitutional law that cannot continue to exist in its current form.
On its face, Section 702 allows the government to conduct
surveillance inside the United States so long as the surveillance
is directed at foreigners currently located outside the United
States. It also prohibits intentionally
targeting Americans. Nevertheless, the NSA routinely
(incidentally) acquires innocent Americans' communications without
a probable cause warrant. In fact, FISA Court judges who approve
Section 702 surveillance never learn about, let alone approve, the
targets of surveillance under Section 702, and they rely entirely
on certifications from the executive branch that downplay the
nature of incidental surveillance of Americans. Then, rather than
minimize the sharing and retention of Americans data, as Congress
required, the NSA routinely shares such data with the FBI, CIA, and
National Counterterrorism Center, and all agencies retain it for at
least five years. Since Section 702 was last reauthorized in 2018,
it has only become clearer that this provision is a rich source of
warrantless government access to Americans phone calls, texts, and
emails.
In this way, Section 702s mass surveillance of Americans
and the availability of that information to law enforcement isnt
just incidentalit's the primary function of the program. What
should we do about a program where the byproduct of the program
becomes the primary benefit to the government?
As early as 2011, the FISA Court held that the NSA's collection of Internet communications violated the Fourth Amendment because, despite targeting foreign communications, the agency was still collecting approximately 56,000 American emails a year. And yet, this collection continued. In 2021 alone, the FBI conducted up to 3.4 million warrantless searches of Section 702 data to find Americans communications. Congress and the FISA Court have imposed modest limitations on these backdoor searches, but according to several recent FISA Court opinions, the FBI has engaged in widespread violations of even these minimal privacy protections.
In addition to stopping the un...
11:00
A Ground Source Heat Pump From an Air Conditioner Hackaday
When it comes to lower-energy home heating, its accurate in all senses to say that heat pumps are the new hotness. But unless you happen to work with them professionally, its fair to say their inner workings are beyond most of us. Help is at hand though courtesy of [petey53], who made his own ground source heat pump for his Toronto house using a pair of window-mounted air conditioning units.
11:00
HPR3808: Funkwhale A social platform to enjoy and share music Hacker Public Radio
Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network https://funkwhale.audio/ https://funkwhale.audio/en_US/faqs https://funkwhale.audio/en_US/apps/ https://en.wikipedia.org/wiki/Grooveshark https://vuejs.org/ https://musicbrainz.org/ https://picard.musicbrainz.org/ https://www.subsonic.org/pages/index.jsp https://open.audio/ https://www.castopod.com/en https://tanukitunes.com https://castopod.org/ https://fosstodon.org/@funkwhale https://blog.funkwhale.audio https://dev.funkwhale.audio/funkwhale/funkwhale
Can Static Analysis Tools Find More Defects? It Will Never Work in Theory
Sorting algorithms, data compression, engine efficiency: in each case, we can compare how well we're doing to a provable optimum. In situations where we don't know what the upper bound is, we can still sometimes estimate how much room there is for improvement. This paper does that for static analysis tools that look for patterns (or anti-patterns) in code that indicate bugs. By reformulating issues found in manual code review as rules, the authors show that static analysis might be able to detect as much as three quarters of all bugs, which is considerably better than what current-generation linters do. Work like this can guide development of better tools, but it also tells us how much we still have to gain from them.
Sahar Mehrpour and Thomas D. LaToza. Can static analysis tools find more defects? Empirical Software Engineering, Nov 2022. doi:10.1007/s10664-022-10232-4.
Static analysis tools find defects in code, checking code against rules to reveal potential defects. Many studies have evaluated these tools by measuring their ability to detect known defects in code. But these studies measure the current state of tools rather than their future potential to find more defects. To investigate the prospects for tools to find more defects, we conducted a study where we formulated each issue raised by a code reviewer as a violation of a rule, which we then compared to what static analysis tools might potentially check. We first gathered a corpus of 1323 defects found through code review. Through a qualitative analysis process, for each defect we identified a violated rule and the type of Static Analysis Tool (SAT) which might check this rule. We found that SATs might, in principle, be used to detect as many as 76% of code review defects, considerably more than current tools have been demonstrated to successfully detect. Among a variety of types of SATs, Style Checkers and AST Pattern Checkers had the broadest coverage of defects, each with the potential to detect 25% of all code review defects. We found that static analysis tools might be able to detect more code review defects by better supporting the creation of project-specific rules. We also investigated the characteristics of code review defects not detectable by traditional static analysis techniques, which to detect might require tools which simulate human judgements about code.
10:30
Intel Releases x86-simd-sort v1.0 Library For High Performance AVX-512 Sorting Phoronix
Last month you may recall the news of Intel having an extremely fast AVX-512 sorting library they published as open-source and found adoption already by the popular Numpy Python library. In the case of Numpy it could deliver some 10~17x speed-ups. That
10:19
Sued by Meta, Freenom Halts Domain Registrations Krebs on Security
The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Freenoms website features a message saying it is not currently allowing new registrations.
Freenom is the domain name registry service provider for five so-called country code top level domains (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.
Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee.
On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different John Does Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users.
The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.
The five ccTLDs to which Freenom provides its services are th...
09:53
Microsoft Found Shein App Copying Clipboard Content on Android Phones HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
copying clipboard content on Android devices before being detected and reported by Microsoft to Google.This is a post from HackRead.com Read the original post: Microsoft Found Shein App Copying Clipboard Content on Android Phones
09:41
Reverse-Engineering the ModR/M Addressing Microcode in the Intel 8086 Processor SoylentNews
https://www.righto.com/2023/02/8086-modrm-addressing.html
One interesting aspect of a computer's instruction set is its addressing modes, how the computer determines the address for a memory access. The Intel 8086 (1978) used the ModR/M byte, a special byte following the opcode, to select the addressing mode.1 The ModR/M byte has persisted into the modern x86 architecture, so it's interesting to look at its roots and original implementation.
In this post, I look at the hardware and microcode in the 8086 that implements ModR/M2 and how the 8086 designers fit multiple addressing modes into the 8086's limited microcode ROM. One technique was a hybrid approach that combined generic microcode with hardware logic that filled in the details for a particular instruction. A second technique was modular microcode, with subroutines for various parts of the task.
I've been reverse-engineering the 8086 starting with the silicon die. The die photo below shows the chip under a microscope. The metal layer on top of the chip is visible, with the silicon and polysilicon mostly hidden underneath. Around the edges of the die, bond wires connect pads to the chip's 40 external pins. I've labeled the key functional blocks; the ones that are important to this discussion are darker and will be discussed in detail below. Architecturally, the chip is partitioned into a Bus Interface Unit (BIU) at the top and an Execution Unit (EU) below. The BIU handles bus and memory activity as well as instruction prefetching, while the Execution Unit (EU) executes instructions and microcode. Both units play important roles in memory addressing.
Read more of this story at SoylentNews.
09:38
SYS01 stealer targets critical government infrastructure Security Affairs
Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms.
Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer, that since November 2022 was employed in attacks aimed at critical government infrastructure employees, manufacturing companies, and other sectors.
The experts found similarities between the SYS01 stealer and another info stealing malware, tracked as S1deload, that was discovered by Bitdefender researchers.
We have seen SYS01 stealer attacking critical government infrastructure employees, manufacturing companies, and other industries. reads the analysis published by Morphisec. The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure victims into downloading a malicious file. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information.
The experts reported that the campaign was first uncovered in May 2022 that Zscaler researchers linked to the Ducktail operation by Zscaler. The DUCKTAIL campaign was first analyzed by researchers from WithSecure (formerly F-Secure Business) in July 2022, it was targeting individuals and organizations that operate on Facebooks Business and Ads platform.
The attack chain starts by luring a victim to click on a URL from a fake Facebook profile or advertisement to download a ZIP file that pretends to have a cracked software, game, movie, etc.
Upon opening the ZIP file, a loader, often in the form of a legitimate C# application, is executed. The application is vulnerable to DLL side-loading, a technique used to load a malicious DLL when the legitimate app is invoked.
The experts observed threat actors abusing the legitimate applications Western Digitals WDSyncService.exe and Garmins ElevatedInstaller.exe to side-load the malicious payload.
09:30
OpenSSF Membership Growth Signals Technical Communities Continued Commitment to Investing in Security Linux.com
Read the original post at: Read More
The post OpenSSF Membership Growth Signals Technical Communities Continued Commitment to Investing in Security appeared first on Linux.com.
09:00
The value of open source software is more than cost savings Linux.com
Read the original blog here Read More
The post The value of open source software is more than cost savings appeared first on Linux.com.
08:18
Tensions Between Filmmakers and Reddit Grow in Piracy Dispute TorrentFreak
Two
years ago, Internet provider RCN was sued by
several film companies, including the makers of The Hitmans Wifes
Bodyguard, London Has Fallen, and Hellboy.
The filmmakers accused the provider of failing to act against customers accused of piracy. Rather than terminating the accounts of persistent copyright infringers, the Internet provider looked away, they argued.
Subpoena to Unmask Redditors
Many other ISPs have faced similar claims in recent years, but the RCN lawsuit drew attention recently when Reddit was brought into the mix. The filmmakers took an interest in several comments posted by anonymous Redditors, which could potentially help to back up their claims against RCN.
In January, Reddit received a subpoena asking it to uncover the identities of these users. The social discussion platform largely rejected this request, arguing it would violate their users First Amendment Right to anonymous speech.
Reddit further argued that the filmmakers served their subpoena before discovery had begun. This wasnt mentioned in our previous coverage but behind the scenes it had already ignited significant turmoil.
Disputed Discovery Date
According to the filmmakers attorney, Kerry Culpepper, discovery started when the subpoena was sent (January 7) and any claim to the contrary is grossly negligent, untrue, outrageous, or even libelous.
The lawyer reached out to Reddit asking the company to correct the record before it could be reported by the media, fearing that a failure to do so would damage his reputation.
I extend Reddit the opportunity to file an amended opposition by the end of today [] that deletes that argument and all references to it, explicitly notes that it was completely false, and extends an apology to Plaintiffs counsel and the Court for accusing Plaintiffs counsel of blatantly violating the rules, Culpepper wrote.
Reddit wasnt convinced by this request. Citing the court docket, the discussion platform believes that there is no need to correct anything.
We do not take your accusations lightly. We have again reviewed the DNJ docket and see a January 26, 2023, docket entry instructing that &#...
08:00
Hacking a 15 8051-Based Portable Soldering Iron With Custom Firmware Hackaday
With soldering irons being so incredibly useful, and coming on the heels of the success of a range of portable, all-in-one soldering irons from the likes of Waveshare and Pine64, its little wonder that you can get such devices for as little as 10 15 Euro from websites like AliExpress. Making for both a great impulse buy and reverse-engineering target, [Aaron Christophel] got his mittens on one and set to work on figuring out its secrets.
The results are covered in a brief video, as well as a Twitter thread, where this T12 soldering irons guts are splayed around and reprogrammed in all their glory. Despite the MCU on the PCB having had its markings removed, some prodding and poking around revealed it to be an STC8H3K62S2, an 8051-based MCU running at a blistering 11 MHz....
07:37
EFF Tells Supreme Court: Trademark Law Doesnt Trump the First Amendment Deeplinks
A trademark dispute between a liquor company and a maker of novelty dog toys may not sound like an important First Amendment battleground, but the latest trademark case to come before the U.S. Supreme Court could have serious consequences for online speech and political activism. Trademarks are part of our modern lexicon, and we cannot allow their owners to use the law as a censorship tool.
In Jack Daniels Properties v. VIP Products, Jack Daniels claims that a company infringed and diluted its trademarks by selling a parody dog toy that looks like a Jack Daniels whiskey bottle and has punny text like BAD SPANIELS 43% POO BY VOL. The Ninth Circuit held that the defendants use of Jack Danielss trademarks was expressive, requiring application of whats known as the Rogers test. Jack Daniels is now asking the Supreme Court to take the extreme position that no special test should apply to expressive uses of trademarks at all, essentially arguing that theres no need to consider whether forbidding a trademark use would deprive someone of their First Amendment rights. We filed an amicus brief urging the Court to reject that argument, explaining why and how the law must protect our ability to use trademarks to critique and comment on their owners and the things they represent.
In most trademark cases, courts apply a set of six to ten factors meant to assess the likelihood that consumers will be confusedthings like how well-known the plaintiffs trademark is and how similar the plaintiffs and defendants uses are. Thats consistent with the consumer protection purpose of trademark law: trademarks provide information about goods and services, so the law polices their use to prevent people from thinking theyre buying one thing but actually getting another.
But there are a few problems with applying this standard test to parodies or other expressive uses of trademarksi.e., cases where a trademark is being used to communicate something other than the source of a product. First, the test treats avoiding confusion as the only goal, without recognizing a competing interest in free expression. Second, certain factors may be unhelpful or awkward to apply to expressive uses, or lead to counterintuitive results. And third, the many subjective factors make the outcome unpredictable and difficult to resolve early in the case, which translates to uncertainty about your legal rights and expensive litigation.
The Rogers test was developed by the courts in recognition that expressive uses of trademarks require extra free speech protections. Instead of applying the usual set of factors, the test asks just two questions: Was the use of the plaintiffs trademark artistic...
06:57
Scientists Have Mapped a Secret Hidden Corridor in Great Pyramid of Giza SoylentNews
The corridor is 30 feet long and likely slopes upward. Where it leads is still a mystery.
In 2016, scientists using muon imaging picked up signals indicating a hidden corridor behind the famous chevron blocks on the north face of the Great Pyramid of Giza in Egypt. The following year, the same team detected a mysterious void in another area of the pyramid, believing it could be a hidden chamber. Two independent teams of researchers, using two different muon imaging methods, have now successfully mapped out the corridor for the first time, according to a new paper published in the journal Nature Communications. Zahi Hawass, Egypt's former antiquities minister, called it "the most important discovery of the 21st century." [So far - Ed]
As we've reported previously, there is a long history of using muons to image archaeological structures, a process made easier because cosmic rays provide a steady supply of these particles. An engineer named E.P. George used them to make measurements of an Australian tunnel in the 1950s. But Nobel-prize-winning physicist Luis Alvarez really put muon imaging on the map when he teamed up with Egyptian archaeologists to use the technique to search for hidden chambers in the Pyramid of Khafre at Giza. Although it worked in principle, they didn't find any hidden chambers.
There are many variations of muon imaging, but they all typically involve gas-filled chambers. As muons zip through the gas, they collide with the gas particles and emit a telltale flash of light, which is recorded by the detector, allowing scientists to calculate the particle's energy and trajectory. It's similar to X-ray imaging or ground-penetrating radar, except with naturally occurring high-energy muons rather than X-rays or radio waves. That higher energy makes it possible to image thick, dense substances like the stones used to build pyramids. The denser the imaged object, the more muons are blocked, casting a telltale shadow. Hidden chambers in a pyramid would show up in the final image because they blocked fewer particles.
...
06:25
Serious DJI Drones Flaws Could Crash Drones Mid-flight HackRead | Latest Cybersecurity and Hacking News Site
During their assessment, the researchers discovered a total of 16 vulnerabilities with a broad range of impacts, from denial of service to arbitrary code execution.
This is a post from HackRead.com Read the original post: Serious DJI Drones Flaws Could Crash Drones Mid-flight
06:00
AMD Ryzen 9 7900X3D Linux Performance Phoronix
Following last week's review of the brand new AMD Ryzen 9 7950X3D and then moving on to looking at the Ryzen 9 7900X3D gaming performance, today's Linux hardware coverage on Phoronix is looking at the Ryzen 9 7900X3D Linux performance in other system/CPU workloads aside from gaming.
06:00
Countdown to the 2023 IEEE Annual Election IEEE Spectrum
On 1 May the IEEE Board of Directors is scheduled to announce the candidates to be placed on this years ballot for the annual election of officerswhich begins on 15 August.
The ballot includes IEEE president-elect candidates and other officer positions up for election.
The Board of Directors has nominated IEEE Fellow Roger U. Fujii and IEEE Senior Member Kathleen A. Kramer as candidates for 2024 IEEE president-elect. Visit the IEEE elections page to learn about the candidates.
The ballot includes nominees for delegate-elect/director-elect openings submitted by division and region nominating committees, IEEE Technical Activities vice president-elect, IEEE-USA president-elect, IEEE Standards Association president-elect, IEEE Women in Engineering Committee chair-elect, and board of governors members-at-large.
IEEE members who want to run for an office but who have not been nominated need to submit their petition intention to the IEEE Board of Directors by 15 April. Petitions should be sent to the IEEE Corporate Governance staff: elections@ieee.org.
Those elected take office on 1 January 2024.
To ensure voting eligibility, members are encouraged to review and update their contact information and communication preferences by 30 June.
Given ever-changing global conditions, members might wish to vote electronically instead of by mail.
For more information about the offices up for election, the process of getting on the ballot, and deadlines, visit the IEEE elections page or write to elections@ieee.org.
05:01
How to encrypt Bash shell variables with Ansible Vault Linux.com
Use Ansible Vault to share encrypted Bash environment variables across projects.
Read More at Enable Sysadmin
The post How to encrypt Bash shell variables with Ansible Vault appeared first on Linux.com.
04:13
Chinese Sharp Panda Group Unleashes SoulSearcher Malware HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
Currently, in its cyber espionage campaign, Sharp Panda hackers are targeting government entities in Asia.
This is a post from HackRead.com Read the original post: Chinese Sharp Panda Group Unleashes SoulSearcher Malware
04:13
Huge Lithium Find in Iran May End World Shortage SoylentNews
Huge lithium find may end world shortage there's a catch:
Lithium, sometimes hyped as white gold, has been highly sought after for its role in battery production, and other things.
Global demand is expected to continue to outstrip supply in the years to come. Albemarle Corporation projects [PDF] lithium demand will rise from 1.8 million metric tons in 2025 to 3.7 million metric tons in 2030 largely due to its role in electric vehicles and other battery dependent devices.
The White House last year said critical minerals rare earth metals, lithium, and cobalt "are essential to our national security and economic prosperity."
Alas for the US, the latest cache of this malleable metal has turned up in Iran one of just four countries America has designated a state sponsor of terrorism.
According to The Financial Tribune, an English language news publication focused on Iran that's operated by Tehran-based Donya-e-Eqtesad, Ebrahim Ali Molla-Beigi, director general of the Exploration Affairs Office of the Ministry of Industries, Mining and Trade, said that Iran has discovered its first lithium reserve in Hamedan Province, in the western part of the country.
The reserve is said to be 8.5 million metric tons, which if accurate would be among the largest known deposits yet discovered.
According to the US Geological Survey [PDF], the top five identified lithium reserves are: Bolivia, 21 million tons; Argentina, 20 million tons; Chile, 11 million tons; Australia, 7.9 million tons, and China, 6.8 million tons.
Read more of this story at SoylentNews.
03:37
Links 07/03/2023: More Technical News Sites Shut Down, Rust for Linux Explained Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Science
- Education
- Hardware
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Transparency/Investigative Reporting
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Freedom of Information / Freedom of the Press
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Monopolies
- Gemini* and Gopher
-
GNU/Linux
-
Kernel Space
-
LWN...
-
-
03:27
EFF Comments to NTIA on Privacy and Civil Rights Deeplinks
EFF recently submitted comments to the U.S. National Telecommunications and Information Administration (NTIA) on "Privacy, Equity, and Civil Rights". NTIA is a unit of the U.S. Department of Commerce that advises the President on information policy. NTIA is writing a report on privacy and civil rights, and requested comments from the public.
The submission spotlights how data surveillance practices cause discrimination against vulnerable groups across the entire lifecycle of data processing: at the point of data collection; in the use of data for ad delivery and automated decision-making; and when corporate employees misuse data and thieves steal it.
The unifying thread to this pervasive system is the processing of personal information about people from marginalized communities, and the subsequent discriminatory use by corporations and government agenciesexacerbating existing structural inequalities across society.
One necessary approach to solving this problem is to reduce the amount of data that these entities can use to discriminate. To resist these civil rights abuses at their source, we need federal comprehensive consumer data privacy legislation.
You can read our comments here.
03:16
Perth Mint Sold Diluted Gold To China, Got Caught, And Tried To Cover It Up cryptogon.com
Via: ABC: The historic Perth Mint is facing a potential $9 billion recall of gold bars after selling diluted or doped bullion to China and then covering it up, according to a leaked internal report. Four Corners has uncovered documents charting the WA government-owned mints decision to begin doping its gold in 2018, and then []
03:15
[$] BTHome: An open standard for broadcasting sensor data LWN.net
Many wireless sensors broadcast their data using Bluetooth Low Energy (BLE). Their data is easy to receive, but decoding it can be a challenge. Each manufacturer uses its own format, often tied to its own mobile apps. Integrating all of these sensors into a home-automation system requires a lot of custom decoders, which are generally developed by reverse-engineering the protocols. The goal of the BTHome project is to change this: it offers a standardized format for sensors to broadcast their measurements using BLE. BTHome is supported by the Home Assistant home-automation software and by a few open-firmware and open-hardware projects.
03:00
I Fly Openers BlackFly eVTOL IEEE Spectrum
On a gin-clear December day, Im sitting under the plexiglass bubble of a radically new kind of aircraft. Its a little past noon at the Byron Airport in northern California; in the distance, a jagged line of wind turbines atop rolling hills marks the Altamont Pass, blades spinning lazily. Above me, a cloudless blue sky beckons.
The aircraft, called BlackFly, is unlike anything else on the planet. Built by a Palo Alto, Calif., startup called Opener, its an electric vertical take-off and landing (eVTOL) aircraft with stubby wings fore and aft of the pilot, each with four motors and propellers. Visually, its as though an aerial speedster from a 1930s pulp sci-fi story has sprung from the page.
There are a couple of hundred startups designing or flying eVTOLs. But only a dozen or so are making tiny, technologically sophisticated machines whose primary purpose is to provide exhilarating but safe flying experiences to people after relatively minimal training. And in that group, Opener has jumped out to an early lead, having built dozens of aircraft at its facilities in Palo Alto and trained more than a score of people to fly them.
My own route to the cockpit of a BlackFly was relatively straightforward. I contacted the companys CEO, Ken Karklin, in September 2022, pitched him on the idea of a story and video, and three months later I was flying one of his aircraft.
Well, sort of flying it. My brief flight was so highly automated that I was more passenger than pilot. Nevertheless, I spent about a day and a half before the flight being trained to fly the machine manually, so that I could take control if anything went wrong. For this training, I wore a virtual-reality headset and sat in a chair that tilted and gyrated to simulate flying maneuvers. To fly this simulation I manipulated a joystick that was identical to the one in the cockpit of a BlackFly. Openers chief operating officer, Kristina L. Menton, and engineer Wyatt Warner took turns patiently explaining the operations of the vehicle and giving me challenging tasks to complete, such as hovering and performing virtual landings in a vicious crosswind.
The BlackFly is entirely controlled by that joystick, which is equipped with a trigger and also topped by a thumb switch. To take off, I squeeze th...
02:46
Acer discloses a new data breach, 160 GB of sensitive data available for sale Security Affairs
Taiwanese multinational hardware and electronics corporation Acer discloses a data breach after a threat actor claimed the hack of the company.
Recently a threat actor announced the availability for sale of 160 GB of data allegedly stolen from the Taiwanese multinational hardware and electronics corporation Acer.
The threat actor announced the hack on a popular cybercrime forum, he claims to have stolen about 2869 files. The stolen files include confidential product model documentation, binaries, backend infrastructure, BIOS information, and other sensitive data.
Reads the post published by the seller on Breached Forums:
The leak contains a total 160GB of 655 directories, and 2869 files. It includes:
- Confidential slides/presentations
- Staff manuals to various technical problems
- Windows Imaging Format files
- Tons of binaries (.exe, .dll, .bin, etc)
- Backend infrastructure
- Confidential product model documentation and information of phones, tablets, laptops, etc
- Replacement Digital Product Keys (RDPK)
- ISO files
- Windows System Deployment Image (SDI) files
- Tons of BIOS stuff
- ROM files
(honestly theres so much shit that itll take me days to go through the list of what was breached lol)
Acer confirmed the incident and discloses a data breach, the company said that attackers have compromised one of its servers.
We have recently detected an incident of unauthorized access to one of our document servers for repair technicians. While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server, ...
02:45
Initial Rust DRM Abstractions, AGX Apple DRM Driver Posted For Review Phoronix
After being in development for several months, Asahi Lina with the Asahi Linux project has posted the initial Rust Direct Rendering Manager (DRM) subsystem abstractions for review as well as a preview of the experimental state of the AGX DRM driver providing the open-source kernel graphics driver support for Apple M1/M2 hardware...
02:42
The Government Is Trying To Kill Us Now: Low-Income Americans Fume In Mile-Long Food Lines After Pandemic Benefits End cryptogon.com
Via: ZeroHedge: Over the past year, 18 US states have officially ended pandemic-era states of emergency including the covid food benefit, while a December mandate from Congress will end aid in March for the other 32 states, along with the District of Columbia, the US Virgin Islands and Guam. The collective return to pre-pandemic []
02:28
The initial posting of the Apple AGX graphics driver LWN.net
Asahi Lina has posted an initial version of a Rust-based driver for Apple AGX graphics processors; the posting includes a fair amount of Rust infrastructure for graphics drivers in general.
While developing the driver, I tried to make use of Rust's safety and lifetime features to provide not just CPU-side safety, but also partial firmware-ABI safety. Thanks to this, it has turned out to be a very stable driver even though GPU firmware crashes are fatal (no restart capability, need to reboot!) and the FW/driver interface is a huge mess of unsafe shared memory structures with complex pointer chains.
02:04
Expert released PoC exploit code for critical Microsoft Word RCE flaw Security Affairs
Security researcher released a proof-of-concept exploit code for a critical flaw, tracked as CVE-2023-21716, in Microsoft Word.
Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word.
The vulnerability can be exploited by a remote attacker to execute arbitrary code on a system running the vulnerable software. The issue can be easily exploited, anyway, it can be exploited only with user interaction.
Microsoft addressed the vulnerability with the release of the February Patch Tuesday security updates.
The vulnerability was discovered by Drake in November, it resides in the in Microsoft Offices wwlib.dll library.
An unauthenticated attacker could send a malicious e-mail containing an RTF payload that would allow them to gain access to execute commands within the application used to open the malicious file. reads the advisory published by Microsoft.
The vulnerability can be also be exploited by simply loading a specially crafted RTF document in the Preview Pane.
Drake discovered a heap corruption vulnerability in the RTF parser in Microsoft Word that can be triggered dealing with a font table (*\fonttbl*) containing a large number of fonts (*\f###*).
Following this memory corruption, additional processing takes place. With a properly crafted heap layout, an attacker cause the heap corruption to yield arbitrary code execution. Using the proof-of-concept code supplied below, processing eventually reaches the post-processing clean up code. reads the technical post published by the researchers.
The researchers shared a proof-of-concept code that trigger the bug to launch the Calculator app in Windows.
The good news is that at this time Microsoft is not aware of attacks in the wild ex...
01:47
Twitter Suspends Copyright Holder as Musk Outlaws Weaponization of DMCA (Updated) TorrentFreak
In May 2022, Elon Musk
declared overzealous use of the DMCA a plague on humanity.
As CEO of Twitter, Musk understands that his platform has certain obligations if it wishes to maintain protection from liability under copyright law. On receipt of a properly formatted and submitted takedown notice, allegedly infringing content must be taken down.
A dispute that boiled over yesterday began with these two steps but ended up with the copyright holder having his account suspended, presumably by Musk himself or on his instructions.
The two people at the heart of the original dispute are both Twitter users. Since most tweets relating to the initial dispute have since been deleted or disabled, here we rely on archived and cached copies for evidence. Since one users account has been suspended, links to the account and its tweets are included but are likely to fail.
Adrien Mauduit (@NightLights_AM)
Adrien Mauduit (@NightLights_AM, Norway) operates the currently-suspended Night Lights account. He describes himself as a professional nature cinematographer, astrophotographer, and an Aurora chasing specialist.
A review of Mauduits recent posts suggests that his Twitter account is mainly used to post content he creates himself, usually videos or photographs.
Mauduits pinned tweet is/was a stunning short video dated March 4, 2023. Its described as a double solar storm punch that created a G3 (max) geomagnetic storm. This video sits at the heart of the dispute.
Posted on March 3, the video was well received. Comments under the original tweet include: INCREDIBLE! Feast for the eyes and spirit, This one is off the charts! and Wow Adrien! Absolutely killing it! Thanks for sharing!
Massimo (@Rainmaker1973)
Massimo (Italy) operates the...
01:32
McQueen: Flathub in 2023 LWN.net
The Flathub organization (in the form of Robert McQueen) has posted a lengthy update on the state of Flathub and its plans for the coming year.
So far, the GNOME Foundation has acted as an incubator and legal host for Flathub even though its not purely a GNOME product or initiative. Distributing software to end users along with processing and forwarding payments and donations also has a different legal profile in terms of risk exposure and nonprofit compliance than the current activities of the GNOME Foundation. Consequently, we plan to establish an independent legal entity to own and operate Flathub which reduces risk for the GNOME Foundation, better reflects the independent and cross-desktop interests of Flathub, and provides flexibility in the future should we need to change the structure.
01:25
Beans IN Toast Could Revolutionise British Diet SoylentNews
Researchers and chefs at the University of Reading aim to encourage British consumers and food producers to switch to bread containing faba beans (commonly known as broad beans), making it healthier and less damaging to the environment.
[...] Five teams of researchers within the University of Reading, along with members of the public, farmers, industry, and policy makers, are now working together to bring about one of the biggest changes to UK food in generations.
[...] This is by increasing pulses in the UK diet, particularly faba beans, due to their favourable growing conditions in the UK and the sustainable nutritional enhancement they provide.
Despite being an excellent alternative to the ubiquitous imported soya bean, used currently in bread as an improver, the great majority of faba beans grown in the UK go to animal feed at present.
[...] "96% of people in the UK eat bread, and 90% of that is white bread, which in most cases contains soya. We've already performed some experiments and found that faba bean flour can directly replace imported soya flour and some of the wheat flour, which is low in nutrients. We can not only grow the faba beans here, but also produce and test the faba bean-rich bread, with improved nutritional quality."
For those who prefer their information in YouTube format
Read more of this story at SoylentNews.
01:15
Security updates for Tuesday LWN.net
Security updates have been issued by Debian (kopanocore), Fedora (golang-github-projectdiscovery-chaos-client, rust-sequoia-octopus-librnp, rust-sequoia-sop, rust-sequoia-sq, and usd), Oracle (libjpeg-turbo and pesign), Red Hat (kernel, kernel-rt, kpatch-patch, osp-director-downloader-container, pesign, rh-mysql80-mysql, samba, and zlib), SUSE (mariadb), and Ubuntu (fribidi, gmp, linux, linux-aws, linux-kvm, linux-lts-xenial, linux-azure, linux-azure-4.15, linux-kvm, linux-raspi2, linux-snapdragon, linux-raspi, nss, python3.6, rsync, systemd, and tiff).
01:11
CVE-2023-27522: Apache HTTP Server: mod_proxy_uwsgi HTTP response splitting Open Source Security
Posted by Eric Covener on Mar 07
Severity: moderateDescription:
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server:
from 2.4.30 through 2.4.55.
Special characters in the origin response header can truncate/split the response forwarded to the client.
Credit:
Dimas Fariski Setyawan Putra (nyxsorcerer) (finder)
References:
https://httpd.apache.org/security/vulnerabilities_24.html
https://httpd.apache.org/...
01:09
CVE-2023-25690: Apache HTTP Server: HTTP request splitting with mod_rewrite and mod_proxy Open Source Security
Posted by Eric Covener on Mar 07
Severity: importantDescription:
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.
Configurations are affected when mod_proxy is enabled along with some form of RewriteRule
or ProxyPassMatch in which a non-specific pattern matches
some portion of the user-supplied request-target (URL) data and is then
re-inserted into the proxied request-target using variable...
00:58
SYS01stealer: New Threat Using Facebook Ads to Target Critical Infrastructure Firms The Hacker News
Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc. to lure
00:31
SPACE FORCE: The Secret Orbit Arms Race in Space | SpaceTime WELT Documentary Lifeboat News: The Blog
In December 2019, the United States established its new space force: the United States Space Force. A logical step in a globalized and digitized world whose infrastructure depends on satellites in space. This infrastructure is under threat. Also by a resurgence of conflict between East and West. This episode of Spacetime describes how the military conquered space and why the world is in a new arms race in Earth orbit.
#documentary #spacetime #usa.
Watch
more documentaries
https://www.youtube.com/playlist?list=PL-5sURDcN_Zl8hBqkvZ6uXFpP3t55HU9s.
Subscribe to our full documentary channel.
00:29
Open source software could deliver huge time savings for computational chemists Lifeboat News: The Blog
A new program can streamline the process of creating, launching and analysing computational chemistry experiments. This piece of software, called AQME, is distributed for free under an open source licence, and could contribute to making calculations more efficient, as well as accelerating automated analyses.
We estimate time savings of around 70% in routine computational chemistry protocols, explains lead author Juan Vicente Alegre Requena, at the Institute of Chemical Synthesis and Homogeneous Catalysis (ISQCH) in Zaragoza, Spain. In modern molecular simulations, studying a single reaction usually involves more than 500 calculations, he explains. Generating all the input files, launching the calculations and analysing the results requires an extraordinary amount of time, especially when unexpected errors appear.
Therefore, Alegre and his colleagues decided to code a piece of software to skip several steps and streamline calculations. Among other advantages, AQME works with simple inputs, instead of the optimised 3D chemical structures usually required by other solutions. Its exceptionally easy, says Alegre. AQME is installed in a couple of minutes, then the only indispensable input is as a simple Smiles string. Smiles is a system developed by chemist and coder Dave Weininger in the late 1980s, which converts complex chemical structures into a succession of letters and numbers that is machine readable. This cross-compatibility could allow integration with chemical databases and machine-learning solutions, most of which include datasets in Smiles format, explains Alegre.
00:28
Dr. Moupali Das, MD, MPH Gilead Sciences Dedicated To Ending The HIV Epidemic Lifeboat News: The Blog
Dedicated to ending the HIV epidemic dr. moupali das, MD, MPH, executive director, HIV clinical research, gilead sciences.
Dr. Moupali Das, MD, MPH, is Executive Director, HIV Clinical Research, in the Virology Therapeutic Area, at Gilead Sciences (https://www.gilead.com/), where she leads the pre-exposure prophylaxis (PrEP) clinical drug development program, including evaluating the safety and efficacy of a long-acting, twice yearly, subcutaneous injection being studied for HIV prevention. Her responsibilities also include expanding the populations who may benefit from PrEP.
Dr. Das has led high-performing teams in academic medicine, public health, implementation science, and cross-functionally in drug development. She has successfully helped develop, implement, and evaluate how to better test, link to care, increase virologic suppression, and improve quality of life for people with HIV, and to prevent HIV in those who may benefit from PrEP.
During the COVID19 pandemic, Dr. Das assisted her colleagues in the COVID-19 treatment program, leading the evaluation of a COVID-19 treatment for use in pregnant women and children from the compassionate use program.
After completing her undergraduate degree in Biochemical Sciences at Harvard College, medical school and internal medicine residency training at Columbia University and New York Presbyterian Hospital, Dr. Das came to University of California, San Francisco (UCSF) for fellowship training in Infectious Diseases and to University of California, Berkeley for her MPH in Epidemiology. She cared for HIV patients at San Francisco Generals storied Ward 86 clinic and attended on the inpatient ID Consult Service. She is recognized internally and externally for her expertise in epidemiology, public health, advocacy, and community engagement.
Prior to joining Gilead, Dr. Das developed a novel population-based indicator, community viral load (CVL), to evaluate the impact of treatment as prevention. Her CVL research was the basis for using viral suppression to evaluate the effectiveness of President Barack Obamas National HIV/AIDS Strategy. She also served on the Institute of Medicine Committee on Data Systems for Monitoring HIV/AIDS care.
Dr. Das has authored over 60 manuscripts, presented at scientific conferences, policy forums, and for community and advocacy organizations. Her publications ha...
00:25
NASA shares breathtaking aurora video from space station Lifeboat News: The Blog
NASA has released a breathtaking time-lapse video captured from the International Space Station showing a recent aurora over Earth.
00:25
Scientists found a dinosaur with skin on its face still intact Lifeboat News: The Blog
Scientists have made a freak discovery thats potentially brought us closer to dinosaurs than weve ever been before.
Archaeologists uncovered one of the most well-preserved dinosaur fossils so preserved that its very skin was still intact after all these years.
Talk about a good skincare routine, the discovery is now being hailed as a one-in-a-billion find.
00:25
Fred Hoyle: I dont believe in the Big Bang Lifeboat News: The Blog
Sir Fred Hoyle was an English astronomer who formulated the theory of stellar nucleosynthesis. He also held controversial stances on other scientific matters in particular his rejection of the Big Bang theory, a term coined by him on BBC radio, and his promotion of panspermia and the Steady-state theory of the universe.
00:24
Huge young galaxies seen Lifeboat News: The Blog
Galaxies spotted by the James Webb Space Telescope seem far too massive to have formed so early on in the universes history, which could be a problem for our ideas of galaxy formation.
By Leah Crane and Alex Wilkins.
00:24
Intel Preparing IAA Crypto Compression Driver - Kernel Crypto API Use For Accelerators Phoronix
In addition to Intel's Linux patches in recent days working on broad performance optimizations that can benefit all hardware there has also been some Intel-specific kernel improvements being worked on like the Sapphire Rapids C0.2 idle state support that was published for review on Monday. Also coming out from the covers on Monday was a new patch series for the "iaa_crypto" driver to improve the Linux support for Intel's In-Memory..
00:23
Quantum Physics: Scientists Cool Nanoparticles to Ground-State in 2D Motion Lifeboat News: The Blog
Experts consider glass nanoparticles kept inside extreme vacuum layers as potential platforms for examining the quantum worlds limits. However, a question in the field of quantum theory remains unanswered: at which size does an object start being described by quantum physics laws rather than classical physics laws?
Achieving Quantum-State Cooling in More Than One Direction Is Challenging
SciTechDaily reports that a research team attempted to precisely answer the question through the ERC-Synergy project Q-Xtreme. The team comprised Lukas Novotny from ETH Zurich, Markus Aspelmeyer from the University of Vienna, Oriol Romero-Isart from the University of Innsbruck, and Romain Quidant from Zurich.
Tuesday, 07 March
23:00
Probably The Most Over-Specified Calculator To Ever Be Manufactured Hackaday
Its possible quite a few of our older readers will remember the period from the 1960s into the 70s when an electronic calculator was the cutting edge of consumer-grade digital technology. By the 1980s though, they were old hat and could be bought for only a few dollars, a situation that remains to this day. But does that mean calculator development dead?
23:00
GNOME Shell & Mutter 44 Release Candidates Bring Last Minute Changes Phoronix
The GNOME Shell and Mutter release candidates ahead of this month's GNOME 44 desktop update are now available for testing...
22:58
22:46
AMD's Suballocator Helper Gets Ready To Help Intel's New Xe Linux Graphics Driver Phoronix
With the Linux 6.3-rc1 kernel now out and that closing the Linux 6.3 merge window, the open-source Linux graphics driver developers are turning their attention to feature work they want to accomplish for Linux 6.4 this summer. Already the first drm-misc-next pull request has been submitted to DRM-Next with some of those early changes that will target the v6.4 kernel...
22:41
Two Security Flaws in the TPM 2.0 Specs Put Cryptographic Keys at Risk SoylentNews
In-hardware security can be defeated with just two extra bytes:
The Trusted Platform Module (TPM) secure crypto-processor became a topic for public debate in 2021 when Microsoft forced TPM 2.0 adoption as a minimum requirement for installing Windows 11. The dedicated hardware controller should provide "extra hard" security to data and cryptographic algorithms, but the official specifications are bugged.
Security researchers recently discovered a couple of flaws in the Trusted Platform Module (TPM) 2.0 reference library specification, two dangerous buffer overflow vulnerabilities that could potentially impact billions of devices. Exploiting the flaws is only possible from an authenticated local account, but a piece of malware running on an affected device could do exactly that.
The two vulnerabilities are tracked as CVE-2023-1017 and CVE-2023-1018, or as "out-of-bounds write" and "out-of-bounds read" flaws. The issue was discovered within the TPM 2.0's Module Library, which allows writing (or reading) two "extra bytes" past the end of a TPM 2.0 command in the CryptParameterDecryption routine.
By writing specifically crafted malicious commands, an attacker could exploit the vulnerabilities to crash the TPM chip making it "unusable," execute arbitrary code within TPM's protected memory or read/access sensitive data stored in the (theoretically) isolated crypto-processor.
In other words, successful exploitation of the CVE-2023-1017 and CVE-2023-1018 flaws could compromise cryptographic keys, passwords and other critical data, making security features of modern, TPM-based operating systems like Windows 11 essentially useless or broken.
Read more of this story at SoylentNews.
22:39
Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps The Hacker News
A suspected Pakistan-aligned advanced persistent threat (APT) group known as Transparent Tribe has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called CapraRAT. "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET said in a report
22:35
Links 07/03/2023: Audacious 4.3 and Apt 2.6.0 Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
-
GNU/Linux
-
Audiocasts/Shows
-
YouTube 2023-03-06 The 2023 System76 Pangolin is an Awesome 15 Linux Laptop
-
YouTube 2023-03-06 Upgrading the Steam Decks SSD was so easy!
-
DragonFly BSD Digest BSD to watch
S...
-
-
22:24
Coreboot Adds Support For An ASRock Sandy/Ivy Bridge Era Mini ITX Board Phoronix
For those that happen to have an ASRock B75M-ITX in their collection or have just been looking for an old Intel Sandy Bridge / Ivy Bridge era system that can run the open-source Coreboot firmware, this mini-ITX desktop motherboard can run upstream Coreboot with the latest changes made this week...
22:23
Why Healthcare Can't Afford to Ignore Digital Identity The Hacker News
Investing in digital identity can improve security, increase clinical productivity, and boost healthcare's bottom line. by Gus Malezis, CEO of Imprivata Digitalization has created immeasurable opportunities for businesses over the past two decades. But the growth of hybrid work and expansion of Internet of Things (IoT) has outpaced traditional 'castle and moat' cybersecurity, introducing
21:29
LastPass hack caused by an unpatched Plex software on an employees PC Security Affairs
The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates.
The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers.
Recently, the password management software firm disclosed a second attack, a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach. Then the attackers exploited a flaw in a third-party media software package to target the firm.
LastPass revealed that the home computer of one of its DevOp engineers was hacked as part of a sophisticated cyberattack.
The attackers targeted one of the four DevOps engineers who had access to the decryption keys needed to access the cloud storage service. The hackers installed a keylogger on the DevOp engineers computed and captured his master password.
The investigation conducted by the company with the help of the cybersecurity firm Mandiant confirmed the attack on the DevOps engineers home computer.
The attackers hacked the employees home computer by exploiting a deserialization of untrusted data in Plex Media Server on Windows. The issue, tracked as CVE-2020-5741 (CVSS score: 7.2), can be exploited by a remote, authenticated attacker to execute arbitrary Python code.
We have recently been made aware of a security vulnerability related to Plex Media Server. This issue allowed an attacker with access to the server administrators Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. This could be done by setting the server data directory to overlap with the content location for a library on which Camera Upload was enabled. reads the...
20:53
Podcast Episode: Making the Invisible Visible Deeplinks
What would the internet look like if it weren't the greatest technology of mass surveillance in the history of mankind? Trevor Paglen wonders about this, and he makes art from it.
You can also find this episode on the Internet Archive.
To Paglen, art is a conversation with the past and the future artifacts of how the world looks at a certain time and place. In our time and place, its a world dogged by digital privacy concerns, and so his art ranges from 19th-century style photos of military drones circling like insects in the Nevada sky, to a museum installation that provides a free wifi hotspot offering anonymized browsing through a Tor network, to deep-sea diving photos of intern...
20:00
Displaying the Time is Elemental With This Periodic Table Clock Hackaday
We see a lot of clocks here at Hackaday, so many now that its hard to surprise us. After all, there are only so many ways to divide the day into intervals, as well as a finite supply of geeky and quirky ways to display the results, right?
Thats why this periodic table clock really caught our eye. [gocivici]s idea is a simple one: light up three different elements with three different colors for hours, minutes, and seconds, and read off the time using the atomic number of the elements. So, if its 13:03:23, that would light up aluminum in blue, lithium in green, and vanadium in red. The periodic table was designed in Adobe Illustrator and UV printed on a sheet of translucent plastic by an advertising company that specializes in such things, but wed imagine other methods could be used. The display is backed by light guides and a baseplate to hold the WS2812D...
19:54
Arm Opts for New York Stock Listing in Blow to London SoylentNews
Arm says it decided a sole US listing in 2023 was "the best path forward":
[...] Arm's decision not to pursue a listing on the London Stock Exchange this year has raised concerns that the UK market is not doing enough to attract tech company stock offerings, with US exchanges seen to offer higher profiles and valuations.
SoftBank Group Corp's founder and chief executive Masayoshi Son said last year he would probably look to the tech-heavy Nasdaq exchange for a potential Arm listing.
[...] "Arm is proud of its British heritage, and continues to work with the British Government," he said. "We will continue to invest and play a significant role in the British tech ecosystem."
A Government spokesperson said: "The UK is taking forward ambitious reforms to the rules governing its capital markets, building on our continued success as Europe's leading hub for investment, and the second largest globally."
They added the UK "continues to attract some of the most innovative and largest companies in the world" and acknowledged Arm's commitment to its UK presence with more jobs and investment.
[...] Russ Shaw CBE, founder of Tech London Advocates and Global Tech Advocates, said Arm's statement offered "glimpses of hope" for its commitment to its British roots, but Arm and SoftBank's decision to opt for a sole US listing is "a significant blow to the UK tech sector".
[...] He added Arm's decision "must be upheld as a case study for the UK Government of how 'not to do it'" - citing the company's sale to SoftBank in 2016 as a factor determining its US-only listing.
"Nations like the US and China that recognise the strategic value of chip companies would not have allowed such decisions to be made - then or now - and the UK must now endeavour to proactively protect its semiconductor industry," said Mr Shaw.
Read more of this story at SoylentNews.
19:00
Gates Foundation Insider Admits Covid Vaccines Are Abortion Drugs To Depopulate the World Terra Forming Terra
Idiocracy by design Terra Forming Terra
...
Cancer Patient With Tumors as Big as Oranges Recovers in 10 DaysDid He Misunderstand Terra Forming Terra
The bill that would give Americans a four-day workweek Terra Forming Terra
It has certainly become timely to discuss a sensible work week regulation system. It really needs to be about optimizing outputs. We have in each week exactly 168 hours or 42 four hour shifts. Not a bad way to look at it. I also think that the four hour shift should be the prime unit. I have already posted that our so called minimum wage needs to be set around a guaranteed four hour base shift that pays base costs.
18:56
IRC Proceedings: Monday, March 06, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-060323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-060323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-060323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-060323.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
18:42
Shein's Android App Caught Transmitting Clipboard Data to Remote Servers The Hacker News
17:21
LastPass Hack: Engineer's Failure to Update Plex Software Led to Massive Data Breach The Hacker News
The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with
17:20
Carnivores attacks on humans are becoming more common Terra Forming Terra
17:08
Flatpak Could Become a Universal App Store for Linux Systems SoylentNews
The Foss community is giving yet another try with an app store for all Linux OSes:
Some influential people in the open-source community are pushing for the adoption of a one-stop app store for Linux-based operating systems. The store would be built on Flatpak, a popular software deployment and package management utility, and it could provide customers with the same user-friendly approach other popular app stores in the consumer market are known for.
[...] The proposal's main goal is to "promote diversity and sustainability" in the Linux desktop community by "adding payments, donations and subscriptions" to the Flathub app store. Flathub is the standard app repository for Flatpak, a project described as a "vendor-neutral service" for Linux application development and deployment.
[...] The universal app store proponents say that "a healthy application ecosystem is essential for the success of the OSS desktop," so that end-users can "trust and control" their data and development platforms on the device they are using. Flathub has been jointly built by the GNOME foundation and KDE, and it isn't the only app store available in the Linux world.
Alternative solutions like Canonical's Snaps, however, are sitting under the control of a single corporation and aren't designed as a universal Linux app store from the get-go. Canonical has recently decided that neither Ubuntu, nor the other Ubuntu-based distros (Kubuntu, Lubuntu, etc.), will give their official support to Flatpak. Users can manually add the tool after installing the operating system, though.
Besides providing a universal app store for the entire Linux world, Flatpak supporters also want to "incentivize participation in the Linux application ecosystem," and remove financial barriers that prevent diverse participation. For this reason, the proponents are planning to add a new way to send donations and payments via Stripe within this year.
Read more of this story at SoylentNews.
17:00
Assembly Language 80s Minicomputer Style Hackaday
In the days before computers usually used off-the-shelf CPU chips, people who needed a CPU often used something called bitslice. The idea was to have a building block chip that needed some surrounding logic and could cascade with other identical building block chips to form a CPU of any bit width that could do whatever you wanted to do. It was still harder than using a CPU chip, but not as hard as rolling your own CPU from scratch. [Usagi Electric] has a Centurion, which is a 1980s-vintage minicomputer based on a bitslice processor. He wanted to use it to write assembly language programs targeting the same system (or an identical one). You can see the video below.
Truthfully, unless you have a Centurion yourself, the details of this are probably not interesting. But if you have wondered what it was like to code on an old machine like this, youll enjoy the video. Even so, the process isnt quite authentic since he uses a more modern editor written for the Centurion. Most editors from those days were more like CP/M ed or DOS edlin, which were painful, indeed.
The target program is a hard drive test, so part of it isnt just knowing assembly but understanding how to interface with the machine. That was pretty common, too. You didnt have a lot of help from canned routines in those days. For example, it was common to read an entire block from a hard drive, tape, or drum and have to figure out what part of it you were actually interested in instead of,...
16:49
Links 06/03/2023: rpminspect 1.11 and Mozilla Enlarges the Boards Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher ...
16:30
Preventing corporate data breaches starts with remembering that leaks have real victims Help Net Security
When it comes to data breaches, organizations are generally informed about the risks and procedures for mitigating them. They can (typically) respond with minimal collateral damage. But the impact a data breach can have on individuals can be devasting; getting back to something that vaguely resembles normality is very challenging. In my work helping these people, Ive been asked multiple times whether it would help to get a new phone number or even move to More
The post Preventing corporate data breaches starts with remembering that leaks have real victims appeared first on Help Net Security.
16:00
Vulnerability in DJI drones may reveal pilots location Help Net Security
Serious security vulnerabilities have been identified in multiple DJI drones. These weaknesses had the potential to allow users to modify crucial drone identification details such as its serial number and even bypass security mechanisms that enable authorities to track both the drone and its pilot. In special attack scenarios, the drones could even be brought down remotely in flight. Photo by: RUB, Marquard The team headed by Nico Schiller of the Horst Grtz Institute for More
The post Vulnerability in DJI drones may reveal pilots location appeared first on Help Net Security.
15:30
China-aligned APT is exploring new technology stacks for malicious tools Help Net Security
ESET researchers have analyzed MQsTTang, a custom backdoor that they attribute to the China-aligned Mustang Panda APT group. This backdoor is part of an ongoing campaign that ESET can trace back to early January 2023. Execution graph showing the subprocesses and executed tasks Researchers have seen unknown entities in Bulgaria and Australia in their telemetry as targets. They also have information indicating that Mustang Panda is targeting a governmental institution in Taiwan. Due to the More
The post China-aligned APT is exploring new technology stacks for malicious tools appeared first on Help Net Security.
14:25
DART Mission Plaudits and Review SoylentNews
NASA: DART Mission Proves Kinetic Impact Can Save Earth From Incoming Asteroids
NASA's DART mission was a smashing success:
The Double Asteroid Redirection Test ended last year with the spacecraft colliding with an asteroid known as Dimorphos. NASA announced in the following weeks that DART had altered the asteroid's trajectory, and now we have four peer-reviewed papers that explore just how successful the mission was. The news is good NASA has confirmed that DART validates kinetic impact as a viable way to deflect dangerous asteroids.
[...] Scientists are working to reconstruct the impact to evaluate DART's autonomous targeting ability. The authors of this study concluded that a DART-like mission to redirect a dangerous asteroid could theoretically do so without an advanced reconnaissance flight. [...]
Another of the four studies confirmed via two different measurement techniques that Dimorphos' orbit shifted by 33 minutes. NASA had expected the impact to push the asteroid by at least seven minutes, but the recoil effect of ejecta blasted off the surface had a greater effect than predicted. [...]
A separate study looked at the momentum transfer from the impact. The researchers found that DART instantly altered Dimorphos' orbit, slowing it by 2.7 millimeters per second. [...] The final study discusses what we can learn from DART beyond the planetary defense angle. Dimorphos it's now an "active asteroid" surrounded by a cloud of dust. The authors say analysis of this comet-like tail could help us learn more about the natural processes at work on asteroids.
Luckily, there are no known asteroid threats for at least the next century, but our catalog of near-Earth objects is incomplete. We could discover an asteroid with a high chance of impact tomorrow. It's happened before, and it'll happen again. For decades, kinetic redirection was seen as a potential way to save Earth from those rare but inevitable events, but no one knew if it would work. Now we do humanity has the tools to prevent at least one kind of doomsday.
Read more of this story at SoylentNews.
14:00
The Eyes Have It: Stare Down Your Lighting Hackaday
You know how you can feel when someone is looking at you? Thanks to a person detector, [Michael Rigsbys] little robotic light switch also knows when you are looking at it. As you can see in the video below, when it notices you are looking at it, it lights up an LED. If you continue to gaze at it, it will turn to stare back at you. Keep staring it down and it will toggle the state of a remote control light switch.
This all works because of the person sensor module by Useful Sensors. The little module has a camera and face detection built into it. It doesnt draw much power at 150 milliwatts. It can sense faces, including where they are and how many people are looking.
Once you have that data via I2C it is easy to program an Arduino or whatever to do what you want. In this case, an Uno, a servo motor, and some relays are all it takes. We might have made it interface with our smart home devices to turn on anything we want, but that would be an easy mod. The relays have the virtue of working with anything. For this project, he uses them to close switch contacts on a remote control.
You might think this is pointless, but look at all the Clappers that have been sold that do virtually the same thing in a much less elegant way. You can also use the sensor in reverse and make a robot or a clock that...
14:00
Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module Help Net Security
Palo Alto Networks released new Identity Threat Detection and Response (ITDR) module for Cortex XSIAM, enabling customers to ingest user identity and behavior data and deploy AI technology to detect identity-driven attacks within seconds. The module further strengthens XSIAMs ability to consolidate multiple security operations capabilities into a unified, AI-driven security operations center (SOC) platform. Identity-driven attacks, which target user credentials to access confidential data and systems, are one of the most common methods cyber More
The post Palo Alto Networks enhances cybersecurity capabilities with AI-powered ITDR module appeared first on Help Net Security.
11:39
Dish Network Finally Acknowledges Huge Hack After Days of Not Answering Questions SoylentNews
Dish Network Finally Acknowledges Huge Hack After Days Of Not Answering Questions:
Early this week reports began to emerge that Dish Network was suffering from a widespread outage that effectively prevented a large chunk of the company's employees from being able to work for more than four days. Initially, Dish tried to downplay the scope of the problem in press reports, only stating that they'd experienced an ambiguous "systems issue."
Five days in and it was finally revealed that the company had been hacked, subjected to a ransomware attack, and subscriber data had been compromised. But, of course, customers didn't find out from Dish, they only learned about it via leaked internal communications:
Dish has told employees that it's "investigating a cybersecurity incident" and that it's "aware that certain data was extracted" from its IT systems as a result of this incident, according to an internal email sent by CEO Erik Carlson and obtained by The Verge. This comes on the fifth day of an internal outage that's taken down some of the company's internal networks, customer support systems, and websites such as boostinfinite.com and dish.com.
Employees have been completely locked out of their systems, telling Bleeping Computer that they're seeing blank screen icons common during ransomware attacks. As of this writing, things are so bad at Dish that their primary website is a placeholder page, though at least they finally got around to confirming things in an ambiguous statement.
You might recall that Dish Network was part of a doomed Trump-era plan to justify the T-Mobile Sprint merger by encouraging Dish to build its own 5G network. That plan isn't going so well either, and similar to T-Mobile's comical inability to secure its network, you have to wonder how much merger logistics distracted the...
11:20
F5 and Visa join forces to enhance security throughout the customer experience Help Net Security
F5 and Visa join forces to enable merchants to securely reduce login friction for their customers. Customers expect seamless commerce experiences and transactions to be secure. Yet, in todays digital-first world, customers are under threat from bad actors looking to steal data and commit fraud. Now, through F5 and Visas collaboration, merchants can provide their customers a seamless, secure, and personalized shopping experience. F5s Distributed Cloud Authentication Intelligence leverages artificial intelligence and behavior analytics to More
The post F5 and Visa join forces to enhance security throughout the customer experience appeared first on Help Net Security.
11:00
Your Phone is a 200X Microscope Sort Of Hackaday
[A. Cemal Ekin] over on PetaPixel reviewed the Apexel 200X LED Microscope Lens. The relatively inexpensive accessory promises to transform your cell phone camera into a microscope. Of course, lenses that strap over your phones camera lens arent exactly a new idea, but this one looks a little more substantial than the usual piece of plastic in a spring-loaded clip. Does it work? You should read [Cemals] post for the details, but the answer as you might have expected is yes and no.
On the yes side, you can get some pretty neat photomicrographs from the adapter. On the negative side, your phone isnt made to accommodate microscope samples. It also isnt made to stay stable at 200X.
[Cemal] found the same sort of things weve found with other similar adapters. You need to zoom to fill the frame with the microscopes image. Otherwise, you get an odd round image with darkness all around it. The microscope works best on something flat and has a very shallow depth of field, so anything poking in our out will probably be out of focus.
The unit did, however, look substantial and had a built-in rechargeable battery and an LED light. None of the photomicrographs looked bad, but you have to remember that you cant really use it unless what you want a picture of is flat, and the camera can essentially lay flat on it.
...11:00
HPR3807: PeePaw builds a computer Hacker Public Radio
intro who is peepaw? Me! why a retro computer? help a kid understand computers why z80? cheap, available, cheap the plan build from scratch build something like a tec1 https://en.wikipedia.org/wiki/TEC-1 a great guide is the 1981 book build your own z80 computer Build Your Own Z80 Computer Steve Ciarcia/ get started with nop tester http://www.z80.info/z80test0.htm want an expandable system keep the cost down work up to a system like the jupiter ace (which is like a zx-81 sinclair computer) https://en.wikipedia.org/wiki/Jupiter_Ace getting started, the nop test use an arduino mega board and some forth to spin up the most basic z80 system https://gitlab.com/8bitforce/retroshield-hw/-/tree/master/hardware give the z80 5 volts, a clock and the right data and it will happily start up and run through its address space doing nothing the nop tester, in software make a forth logic probe https://en.wikipedia.org/wiki/Logic_probe use a gate method of frequency counting https://ww1.microchip.com/downloads/en/Appnotes/doc8365.pdf create a few forth words to make a "logic probe" and test that probe https://pajacobs-ghub.github.io/flashforth/ff5-tutorial-guide.html#_counting_button_presses need an arduino mega running flashforth https://store.arduino.cc/products/arduino-mega-2560-rev3 https://flashforth.com/atmega.html datasheet https://store.arduino.cc/products/arduino-mega-2560-rev3 https://ww1.microchip.com/downloads/en/devicedoc/atmel-2549-8-bit-avr-microcontroller-atmega640-1280-1281-2560-2561_datasheet.pdf some jumper wires z80 solderless bread board the code walk through, start from the bottom up note: ( -- ) are stack effect comments, back slashes are plain comments constants variable @ ! mset mclr mtst set up external interrupt, int4, arduino board pin4 the source code declare some constants and variable as labels variable Compare variable Count $100 constant PINH these labels come from the atmega2560 datasheet $101 constant DDRH $102 constant PORTH $a0 constant TCCR4A $a1 constant TCCR4B $a8 constant OCR4A $2c constant PINE $2d constant DDRE $2e constant PORTE $6a constant EICRB $3d constant EIMSK : ext4.irq ( -- ) Count @ 1+ Count ! ;i the frequency counter : logicprobe-init ( -- ) 1249 Compare ! 100 hz %0000.1000 DDRH mset h3 output %0100.0000 TCCR4A c! toggle d6, ph3 on compare match 0000.1011 %TCCR4B c! set ctc mode, clk/64 Compare @ OCR4A ! set compare value %0 DDRE c! e input 0001.0000 PORTE mset pullup on e4 %0000.0010 %EIC
The Impact of World Politics on Software Ecosystems It Will Never Work in Theory
The best summary of this paper comes from the paper itself:
The purpose of this article is to point the software engineering research community to open questions regarding how researchers can investigate, address, and regulate such kinds of protestware. In light of the war in Ukraine, we present three motivating scenarios where world politics has had impact on software ecosystems, highlighting the side affects, and then present an agenda on how to dissect and respond to such behaviour during software engineering practices.
The three scenarios discussed are malignant protestware that destroys data or otherwise does harm, benign protestware that raises awareness without damaging anything, and developer sanctions such as refusing to do business with an aggressor such as Russia or suspending accounts belonging to its citizens. The authors don't reach any conclusions, but with so much critical infrastructure now depending on open source software, it's long past time we started asking ourselves what we are and aren't willing to do.
Raula Gaikovina Kula and Christoph Treude. In war and peace: the impact of world politics on software ecosystems. 2022. arXiv:2208.01393.
Reliance on third-party libraries is now commonplace in contemporary software engineering. Being open source in nature, these libraries should advocate for a world where the freedoms and opportunities of open source software can be enjoyed by all. Yet, there is a growing concern related to maintainers using their influence to make political stances (i.e., referred to as protestware). In this paper, we reflect on the impact of world politics on software ecosystems, especially in the context of the ongoing war in Ukraine. We show three cases where world politics has had an impact on a software ecosystem, and how these incidents may result in either benign or malignant consequences. We further point to specific opportunities for research, and conclude with a research agenda with ten research questions to guide future research directions.
10:15
Resecurity appoints Akash Rosen to lead digital forensics practice Help Net Security
Resecurity accelerates Digital Forensics & Incident Response Services portfolio with the newly appointed industry professional, Akash Rosen. Akash Rosen is a recognized digital forensics expert and investigator. He assisted international law enforcement on numerous cases related to online-banking theft, financial and healthcare fraud, money laundering, malicious code distribution, and network intrusions into enterprise and government networks. Mr. Rosen is an expert court witness and have testified on numerous digital forensics and cybercrime investigation matters. He More
The post Resecurity appoints Akash Rosen to lead digital forensics practice appeared first on Help Net Security.
10:10
NetSPI hires Vinay Anand as CPO and Jay Golonka as CFO Help Net Security
NetSPI announced two C-Suite leadership appointments, Chief Product Officer (CPO) Vinay Anand and Chief Financial Officer (CFO) Jay Golonka. They bring decades of experience supporting high-growth technology companies and will be instrumental in leading NetSPIs technology growth. These appointments signal pivotal transformation for NetSPI, as we continue to evolve our technology platforms to meet the offensive security needs of the modern enterprise, said Aaron Shilts, CEO at NetSPI. Vinay and Jay will play a key More
The post NetSPI hires Vinay Anand as CPO and Jay Golonka as CFO appeared first on Help Net Security.
10:08
Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
A hacker on a popular forum is claiming to have stolen Acer Inc.'s data in mid-February 2023.
This is a post from HackRead.com Read the original post: Acer Data Breach: Hacker Claims to Sell 160GB Trove of Stolen Data
09:57
Ransom House ransomware attack hit Hospital Clinic de Barcelona Security Affairs
Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a cyber attack that crippled its computer system.
On Sunday, a ransomware attack hit the Hospital Clinic de Barcelona, one of the main hospitals of the Catalan city. The attack crippled the centers computer system, 150 nonurgent operations and up to 3,000 patient checkups were canceled due to the cyber attack.
The hospital hospital is diverting new urgent cases to other hospitals in the city.
The hospitals press department said that all written work was being done on paper and that the hospital was diverting new urgent cases to other hospitals in the city. states the Associated Press.
A local cybersecurity agency revealed that the attack was launched by a ransomware group known as Ransom House.
The ransomware infected the computers at the facilitys laboratories, emergency room and pharmacy at three main centers and several external clinics.
At this time it is unclear when IT staff at the hospital will be able to recover the impacted systems.
We cant make any prediction as to when the system will be back up to normal, hospital director Antoni Castells told a news conference today.
The Catalonias Cybersecurity Agency is working with the hospital to restore the infrastructure.
At this time the ransomware gang behind the attack has yet to demand the payment of a ransom.
Regional government telecommunications secretary Segi Marcn said that no ransom would be paid by Spanish authorities.
The authorities are investigating into the security breach, the hospital did not explain if it has suffered a data breach.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs hacking, ransomware)
The post...
08:56
ChatGPT Broke the EU Plan to Regulate AI SoylentNews
Europe's original plan to bring AI under control is no match for the technology's new, shiny chatbot application:
Artificial intelligence's newest sensation the gabby chatbot-on-steroids ChatGPT is sending European rulemakers back to the drawing board on how to regulate AI.
[...] The technology has already upended work done by the European Commission, European Parliament and EU Council on the bloc's draft artificial intelligence rulebook, the Artificial Intelligence Act. The regulation, proposed by the Commission in 2021, was designed to ban some AI applications like social scoring, manipulation and some instances of facial recognition. It would also designate some specific uses of AI as "high-risk," binding developers to stricter requirements of transparency, safety and human oversight.
[...] These AIs "are like engines. They are very powerful engines and algorithms that can do quite a number of things and which themselves are not yet allocated to a purpose," said Drago Tudorache, a Liberal Romanian lawmaker who, together with S&D Italian lawmaker Brando Benifei, is tasked with shepherding the AI Act through the European Parliament.
Already, the tech has prompted EU institutions to rewrite their draft plans. The EU Council, which represents national capitals, entrust the Commission with establishing cybersecurity, transparency and risk-management requirements for general-purpose AIs.
[...] Professionals in sectors like education, employment, banking and law enforcement have to be aware "of what it entails to use this kind of system for purposes that have a significant risk for the fundamental rights of individuals," Benifei said.
Read more of this story at SoylentNews.
08:00
MEMS Teardown and Macroscopic Models Hackaday
There is a bit of a paradox when it comes to miniaturization. When electronics replaced mechanical devices, it was often the case later, ICs, came around, things got smaller still. However, as things shrink to microscopic scales, transistors dont work well, and you often find full circle mechanical devices. [Breaking Taps] has an investigation of a MEMS chip. MEMS is short for Micro Electromechanical Systems, which operate in a decidedly mechanical way. You can see the video, which has some gorgeous electron microscopy, below. The best part, though, is the 3D-printed macroscale mechanisms that let you see how the pieces work.
Decapsulating the MPU-6050 was challenging. We usually mill a cavity on the top of an IC and use fuming nitric on a hot plate (under a fume hood) to remove the remaining epoxy. However, the construction of these chips has two pieces of silicon sandwiched together, so you need to fully expose the die to split them apart, so our usual method might not work so well. Splitting them open, though, damaged parts of the chip, so the video shows a composite of several devices.
The parts inside are microscopically small. It took a week to trace everything out and make the 3D-printed macroscale mechanisms that help explain how each piece works. Seeing a model of the accelerometer that is large enough to handle in your hands is very helpful in unders...
08:00
Intel Preparing Sapphire Rapids C0.2 Idle State Support For Better Energy Efficiency Phoronix
Posted today were a set of Linux kernel patches for enabling Sapphire Rapids C0.x idle states support, which can provide a nice bump to the energy efficiency of the latest-generation Xeon Scalable servers while also helping out with possible turbo boost benefits for the busy CPU cores to enhance overall system performance...
07:51
Warner Fights Unreleased Scooby-Doo And Krypto Too! Leaks TorrentFreak
Most people born in the 1960s or later will be familiar
with Scooby-Doo, the most recognized Great Dane in the world.
For those more advanced in years, think Enid Blytons Famous Five; four young people continuously run into mysteries and then solve them with help from a talking dog.
Scooby-Doo fans have been gripped by the format for more than half a century but the twilight years may already be here.
Scooby on the Chopping Block
Last August, David Zaslav, President and CEO of Warner Bros. Discovery, said the company had done a reset and would no longer release expensive films direct to streaming platforms. One of the first casualties was the almost complete Batgirl movie that reportedly went into company accounts as a tax write-off.
Were not going to launch your movie until its ready. Were not going to launch a movie to make a quota. And were not going to put a movie out unless we believe in it, Zaslav said.
Batgirl was joined on the shelf by Scoob! Holiday Haunt, which cost $40 million and was almost finished. Scooby-Doo and the Haunted High Rise was also canned along with Scooby-Doo! and the Mystery Pups.
With reports suggesting that Scooby-Doo And Krypto Too! might meet the same fate, this weekend fans were thrown an unexpected but tasty Scooby snack.
Scooby-Doo And Krypto Too! Leaks Online
South Korean animation studio Digital eMation began work on Scooby-Doo And Krypto Too! in 2021 and stills from the film appeared online last year.
Then this weekend, amidst considerable uncertainty, the question of whether the film would ever see the light of day was answered when the entire show leaked online.
Nobody seems to know who leaked it, much less why, but Warner clearly...
07:26
Alert: Scammers Pose as ChatGPT in New Phishing Scam HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
This phishing scam exploits the popularity of the AI-based ChatGPT chatbot to steal funds and harvest the personal and financial details of users.
This is a post from HackRead.com Read the original post: Alert: Scammers Pose as ChatGPT in New Phishing Scam
07:00
FEX 2303 Released For Improving Linux x86_64 Gaming On ARM64 Phoronix
06:11
Defense Department Signs $65 Million Contract With Startup That Makes Jet Fuel From CO2 SoylentNews
Air Force has already successfully tested and approved the sustainable aviation fuel:
As more companies focus on lowering their own carbon emissions, one startup is looking to take CO2 out of the atmosphere and create sustainable aviation fuel. It already has a small-scale working process and says that if it and other manufacturers scale up production, it could "mitigate" at least 10 percent of carbon emissions.
A startup specializing in sustainable aviation fuel (SAF) signed a $65 million contract with the US Department of Defense to create jet fuel out of thin air. The contract will provide a startup called Air Company funds to advance research and development of a system that can extract CO2 from the air and convert it into fuel-grade alcohols and paraffin.
Air Company already has a process of converting CO2 to jet fuel and published a white paper on the procedure. The company claims to have eliminated a step in the nearly 100-year-old Fischer-Tropsch process. It involves creating, harvesting, and storing CO2 from industrial corn fermentation. It then uses water electrolysis to produce hydrogen gas (H2) and oxygen (O2).
The O2 is released into the atmosphere, and the H2 feeds into a reactor with the captured CO2 and a catalyst. The chemical reaction produces ethanol, methanol, water, and paraffin. Distillation separates these components for use in other products, including vodka, perfume, hand sanitizer, and SAF.
The company cannot yet produce at the scale needed to impact global CO2 levels. However, CEO Gregory Constantine says that if Air Company and others can build to scale and all fuel-dependant industries switch to SAF, it could mitigate over 10 percent of carbon emissions.
Read more of this story at SoylentNews.
06:00
What Does an Electron Look Like? Hackaday
In school, you probably learned that an atom was like a little solar system with the nucleus as the sun and electrons as the planets. The problem is, as [The Action Lab] points out, the math tells us that if this simplistic model was accurate, matter would be volatile. According to the video you can see below, the right way to think about it is as a standing wave.
What does that mean? The video shows a very interesting demonstrator that shows how that works. You can actually see the standing waves in a metal ring. This is an analog still not perfect for the workings of an atom. An input frequency causes the ring to vibrate, and at specific vibration frequencies, a standing wave develops in the ring.
What was most interesting to us is that this explanation shows why electrons only increase and decrease in steps. Turns out nothing is really orbiting the way we all learned in school. Not that this model is exactly correct either, but it is apparently closer to reality than the old-school model.
Electrons are one of those funny things that sometimes look like a wave and sometimes look like a particle. Not that we fully grok all the quantum weirdness. Maybe we half understand it, and half dont understand it.
...
05:39
Top members of DoppelPaymer Ransomware gang arrested HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
Authorities have arrested two suspected members of the DoppelPaymer ransomware gang in Germany and Ukraine, believed to be high-value members of the cybercrime syndicate.
This is a post from HackRead.com Read the original post: Top members of DoppelPaymer Ransomware gang arrested
05:01
3 fundamental tools to troubleshoot Linux performance problems Linux.com
In this article and video, youll learn how to collect information about your Linux systems performance.
Read More at Enable Sysadmin
The post 3 fundamental tools to troubleshoot Linux performance problems appeared first on Linux.com.
04:35
Links 06/03/2023: GNU grep 3.9 and New Garuda Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Desktop/Laptop
-
Dedoimedo The Slimbook Titan is here
So far, the Slimbook Titan is my most expensive laptop to date. Its also by far the most powerful one, with a spec that wouldnt shame many a desktop. Of course, the mobility comes at its price. And my deliberate choice to use Li...
-
-
04:21
Detection Stays One Step Ahead of Deepfakesfor Now IEEE Spectrum
In March 2022, a video appeared online that seemed to show Ukraines president, Volodymyr Zelensky, asking his troops to lay down their arms in the face of Russias invasion. The videocreated with the help of artificial intelligencewas poor in quality and the ruse was quickly debunked, but as synthetic content becomes easier to produce and more convincing, a similar effort could someday have serious geopolitical consequences.
Thats in part why, as computer scientists devise better methods for algorithmically generating video, audio, images, and texttypically for more constructive uses such as enabling artists to manifest their visionstheyre also creating counter-algorithms to detect such synthetic content. Recent research shows progress in making detection more robust, sometimes by looking beyond subtle signatures of particular generation tools and instead utilizing underlying physical and biological signals that are hard for AI to imitate.
Its also entirely possible that AI-generated content and detection methods will become locked in a perpetual back-and-forth as both sides become more sophisticated. The main problem is how to handle new technology, Luisa Verdoliva, a computer scientist at the University of Naples Federico II, says of the novel generation methods that keep cropping up. In this respect, it never ends.
In November, Intel announced its Real-Time Deepfake Detector, a platform for analyzing videos. (The term deepfake derives from the use of deep learningan area of AI that uses many-layered artificial neural networksto create fake content.) Likely customers include social-media companies, broadcasters, and NGOs that can distribute detectors to the general public, says Ilke Demir, a researcher at Intel. One of Intels processors can analyze 72 video streams at once. Eventually the platform will apply several detection tools, but when it launches this spring it will use a detector that Demir cocreated (with Umur ifti, at Binghamton University) called FakeCatcher.
FakeCatcher studies color c...
04:00
Linux 6.3 Features: AMD Auto IBRS To Steam Deck Controller Interface, IPv4 BIG TCP & More Phoronix
Now that the Linux 6.3 merge window is over with Linux 6.3-rc1 having been released last night, here is a look at all of the interesting changes, new features, and hardware support coming with this next major kernel version.
03:35
[$] The rest of the 6.3 merge window LWN.net
Linus Torvalds released 6.3-rc1 and closed the 6.3 merge window as expected on March 5. By that time, 12,717 non-merge commits (and 848 merges) had found their way into the mainline kernel; nearly 7,000 of those commits came in after the first-half merge-window summary was written. The second half of the 6.3 merge window was thus a busy time, with quite a bit of new functionality landing in the mainline.
03:23
Yes, Everything in Physics is Completely Made Up That's the Whole Point SoylentNews
Researching a cosmic mystery like dark matter has its downsides. On the one hand, it's exciting to be on the road to what might be a profound scientific discovery. On the other hand, it's hard to convince people it's worth studying something that's invisible, untouchable, and apparently made of something entirely unknown.
While the vast majority of physicists find the evidence for dark matter's existence convincing, some continue to examine alternatives, and the views in the press and the public are significantly more divided. The most common response I get when I talk about dark matter is: "isn't this just something physicists made up to make the math work out?"
The answer to that might surprise you: yes! In fact, everything in physics is made up to make the math work out.
[...] This level of abstraction is especially apparent in particle physics, because the existence or non-existence of a single particle on a subatomic scale is a rather fuzzy notion. The equations describing the motion of an electron through space don't actually include a particle at all, but rather an abstract mathematical object called a wavefunction that can spread out and interfere with itself.
Is it ever true, then, to say that an electron is 'real' when it's in motion? If we believe that electrons are real things, have we just made up the wavefunction to make the math work out? Absolutely that was, in fact, the whole point. We couldn't get the equations to work if the electron was a solid, isolated particle, so we made up something that wasn't, and then the numbers started making sense.
Read more of this story at SoylentNews.
03:01
European police dismantled the DoppelPaymer ransomware gang Security Affairs
German police announced to have dismantled an international cybercrime gang behind the DoppelPaymer ransomware operation.
Europol has announced that an international operation conducted by law enforcement in Germany and Ukraine, with help of the US FBI and the Dutch police, targeted two key figures of the DoppelPaymer ransomware group.
On 28 February 2023, the German Regional Police (Landeskriminalamt Nordrhein-Westfalen) and the Ukrainian National Police ( ), with support from Europol, the Dutch Police (Politie) and the United States Federal Bureau of Investigations, targeted suspected core members of the criminal group responsible for carrying out large-scale cyberattacks with the DoppelPaymer ransomware. reads the press release published by the Europol.
DoppelPaymer ransomware has been active since June 2019, in November 2020 Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat.
The DoppelPaymer ransomware is based on the BitPaymer ransomware and the Dridex malware family, operators often used the EMOTET malware to spread it.
DoppelPaymer was distributed through various channels, such as phishing and spam messages. The operators behind this ransomware family rely on a double extortion scheme, the gang launched a leak site in early 2020. According to German authorities, at least 37 companies were hit with the ransomware, the most prominent victim is the University Hospital in Dsseldorf. The Europol states that in the US, victims payed at least 40 million euros between May 2019 and March 2021.
The law enforcement raided multiple locations in the Germany and Ukraine.
During the simultaneous actions, German officers raided the house of a German national, who is believed to have played a major role in the DoppelPaymer ransomware group. Investigators are currently analysing the seized equipment to determine the suspects exact role in the structure of t...
02:59
Business-grade routers compromised in low-key attack campaign Help Net Security
An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan (dubbed HiatusRAT) and a packet capturing program. The impacted models are high-bandwidth routers that can support VPN connections for hundreds of remote workers and offer ideal capacity for the average, medium-sized business. We suspect the actor infects targets of interest for data collection, and targets of opportunity for the purpose of establishing More
The post Business-grade routers compromised in low-key attack campaign appeared first on Help Net Security.
02:58
Three Questions and Answers: Rust for Linux (Heise) LWN.net
Heise interviews Miguel Ojeda about the Rust-for-Linux project.
The first drivers (and the abstractions supporting them) that will start to be upstreamed are likely to be the Asahi Linux's GPU driver, Android's Binder and the NVMe driver. These are all non-trivial and will set the example for future Rust kernel abstractions and drivers.
02:53
DARTs Ejecta and Planetary Defense Centauri Dreams Imagining and Planning Interstellar Exploration
Im glad to see the widespread coverage of the DART mission results, both in terms of demonstrating to the public what is possible in terms of asteroid threat mitigation, and also of calming overblown fears that we have too little knowledge of where these objects are located. DART (Double Asteroid Redirection Test) was a surprisingly demonstrative success, shortening the orbit of the satellite asteroid Dimorphos by an unexpectedly large value of 33 minutes. The recoil effect from the ejection of asteroid material, perhaps as high as 0.5% of its total mass, accounts for the result.
Watching the ejecta evolve has been fascinating in its own right, as the interactions between the two elements of the binary asteroid come into play along with solar radiation pressure. Asteroids have previously been observed that displayed a sustained tail, as Dimorphos did after impact, and the DART results suggest that the hypothesis of similar impacts on these objects is correct. Thus we learn valuable lessons about how asteroids behave when impacted either by technologies or by natural objects. We can expect the study of active asteroids to get a boost from the success of this mission.
The two images below are from the Hubble instrument, which observed the development of Dimorphos tail. Jian-Yang Li (Planetary Science Institute) is lead author of a recent paper in Nature on the evolution of the ejecta. Li comments on the interplay between the gravity of Dimorphos and parent asteroid Didymos as well as the pressure of sunlight in the first two and a half weeks after the impact. Bear in mind that an impact on a single as opposed to a binary asteroid would not display such complex effects. The presence of Didymos was indeed useful:
...A simple way to visualize the evolution of the ejecta is to imagine a cone-shaped ejecta curtain coming out from Dimorphos, which is orbiting Didymos. After about a day, the base of the cone is slowly distorted by the gravity of Didymos first, forming a curved or twisted funnel in two to three days. In the meantime, the pressure from sunlight constantly pushes the dust in the ejecta towards the opposite direction of the Sun, and slowly modifies and finally destroys the cone shape. This effect becomes apparent after about three days. Because small particles are pushed faster than large particles, the ejecta was stretched towards the anti-solar direction, forming streaks in the ejecta.
02:30
Debian APT 2.6 Released With Updates For Non-Free Firmware Handling Phoronix
Debian developers today released APT 2.6 as the newest version of this package manager that will ship as part of the upcoming Debian 12 "Bookworm" release...
02:28
Microsoft Is an Ethical Not Religious Problem Techrights
Authored by Dr. Andy Farnell
The government is not trying to destroy Microsoft, its simply seeking to compel Microsoft to obey the law. Its quite revealing that Mr. Gates equates the two.
Government official
A recent Reddit post caught my attention as a Christian, humanist and computer scientist. Allegedly, an employer claimed to be troubled by a worker citing Religious Reasons for their refusal to use Microsoft 1. I also refuse to use Microsoft products, but have never been inclined to so boldly claim it a matter of Religion.
I worry this may be a step too far, and may do some disservice to the very real struggle against corporate tyranny and erosion of digital rights. Indeed, there are many perfectly good reasons to reject the wares of Big Tech companies without invoking religion as a first line. Lets step back and consider why.
I see the framing of the Reddit
story, of a modern-day Luddite throwing her religious spanner into
the noble wheels of industry, as mischievous.Religions are
complex. They include ethical values, but also practices, habits,
associations, symbolisms, traditions, and
interpretations of texts. Most, though not all religions, espouse
an ethical framework, but in secular modernity we bracket ethics
aside. Whilst for people of faith religion and ethics are
essentially synonymous, one may still have profound and unshakable
ethics without subscribing to any organised religion.
It is not that religious tenets have no relevance to technology. I a troubled, through my personal religious beliefs, by our trajectory in the digital world. The greed, wrath, envy and sloth facilitated by a mindless cult of convenience and control is heartbreaking for me as a computer scientist. The bonfire of opportunity squandered in favour of technologies designed to track, manipulate, enslave and deceive feels like a tragedy of biblical magnitude. Inseparably, with respect to positive spiritual understanding, it is religion that preserves my technological optimism, and sense of hope for humane, ethical technology.
Yet I see the framing of the Reddit story, of a modern-day Luddite throwing her religious spanner into the noble wheels of industry, as mischievous. It rather nicely stokes a false dichotomy between religion and technology. Not only are many technologists religious, but our 21st century digital technology is driven as much by transcendent supernaturalism and organisational ideologies as by clear reason.
Indeed there are good arguments to be heard that technology is a...
01:24
Suprbay.org, The Pirate Bay Web Forum Down amid Cyberattack HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
The SuprBay forum has been inaccessible for a few days.
This is a post from HackRead.com Read the original post: Suprbay.org, The Pirate Bay Web Forum Down amid Cyberattack
01:18
New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims The Hacker News
A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on
01:15
Security updates for Monday LWN.net
Security updates have been issued by Debian (apache2, libde265, libreswan, spip, syslog-ng, and xfig), Fedora (edk2, libtpms, python-django3, stb, sudo, vim, and xen), Red Hat (libjpeg-turbo and pesign), SUSE (kernel, python36, samba, and trivy), and Ubuntu (linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gke, linux-gkeop, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux, linux-aws, linux-dell300x, linux-gcp-4.15, linux-oracle, linux-aws-hwe, linux-oracle, and linux-bluefield).
01:11
Links 06/03/2023: LibreELEC 11 Released and Deutsche Telekom Spreads Nextcloud Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and
Gopher
- ...
01:04
From Disinformation to Deep Fakes: How Threat Actors Manipulate Reality The Hacker News
Deep fakes are expected to become a more prominent attack vector. Here's how to identify them. What are Deep Fakes? A deep fake is the act of maliciously replacing real images and videos with fabricated ones to perform information manipulation. To create images, video and audio that are high quality enough to be used in deep fakes, AI and ML are required. Such use of AI, ML and image replacement
00:47
US government orders States to conduct cyber security audits of public water systems Security Affairs
The US government urges cyber security audits of public water systems, highlighting the importance to secure US critical infrastructure.
The Biden administration announced on Friday that it will make it mandatory for the states to conduct cyber security audits of public water systems.
Water systems are critical infrastructures that are increasingly exposed to the risk of cyberattacks by both cybercriminal organizations and nation-state actors, the US Environmental Protection Agency reported.
Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable, said EPA Assistant Administrator Radhika Fox, as reported by the Associated Press. Cyberattacks have the potential to contaminate drinking water.
EPA has already provided a guide to audit water systems and recommends using it, it also would provide technical support to the states in conducting future cyber security assessments by developing cybersecurity programs.
According to government officials, recent audits show that the lack of proper defense, mainly on the operational technology deployed in water systems. In many cases, they lack cybersecurity practices and rely on voluntary measures with poor progress.
EPA claims are also confirmed by private agencies like Fitch Ratings which published an alert in April 2021 to warn of the material risk to water and sewer utilities caused by cyber attacks that could also impact their ability to repay debt.
The agency evaluated the resilience of water and sewer utilities to unexpected events, including cyberattacks, which could pose financial and operating risks, and even the credit quality of the critical infrastructure.
An incident response could have a significant impact on the cash reserves. The expenses to mitigate a cyber-attack could impact the ability of the utilities of paying their debt.
A cyber attack could also cause the loss or corruption of customer data, impacting the ability to read meters or access billing systems. An incident could reduce customer confidence and could affect the ability to raise rates. The alerts also states that the administration of the utility could face unexpected financial losses due to regulatory action or lawsuits from constituents.
On June 2021, a report published by NBC News revealed that threat actors attempted to compromise an unnamed water treatment plant...
00:38
openSUSE Tumbleweed Sets Great Example With x86-64-v3 HWCAPS Phoronix
The rolling-release openSUSE Tumbleweed recently began rolling out optional x86-64-v3 optimized packages for those on roughly Intel Haswell or newer systems and wanting to squeeze out maximum performance from their hardware. The selection of x86-64-v3 packages built by openSUSE Tumbleweed is currently rather limited, but hopefully this major Linux distribution joining the HWCAPS party will lead other Linux distributions to follow suit...
00:36
Russian Nuclear Company Tests Beaver PCs With Homegrown Baikal CPUs SoylentNews
Russian Nuclear Company Tests 'Beaver' PCs With Homegrown Baikal CPUs:
A daughter company of Rosatom, a nuclear energy company owned by the Russian government, is testing PCs from Delta Computers called Beaver that are based on a processor designed by Russia's Baikal Microelectronics and a Linux distribution approved for use by state agencies. The company is trying to replace PCs designed by Western companies with something domestic, reports 3DNews. But they may have an obstacle in their way.
Delta Computers' Beaver is a small form-factor PC running Baikal Electronics's Baikal-M1 (BE-M1000) chip and the Astra Linux Special Edition operating system. The Beaver can have up to 64GB of DDR4 memory and up to 16TB of HDD and SSD storage. The machine has multiple USB Type-A 2.0/3.0 ports, PS/2 connectors, an RS-232 header, two Ethernet ports, an HDMI output, and two 3.5-mm audio connectors for headphones and microphones. The PC can be upgraded with low-profile PCIe 3.0 x8 add-in-boards, such as graphics cards. The system uses an LCD display, a corded keyboard, and a corded mouse.
"The concern has purchased the first batch of 'Beaver' domestic personal computers based on the Baikal processor and is getting ready to introduce them into the infrastructure of the Rosenergoatom energy generating company," a statement by Rosatom reads.
Delta's Beaver is nothing special if not for its Baikal-M1 SoC. The Baikal-M1 is a rather well-known processor that packs eight Arm Cortex-A57 cores with an 8MB L3 cache operating at 1.50 GHz and mated with an eight-cluster Arm Mali-T628 GPU with two display pipelines. The SoC, which uses technologies from 2014 2015, is made by TSMC using one of its 28nm-class process technologies. But such processors cannot be shipped to a Russian or a Belarussian entity from Taiwan due to restrictions imposed by the government.
While Rosatom might have procured samples of Beaver (Bober in Russian), Delta Computers can't get enough processors as the owner of Baikal Microelectronics went bankrupt in late 2022.
...