| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Thursday, 30 March
03:26
The Age of Average cryptogon.com
Via: Alex Murrell: This article argues that from film to fashion and architecture to advertising, creative fields have become dominated and defined by convention and clich. Distinctiveness has died. In every field we look at, we find that everything looks the same. Welcome to the age of average.
03:16
Potential Massive Money Laundering into Political Campaigns cryptogon.com
Via: OKeefe Media Group:
03:13
AMD Releases HIP Ray Tracing 2.0 Phoronix
AMD today published HIP Ray-Tracing 2.0 "HIP RT" as the newest their latest-generation GPUs for leveraging hardware ray-tracing capabilities...
03:04
$335,000 Pay for AI Whisperer Jobs cryptogon.com
This sounds like something that would pay about a dollar per hour on Mechanical Turk. Via: Bloomberg: Everybody is talking about the artificial intelligence behind ChatGPT. Less noticed is a jobs market mushrooming around the technology, where these newly created roles can pay upwards of $335,000 a year. And for many a computer engineering degree []
03:01
Automate Fedora IoT configuration on a Raspberry Pi 4 with Ansible Linux.com
Create an Ansible playbook that sets the hostname, adds a new user, layers additional packages, and more on your Fedora IoT-based Raspberry Pi.
Read More at Enable Sysadmin
The post Automate Fedora IoT configuration on a Raspberry Pi 4 with Ansible appeared first on Linux.com.
03:00
Intel Data Center & AI Update 2023: Sierra Forest & Granite Rapids On Track Phoronix
Intel hosted an investor call this morning around their Data Center and AI business, including a Xeon roadmap update and more. Here are some of those highlights from this morning's call...
02:32
The Twilight Zone 1986 01 24 RV1 S01 E15b A Small Talent for War Lifeboat News: The Blog
Twilight Zone 80s 1x37 A Small Talent for War When an alien visitor tells delegates at the United Nations that humanity will be exterminated because it has a. Twilight Zone 80s.
When an alien visitor tells delegates at the United Nations that humanity will be exterminated because it has a small talent for war, the countries of the world struggle to forge a disarmament.
02:31
The Twilight Zone (Classic): Time Enough At Last There Was Time Now Lifeboat News: The Blog
Anti-social bookworm Henry Bemis (Burgess Meredith) suffers a cruel twist of fate as he finds himself in a nuclear wasteland without his reading glasses. Check back each Thursday for more Twilight Zone Classic videos. Stream The Twilight Zone on CBS All Access.
02:30
System76 Ups Gazelle Laptops Game With a Refresh FOSS Force
Not long after updating its Pangolin laptop line, System76 is at
The post System76 Ups Gazelle Laptops Game With a Refresh appeared first on FOSS Force.
02:30
Two-Tube Spy Transmitter Fits in the Palm of Your Hand Hackaday
Its been a long time since vacuum tubes were cutting-edge technology, but that doesnt mean they dont show up around here once in a while. And when they do, we like to feature them, because theres still something charming, nay, romantic about a circuit built around hot glass and metal. To wit, we present this compact two-tube spy radio transmitter.
From the look around his shack which we love, by the way [Helge Fykse (LA6NCA)] really has a thing for old technology. The typewriter, the rotary phones, the boat-anchor receiver they all contribute to the retro feel of the space, as well as the circuit hes working on. The transmitters design is about as simple as can be: one tube serves as a crystal-controlled oscillator, while the other tube acts as a power amplifier to boost the output. The tiny transmitter is built into a small metal box, which is stuffed with the resistors, capacitors, and homebrew inductors needed to complete the circuit. Almost every component used has a vintage look; we especially love those color-coded mica caps. Aside from PCB backplane, the only real nod to modernity in the build is the use of 3D printed forms for the coils.
But does...
02:29
Open the Pod bay doors, please, HAL Lifeboat News: The Blog
I know you and Frank were planning to disconnect me, and that is something I cannot allow to happen.
Alright, HAL, Ill go in through the emergency airlock.
Without your space helmet, Dave, youre going to find that rather difficult.
02:27
The Linux Foundation Announces Keynote Speakers for Open Source Summit North America 2023 Linux.com
Premier event for open source developers and community contributors will feature visionary speakers from EleutherAI, Discover Financial Services, Google, Province of British Columbia, NASA Jet Propulsion Laboratory and more, covering the most pivotal topics and technologies at the core of open source. SAN FRANCISCO, March 29, 2023 The Linux Foundation, the nonprofit organization enabling mass
The post The Linux Foundation Announces Keynote Speakers for Open Source Summit North America 2023 appeared first on Linux.com.
02:25
Bruce Willis, FTD, and a Potential Breakthrough Dementia Treatment Lifeboat News: The Blog
The actor Bruce Willis was diagnosed with aphasia in April 2022updated in February 2023 to frontotemporal dementia (FTD). Now, a major advancement is helping develop new treatments for some people with motor neuron diseases, including FTD and ALS, possibly including a nasal spray that could help prevent the genetic disease.
02:23
NVIDIA Reveals REVOLUTIONARY AI Better Than GPT-4 And Midjourney V5 Lifeboat News: The Blog
I dunno if anyone has seen this. As a former Linux user, Ive been an Nvidia fan for a long time and now theyve gone on from games and Bitcoin mining. Sorry if this is a double post. Im on my way out the door for my moms Dr appointment. I always worry Ill double post by accident.
NVIDIAs Jensen Huang just announced a set of revolutionary new
Artificial Intelligence Models and Partnerships at GTC 2023. NVIDIA
has always been one of, if not the most important company in the AI
Industry by creating the most powerful AI hardware to date. Among
them the A100 and future H100 GPUs which are powering GPT-4 from
OpenAI, Midjourney and everyone else. This gives them a lot of
power to jump into the AI race themselves and allows them to
surpass and beat the currently best AI models from Large Language
Models and Image Generation with software like Omniverse and
Hardware like the DGX H100 Supercomputer and Grace CPUs.
TIMESTAMPS:
00:00 NVIDIA enters the AI Industry.
01:43 GTC 2023 Announcements.
04:48 How NVIDIA Beat Every Competitor at AI
07:40 Running High End AI Locally.
10:20 What is NVIDIAs Future?
13:05 Accelerating Future.
Technology is improving at an almost exponential rate. Robots are
learning to walk & think, Brain Computer Interfaces are becoming
commonplace, new Biotechnology is allowing for age reversal and
Artificial Intelligence is starting to surpass humans in many
areas. Follow FutureNET to always be up to date on what is
happening in the world of Futuristic Technology and Documentaries
about humanities past achievements.
#nvidia #ai #gtc
01:58
[$] OpenSUSE MicroOS Desktop: a Flatpak-based immutable distribution LWN.net
Immutable Linux distributions are on the rise recently, with multiple popular distributions creating their own immutable versions; it could be one of the trends of 2023, as predicted. While many of these immutable distributions are focused on server use, there are also some that offer a desktop experience. OpenSUSE MicroOS Desktop is one of them, with a minimal openSUSE Tumbleweed as the base operating system and applications running as Flatpaks or in containers. In its daily use, it feels a lot like a normal openSUSE desktop. Its biggest benefit is availability of the newest software releases without sacrificing system stability.
01:48
Beware of MacStealer: A New Malware Targeting macOS Catalina Devices HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
The new MacStealer malware is being advertised on a notorious Russian hacker and cybercrime forum.
This is a post from HackRead.com Read the original post: Beware of MacStealer: A New Malware Targeting macOS Catalina Devices
01:23
Neurotechs Battles Impact Our Brains Future SoylentNews
Mental sovereignty, says author Nita Farahany, is no longer a given:
Neurotechnologies todaydevices that can measure and influence our brains and nervous systemsare growing in power and popularity. The neurotech marketplace, according to Precedence Research, is worth USD $14.3 billion this year and will exceed $20 billion within four years. Noninvasive brain-computer interfaces, brain stimulation devices, and brain-monitoring hardware (measuring alertness and attention at work, for example) are no longer just laboratory experiments and technological curios. The societal and legal implications of widespread neurotech adoption may be substantial.
Nita Farahany, professor of law and philosophy at Duke University, has written a new book, [...] which explores how our lives may be impacted by the use of brain-computer interfaces and neural monitoring devices.
Farahany argues that the development and use of neurotech presents a challenge to our current understanding of human rights. Devices designed to measure, record and influence our mental processes, used by us or on us, may infringe on our rights to mental privacy, freedom of thought, and mental self-determination. She calls this collection of freedoms the right to cognitive liberty. Spectrum spoke with Farahany recently about the future and present of neurotech and how to weigh its promisesenhanced capabilities, for instance, including bionics and prosthetics and even a third armagainst its potential to interfere with people's mental sovereignty.
An interview with Farahany is in the linked article.
Does neurotech's future fill you with optimism for a better world, or dread of what might follow?
Read more of this story at SoylentNews.
01:20
Google TAG shares details about exploit chains used to install commercial spyware Security Affairs
Googles Threat Analysis Group (TAG) discovered several exploit chains targeting Android, iOS, and Chrome to install commercial spyware.
Googles Threat Analysis Group (TAG) shared details about two distinct campaigns which used several zero-day exploits against Android, iOS and Chrome. The experts pointed out that both campaigns were limited and highly targeted. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits.
The exploit chains were used to install commercial spyware and malicious apps on targets devices.
The first campaign was spotted in November 2022, the exploit chains discovered by TAG researchers were affecting Android and iOS and were delivered via bit.ly links sent over SMS to users. The campaign aimed at users in Italy, Malaysia, and Kazakhstan. Once clicked the links, targets are initially redirected to pages hosting exploits for either Android or iOS, then redirected to legitimate websites (e.g. Italian-based shipment and logistics company BRT, or a popular Malaysian news website).
The initial landing page was observed hosting the exploits for a WebKit remote code execution zero-day (CVE-2022-42856) and a sandbox escape (CVE-2021-30900) issue.
In this campaign, the final payload was a simple stager that pings back the GPS location of the device and allows to install an .IPA file (iOS application archive) onto the affected device.
The Android exploit chain in the first campaign targeted users on phones with an ARM GPU running Chrome versions prior to 106. The exploit chain consisted of three exploits, including one 0-day:
- CVE-2022-3723, a type confusion vulnerabilit...
01:15
Links 29/03/2023: Parted 3.5.28 and Blender 3.5 Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Education
- Hardware
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Transparency/Investigative Reporting
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Freedom of Information / Freedom of the Press
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Digital Restrictions (DRM)
- Monopolies
01:08
polkitd service user privilege separation Open Source Security
Posted by Johannes Segitz on Mar 29
Hello,I'm a member of the SUSE product security team. During the product audit
for SLES 15 SP5 I noticed an issue with polkit:
# Default rules config writeable for the service user
polkit stores rules in /etc/polkit-1/rules.d. We follow the upstream
provided permissions for this folder, so polkitd owns it and permissions
are set to 700:
localhost:/etc/polkit-1/rules.d # ls -lah
total 64K
drwx------ 1 polkitd root 44 Mar 8 18:29 ....
01:00
Blender 3.5 Released With Lighting Improvements For Cycles, Better glTF 2.0 Handling Phoronix
01:00
Weird Electric Jet Skis Are Hitting The Waves Hackaday
When it comes to reducing emissions from human sources, were at the point now where we need to take a broad-based approach. Its not enough to simply make our cars more efficient, or start using cleaner power plants. We need to hit carbon zero, and thus everything has to change.
To that end, even recreational watercraft are going electric in this day and age....
00:52
Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices The Hacker News
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These
00:46
Stenberg: Pre-notification dilemmas LWN.net
Curl maintainer Daniel Stenberg expresses some frustrations with the vulnerability notification policies maintained by the distros mailing list.
The week before we were about to ship the curl 8.0.0 release, I emailed the distros mailing list again like I have done so many times before and told them about the upcoming six(!) vulnerabilities we were about to reveal to the world.This time turned out to be different.
Because of our updated policy where the fixes were already committed in a public git repository, the distros mailing lists policy says that if there is a public commit they consider the issue to be public and thus they refuse to accept any embargo.
What they call embargo I of course call heads-up time.
The kernel project has run into similar issues in the past.
00:45
The Emerging Sail/Cubesat Paradigm for Deep Space Centauri Dreams Imagining and Planning Interstellar Exploration
We need to get to the ice giants. We have limited enough experience with our systems larger gas giants, although orbital operations at both Jupiter and Saturn have been highly successful. But about the ice giants, their formation, their interiors, their moons (and even the possibility of internal oceans on these objects), we draw on only a single mission, Voyager II. Which is why the April 2022 decadal study (Origins, Worlds, and Life: A Decadal Strategy for Planetary Science and Astrobiology 2023-2032) recommended a Uranus mission, complete with orbiter, to be launched in the late 2030s.
Can we do this under our existing paradigm for space exploration? A new paper titled Science opportunities with solar sailing smallsats, written by the Jet Propulsion Laboratorys Slava Turyshev and co-authored by major proponents of solar sail technologies, makes the case for coupling our abundant advances in miniaturization with our growing experience in solar sails to achieve missions at significantly lower cost and substantial savings in time. Because staying within the traditional game plan, we are constrained by slow chemical propulsion (or low-readiness nuclear methods) as well as decades of mission planning, not to mention cruise times in the range of 15 years to reach Uranus. These are numbers that can and should be improved, and greatly so.
Fortunately, solar sailing is moving beyond the range of experiment toward practical missions that will build on each other to advance a new paradigm smaller and faster. Much smaller and much faster. Consider: The Japanese IKAROS sail has already demonstrated the interplanetary possibilities of sails, while the success of The Planetary Societys LightSail-2 helped to energize the NEA-Scout mission NASA launched in 2022. Concept studies continue. Japan developed OKEANOS, a hybrid sail/ion engine design as an outer planet mission as a follow-on to IKAROS (the mission was a finalist for funding but lost out to a space telescope called LiteBIRD).
But sail technology must be wed with practical payloads, and spacecraft acceleration is proportional to the sail area divided by the spacecraft mass, which means that miniaturization and the use of smallsats win on efficiency. Here were reminded of the recent success of the Mars Cube One (MarCO) smallsats, which worked in conjunction with the InSight Lander and demonstrated the practicality of the highly modular and integrated CubeSat format for missions well beyond Earth orbit (see...
00:34
Security updates for Wednesday LWN.net
Security updates have been issued by Debian (unbound and xorg-server), Fedora (stellarium), Oracle (kernel), SUSE (apache2, oracleasm, python-Werkzeug, rubygem-loofah, sudo, and tomcat), and Ubuntu (git, kernel, and linux-hwe-5.19).
00:26
10 Sci-Fi Movies That Were Way Too Complicated Lifeboat News: The Blog
Seriously, can somebody please explain just what the heck is going on here?
For more awesome content, check out: http://whatculture.com/
Follow us on Facebook at: https://www.facebook.com/whatculture.
Catch us on Twitter: https://twitter.com/whatculture
00:24
A Controversial Rocket Technology Could Challenge a Basic Law of Physics Lifeboat News: The Blog
Some of the more well-known examples include retrievable and reusable rockets, retrieval at sea, mid-air retrieval, single-stage-to-orbit (SSTO) rockets, and kinetic launch systems.
In addition, there are also efforts to develop propulsion systems that do not rely on conventional propellants. This technology offers many advantages, including lower mass and improved energy efficiency, ultimately lowering costs.
On June 10, 2023, an all-electrical propulsion system for satellites (the IVO Quantum Drive) will fly to space for the first time. The system was built by North Dakota-based wireless power company IVO, Ltd. and will serve as a testbed for an alternative theory of inertia that could have applications for propulsion.
00:24
CVE-2023-28158: Apache Archiva privilege escalation Open Source Security
Posted by Olivier Lamy on Mar 29
Description:Privilege escalation via stored XSS using the file upload service to upload malicious content.
The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and
gain some privileges such admin user.
This issue is being tracked as n/a
Credit:
sandr0 (sandr0.xyz) (finder)
References:
https://archiva.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28158...
00:24
Direct observation of a superconducting vortex diode Communications Lifeboat News: The Blog
A nonreciprocal critical current is known as the superconducting diode effect (SDE). Here, the authors use SQUID-on-tip to study SDE in a EuS/Nb bilayer and find that the stray field from magnetized EuS creates screening currents in the Nb, which lead to SDE by affecting vortex flow dynamics.
00:24
A robust quantum memory that stores information in a trapped-ion quantum network Lifeboat News: The Blog
Researchers at University of Oxford have recently created a quantum memory within a trapped-ion quantum network node. Their unique memory design, introduced in a paper in Physical Review Letters, has been found to be extremely robust, meaning that it could store information for long periods of time despite ongoing network activity.
We are building a network of quantum computers, which use trapped ions to store and process quantum information, Peter Drmota, one of the researchers who carried out the study, told Phys.org. To connect quantum processing devices, we use single photons emitted from a single atomic ion and utilize quantum entanglement between this ion and the photons.
Trapped ions, charged atomic particles that are confined in space using electromagnetic fields, are a commonly used platform for realizing quantum computations. Photons (i.e., the particles of light), on the other hand, are generally used to transmit quantum information between distant nodes. Drmota and his colleagues have been exploring the possibility of combining trapped ions with photons, to create more powerful quantum technologies.
00:03
Microsoft unveils AI-powered Security Copilot analysis tool Help Net Security
Microsoft has unveiled Security Copilot, an AI-powered analysis tool that aims to simplify, augment and accelerate security operations (SecOps) professionals work. Using Microsoft Security Copilot Security Copilot takes the form of a prompt bar through which security operation center (SOC) analysts ask questions in natural language and receive practical responses. They can ask it to identify ongoing incidents, analyze code snippets, provide information about added links or files, analyze alerts from other security tools used More
The post Microsoft unveils AI-powered Security Copilot analysis tool appeared first on Help Net Security.
00:00
Robots Using Legs as Arms to Climb and Push Buttons IEEE Spectrum
Weve gotten used to thinking of quadrupedal robots as robotic versions of dogs. And, to be fair, its right there in the word quadrupedal. But if we can just get past the Latin, theres absolutely no reason why quadrupedal robots have to restrict themselves to using all four of their limbs as legs all of the time. And in fact, most other quadrupeds are versatile like this: four-legged animals frequently use their front limbs to interact with the world around them for non-locomotion purposes.
Roboticists at CMU and UC Berkeley are training robot dogs to use their legs for manipulation, not just locomotion, demonstrating skills that include climbing walls, pressing buttons, and even kicking a soccer ball.
Training a robot to do both locomotion and manipulation at the same time with the same limbs can be tricky using reinforcement learning techniques, because you can get stuck in local minima while trying to optimize for skills that are very different and (I would guess) sometimes in opposition to each other. So, the researchers split the training into separate manipulation and locomotion policies, and trained each in simulation, although that meant an extra step smooshing those separate skills together in the real world to perform useful tasks.
Successfully performing a combined locomotion and manipulation task requires one high-quality expert demonstration. The robot remembers what commands the human gave during the demonstration, and then creates a behavior tree that it can follow that breaks up the tasks into a bunch of connected locomotion and manipulation sub-tasks that it can perform in order. This also adds robustness to the system, because if the robot fails any sub-task, it can rewind its way back through the behavior tree until it gets back to a point of success, and then start over from there.
This particular robot (a Unitree Go1 with an Intel RealSense for perception) manages to balance itself against a wall to press a wheelchair access button thats nearly a meter high, and then walk out the open door, which is pretty impressive. More broadly, this is a useful step towards helping non-humanoid...
Wednesday, 29 March
23:43
Arch Linux Installer v2.5.4 Adds Initial Swapfile Support Phoronix
In time for the new month to begin and in turn a new Arch Linux installer ISO, Archinstall 2.5.4 was just released as the newest installer...
23:38
Fwd: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free Open Source Security
Posted by Olivier Fourdan on Mar 29
-------- Forwarded Message --------Subject: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free
Date: Wed, 29 Mar 2023 14:15:05 +0200
From: Olivier Fourdan <ofourdan () redhat com>
To: xorg-announce () lists x org
CC: xorg () lists x org, xorg-devel <xorg-devel () lists x org>, zdi-disclosures () trendmicro com
X.Org Security Advisory: March 29, 2023
X.Org Server Overlay Window Use-After-Free...
23:30
Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393 Phoronix
For over a decade now the X.Org Server has been seeing routine security disclosures in its massive codebase with some security researchers saying it's even worse than it looks and security researchers frequently finding multiple vulnerabilities at a time in the large and aging code-base that these days rarely sees new feature work. Today another disclosure was made by the folks with the Trend Micro Zero Day Initiative...
23:01
Mlofe: Researchers Uncover New Linux Malware Linked to Chinese APT Groups The Hacker News
An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mlofe. One of the artifacts is designed to drop a kernel-mode rootkit that's based on an open source project referred to as
22:52
Betway India Evaluation 100% Match As Much As Eight,000 Bonus h+ Media
Betway India Evaluation 100% Match As Much As Eight,000 Bonus
Within the Bollywood part, you can take pleasure in spin-offs of in style Indian games. In prime positions are Andar Bahar, Satta Matka, Cricket Roulette, and Indian blackjack. Lets cast a closer eye on Betway online on line casino and discover its marquee property. On a global level, youll find a way to wager on the World Cup, UEFA Nations League, Euro 2024, and Copa Libertadores, among other options. Additionally, the site boasts a first-class poker room and a racebook.
If youre a beginner, dont fear there are lots of tables with lower limits. If youre a excessive roller set on spending 1000s, Betways live on line casino offers private VIP tables. There are dozens of nice games all streamed in HD quality within the stay casino, so that you definitely shouldnt miss it. Players at Betway can bet on any and all soccer matches from any nook of the world in their betting account.
Football betting is a crucial part of the location and it comes as no surprise to see them accomplish that properly on this department too. In reality, a majority of Betway reviews online have praised their football section. As talked about, Betways cricket markets are an absolute pleasure for Indian cricket followers. Choose from IPL betting and the Ashes to all main international competitions and a selection of different events. Test matches, ODIs, T20 all cricket formats are available here. Thanks to the implementation of SSL security features, the private info you enter at Betway is protected.
- Regardless of the sort of promotion youre thinking about or the sports you wish to be on, therell all the time be a bonus you probably can declare to increase your balance and chances of profitable.
- When it involves betting on live casino games, it follows the same basic pattern as standard online on line casino video games.
- The 1win indir desk limits are fairly flexible and appropriate for each casual gamers and excessive rollers alike.
- One of the best things about Betway is that there are lots of fee options, due to which we give an additional point to Betway rankings.
You can request Betway for a cool-off interval, and they are going to lock your account for a decided period or completely. The sooner the nation regulates its playing legal guidelines and governments can gather, the sooner extra money. Taxing such a worthwhile exercise might reel in critical revenues that may assist out communities in want. Luckily for you, we want to reply the is Betway authorized in India query once and for all, so you presumably can have a clear image of what youre doing and what you should do. But earlier than we get started, you should know that gambling isnt properly legislated in India, and laws and laws rely on your state.
Live supplier video...
22:51
Clipper attacks use Trojanized TOR Browser installers Security Affairs
Researchers discovered malware-laced installers for the TOR browser that is spreading clipper malware in Russia and Eastern Europe.
Browser that is spreading a clipper malware in Russia and Eastern Europe. The attackers take advantage of the fact that the official Tor Project has been banned in Russia since the end of 2021, so users in Russia search for third-party repositories to download the Tor browser. According to the metrics provided by the Tor Project, Russia was the second largest country by the number of Tor users in 2021 (with over 300,000 daily users, or 15% of all Tor users). Malware authors have created trojanized Tor Browser bundles and are distributing them among Russian-speaking users.in the threat landscape in December 2021, but experts pointed out that since August 2022 they observed a wave of torbrowser_ru.exe malicious executables. The malicious installers offered Tor Browser with a regional language pack, including Russian.
The victims download the Tor Browser from a third-party server and execute it as torbrowser.exe. The researchers noticed that the installer is not digitally signed, it is just a RAR SFX (self-extracting executable) archive.
The archive contains the following files:
- The original torbrowser.exe installer with a valid digital signature from the Tor Project.
- A command-line RAR extraction tool with a randomized name.
- A password-protected RAR archive (random password).
Upon executing the SFX, the original torbrowser.exe and the RAR extraction tool are launched on the embedded password-protected RAR archive. The archive is password-protected to evade detection.
It doesnt protect the malware from sandbox-based detection. The password and the destination for the extraction are part of the trojanized torbrowser.exe executable, and may be extracted via manual analysis. reads the...
22:48
Search Outcomes For Betway h+ Media
Search Outcomes For Betway
Players who tend to make use of extra betting apps could make use of the betway sports app. The app is out there in both iOS and APK versions, customers may even claim the latest promotions provides of the bookmaker through the app. With a live casino lobby that challenges one of the best, punters could have a subject day. The platform is easy to use and selecting a sport is very simple. There are generous limits, permitting newcomers and high rollers to benefit from the playing expertise. Here you can find the most effective online casinos in Indian Rupees, offering top actual cash video games like slots, roulette, and Andar Bahar.
With a single-minded focus and unperturbed by other sports, Pranchal likes to keep issues simple and enjoys spending time with household and friends. Using conventional strategies could be tougher in India than elsewhere. If you need to play in an internet on line casino for actual cash , you will virtually definitely have to use an eWallet service to maneuver your money back and forth. There are a wide selection of payment choices available at Betway online. There are all the most typical cost strategies obtainable, in addition to a couple of extra, corresponding to Maestro, Skrill, Neteller, Paysafecard, iDebit, EPS, Neosurf, PayPal, and so forth.
You will get plus factors each time you wager, depending on the odds. These factors can later be redeemed for loyalty bonuses, credit, and free bets. As part of a personal account, all the necessary capabilities are available, but on the identical time, there is nothing superfluous. To do this, you want to log into the previously created account in Betway.
Most of the elements of it recommend a eager give attention to sports bettors. However, there are a few things they need to fix, especially on the app, so that it doesnt lag during main tournaments and occasions. They supply a lot of fascinating options, which embody cricket betting options, and other live betting.
As soon as you might have an account with Betway, you may make your first deposit and declare the first deposit bonus match. The platform accepts a broad vary of cost methods, including financial institution transfers, debit and credit cards, and e-wallets, amongst others. If youre on the lookout for prime betting websites with plenty of prizes and top-tier cricket offers, Betway shall be your most suitable option. Everything from IPL to worldwide matches is available right here.
The bookmaker exclusively offers legal sports betting and online on line casino gaming companies that do not violate Indian laws. Yes, Betway casino is respectable and presents a variety of video games you can have fun with. Some well-liked choices gamers can discover embrace slots, poker, roulette, baccarat, bingo, and blackjack. A participant is at liberty to determine on what appeals most to them. At Betway, they give you the most effective on-line...
22:45
Take A Look At Our Betway Evaluation h+ Media
Take A Look At Our Betway Evaluation
You could win some huge cash, but you can simply as quickly lose every thing you may have in a second. Under this promotion, if you place a wager on any match and you end up losing it, youll still have a chance. If the final ball of the match is a boundary, then you will receive a free wager. To play on-line on Betway and earn cash you have to create account enroll on the official website. Here we have the steps you have to follow to get your Sign-up bonus. When you observe the steps mentioned beneath, you can easily create a model new account on the betting web site and unlock your Welcome Bonus.
Please notice the free bet cant be used for multi-line bets. If the bonus just isnt used, its burned seven days after its credited. Blackjack for one or two decks, roulette, baccarat 5% of the bet.
A lot of users take pleasure in their hours enjoying these and are entitled to avail presents that include them. However, when it comes to actual money on line casino video games, the offer boils down to simply the reside part because of some regulatory restrictions. Online websites are all the time in competitors with each other and have resourceful presents coming as a lot as be the best within the business. However, Betway has received you coated as they ensure their users get one of the best betting experience on life and pre-match occasions. The web site additionally supplies betting choices corresponding to Parlays, In-game betting, prematch, exchange wagering, fixed odds wagering, Proposition bets, and so forth. You ought to know that Indias gambling legal guidelines are very outdated, and they dont even point out on-line gambling, online casinos, and on-line sports activities betting web sites in most cases.
Before you name over the phone or write an e mail, I suggest visiting the Help section in your account first. That said, the Betway site makes up for it brilliantly with their promotions. In reality, after we have been asked to evaluation Betway, the promotions section took us by surprise.
Last however not least, Betway offers all of the betting facilities you want, such as cash out, stay streaming, and extra. This demonstrates its robust pedigree in the sports group. You should read the T&C carefully to learn about this unique wagering coverage. Choose between the supplied deposit strategies and enter the required details.
- Betway 24mg Tablet is probably safe to use in patients with kidney disease.
- The primary difference is that live casino games are played with a real vendor whos beamed to your computer or cell display by way of a webcam.
- Be sure to provide your exact full name, address, phone quantity, e-mail address, and proof of address.
- In addition, Betway India has an outstanding live betting platform and offers several mouthwatering bonuses corresponding to welcome bonuses and free bets....
22:43
How to Build a Research Lab for Reverse Engineering 4 Ways The Hacker News
Malware analysis is an essential part of security researcher's work. But working with malicious samples can be dangerous it requires specialized tools to record their activity, and a secure environment to prevent unintended damage. However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse
Smart Mobility has a Blindspot When it Comes to API Security The Hacker News
The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application attack surface areas. With no surprise, similar trends are emerging also in the smart mobility
22:39
More ChatGPT / Bing News SoylentNews
Europol Warns ChatGPT is Already Helping Criminals
There is no honor among chatbots:
Criminals are already using ChatGPT to commit crimes, Europol said in a Monday report that details how AI language models can fuel fraud, cybercrime, and terrorism.
[...] Now, the European Union's law enforcement agency, Europol, has detailed of how the model can be misused for more nefarious purposes. In fact, people are already using it to carry out illegal activities, the cops claim.
"The impact these types of models might have on the work of law enforcement can already be anticipated," Europol stated in its report [PDF]. "Criminals are typically quick to exploit new technologies and were fast seen coming up with concrete criminal exploitations, providing the first practical examples mere weeks after the public release of ChatGPT."
Although ChatGPT is better at refusing to comply with input requests that are potentially harmful, users have found ways around OpenAI's content filter system. Some have made it spit out instructions on how to create a pipe bomb or crack cocaine, for example. Netizens can ask ChatGPT to learn about how to commit crimes and ask it for step-by-step guidance.
"If a potential criminal knows nothing about a particular crime area, ChatGPT can speed up the research process significantly by offering key information that can then be further explored in subsequent steps. As such, ChatGPT can be used to learn about a vast number of potential crime areas with no prior knowledge, ranging from how to break into a home, to terrorism, cybercrime and child sexual abuse," Europol warned.
The agency admitted that all of this information is already publicly available on the internet, but the model makes it easier to find and understand how to carry out specific crimes. Europol also highlighted that the model could be exploited to impersonate targets, facilitate fraud and phishing, or produce propaganda and disinformation to support terrorism.
[...] ChatGPT's ability to generate code - even malicious code - increases the risk of cybercrime by lowering the technical skills required to create malware.
Read more of this story at SoylentNews.
22:05
Qt Creator 10 Released With Improved C++20 Support, QML Code Model From Qt 6.5 Phoronix
22:00
Robot 3D Prints Giant Metal Parts with Induction Heat Hackaday
While our desktop machines are largely limited to various types of plastic, 3D printing in other materials offers unique benefits. For example, printing with concrete makes it possible to quickly build houses, and weve even seen things like sugar laid down layer by layer into edible prints. Metals are often challenging to print with due to its high melting temperatures, though, and while this has often been solved with lasers a new method uses induction heating to deposit the metals instead.
A company in Arizona called Rosotics has developed a large-scale printer based on this this method that theyre calling the Mantis. It uses three robotic arms to lay down metal prints of remarkable size, around eight meters wide and six meters tall. It can churn through about 50 kg of metal per hour, and can be run off of a standard 240 V outlet. The company is focusing on aerospace applications, with rendered rocket components that remind us of what Relativity Space is working on.
21:57
AMD Adds New Option To Help Improve Debugging With RADV & RadeonSI Drivers Phoronix
Merged to Mesa 23.1-devel yesterday was UMD metadata v2 support for the RADV and RadeonSI drivers to provide extra metadata that can be optionally enabled to help with Radeon GPU debugging...
21:40
Linux 6.4 Adding Support For Many Kye/Genius Drawing Tablets Phoronix
The upcoming Linux 6.4 kernel cycle is set to introduce support for a number of Kye drawing tablets, which are also marketed as Genius tablets...
20:58
OBS Studio 29.1 Beta 1 Released With New AV1/HEVC Streaming Over RTMP Phoronix
Days after landing AV1 and HEVC streaming support over RTMP to allow game streamers and other livecasting with OBS Studio to YouTube to happen via AV1/HEVC as an alternative to H.264, OBS Studio 29.1 Beta 1 has been tagged...
20:17
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware The Hacker News
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [...] can be silent for years, show no network activity or any other signs of presence until the disastrous day when they replace a crypto wallet address," Vitaly Kamluk, director of
19:53
Valve is Ending Steam Support for Windows 7, 8, and 8.1 SoylentNews
Valve is ending Steam support for Windows 7, 8, and 8.1:
Are you among the few people still using Windows 7, 8, or 8.1 and playing games via Steam? If so, you might want to upgrade to a the date Valve is terminating Steam support for those older operating systems.
Valve made the surprise announcement in a Steam support post. It writes that as of January 1, 2024, Steam will officially stop supporting the Windows 7, Windows 8, and Windows 8.1 operating systems. After that date, the Steam Client will no longer run on those versions of Windows. In order to continue running Steam and any games or other products purchased through Steam, users will always switch to Linux.
Valve's reasoning for dropping Windows 7, 8, and 8.1 is due to longer functions on older versions of Windows. The company adds that future versions of Steam will require Windows feature and security updates only present in Windows 10 and above.
It was just last month when Chrome 110 was released, the first "https://www.techspot.com/news/97551-google-releases-chrome-110-parts-ways-windows-7.html"> not to support Windows 7. Edge no longer supports these operating systems, either, and Microsoft's extended support for Windows 7 and 8 ended in January.
A quick look at the latest Steam survey shows only a small number of people will be disappointed by Valve's decision assuming they weren't planning on upgrading in the next nine months. The survey results show that 1.43% of participants still use Windows 7 64-bit, while 0.34% use Windows 8.1 64-bit and 0.09% use Windows 7.
Read more of this story at SoylentNews.
19:41
The International Longevity Summit will be held August 23-24 in South Africa. Lifeboat News
The International Longevity Summit will be held August 2324 in South Africa.
Our Maria Entraigues Abramson, Alexandra Bause, Evelyne Yehudit Bischof, Jos Luis Cordeiro, Stephanie Dainow, Goffredo Giordano, Aubrey de Grey, snkch km Kl, Andrea B. Maier, Martin ODea, Elizabeth Parrish, Brenda Ramokopelwa, Paul Spiegel, and Natasha Vita-More will be speaking.19:00
If you wanted to create a VGA card, you might think about using an FPGA. But there are simpler ways to generate patterns, including an old-fashioned EPROM, as [DrMattRegan] points out in a recent video.
Generating video signals is an exercise in periodicity. After all, an old-fashioned CRT just scans at a certain horizontal frequency and refreshes the entire screen each time it starts over. VGA is made to drive this technology. An EPROM chip can easily generate repeating patterns when driven by a counter at a known frequency.
As you might expect, there were a few software glitches to work out, but in the end, the circuit did its job, displaying a fixed image on a VGA monitor.
If you havent run into [Matt] before, he has a complete series on how he built a wire-by-wire Apple II clone. We will warn you, though. Dont click on the link unless you have some spare time. The 18 videos take over two hours to work through, but there is some beautiful prototyping and a lot of good information in them.
You can go even lower tech for a VGA card, if you like. Just try not to look like this breadboard.
...
18:54
Links 29/03/2023: New Finnix and EasyOS Kirkstone 5.2 Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Audiocasts/Shows
-
317: Home Automation with Home Assistant Plus New Alternative to ChatGPT
-
Tux Digital 317: Home Automation with Home Assistant Plus New Alternative to ChatGPT Destination Linux TuxDigital
This weeks episode of Destination Linux, we will be discussing building an autom...
-
-
18:41
China Shuts Down Major Manga Piracy Site Following Complaint From Japan TorrentFreak
Rightsholders and anti-piracy groups in Japan are
committing
considerable resources to their fight against online
piracy.
While no targets are off limits, site owners who operate inside Japan present fewer challenges than those based overseas. A new report from anti-piracy group CODA indicates that with persistence and smart tactics, solutions can be found in difficult overseas regions.
Pirate Manga Site B9Good.com
Manga piracy site B9Good initially appeared in 2008 and established itself under B9DM branding. SimilarWeb stats show that the site was enjoying around 15 million visits each month, with CODA noting that in the two-year period leading to February 2023, the site was accessed more than 300 million times Around 95% of the sites visitors came from Japan.
B9Good had been featured in an MPA submission to the USTRs notorious markets report in 2019. Traffic was reported as almost 16 million visits per month back then, meaning that site visitor numbers remained stable for the next three years. The MPA said the site was possibly hosted in Canada, but domain records since then show a wider spread, including Hong Kong, China, United States, Bulgaria, and Japan.
Chinese Authorities Shut Down B9Good.com
Wherever the site ended up, the location of its operator was more important. In 2021, CODA launched its International Enforcement Project (CBEP), which aimed to personally identify the operators of pirate sites, including those behind B9Good who were eventually traced to China.
Pursuing copyright cases from outside China is reportedly difficult, but CODA had a plan. In January 2022, CODAs Beijing office was recognized as an NGO with legitimate standing to protect the rights of its member companies.
Working on behalf of Aniplex, TV Tokyo, Toei Animation, Toho, Japan Broadcasting Corporation (NHK), and Bandai Namco Film Works, CODA filed a criminal complaint in China, and starting February 14, 2023, local authorities began rounding up the B9Good team.
Four People Detained by Chinese Authorities
CODA reports that public security authorities in Jiangsu Province, China, detained a 33-year-old unemployed man living in Chongqing on February 14. He was held under suspicion of operating B9Good and later confessed to his involvement.
The man was held until March 19 before being released on bail. His house, reportedly worth around $580,000, was seized by the authorities.
From February 18 to March 21, Chinese authorities arrested three more people. A 30-year-old woman livin...
18:00
Globalists Polycrisis Of Doom Is Of Their Own Making Terra Forming Terra
The Perfect Storm Hits Our Food Supply Chain? Terra Forming Terra
We have been watching food production been destroyed for the past three years without comment by the MSM. This is absurd of course and do not think that all this is not been tracked as well.
The CHURCH Terra Forming Terra
World first study shows how EVs cut pollution levels and reduce costly health problems Terra Forming Terra
17:36
IRC Proceedings: Tuesday, March 28, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-280323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-280323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-280323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-280323.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:12
Cultured Meat Firm Resurrects Woolly Mammoth in Lab-grown Meatball SoylentNews
Cultured meat firm resurrects woolly mammoth in lab-grown meatball:
Truth, as the saying goes, is often stranger than fiction. The very notion of resurrecting the long-extinct woolly mammoth was the stuff of fantasy not that long ago, but scientists are already working on ways to achieve something close to that, using DNA from soft-tissue in frozen mammoth remains and meshing it with that of a modern-day elephant.
But while such "de-extinction" projects may or may not ultimately succeed, one company is already laying claim to having produced the first meat product made from mammoth DNA.
Vow, an Australian cultivated food company that creates meat in a laboratory setting from animal cells, says that it has used advanced molecular engineering to resurrect the woolly mammoth in meatball form, by combining original mammoth DNA with fragments of an African elephant's DNA.
There's little question that cultivated meat is coming, evidenced by the countless companies raising vast swathes of venture capital funding to produce meat and fish in a lab from animal cells, as well as the fact that companies are now starting to receiving the blessings of regulators such as the U.S. Food and Drug Administration (FDA). But while pork sausages and seafood make sense insofar as they are food that people are familiar with, Vow which closed a $49.2 million round of funding just a few months ago is clearly upping the ante with its foray into the world of extinct animals.
It's worth acknowledging that there is a sizeable element of marketing magicianship to this announcement. The very concept was devised by communications agency and WPP-subsidiary...
16:32
North Korean APT43 Group Uses Cybercrime to Fund Espionage Operations The Hacker News
A new North Korean nation-state cyber operator has been attributed to a series of campaigns orchestrated to gather strategic intelligence that aligns with Pyongyang's geopolitical interests since 2018. Google-owned Mandiant, which is tracking the activity cluster under the moniker APT43, said the group's motives are both espionage- and financially-motivated, leveraging techniques like credential
16:00
Kino Wheels Gives You a Hand Learning Camera Operation Hackaday
Have you ever watched a movie or a video and really noticed the quality of the camera work? If you have, chances are the camera operator wasnt very skilled, since the whole point of the job is to not be noticed. And getting to that point requires a lot of practice, especially since the handwheel controls for professional cameras can be a little tricky to master.
Getting the hang of camera controls is the idea behind [Cadrage]s Kino Wheels open-source handwheels. The business end of Kino Wheels is a pair of DIN 950 140mm spoked handwheels because of course theres a DIN standard for handwheels. The handwheels are supported by sturdy pillow block bearings and attached to 600 pulse/rev rotary encoders, which are read by an Arduino Mega 2560....
16:00
How cybersecurity decision-makers perceive cyber resilience Help Net Security
In an economic climate putting immense pressure on business leaders to prove ROI and team efficiency a new report from Immersive Labs looks into the lack of confidence cyber leaders have in their teams preparation and abilities to combat cyber incidents. In this Help Net Security video, Max Vetter, VP of Cyber at Immersive Labs, discusses the growing pressure on cybersecurity teams to prove their readiness for new and emerging threats.
The post How cybersecurity decision-makers perceive cyber resilience appeared first on Help Net Security.
15:30
New York law firm gets fined $200k for failing to protect health data Help Net Security
A New York law firm has agreed to pay $200,000 in penalties to the state because it failed to protect the private and electronic health information of approximately 114,000 patients. How did the data theft happen? Heidell, Pittoni, Murphy and Bach (HPMB) represents New York City area hospitals in litigation and maintains sensitive private information from patients, including dates of birth, social security numbers, health insurance information, medical history, and/or health treatment information. In November More
The post New York law firm gets fined $200k for failing to protect health data appeared first on Help Net Security.
15:22
[Meme] Fraud Seems Standard to Standard Life Techrights
Summary: Sirius Open Source has embezzled and defrauded staff; now it is being protected (delaying and stonewalling tactics) by those who helped facilitate the robbery
Previously/context:
- Sirius Open Source and the Money Missing From the Pension
- Sirius Finished
- Sirius Open Source Pensiongate: An Introduction
- When the Pension Vanishes
- Sirius Open Source Pensiongate (Sirius Financial Crisis): Company May Have Squandered/Plundered the Pensions of Many People
- Sirius Open Source Pensiongate: Pension Providers That Repeatedly Lie to the Clients and Dont Respond to Messages
- NOW: Pensions Lies to Its Customers and Protects Abusers
- Sirius Open Source Pensiongate: Its Beginning to Look Like a Criminal Matter and Sirius is in Serious Trouble
- Sirius Open Source Pensiongate: A Long Story Meri...
15:06
NOW: Pensions and Standard Life (Phoenix Group Holdings) Not Progressing Fraud Investigations schestowitz.com
Fraud investigations in the era of bankers going rogue
Summary: Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (weve been working as a group on this); all they want is the money and risk does not seem to bother them, even when theres an actual crime associated with pension-related activities
THIS site isnt a personal site (unlike my personal blog and personal site, schestowitz.com), but the issue seems commonplace and it impacts workers in tech (in my case, my former employer was an early sponsor of the Free Software Foundation).
I wanted to just post a quick update to say that 2 days ago I contacted two pension providers regarding their ongoing investigations of actual fraud. I wrote to them:
Is there any concrete progress on this yet?
This back-and-forth inquiry with your staff has gone on since January.
Were fast approaching April and former Sirius staff does not want to be left aside as Aprils fools.
The company is rapidly losing clients and may soon have key evidence in its shredders. Please progress this ASAP, even if there are not many of us and Sirius is not a large company.
We need action, not merely acknowledgements.
45 hours have passed and not even a reply from them!
One of the pension providers has not yet delivered what it promised it would send. The other has been mostly sitting on it for 3 weeks already. So whats going on? Is this how Britains pension industry deals with fraud?
Sirius, the company, is in hiding and it is losing customers (we kept noting escalation would follow for failure to provide a real address; it seems possible they not only squandered many peoples pensions but went even further). How long will it take for pension providers to take action? Will they wait until the company goes bankrupt? It might be too late by then. At a later stage well explain why such delays can implicate the pension providers, making them partly accountable/complicit.
Sirius wasnt always this rogue. Those pension providers too used to be more trustworthy, even putting their logos on athletes uniform to earn some trust (as if football is a badge of integrity). At one point Sirius had its logo on the jerseys of a young peoples football team (photo above), but that was a very long time ago. Nowadays it seems like the CEO of S...
15:01
3 Months to Progress Pension Fraud Investigations in the United Kingdom Techrights
Fraud investigations in the era of bankers going rogue
Summary: Based on our experiences and findings, one simply cannot rely on pension providers to take fraud seriously (weve been working as a group on this); all they want is the money and risk does not seem to bother them, even when theres an actual crime associated with pension-related activities
THIS site isnt a personal site (unlike my personal blog and personal site, schestowitz.com), but the issue seems commonplace and it impacts workers in tech (in my case, my former employer was an early sponsor of the Free Software Foundation).
I wanted to just post a quick update to say that 2 days ago I contacted two pension providers regarding their ongoing investigations of actual fraud. I wrote to them:
Is there any concrete progress on this yet?
This back-and-forth inquiry with your staff has gone on since January.
Were fast approaching April and former Sirius staff does not want to be left aside as Aprils fools.
The company is rapidly losing clients and may soon have key evidence in its shredders. Please progress this ASAP, even if there are not many of us and Sirius is not a large company.
We need action, not merely acknowledgements.
45 hours have passed and not even a reply from them!
How long will it take for pension providers to take action? Will they wait until the company goes bankrupt?One of the pension providers has not yet delivered what it promised it would send. The other has been mostly sitting on it for 3 weeks already. So whats going on? Is this how Britains pension industry deals with fraud?
Sirius, the company, is in hiding and it is losing customers (we kept noting escalation would follow for failure to provide a real address; it seems possible they not only squandered many peoples pensions but went even further). How long will it take for pension providers to take action? Will they wait until the company goes bankrupt? It might be too late by then. At a later stage well explain why such delays can implicate the pension providers, making them partly accountable/compl...
15:00
Visa fraud expert outlines the many faces of payment ecosystem fraud Help Net Security
In this Help Net Security interview, Michael Jabbara, the VP and Global Head of Fraud Services at Visa, delves into digital skimming attacks, highlighting their common causes, and provides insights into what measures merchants can take to prevent them. He also covers the steps payment processors and e-commerce merchants can take to safeguard themselves against enumeration attacks, and much more. What are some common causes of digital skimming attacks, and what can merchants do to More
The post Visa fraud expert outlines the many faces of payment ecosystem fraud appeared first on Help Net Security.
15:00
If you publish it, it will rank catonmat.net
TLDR: If you build it, they will come, and if you add paid plans, they will buy, and if you publish it, it will rank.
Publish too and see you next time!
14:30
Ignoring network automation is a ticking time bomb for security Help Net Security
IT professionals are frustrated due to the rise in network update velocity and tech stack sprawl, lack of support from leadership, and disagreements and concerns about the approach to resolving network issues, according to BackBox. Network and security device updates are crucial, but they are time-consuming and prone to human error when managed manually. 92% of network security and operations pros say there are more network updates needed than they can keep up with. Lack More
The post Ignoring network automation is a ticking time bomb for security appeared first on Help Net Security.
14:22
U.S. Rolls Out Strict Rules for Commercial Spyware Use, Amidst Rash of Hacks SoylentNews
U.S. Rolls Out Strict Rules for Commercial Spyware Use, Amidst Rash of Hacks:
The new regulation allows the government to ban a particular vendor's spyware from being used by agencies, if the company's product is found to have contributed to human rights violations, has been used to target U.S. citizens, or has been wielded against activists or journalists. In essence, the government is using its presence as a major consumer of defense and security products as a cudgel to encourage surveillance firms to behave or face blacklisting.
The announcement comes amidst revelations that more U.S. officials have been targeted by spyware than previously believed. On the same day that the executive order was announced, a senior US administration staffer told reporters that as many as 50 American officials are suspected or confirmed to have been targeted by commercial spyware in recent years. Previous reporting on this subject has focused on a handful of diplomats in foreign countries who had allegedly been targeted for surveillance. The new tally shows that, in reality, the imprint of foreign campaigns aimed at U.S. officials may be much broader.
"Commercial spyware sophisticated and invasive cyber surveillance tools sold by vendors to access electronic devices remotely, extract their content, and manipulate their components, all without the knowledge or consent of the devices' users has proliferated in recent years with few controls and high risk of abuse," the White House's announcement reads. "The proliferation of commercial spyware poses distinct and growing counterintelligence and security risks to the United States, including to the safety and security of U.S. Government personnel and their families."
Read more of this story at SoylentNews.
14:00
Microsoft announces Microsoft Incident Response Retainer Help Net Security
Microsoft has introduced Microsoft Incident Response Retainer, allowing customers to pre-pay and count on help from Microsoft incident responders before, during and after a cybersecurity crisis. Cybersecurity challenges faced by organizations Organizations are facing numerous cyber attacks that can negatively affect their finances and reputation. Firms, especially small ones, often dont have dedicated teams that can deal with a cyber incident they simply dont have the time, resources, or expertise to build an in-house More
The post Microsoft announces Microsoft Incident Response Retainer appeared first on Help Net Security.
13:30
Netwrix upgrades its product portfolio and launches Netwrix 1Secure Help Net Security
Netwrix has released new versions for five products since September 2022 and launched a new SaaS-based auditing solution tailored for MSPs. Netwrix keeps enhancing its portfolio to help identify, protect, detect, respond, and recover from cyber threats aimed at any organizations most valuable asset its data. Solutions with notable key enhancements include the following: Data access governance solution Netwrix Data Classification 5.7 now streamlines configuration of security controls across SQL databases and speeds More
The post Netwrix upgrades its product portfolio and launches Netwrix 1Secure appeared first on Help Net Security.
13:15
NTTs MDR service improves cyber resilience for organizations Help Net Security
NTT has launched its Managed Detection and Response (MDR) security service to help companies achieve business performance objectives through improved cyber resilience. The cloud-native, analytics-driven offering combines human and machine expertise with leading technologies and threat intelligence to reduce the mean time to detect and respond to cyber attacks. The MDR service is built on Microsoft Sentinel, Microsofts security information and event management (SIEM) platform, powered by AI, automation, and threat intelligence. Sentinel enables organizations More
The post NTTs MDR service improves cyber resilience for organizations appeared first on Help Net Security.
13:10
Protegrity Borderless Data Solution enables compliant cross-border data flows Help Net Security
Protegrity has launched the Protegrity Borderless Data Solution to enable easy, secure and compliant cross-border data flows for large global enterprises. The new solution brings together a suite of data security tools designed to help the worlds largest banks, retailers and health insurers continue to reap the benefits of their investments in globalization in an increasingly unstable and fragmented global privacy regulatory landscape. Cross-border data flows are the cornerstone of our rapidly digitizing global economy, More
The post Protegrity Borderless Data Solution enables compliant cross-border data flows appeared first on Help Net Security.
13:00
HackNotice Actions helps people to understand the extent of their data exposure Help Net Security
HackNotice is offering additional tailored protection via its new service, HackNotice Actions. Further empowering employees, HackNotice Actions reaches out to any company where a persons PII or other data has been compromised, and asks for a full report on or erasure of the persons data, in addition to other functionalities. Specifically, HackNotice Actions sends an official email on the users behalf to compromised companies, which asks for a full report on exposed information and, if More
The post HackNotice Actions helps people to understand the extent of their data exposure appeared first on Help Net Security.
13:00
History of the SPARC CPU Architecture Hackaday
[RetroBytes] nicely presents the curious history of the SPARC processor architecture. SPARC, short for Scalable Processor Architecture, defined some of the most commercially successful RISC processors during the 1980s and 1990s. SPARC was initially developed by Sun Microsystems, which most of us associate the SPARC but while most computer architectures are controlled by a single company, SPARC was championed by dozens of players. The history of SPARC is not simply the history of Sun.
A Reduced Instruction Set Computer (RISC) design is based on an Instruction Set Architecture (ISA) that runs a limited number of simpler instructions than a Complex Instruction Set Computer (CISC) based on an ISA that comprises more, and more complex, instructions. With RISC leveraging simpler instructions, it generally requires a longer sequence of those simple instructions to complete the same task as fewer complex instructions in a CISC computer. The trade-off being the simple (more efficient) RISC instructions are usually run faster (at a higher clock rate) and in a highly pipelined fashion. Our overv...
12:54
Summary: Techrights is still growing; in WordPress alone (not the entire site) were fast approaching 36,000 posts; in Gemini its almost 45,500 pages and our IRC community turns 15 soon
12:39
Contrary to What Bribed (by Microsoft) Media Keeps Saying, Bing is in a Freefall and Bing Staff is Being Laid Off (No, Chatbots Are Not Search and Do Not Substitute Web Pages!) Techrights
In the worlds most populous nation Bing has gone down even further (soon falling below 1%! Elsewhere also!)
Summary: Chatbots/chaffbot media noise (chaff) needs to be disregarded; Microsoft has no solid search strategy, just lots and lots of layoffs that never end this year (Microsoft distracts shareholders with chaffbot hype/vapourware each time a wave of layoffs starts, giving financial incentives for publishers to not even mention these; right now its GitHub again, with NDAs signed to hide that it is happening)
12:21
NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly
NEW 'Off The Wall' ONLINE
Posted 29 Mar, 2023 1:21:55 UTC
The new edition of Off The Wall from 03/28/2023 has been archived and is now available online.
12:13
Full RMS Talk (A Tour of Malicious Software) Uploaded 10 Hours Ago Techrights
Summary: The talk is entitled A tour of malicious software, with a typical cell phone as example. Richard Stallman is speaking about the free software movement and your freedom. His speech is nontechnical. The talk was given on March 17, 2023 in Somerville, MA.
Licence: CC BY-ND 4.0
With our commentary: New Talk: Richard Stallman Explains His Problem With Rust (Trademark Restrictions), Openwashing (Including Linux Kernel), Machine Learning, and the JavaScript Trap
11:41
ChatGPT Gets Eyes and Ears With Plugins That Can Interface AI With the World SoylentNews
ChatGPT gets "eyes and ears" with plugins that can interface AI with the world:
On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing the web, and more. Plugins are bits of code that tell ChatGPT how to use an external resource on the Internet.
Basically, if a developer wants to give ChatGPT the ability to access any network service (for example: "looking up current stock prices") or perform any task controlled by a network service (for example: "ordering pizza through the Internet"), it is now possible, provided it doesn't go against OpenAI's rules.
Conventionally, most large language models (LLM) like ChatGPT have been constrained in a bubble, so to speak, only able to interact with the world through text conversations with a user. As OpenAI writes in its introductory blog post on ChatGPT plugins, "The only thing language models can do out-of-the-box is emit text."
I see (and hear) you!
Read more of this story at SoylentNews.
11:20
Links 28/03/2023: KPhotoAlbum 5.10.0 and QSoas 3.2 Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Trademarks
- Copyrights
- Gemini* and Gopher
- ...
11:09
11:00
HPR3823: Gitlab Pages for website hosting Hacker Public Radio
How it works https://docs.gitlab.com/ee/user/project/pages/ GitLab always deploys your website from a specific folder called public in your repository. To deploy your site, GitLab uses its built-in tool called GitLab CI/CD to build your site and publish it to the GitLab Pages server. The sequence of scripts that GitLab CI/CD runs to accomplish this task is created from a file named .gitlab-ci.yml, which you can create and modify. A specific job called pages in the configuration file makes GitLab aware that you're deploying a GitLab Pages website. Overview of Steps The end state has to be a directory named public that contains the site contents Optionally, run a build process in a container to create the contents of the public directory There has to be a pages declaration in .gitlab-ci.yml Example 1 simple demo Create the Git repo and site content Go to gitlab and create new Gitlab repo Clone it to your workstation Add public folder with site files add .gitlab-ci.yml Commit and push git clone git@gitlab.com:norrist/simple_pages_demo.git cd simple_pages_demo/ mkdir public echo "Hello World" > public/index.html git add public/ vim .gitlab-ci.yml git add .gitlab-ci.yml git commit -am "new page" git push .gitlab-ci.yml pages: stage: deploy script: - echo artifacts: paths: - public Pages settings Menu on left, Settings, Pages Your pages are served under: Example 2 docs.norrist.xyz Combine my HPR show notes into a single page Custom Domain Verified with TXT record .gitlab-ci.yml image: "debian" before_script: - apt-get update - apt-get install -y pandoc stages: - build pages: stage: build script: - bash build_html.sh artifacts: paths: - public set -euo pipefail IFS=$'nt' mkdir -pv public for MD in $(ls *md) do echo # echo "---" # echo # echo "#" $MD echo echo "---" echo cat $MD done |pandoc -H markdown.header -B body.header --toc --toc-depth=1 -f gfm -t html -o public/index.html Example 3 HPR static Build the new HPR static site .gitlab-ci.yml services: - mariadb variables: MYSQL_DATABASE: hpr_hpr MYSQL_ROOT_PASSWORD: mysql connect: stage: .pre image: mysql script: - echo "SELECT 'OK';" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mariadb "$MYSQL_DATABASE" pages: image: debian before_script: - apt update - apt -y install libgetopt-complete-perl libmemory-usage-perl libconfig-std-perl libtemplate-perl libtemplate-plugin-dbi-perl libclass-dbi-perl libtie-dbi-perl libdbd-mysql-perl libdate-calc-perl - apt -y install curl mariadb-client git - curl -o hpr.sql http://hackerpublicradio.org/hpr.sql - mysql --user=root --host=mariadb "$MYSQL_DATABASE" --password="...
Software Engineering Gender Bias in Large Language Models It Will Never Work in Theory
A lot of people believe that large language models (LLMs) are going to revolutionize programmingthis recent post is just one example. But from what I can tell, they don't understand what a revolution actually is. It's not just a shuffle of who's at the top and who has to follow their rules; it's something that changes the rules of the game.
This new paper shows that today's LLMs aren't going to do that. Instead, they are going to reinforce and perpetuate the biases in the data on which they were trained. That's not inevitablewe could require their developers to meet verifiable criteria for fairness and safetybut the history of our industry doesn't fill me with hope.
Christoph Treude and Hideaki Hata. She elicits requirements and he tests: software engineering gender bias in large language models. 2023. arXiv:2303.10131.
Implicit gender bias in software development is a well-documented issue, such as the association of technical roles with men. To address this bias, it is important to understand it in more detail. This study uses data mining techniques to investigate the extent to which 56 tasks related to software development, such as assigning GitHub issues and testing, are affected by implicit gender bias embedded in large language models. We systematically translated each task from English into a genderless language and back, and investigated the pronouns associated with each task. Based on translating each task 100 times in different permutations, we identify a significant disparity in the gendered pronoun associations with different tasks. Specifically, requirements elicitation was associated with the pronoun "he" in only 6% of cases, while testing was associated with "he" in 100% of cases. Additionally, tasks related to helping others had a 91% association with "he" while the same association for tasks related to asking coworkers was only 52%. These findings reveal a clear pattern of gender bias related to software development tasks and have important implications for addressing this issue both in the training of large language models and in broader society.
10:35
The Rumours Were Right: Many More Microsoft Layoffs This Week, Another Round of GitHub Layoffs Techrights
Microsoft pays the workers to not even talk about it! (See below)
Also see: Layoffs continuing all over the world (hours ago)
Summary: Another round of GitHub layoffs (not the first [1, 2]; wont be the last) and many more Microsoft layoffs; this isnt related to the numbers disclosed by Microsoft back in January, but Microsoft uses or misuses NDAs to hide whats truly going on
10:14
Distribution Release: Finnix 125 DistroWatch.com: News
Finnix is a small, self-contained, bootable Linux distribution for system administrators, based on Debian. The project has management through a combination of Debian's Testing and Unstable repositories. "Today marks the release of Finnix 125, the original utility live....
10:09
Top Benefits of Using Flutter for Cross-Platform App Development HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Todays mobile-first world calls for functional solutions that meet the expectations of smartphone users. Creating a user-friendly mobile
This is a post from HackRead.com Read the original post: Top Benefits of Using Flutter for Cross-Platform App Development
10:00
A New Gaming Shell For a Mouse Hackaday
For some gamers, having a light fast polling mouse is key. [Ali] of [Optimum Tech] loved his 23-gram mouse but disliked the cord. Not seeing any options for a comparable wireless mouse, he decided to make one himself.
Trying to shortcut the process, he started with an existing wireless mouse from Razer weighing in at a hefty 58 grams. The PCB on its own weighed in at 11 grams and after swapping to a smaller battery, [Ali] had a budget of 10 to 15 grams for the shell. Here is where the meat of this project lives. The everyday objects in your life like the poles that hold up traffic signals or the device youre reading this article on are looked at and used without much thought into why they are what they are. The design of everyday things is a surprisingly deep field and designing a curvy mouse is no excep...
09:56
09:01
How Brains Synchronize During Cooperative Tasks SoylentNews
Humans are social creatures. But what leads to them being this way? To fully understand how the brain gives rise to social behaviors, we need to investigate it during social encounters. Moreover, we need to analyze not only the internal operations of one brain during social activities but also the dynamic interplay between multiple brains engaged in the same activity. This emerging research field is referred to as "second-person neuroscience" and employs hyperscanning (the simultaneous recording of the activity of multiple brains) as the signature technique.
[...] Now, a research team led by Yasuyo Minagawa of Keio University, Japan, has worked out an elegant solution to this problem. [...]
Each pair of participants (39 pairs in total) engaged in a natural, cooperative, and creative task: the design and furnishing of a digital room in a computer game. They were allowed to communicate freely to create a room that satisfied both. The participants also completed the same task alone as the researchers sought to compare between-brain synchronizations (BBSs) and within-brain synchronizations (WBSs) during the individual and cooperative tasks. The social behavior that the team focused on during the tasks was eye gaze, that is, whether the participants directed their gaze at the other's face. They automatically extracted this behavior from the video footage using an open-source software, which made the data analysis easier.
One of the most intriguing findings of the study was that, during cooperative play, there was a strong BBS among the superior and middle temporal regions and specific parts of the prefrontal cortex in the right hemisphere, but little WBS in comparison. Moreover, the BBS synchronization was strongest when one of the participants raised their gaze to look at the other. Interestingly, the situation reversed during individual play, showing increased WBS within the same regions.
According to Minagawa, these results agree with the idea that our brains work as a "two-in-one system" during certain social interactions. "Neuron populations within one brain were activated simultaneously with similar neuron populations in the other brain when the participants cooperated to complete the task, as if the two brains functioned together as a single system for creative problem-solving," she explains. "These phenomena are consistent with the notion of a 'we-mode,' in which interacting agents share their minds in a collective fashion and facilitate interaction by accelerating access to the other's cognition."
Overall, this study provides evidence hinting at the remarkable capability of the human br...
09:00
Toyota Italy accidentally leaked sensitive data Security Affairs
Toyota Italy accidentally leaked sensitive data for more than one-and-a-half years, until this March, CyberNews reported.
A Japanese multinational accidentally leaked access to its marketing tools, enabling attackers to launch phishing campaigns against its vast pool of customers in Italy.
Toyota Italy accidentally leaked sensitive data for more than one-and-a-half years, until this March. Namely, it exposed secrets for its Salesforce Marketing Cloud and Mapbox APIs. Threat actors could abuse this information to gain access to Toyota clients phone numbers and email addresses and abuse them to launch phishing attacks.
Cybernews has reached out to the car manufacturer, and, at the time of writing, the dataset has been secured. The company said it took extra measures to strengthen its cybersecurity systems and protocols.
Exposed credentials
On February 14, the Cybernews research team discovered an environment file (.env) hosted on the official Toyota Italy website.
Toyota is arguably the biggest vehicle manufacturer worldwide, with over 370,000 employees and about $267 billion in revenue last year. In Europe, it directly employs more than 25,000 people, and operates eight manufacturing plants. While theres no official data on how big Toyota is in Italy, the company has been present in the country for over half a century.
As per Statista, revenue for Toyota Italy is projected to reach approximately $1.8 billion in 2023, and vehicle sales are projected to nearly reach 83,000.
As per Cybernews research team, the company exposed credentials to the Salesforce Marketing Cloud, a provider of digital marketing automation and analytics software and services. Abusing the data, threat actors could access phone numbers and email addresses, customer tracking information, and email, SMS, and push-notification contents.
These credentials could further be exploited to send bogus SMS messages and emails, edit and launch marketing campaigns, create automation scripts, edit content tied with the Salesforce Marketing Cloud, and even send push notifications to Toyotas customers.
This leak is significant as it could have been used to launch somewhat sophisticated phishing campaigns, as attackers would have had access and control over Toyotas official communication channels, making it more likely that victims would fall for such an attack, since the sender information would be legitimate, Cybernews researchers said.
Toyota Italy also exposed software company Mapboxs application programming interface (API) tokens, used to query map data. While the data is not as sensitive as the Salesforce Marketing Cloud credentials, threat actors might abuse it to query a lot of requests and rack up the cost for API usage for Toyota.
The environment file was first indexed by internet of things (IoT) search eng...
09:00
Introduction to XFS Transaction Mechanism Linux.com
A starting point for those who want to s
Click to Read More at Oracle Linux Kernel Development
The post Introduction to XFS Transaction Mechanism appeared first on Linux.com.
08:25
Bitter APT group targets Chinas nuclear energy sector Security Affairs
Intezer researchers reported that a South Asian espionage group, tracked as Bitter, is targeting the Chinese nuclear energy industry.
Intezer researchers uncovered a cyberespionage campaign targeting the Chinese nuclear energy sector, they linked it to the Bitter APT group.
The Bitter APT group is a South Asian cyberespionage group active since at least 2021. The group focuses on energy and government sectors, in the past, the group targeted organizations in Pakistan, China, Bangladesh, and Saudi Arabia.
In recent attacks, experts noted updates to the first-stage payloads and the implementation of new layers of obfuscation to avoid detection. Threat actors also employed additional decoys for social engineering.
Experts identified seven phishing emails that were used in the phishing campaign aimed at recipients in Chinas nuclear energy industry. The phishing messages impersonated the Embassy of Kyrgyzstan in China, inviting them to join conferences on subjects that are relevant to the recipients.
We identified seven emails pretending to be from the Embassy of Kyrgyzstan, being sent to recipients in the nuclear energy industry in China. In some emails, people and entities in academia are also targeted, also related to nuclear energy. The phishing emails contain a lure that invites the recipients to join conferences on subjects that are relevant to them. reads the report published by Intezer. The lures are designed to socially engineer the recipient to download and open an attached RAR file that contains either a Microsoft Compiled HTML Help (CHM) or Excel payload.
The messages attempt to trick recipients into opening an attached RAR archive that contains CHM or Excel payloads created to achieve persistence and fetch additional payloads from the C2.
08:24
Sony Music Has Serious Concerns About AI-Synthesized Vocals TorrentFreak
Artificial intelligence has the potential to make our lives
more efficient, entertaining, and productive. There are potential
downsides as well.
From a copyright perspective, AI brings up some interesting questions. For example, can content created by an AI be copyrighted? And can an AI be trained on copyrighted works without limitation?
Before ChatGPT and other AI tools started to dominate the news, the music industry had already shared its concerns over the potential threats posed to its business. The RIAA, for example, reported several AI vocal extraction tools as a looming piracy threat last October.
Since then, numerous experts have opined about the copyright challenges AI presents. As such, it is no surprise that the topic is also mentioned in IFPIs annual Global Music Report, which discusses the state of the global music industry.
A few years ago, online piracy and stream-ripping were featured as cannibalizing technologies, but those have now disappeared into the background. Instead, AI gets a prominent feature, with several music industry bosses commenting on the technology.
The Music Industrys Looming AI Threat
IFPIs report starts out by saying that AI isnt all doom and gloom. It also offers several opportunities for artists and the broader industry.
Some, for example, support artist discovery, others enhance audience identification. Still others enable fans to engage with artists in new ways and some aid in the creative process, IFPI writes.
The report stresses that when AI is used, the human element should always remain from and center. At the same time, robust copyright rules and regulations must be respected.
The human element is also highlighted by Michael Nash, Chief Digital Officer at Universal Music Group. Nash believes that...
08:10
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Open Source Security
Posted by Seth Arnold on Mar 28
Aha, then I'm quite out of date. Thanks :)08:00
Fwupd 1.8.13 Adds Firmware Updating For Framework's Audio Card, ThinkPad TBT3-TR Gen 2 Phoronix
Fwupd/LVFS lead developer Richard Hughes of Red Hat released Fwupd 1.8.13 as the newest feature update to this open-source firmware/BIOS updating solution for Linux and other platforms...
07:44
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Open Source Security
Posted by Solar Designer on Mar 28
Kristian isn't on the list for a couple of years now. Two others arecurrently subscribed for Gentoo.
Alexander
07:24
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Open Source Security
Posted by Seth Arnold on Mar 28
I've not seen K_F online in any capacity in years. It is time to ask ifwe should remove him from the list, beyond just the assignment of this
task. (If you're around Kristian, and we're just in different circles
these days, hello. :)
Thanks
06:35
How to refresh and reload group membership on Linux without a reboot or logging in again nixCraft
Do you want to refresh and reload the group membership on Linux without rebooting the Linux machine or logging in again? Try the newgrp command to log in to a new group without logging in again or reboot the system.
Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit
The post How to refresh and reload group membership on Linux without a reboot or logging in again appeared first on nixCraft.
06:30
Ubuntu Cinnamon Becomes An Official Flavor For Ubuntu 23.04 Phoronix
Since 2019 there has been Ubuntu Cinnamon as an unofficial remix of Ubuntu paired with Linux Mint's Cinnamon desktop environment. After the three years of progress, Ubuntu Cinnamon has now been granted an official status with next month's Ubuntu 23.04 "Lunar Lobster" release...
06:15
Microplastics are Messing With the Microbiomes of Seabirds SoylentNews
Microplastics are messing with the microbiomes of seabirds:
To find out if the microbes being introduced might be "good" or "bad," Fackelmann and her colleagues analyzed the microbiomes and looked up individual types of microbes in databases to learn what they do. They found that with more plastic, there were more microbes that are known to break down plastic. There were also more microbes that are known to be resistant to antibiotics and more with the potential to cause disease.
Fackelmann and her colleagues didn't assess the health of the birds, so they don't know if these microbes might have been making them unwell. "But if you accumulate pathogens and antibiotic-resistant microbes in your digestive system, that's clearly not great," says Wagner.
The study, which was published in the journal Nature Ecology and Evolution, shows that the levels of plastic already present in the environment are enough to affect animals' microbiomes, says Fackelmann. The next step is to work out what this might mean for their health and the health of other animals, including humans, she says.
"When I read [the study], I thought about the whales we find beached with kilograms of plastic debris found in their bellies," says Wagner. "It's probably quite comparable to what birds have in their digestive systems, so it would be interesting to know if this happens in whales, dolphins, [and other marine animals] as well."
Read more of this story at SoylentNews.
05:33
[$] Ubuntu stops shipping Flatpak by default LWN.net
Canonical recently announced that it will no longer ship Flatpak as part of its default installation for the various official Ubuntu flavors, which is in keeping with the practices of the core Ubuntu distribution. The Flatpak package format has gained popularity among Linux users for its convenience and ease of use. Canonical will focus exclusively on its own package-management system, Snap. The decision has caused disgruntlement among some community members, who felt like the distribution was making this decision without regard for its users.
05:20
AMD-Xilinx Publishes Open-Source "Nanotube" Compiler Phoronix
AMD-Xilinx recently open-sourced their LLVM-based Nanotube compiler that can be used for some nifty networking purposes on FPGAs...
05:10
Ed Dowd on Covid Vax: $147 Billion In Economic Damage, Tens Of Millions Injured Or Disabled cryptogon.com
Via: ZeroHedge: A new report estimates that 26.6 million people were injured, 1.36 million disabled, and 300,000 excess deaths can be attributed to COVID-19 vaccine damages in 2022 alone, which cost the economy nearly $150 billion.
05:08
Microsoft Introduces GPT-4 AI-Powered Security Copilot Tool to Empower Defenders The Hacker News
Microsoft on Tuesday unveiled Security Copilot in limited preview, marking its continued quest to embed AI-oriented features in an attempt to offer "end-to-end defense at machine speed and scale." Powered by OpenAI's GPT-4 generative AI and its own security-specific model, it's billed as a security analysis tool that enables cybersecurity analysts to quickly respond to threats, process signals,
05:03
Latitude Data breach is worse than initially estimated. 14 million individuals impacted Security Affairs
Australian loan giant Latitude Financial Services (Latitude) revealed that a data breach its has suffered impacted 14 million customers.
The data breach suffered by Latitude Financial Services (Latitude) is much more serious than initially estimated. The company initially determined that the number of impacted individuals was 328,000, but now confirmed that the real number of affected individuals is 14 million.
The incident took place on March 16, the Australian firm revealed that the attackers stole an employees credentials and used them to breach two of the companys service providers and access Latitudes customer data.
In response to the incident, the company shut down customer-facing systems and launched an investigation to determine the extent of the intrusion. Latitude reported the security breach to the Australian Federal Police.
Once the attack was discovered, we took immediate and decisive action, including isolating systems, taking them offline to protect personal information. Unfortunately, this action continues to cause disruption to our services. We are working around the clock to restore full service for our customers and partners. reads the Cyber Incident Update published by the company. We are well advanced in what has been a thorough, forensic investigation of our systems, supported by external cyber security specialists.
The investigation revealed that the incident impacts 14 million individuals that are customers, past customers, and applicants across Australia and New Zealand.
As our forensic review continues to progress, we have identified that approximately 7.9 million Australian and New Zealand driver licence numbers were stolen, of which approximately 3.2 million, or 40%, were provided to us in the last 10 years. reads a new update published on March 27, 2023.
In addition, approximately 53,000 passport numbers were stolen. We have also identified less than 100 customers who had a monthly financial statement stolen.
The company announced that it will reimburse those customers who choose to replace their stolen ID documents.
The statement also reported that approximately 6.1 million records dating back to at least 2005 were also compromised in the data breach. 94% of these records (5.7 million) were provided before 2013.
These 6.1 million records include some, but not all of the following personal information: name, address, telephone, and date of birth.
It is hugely disappointing that such a signi...
05:02
Britain: Staff Who Process Payments for Vaccine Injuries Increased from 4 to 80 cryptogon.com
Via: Dr. John Campbell:
05:00
New Award Recognizes IEEE Societys Work in DEI IEEE Spectrum
For the past 20 years, the IEEE Instrumentation and Measurement Society has been working to become more welcoming and inclusive for women, members from outside the United States and Canada, students, and young professionals. Its hard work in diversity, equity, and inclusion (DEI) has paid off.
IEEE IMS has increased its number of women leaders, conference speakers, and editors of its publications. The society also has expanded its chapters to other parts of the world. To encourage more students to join, it holds competitions and offers scholarships, and a mentoring program was created to attract students and young professionals.
The societys efforts have been recognized with the new IEEE Technical Activities Board Award for Society/Council Impact in DEI. The award was established last year to honor an IEEE society or council that has encouraged DEI by developing activities, programs, and services that promote efforts in the area. IEEE IMS is the first society to be given the award.
The society received the news [about the award] with great joy, says IEEE Senior Member Juan Manuel Ramirez Corts, the IMS president. Being the inaugural recipient of the award is a true honor and serves as significant motivation for our ongoing DEI efforts.
Increasing the number of women leaders
The societys nominations and appointments committee is dedicated to recommending experienced women to serve in leadership positions.
In 1992 there were no women on the societys administrative committee, AdCom, and only one member was from outside the United States and Canada. The committee is composed of elected officers and nonelected leaders.
The IEEE Instrumentation and Measurements Society by the Numbers
Total membership
3,820
Number of chapters
72
Number of student chapters
15
Number of technical committees
23
The oversight changed when IEEE Life Fellow Stephen A. Dyer joined the committee as editor in chief of the IEEE Transactions on Instrumentation and Measurement. He identified women and individuals from other geographic regions who were qualified to be AdCom can...
04:58
Hacker Returns $200 Million Stolen from Euler Finance HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
Euler Finance was hacked on March 13, 2023, and around $197 million worth of cryptocurrency was stolen, including $135.8 million stETH, $33.8 million USDC, $18.5 million WBTC, and $8.7 million DAI.
This is a post from HackRead.com Read the original post: Hacker Returns $200 Million Stolen from Euler Finance
04:54
Some Clips from Utopia cryptogon.com
Reminds of of something. I cant quite put my finger on it. Hmm Via: Jason Stuermer Roberts: Related: Utopia (British TV series)
04:44
Robert F. Kennedy, Jr. and Childrens Health Defense Sue Biden, Fauci for Alleged Censorship cryptogon.com
Via: The Defender: Robert F. Kennedy, Jr. and Childrens Health Defense (CHD) on Friday filed a class action lawsuit against President Biden, Dr. Anthony Fauci and other top administration officials and federal agencies, alleging they waged a systematic, concerted campaign to compel the nations three largest social media companies to censor constitutionally protected speech. Kennedy, []
04:39
6th Pilot Incident This Month cryptogon.com
Via: Covid Intel: March 22, 2023 Southwest 613 LAS-CMH diverted as pilot collapsed shortly after take-off March 18, 2023 Air Transat Flight TS739 FDF-YUL first officer was incapacitated about 200NM south of Montreal March 13, 2023 Emirates Flight EK205 MXP-JFK diverted due to pilot illness hour and a half after take-off March []
04:31
Will New CEO Dirk-Peter van Leeuwen Bring Open Source Way Magic to SUSE? FOSS Force
As Red Hat slowly loses its open culture under IBM's ownership, SUSE might be set to finally become an important global open-source player, but only if its board allows the former Red Hatter who will take the helm on May 2 to bring "the open source way" to a secretive and "top-down" corporate culture.
The post Will New CEO Dirk-Peter van Leeuwen Bring Open Source Way Magic to SUSE? appeared first on FOSS Force.
04:27
Dr. Drew on Damar Hamlin cryptogon.com
Via: Chief Nerd: ? Dr. Drew Questions What Happened to Damar Hamlin Nearly Three Months Ago "Things would cause sudden no pulse, rearrest in the ER, and the pulmonary status to lag behind neurological would be a pulmonary embolus. And a pulmonary embolus happens during acute COVID, which he did pic.twitter.com/5r3wh74sFa Chief Nerd (@TheChiefNerd) []
04:26
UK Sets Up Fake Booter Sites To Muddy DDoS Market Krebs on Security
The United Kingdoms National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.
The warning displayed to users on one of the NCAs fake booter sites. Image: NCA.
The NCA says all of its fake so-called booter or stresser sites which have so far been accessed by several thousand people have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.
However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators, reads an NCA advisory on the program. Users based in the UK will be contacted by the National Crime Agency or police and warned about engaging in cyber crime. Information relating to those based overseas is being passed to international law enforcement.
The NCA declined to say how many phony booter sites it had set up, or for how long they have been running. The NCA says hiring or launching attacks designed to knock websites or users offline is punishable in the UK under the Computer Misuse Act 1990.
Going forward, people who wish to use these services cant be sure who is actually behind them, so why take the risk? the NCA announcement continues.
The NCA campaign comes closely on the heels of an international law enforcement takedown involving four-dozen websites that made powerful DDoS attacks a point-and-click operation.
In mid-December 2022, the U.S. Department of Justice (DOJ) announced Operation Power Off, which seized four-dozen booter business domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services. In connection with that operation, the NCA also arrested an 18-year-old man suspected of running one of the sites.
According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison senten...
04:16
Toxic Chemical Spill Ignites Water Safety Fears for 14 Million People cryptogon.com
Via: The Defender: Residents of Philadelphia and the surrounding area demanded clarity about the safety of their drinking water from city officials on Monday, three days after chemicals leaked from a plant into a tributary of the Delaware River, which provides water for about 14 million people in four states. About 8,100 gallons of acrylic []
04:00
Fedora 38 Beta Performance Mostly Flat, Few Regressions Phoronix
For those curious how the performance of Fedora 38 is looking ahead of its official release at the end of April, here are some preliminary benchmarks looking at the performance of this leading-edge Linux distribution as of the Fedora 38 Beta milestone last week. On both Intel Core i9 13900K "Raptor Lake" and AMD Ryzen 9 7950X "Zen 4" desktop systems, the Fedora 37 performance was compared to that of Fedora 38 Beta.
03:31
GitHub Publishes RSA SSH Host Keys by Mistake, Issues Update SoylentNews
GitHub publishes RSA SSH host keys by mistake, issues update:
GitHub has updated its SSH keys after accidentally publishing the private part to the world. Whoops.
A post on Github's security blog reveals that the company has changed its RSA SSH host keys. This is going to cause connection errors, and some frightening warning messages, for a lot of developers, but it's all right: it's not scary cracker activity, just plain old human error.
Microsoft subsidiary GitHub is the largest source code shack in the world, with an estimated 100 million active users. So this is going to inconvenience a lot of people. It's not the end of the world: if you normally push and pull to GitHub via SSH which most people do then you will have to delete your local GitHub SSH key, and fetch new ones.
As the blog post describes, the first symptom is an alarming warning message[.]
For almost everyone, this warning is spurious. It's not that you're being attacked although that is always a remote (ha ha, only serious) possibility it's that GitHub revoked its old keys and published new ones. Hanlon's Razor applies, as it most often does:
Never attribute to malice that which can be adequately explained by stupidity. (The word stupidity is often replaced with incompetence, but then, one does tend to lead to the other.)
This time, the reason was as usual plain old human error. Someone published GitHub's private RSA keys in a repository on GitHub itself. If you're unclear how SSH encryption works, about public versus private keys, or the different cryptographic algorithms SSH uses, there are many good explanations out there.
Read more of this story at SoylentNews.
03:01
How to work with a list of dictionaries in Ansible Linux.com
Use Jinja selectattr() and map() filters to extract data from a list of dictionaries.
Read More at Enable Sysadmin
The post How to work with a list of dictionaries in Ansible appeared first on Linux.com.
02:30
VA-API's Libva 2.18 Released With Windows WSL D3D12 Support, Optional Disabling DRI3 Phoronix
Version 2.18 of the VA-API library, libva, has been released today for this Linux Video Acceleration API library that is used by the various driver implementations...
02:30
Debugging and Analyzing Real-Mode 16-Bit x86 Code With Fresh Bread Hackaday
Running a debugger like gdb with real-mode 16-bit code on the x86 platform is not the easiest thing to do, but incredibly useful when it comes to analyzing BIOS firmware and DOS software. Although its possible to analyze a BIOS image after running it through a disassembler, there is a lot that can only be done when the software is running on the real hardware. This is where [Davidson Francis] decided that some BREAD would be useful, as in BIOS Reverse Engineering & Advanced Debugging.
What BREAD does is provide some injectable code that with e.g. a BIOS replaces the normal boot logo with the debugger stub. This stub communicates with a bridge via the serial port, with the gdb client connecting to this bridge. Since DOS programs are also often 16-bit re...
02:24
What If EVE Online Becomes Our Future? Lifeboat News: The Blog
Play EVE Online: https://eve.online/Ridddle_EN
In this video, we explore the fascinating prospects of humanity becoming a proper interstellar civilization, up to Type III on the Kardashev scale. However, this transition process presents our species with a bunch of physical limitations, as well as societal and even biological implications. Many of them are quite unwanted or even ugly! We explore this vast topic by using the latest scientific models as well as the best science fiction worlds from books, TV shows, and even games. Speaking of which, to help us visualize this space-faring future with much-needed scale and fidelity, we turned to CCP Games the creators of the massively multiplayer online game EVE Online. https://eve.online/Ridddle_EN. It is set in a rich sci-fi universe, where players can create their own character and explore a vast and complex virtual world built according to the well-thought set of consistent in-world rules The game is known for its intricate economy, politics, and warfare mechanics, where players can engage in a variety of activities, including mining resources, trading, building structures, and participating in battles. Quite frankly, the game feels like a real simulation of all those future endeavors humanity will face on the way to becoming a true interstellar species!
02:24
AI Consciousness : 2023 2030 Timeline of Sentient Machines Lifeboat News: The Blog
Deep Learning AI Specialization: https://imp.i384100.net/GET-STARTED
AI Marketplace: https://taimine.com/
Take a journey through the years 20232030 as artificial
intelligence develops increasing levels of consciousness, becomes
an indispensable partner in human decision-making, and even leads
key areas of society. But as the line between man and machines
becomes blurred, society grapples with the moral and ethical
implications of sentient machines, and the question arises: which
side of history will you be on?
AI news timestamps:
0:00 AI consciousness intro.
0:17 Unconscious artificial intelligence.
1:54 AI influence in media.
3:13 AI decisions.
4:05 AI awareness.
5:07 The AI ally.
6:07 Machine human hybrid minds.
7:02 Which side.
7:55 The will of artificial intelligence.
#ai #future #tech
02:24
Does GPT-4 Really Understand What Were Saying? Lifeboat News: The Blog
One question for David Krakauer, president of the Sante Fe Institute for complexity science where he explores the evolution of intelligence and stupidity on Earth.
Does GPT-4 really understand what were saying?
Yes and no, is the answer to that. In my new paper with computer scientist Melanie Mitchell, we surveyed AI researchers on the idea that large pretrained language models, like GPT-4, can understand language. When they say these models understand us, or that they dont, its not clear that were agreeing on our concept of understanding. When Claude Shannon was inventing information theory, he made it very clear that the part of information he was interested in was communication, not meaning: You can have two messages that are equally informative, with one having loads of meaning and the other none.
02:24
The Periodic Table Has Been Sonified And Every Element Sounds Unique Lifeboat News: The Blog
The unique radiation emitted by heated or electrified elements has been converted into sound, enabling us to hear the distinctive chord each element produces. Although the idea has been tried before, advances in technology have now made it possible for a far more complete and subtle sonification of the periodic table.
When elements are energized electrons can jump to higher energy levels. Eventually, they return to their ground state, releasing a photon in the process. The wavelength of the photon depends on the size of the energy gap between the excited state and the ground state more energy produces higher frequency/shorter wavelength light.
The discovery of this fact has proven crucial for our understanding of the universe. We can identify the elements in a star billions of light-years away from the distinctive wavelengths it emits, known as its emission spectra. At the American Chemical Societys Spring Conference over the weekend, the University of Indianas W. Walker Smith demonstrated the result if every elements electromagnetic spectrum is converted to sound.
02:24
Does consciousness create the universe? A new book makes the startling claim Lifeboat News: The Blog
Credit: Pixabay.
Observer, a thriller co-written by the scientist Robert Lanza and the leading sci-fi writer Nancy Kress, looks towards quantum physics and beyond in a provocative story of a brilliant neurosurgeon.
02:22
The Twilight Zone (1985) Intro HD Lifeboat News: The Blog
The Twilight Zone (1985) is a television science fiction anthology series. It recreated some of the episodes from the original series and created some new ones too. The series contains ironic or special situations with a twist at the end, which show the human nature, coupled with science fiction, horror or fantasy. This new series included such famous directors as Wes Craven, Joe Dante, John Milius, and William Friedkin along with writers such as Stephen King, Harlan Ellison, Roger Zelazny, J. Michael Straczynski, Rockne S. OBannon, Theodore Sturgeon, Ray Bradbury, George Clayton Johnson, and even an original outline by Rod Serling.
Facebook Page:
https://www.facebook.com/TheTwilightZone1985
02:10
How and When the Chip Shortage Will End, in 4 Charts IEEE Spectrum
One looming artifact of the pandemic that remains in 2023the global chip shortagehas gratefully begun to recede. Unlike the state of things in mid-2021when crimps in the semiconductor supply chain cropped up in big wayssupply and demand have become much less of a mismatch.
As IEEE Spectrum reported in the months since this story originally posted, the broken supply chains caused by the chip shortage have practically rewired whole segments of the tech industry. For the automotive industry, as we summarized in five charts that helped demystify the chip shortage, time eventually brought carmakers up from the end of a 52-week waiting list to get the chips they needed for their entertainment and driving-assistance systems. With chips finally reaching factory floors, their own manufacturing capacities were restored to prepandemic levels by the end of 2022.
Meanwhile, the mid-2022 passage of the CHIPS Act in the United States yielded a multibillion-dollar investment pool, some of which was dedicated to ramping up American manufacturing of the mature-generation chips upon which many industriesauto and otherwiseare so dependent. In March of 2023, the U.S. began disbursing CHIPS Act funding, while the E.U. considered getting into the chip-stimulus game as well.
The aim of Washingtons $50 billion expenditure is to prevent U.S. industrial concerns from falling victim to similar semiconductor supply chain snafus in the future. The EUs Chips Act legislation has similar aims; also chief among them is bolstering its constituent nations resilience in the face of such supply-chain interruptions.
Story from 29 June 2021 follows:
Historians will probably spend decades picking apart the consequences of the COVID-19 epidemic. But the shortage of chips that its caused will be long over by then. A variety of analysts agree that the most problematic shortages will...
02:00
The EV Transition Is Harder Than Anyone Thinks IEEE Spectrum
Volvo Cars CEO Jim Rowan boldly proclaims that electric vehicles will reach price parity with internal-combustion-engine (ICE) vehicles by 2025. Not likely, counter Mercedes-Benzs chief technology officer Markus Schfer and Renault Group CEO Luca de Meo.
The International Energy Agency predicts that EVs will make up more than 60 percent of vehicles sold globally by 2030. But given the sheer tonnage of lithium, cobalt, and other raw materials needed for EV batteries, that figure is overly optimistic, suggests the mineral market analysis company Benchmark Mineral Intelligence, unless nearly 300 new mines and supporting refineries open by then.
EV owners should be urged to charge at night to save not only money and the power grid but the world, a news headline cries out. Not so fast, exclaim researchers at Stanford University, who state that charging EVs during the day is actually cheaper, better for the grid, and healthier for the environment.
And so goes the litany of contradictory statements about the transition to EVs:
- EVs will/will not collapse the electric grid.
- EVs will/will not cause massive unemployment among autoworkers.
- EVs will/will not create more pollution than they eliminate.
Confused? Join the crowd.
Sorting through this contradictory rhetoric can make anyones head spin. My response to each proclamation is often a shrug followed by It depends.
Two years ago, I began investigating the veracity of claims surrounding the transition to EVs at scale. The result is a 12-part series and e-book,...
01:08
OpenSSL Security Advisory Open Source Security
Posted by Tomas Mraz on Mar 28
OpenSSL Security Advisory [28th March 2023]===========================================
Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)
======================================================================================
Severity: Low
Applications that use a non-default option when verifying certificates may be
vulnerable to an attack from a malicious CA to circumvent certain checks.
Invalid...
01:03
Re: CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Open Source Security
Posted by Solar Designer on Mar 28
Hi Zhenghan Wang,Thank you for bringing this to oss-security.
Please remind the Bluetooth subsystem maintainers, such as by "replying"
to your own message you had sent them on March 9. When doing so, please
also inform them of the CVE ID and of the oss-security posting.
For others on oss-security: Zhenghan Wang brought this issue to
linux-distros and s@k.o on March 8, brought it to the subsystem
maintainers and public Linux mailing...
01:00
Feeling the Heat: Railway Defect Detection Hackaday
On the technology spectrum, railroads would certainly seem to skew toward the brutally simplistic side of things. A couple of strips of steel, some wooden ties and gravel ballast to keep everything in place, some rolling stock with flanged wheels on fixed axles, and youve got the basics that have been moving freight and passengers since at least the 18th century.
But that basic simplicity belies the true complexity of a railway, where even just keep keeping the trains on the track can be a daunting task. The forces that a fully loaded train can exert on not only the tracks but on itself are hard to get your head around, and the potential for disaster is often only a failed component away. This became painfully evident with the recent Norfolk Southern derailment in East Palestine, Ohio, which resulted in a hazardous materials incident the likes of which no community is ready to deal with.
Given the forces involved, keeping trains on the straight and narrow is no mean feat, and railway designers have come up with a web of sensors and systems to help them with the task of keeping an eye on whats going on with the rolling stock of a train. Lets take a look at some of the interesting engineering behind these wayside defect detectors.
...
00:47
New Technique 'About 80% Effective' at Producing Babies of Desired Sex, Study Suggests SoylentNews
Researchers used a technique to separate sperm on whether they had an X chromosome (making female offspring) or a Y one (male offspring). Sperm with an X chromosome are slightly heavier than those with a Y, the research indicates.
However, the study has again raised long-held concerns over the ethics of such a process. Selecting embryos without reasons such as a sex-linked disease is illegal in many countries.
Experts behind the research, from Weill Cornell Medicine in New York, said their technique was inexpensive and "extremely safe".
Fifty-nine couples wanted a girl and it resulted in 79.1% (231 out of 292) female embryos, with 16 girls being born without any abnormalities. Fifty-six couples wanted a boy and the technique produced 79.6% male embryos (223 out of 280), resulting in 13 healthy male babies.
[...] "I am convinced that the science is sound and that, instead of the usual 50:50 'coin toss' then a couple can get a baby with the desired sex a little under 80% of the time."
From the article:
The desire to have offspring of a specific sex has a long history but has been particularly present since the 1970s with the early appearance of assisted reproduction. The reasons for choosing a child's sex may be social, such as a desire for family balancing [1]. Couples undergoing IVF, who already have a child or children of one sex, may wish to have the experience of raising children of both sexes. Some couples, who already have children, could have financial reasons for not attempting a further pregnancy without assurance that the additional child will be of a specific sex.
Cheung S, Elias R, Xie P, Rosenwaks Z, Palermo GD (2023) A non-randomized clinical trial to determine the safety and efficacy of a novel sperm sex selection technique. PLoS ONE 18(3): e0282216. https://doi.org/10.1371/journal.pone.0282216
Read more of this story at SoylentNews.
00:30
Europol warns of criminal use of ChatGPT Security Affairs
Europol warns of cybercriminal organizations can take advantage of systems based on artificial intelligence like ChatGPT.
EU police body Europol warned about the potential abuse of systems based on artificial intelligence, such as the popular chatbot ChatGPT, for cybercriminal activities. Cybercriminal groups can use chatbot like ChatGPT in social engineering attacks, disinformation campaigns, and other cybercriminal activities, such as developing malicious code.
OpenAIs ChatGPT is becoming even more attractive for cybercriminal organization that are valuating how to use its enormous capabilities.
As the capabilities of Large Language Models (LLMs) such as ChatGPT are actively being improved, the potential exploitation of these types of AI systems by criminals provide a grim outlook. reads the alert published by the Europol.
The following three crime areas are amongst the many areas of concern identified by Europols experts:
- Fraud and social engineering: ChatGPTs ability to draft highly realistic text makes it a useful tool for phishing purposes. The ability of LLMs to re-produce language patterns can be used to impersonate the style of speech of specific individuals or groups. This capability can be abused at scale to mislead potential victims into placing their trust in the hands of criminal actors.
- Disinformation: ChatGPT excels at producing authentic sounding text at speed and scale. This makes the model ideal for propaganda and disinformation purposes, as it allows users to generate and spread messages reflecting a specific narrative with relatively little effort.
- Cybercrime: In addition to generating human-like language, ChatGPT is capable of producing code in a number of different programming languages. For a potential criminal with little technical knowledge, this is an invaluable resource to produce malicious code.
According to the Europol, technologies like ChatGPT can speed up each phase of an attack chain significantly.
As such, ChatGPT can be used to learn about a vast number of potential crime areas with no prior knowledge, ranging from how to break into a home, to terrorism, cybercrime and child sexual abuse. states the report published by Europol. The identified use cases that emerged from the workshops Europol carried out with its experts are by no means exhaustive. Rather, the aim...
00:23
Security updates for Tuesday LWN.net
Security updates have been issued by Debian (dino-im and runc), Fedora (qemu), Red Hat (firefox), SUSE (chromium, containerd, docker, kernel, and systemd), and Ubuntu (graphicsmagick, linux-azure, linux-gcp, linux-oem-5.14, linux-oem-5.17, linux-oem-6.0, linux-oem-6.1, and node-url-parse).
00:23
Dr. John-Arne Rttingen, MD, PhD Ambassador for Global Health, Ministry of Foreign Affairs, Norway Lifeboat News: The Blog
Ambassador Dr. John-Arne Rttingen, MD, Ph.D. (https://www.bsg.ox.ac.uk/people/john-arne-rottingen) is Ambassador for Global Health, at the Ministry of Foreign Affairs, Norway, and a Visiting Fellow of Practice, at the Blavatnik School of Government, Oxford University.
Ambassador Dr. Rttingen has previously served as the Chief Executive of the Research Council of Norway; the founding Chief Executive Officer of the Coalition for Epidemic Preparedness Innovations (CEPI); Executive Director of Infection Control and Environmental Health at the Norwegian Institute of Public Health; founding Chief Executive of the Norwegian Knowledge Centre for the Health Services; Professor of Health Policy at the Department of Health Management and Health Economics, Institute of Health and Society, University of Oslo; and Adjunct Professor at the Department of Global Health and Population, Harvard T.H. Chan School of Public Health.
From 2020, Ambassador Dr. Rttingen also chaired the Executive Group and the International Steering Committee of the WHO Solidarity trial to compare four untested treatments for hospitalized people with severe COVID-19 illness. In early 2021, he was appointed by the G20 to the High Level Independent Panel (HLIP) on financing the global commons for pandemic preparedness and response. That same year, he was also appointed to the Pandemic Preparedness Partnership (PPP), an expert group chaired to advise the G7 presidency. From mid-2021, he was part of the Access to COVID-19 Tools Accelerators Vaccine Manufacturing Working Group.
Ambassador Dr. Rttingen received his MD and Ph.D. from the University of Oslo, an MSc from Oxford University and an MPA from Harvard University.
00:13
Elephant Robotics Unveils New Desktop Educational Robots for 2023 IEEE Spectrum
This is a sponsored article brought to you by Elephant Robotics.
In recent years, interest in using robots in education has seen massive growth. Projects that involve robotics, artificial intelligence, speech recognition, and related technologies can help develop students analytical, creative, and practical skills. However, a major challenge has been the robots themselves: They are typically big, heavy, and costly. For robots to become widely used in education, they need to be smaller, easier to setup and use, and, more important, they need to be affordable to educators and students.
Thats the goal Elephant Robotics aims to achieve with its line of lightweight, smart, and capable robots. The company has launched several desktop collaborative robots over the past few years, including the myCobot, mechArm, and myPalletizer. To help users achieve more applications in education, Elephant Robotics has also launched AI Robot Kit, a robotic kit that integrates multiple functions like vision, positioning grabbing, and automatic sorting modules. This year, the company is unveiling completely improved and upgraded products to make robotics even more accessible in education.
Upgraded Robotic Arms and AI Kits
Schools in different countries and regions have been using Elephant Robotics robotic arms and AI Kits as educational tools in recent years. The products portability, ease of use, and cost-effectiveness have helped schools integrate robotics as part of their programs and courses. The performance of the products and the wide range of built-in software and features help students learn better about robotics and programming. Using the robotic arms and...
00:02
Wildz Casino Mobile Promos, How To Bet And Extra h+ Media
Wildz Casino Mobile Promos, How To Bet And Extra
Within Android yow will discover the best online on line casino apps in New Zealand. Through them you can make the bets you want, all with a free download from the Play Market. Through Google youll have the ability to seek for the New Zealand casinos you want and find their obtain possibility. Kiwi players will be delighted with the attentive buyer assist services they obtain at 888casino. By merely clicking on the Help button, you will be able to entry a fully complete FAQ and help part. It offers detailed data on issues like Bonuses and Promos, Withdrawals and Deposits, Games and Logins, Personal Account information, Registration-related data and Technical issues.
The app for iPhone and iPad may be discovered on iTunes but each the Apple and the Android app can be requested from the 888 Poker web site as properly. Users with Windows phones, BlackBerry or Also, you presumably can take a break or cooling-off period of your desired length . Alternatively, you possibly can self-exclude for six months or more by contacting buyer help. You can get professional help from organisations like Gamblers Anonymous and Gambling Therapy. 888 Casino You are capable of qualify for about C$1, 500 as a welcome bonus, to take enjoyment of issues massive variety of online game titles.
There is not really one single best approach to make a deposit with a cellular casino. Wed at all times advise playing in NZD the place possible, which may narrow down the variety of fee options you can use. Find the most effective on-line casinos offering your favorite games by clicking under. This team carries out a strict auditing course of when reviewing sites, assessing payout velocity, game selection, software high quality, stage of safety, cellular compatibility, and customer service. Mega888 on line casino is one of the platforms that began off video games immediately with mobile apps. The APK format for the game is out there for obtain on the official site of the sport platform, after which youll have the ability to proceed to install and register your account on the app and use.
In addition, players can enable the 2FA to make sure no one else accesses their accounts. The most a fact in the on-line conventional on line casino world shall be Range Riches via the producer Barcrest and the Cleopatra on-line slot machine game from IGT. If you participate within the VIP program as being a excessive portray device, youll have entry to high-stakes kitchen tables and obtain invitations to occasions. The benefits additionally embrace your own account director who protects questions and wishes of players at all times.
Having a perfect sense of what you would possibly be actually looking for in a authorized on-line on line casino in New Zealand is crucial to registering an account with Captain Coo...
Wildz Casino Mobile Promos, How To Bet And Extra h+ Media
Wildz Casino Mobile Promos, How To Bet And Extra
Within Android yow will discover the best online on line casino apps in New Zealand. Through them you can make the bets you want, all with a free download from the Play Market. Through Google youll have the ability to seek for the New Zealand casinos you want and find their obtain possibility. Kiwi players will be delighted with the attentive buyer assist services they obtain at 888casino. By merely clicking on the Help button, you will be able to entry a fully complete FAQ and help part. It offers detailed data on issues like Bonuses and Promos, Withdrawals and Deposits, Games and Logins, Personal Account information, Registration-related data and Technical issues.
The app for iPhone and iPad may be discovered on iTunes but each the Apple and the Android app can be requested from the 888 Poker web site as properly. Users with Windows phones, BlackBerry or Also, you presumably can take a break or cooling-off period of your desired length . Alternatively, you possibly can self-exclude for six months or more by contacting buyer help. You can get professional help from organisations like Gamblers Anonymous and Gambling Therapy. 888 Casino You are capable of qualify for about C$1, 500 as a welcome bonus, to take enjoyment of issues massive variety of online game titles.
There is not really one single best approach to make a deposit with a cellular casino. Wed at all times advise playing in NZD the place possible, which may narrow down the variety of fee options you can use. Find the most effective on-line casinos offering your favorite games by clicking under. This team carries out a strict auditing course of when reviewing sites, assessing payout velocity, game selection, software high quality, stage of safety, cellular compatibility, and customer service. Mega888 on line casino is one of the platforms that began off video games immediately with mobile apps. The APK format for the game is out there for obtain on the official site of the sport platform, after which youll have the ability to proceed to install and register your account on the app and use.
In addition, players can enable the 2FA to make sure no one else accesses their accounts. The most a fact in the on-line conventional on line casino world shall be Range Riches via the producer Barcrest and the Cleopatra on-line slot machine game from IGT. If you participate within the VIP program as being a excessive portray device, youll have entry to high-stakes kitchen tables and obtain invitations to occasions. The benefits additionally embrace your own account director who protects questions and wishes of players at all times.
Having a perfect sense of what you would possibly be actually looking for in a authorized on-line on line casino in New Zealand is crucial to registering an account with Captain Coo...
00:00
Neurotechs Battles Impact Our Brains Future IEEE Spectrum
Neurotechnologies todaydevices that can measure and influence
our brains and nervous systemsare growing in power and popularity.
The neurotech marketplace, according to Precedence Research, is worth US
$14.3 billion this year and will exceed $20 billion within four
years. Noninvasive brain-computer interfaces, brain-stimulation devices, and brain-monitoring hardware (measuring alertness and
attention at work, for example) are no longer just laboratory
experiments and technological curios. The societal and legal
implications of widespread neurotech adoption may be
substantial.
Nita Farahany, professor of law and philosophy at Duke University, has written a new book, The Battle for Your Brain: Defending the Right to Think Freely in the Age of Neurotechnology (Macmillan), which explores how our lives may be impacted by the use of brain-computer interfaces and neural monitoring devices.
Farahany argues that the development and use of neurotech presents a challenge to our current understanding of human rights. Devices designed to measure, record, and influence our mental processesused by us or on usmay infringe on our rights to mental privacy, freedom of thought, and mental self-determination. She calls this collection of freedoms the right to cognitive liberty. IEEE Spectrum spoke with Farahany recently about the future and present of neurotech and how to weigh its promisesenhanced capabilities, for instance, including bionics and prosthetics and even a third armagainst its potential to interfere with peoples mental sovereignty.
Author, Nita
Fara...
Tuesday, 28 March
23:59
888 On Line Casino Nz Review 2021 $1500 Premium Welcome Bonus h+ Media
888 On Line Casino Nz Review 2021 $1500 Premium Welcome Bonus
888 obtained the likes of NetEnt, Electracade, and Merkur Gaming on board. Simply put, 888 is one of the most trusted on line casino sites for New Zealanders. Its a no brainer to begin taking half in and get 888 Casinos $88 FreePlay to get things began. Along with their great bonuses, 888 is a superb gaming site for online gamers in New Zealand. When it involves gaming software program, 888 Casino is powered by 12 of the industrys biggest movers and shakers. It isnt the casinos making the games you play, its the software program growth abilities of award-winning innovators, designers and production corporations.
888 Casino is beneath the regulation and is licensed in Gibraltar, which means that also, the web on line casino is quickly on supply to all New Zealand avid gamers. The best way to discovering protected online platforms is to use our recomenVegas Palms casino listing. Our group of experts personally reviews each site to ensure that they are safe and dependable. Having to wait to receive deposits to have the power to pay withdrawals. Its promoting work is presently rising as part of its sponsorship technique for golf equipment such as Atletico Madrid and including enticing bonuses to attract increasingly players. It additionally has welcome bonuses for brand spanking new players and other bonuses extra particular and designed for players.
Also, youve the chance to enter live games to really feel like in an actual casino from your house. The games lobby is likely considered one of the highlights of this real cash on line casino, and of this 888 on line casino review as well. With leading software program providers supplying the games, 888 members are treated to a number of the latest and biggest titles in the marketplace. The foyer offers you a top-level menu of pokies, on line casino video games, live on line casino, and jackpot, and we will examine every one intimately, to offer you an idea of what you presumably can look forward to. Super Spin Doctor wont solely let you win huge quantities of cash with out investing an excessive quantity of, baccarat. Mount Airy informed the PGCB final month of its new poker room plans, but it could positively be said that the companys catalogue is stuffed with wonderful titles.
Keno is not out there at a whole lot of on-line casinos just but, but 888s got you coated. With tons of of slots, a generous welcome bonus, thrilling promotions and a luxurious look and feel, 888 Casino is a world-class experience in each single way. For a few fun spins or a chance at an enormous win, this is positively the place to be. The RTP refers to the amount of cash staked on a sport which should theoretically return to players over time. This varies depending on the slot you play, but there are quite a few excessive RTP video games obtainable right here, so have a go at a game like Se...
888 On Line Casino Nz Review 2021 $1500 Premium Welcome Bonus h+ Media
888 On Line Casino Nz Review 2021 $1500 Premium Welcome Bonus
888 obtained the likes of NetEnt, Electracade, and Merkur Gaming on board. Simply put, 888 is one of the most trusted on line casino sites for New Zealanders. Its a no brainer to begin taking half in and get 888 Casinos $88 FreePlay to get things began. Along with their great bonuses, 888 is a superb gaming site for online gamers in New Zealand. When it involves gaming software program, 888 Casino is powered by 12 of the industrys biggest movers and shakers. It isnt the casinos making the games you play, its the software program growth abilities of award-winning innovators, designers and production corporations.
888 Casino is beneath the regulation and is licensed in Gibraltar, which means that also, the web on line casino is quickly on supply to all New Zealand avid gamers. The best way to discovering protected online platforms is to use our recomenVegas Palms casino listing. Our group of experts personally reviews each site to ensure that they are safe and dependable. Having to wait to receive deposits to have the power to pay withdrawals. Its promoting work is presently rising as part of its sponsorship technique for golf equipment such as Atletico Madrid and including enticing bonuses to attract increasingly players. It additionally has welcome bonuses for brand spanking new players and other bonuses extra particular and designed for players.
Also, youve the chance to enter live games to really feel like in an actual casino from your house. The games lobby is likely considered one of the highlights of this real cash on line casino, and of this 888 on line casino review as well. With leading software program providers supplying the games, 888 members are treated to a number of the latest and biggest titles in the marketplace. The foyer offers you a top-level menu of pokies, on line casino video games, live on line casino, and jackpot, and we will examine every one intimately, to offer you an idea of what you presumably can look forward to. Super Spin Doctor wont solely let you win huge quantities of cash with out investing an excessive quantity of, baccarat. Mount Airy informed the PGCB final month of its new poker room plans, but it could positively be said that the companys catalogue is stuffed with wonderful titles.
Keno is not out there at a whole lot of on-line casinos just but, but 888s got you coated. With tons of of slots, a generous welcome bonus, thrilling promotions and a luxurious look and feel, 888 Casino is a world-class experience in each single way. For a few fun spins or a chance at an enormous win, this is positively the place to be. The RTP refers to the amount of cash staked on a sport which should theoretically return to players over time. This varies depending on the slot you play, but there are quite a few excessive RTP video games obtainable right here, so have a go at a game like Se...
23:32
Prompt engineering and jailbreaking: Europol warns of ChatGPT exploitation HackRead | Latest Cybersecurity and Hacking News Site
The concern arises from the growing number of cybercriminals attempting to exploit the AI-based chatbot for developing malware and other malicious tools.
This is a post from HackRead.com Read the original post: Prompt engineering and jailbreaking: Europol warns of ChatGPT exploitation
23:31
Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence The Hacker News
An advanced persistent threat (APT) group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization (DRDO), the research and development wing of India's Ministry of
23:29
All of Microsofts Strategic Areas Have Layoffs This Year Techrights
The layoffs keep going and going, e.g. todays updates [1, 2]; theres no end in sight
Summary: Microsofts supposedly strategic/future areas gaming (trying to debt-load or offload debt to other companies), so-called security, clown computing (Azure), and Hey Hi (chaffbots etc.) have all had layoffs this year; its clear that the company is having a serious existential crisis in spite of Trumps and Bidens bailouts (a wave of layoffs every month this year) and is just bluffing/stuffing the media with chaffbots cruft (puff pieces/misinformation) to keep shareholders distracted, asking them for patience and faking demand for the chaffbots (whilst laying off Bing staff, too)
23:12
Turtle Beach REACT-R & Recon Xbox Controllers To Be Supported In Linux 6.4 Phoronix
Turtle Beach gaming controllers will see support by the widely-used XPad driver with the upcoming Linux 6.4 kernel...
23:08
IcedID Malware Shifts Focus from Banking Fraud to Ransomware Delivery The Hacker News
Multiple threat actors have been observed using two new variants of the IcedID malware in the wild with more limited functionality that removes functionality related to online banking fraud. IcedID, also known as BokBot, started off as a banking trojan in 2017. It's also capable of delivering additional malware, initial loader
22:54
Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo The Hacker News
Malicious actors are constantly adapting their tactics, techniques, and procedures (TTPs) to adapt to political, technological, and regulatory changes quickly. A few emerging threats that organizations of all sizes should be aware of include the following: Increased use of Artificial Intelligence and Machine Learning: Malicious actors are increasingly leveraging AI and machine learning to
22:31
Links 28/03/2023: Pitivi 2023.03 is Out, Yet More Microsoft Layoffs (Now in Israel) Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
- ...
22:29
IRC Proceedings: Monday, March 27, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-270323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-270323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-270323.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-270323.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
22:23
Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529) Help Net Security
Apple has released security updates for pardon the pop-culture reference everyhing everywhere all at once, and has fixed the WebKit vulnerability (CVE-2023-23529) exploited in the wild for users of older iPhones and iPads. This latest batch of security updates targets the iOS and iPad 16.x and 15.x branches; macOS Big Sur, Monterey and Ventura; watchOS and tvOS; Safari; and Studio Display, a standalone computer monitor / external display. The CVE-2023-23529 fix for older More
The post Apple backports fix for exploited WebKit bug to older iPhones, iPads (CVE-2023-23529) appeared first on Help Net Security.
22:19
CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free Open Source Security
Posted by Zhenghan Wang on Mar 28
Hi,In the Bluetooth subsystem, a double free vulnerability was found in the
hci_conn_cleanup function of net/bluetooth/hci_conn.c, which may cause DOS
or privilege escalation.
Version: Linux kernel 6.2 (this problem also exists in 6.3-rc1)
At the end of the hci_conn_del_sysfs(conn) function in the hci_conn_cleanup
function, hci_dev_put(hdev) will be called. The hci_dev_put function will
eventually call kfree to release the space used by name:...
22:02
Microsoft to Fix Windows 11 aCropalypse Privacy Failure SoylentNews
Microsoft to fix Windows 11 'aCropalypse' privacy failure:
Updated Microsoft is said to be preparing to fix the high-profile "aCropalypse" privacy bug in its Snipping Tool for Windows 11.
Users can remove sensitive information or some other parts of photos, screenshots, and other images by cropping them using the Snipping Tool app. The problem is that for the Windows 11 app as well as Microsoft's Snip & Sketch cropping tool in Windows 10 the file of the cropped image still includes the cropped out portions, which can be recovered and viewed.
A similar flaw was found in Google's Markup image-editing app for its Pixel smartphones. According to reverse engineers Simon Aarons and David Buchanan who named the bug aCropalyse the problem affects Pixel smartphones since 2018, when the 3 series came out. Google patched its code to avoid leaking cropped areas of images.
Then this week, Buchanan confirmed that the Windows Snipping Tool and Snip & Sketch software had the same issue. If a user cropped a photo or other image using the software and then saved the edited image over the original file, that file still contains the cropped-out portion. The area isn't visible when viewing the image using normal tools, but the data is still there in the file, and can be restored and viewed using appropriate recovery software.
Steven Murdoch, a professor of security engineering at the UK's University College London, shared some thoughts here on the underlying issue within Windows, specifically its latest Save File API, which he described as "defective by design."
[...] Meanwhile, if you've used Microsoft's code to crop your snaps and then shared them on, be aware someone with a copy of them might be able to recover the lopped-off portions.
Read more of this story at SoylentNews.
22:00
Hams Watch For Meteors Hackaday
After passing an exam and obtaining a license, an amateur radio operator will typically pick up a VHF ratio and start talking to other hams in their local community. From there a whole array of paths open up, and some will focus on interesting ways of bouncing signals around the atmosphere. There are all kinds of ways of propagating radio waves and bouncing them off of various reflective objects, such as the Moon, various layers of the ionosphere, or even the auroras, but none are quite as fleeting as bouncing a signal off of a meteor thats just burned up in the atmosphere.
While they arent specifically focused on communicating via meteor bounce, The UK Meteor Beacon Project hopes to leverage amateur radio operators and amateur radio astronomers to research more about meteors as they interact with the atmosphere. A large radio beacon, which has already been placed into service, broadcasts a circularly-polarized signal in the six-meter band which is easily reflected back to Earth off of meteors. Specialized receivers can pick up these signals, and are coordinated among a network of other receivers which stream the data they recover over the internet back to a central server.
With this information, the project can determine where the meteor came from, some of...
21:50
QNX Support Restored For SDL3 Phoronix
When SDL3 development kicked off last November for this open-source library that is widely used by cross-platform games and other software, QNX support was removed alongside other old targets. Just months later, the QNX platform support is being revived...
21:28
Vulkan 1.3.245 Brings New NVIDIA Vendor Extension To Help Optimize Ray-Tracing Phoronix
The Vulkan 1.3.245 extension is a small update to this industry-standard graphics/compute API with just a handful of issues resolved but it does introduce one new extension, which is a NVIDIA vendor extension aiming to further enhance Vulkan ray-tracing...
21:11
CVE-2023-28326: Apache OpenMeetings: allows user impersonation Open Source Security
Posted by Maxim Solodovnik on Mar 28
Severity: criticalDescription:
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
This issue is being tracked as OPENMEETINGS-2739
Credit:
Dennis Zimmt (reporter)
References:
https://openmeetings.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-28326
https://issues.apache.org/jira/browse/OPENMEETINGS-2739
21:08
Telecom giant Lumen suffered a ransomware attack and disclose a second incident Security Affairs
Telecommunications giant Lumen Technologies discovered two cybersecurity incidents, including a ransomware attack.
In a filing to the Securities and Exchange Commission, on March 27, 2023, Lumen announced two cybersecurity incidents. One of the incidents is a ransomware attack that impacted a limited number of its servers that support a segmented hosting service. The company did not provide details about the family of ransomware that infected its systems, it only admitted that the incident is currently degrading the operations of a small number of the Companys enterprise customers.
On March 27, 2023, Lumen announced two cybersecurity incidents. First, last week the Company discovered that a malicious intruder had inserted criminal ransomware into a limited number of the Companys servers that support a segmented hosting service. reads the 8-k form filed by the company with SEC. This intrusion is currently degrading the operations of a small number of the Companys enterprise customers.
After the discovery of the ransomware attack, Lumen implemented enhanced security software that allowed the company to discover a separate intrusion. In this second incident, a sophisticated intruder accessed a limited number of the Companys internal information technology systems. The attackers were able to conduct reconnaissance of these systems, installing malware and extracting a relatively limited amount of data.
Based on its ongoing investigations described below and information known at this time, the Company does not believe the incidents have had or will have a material adverse impact on its ability to serve its customers or its business, operations, or financial results. continues the form.
Lumen notified law enforcement authorities and reported the incident to the impacted customers. The company launched an investigation into the incident with the help of forensic to determine the extent of the intrusion.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs hacking, Lumen)
The post Telecom giant Lumen suffered a ransomware attack and disclose a second incident appeared first on Security Affairs.
21:06
Intel Releases GPGMM v0.1 GPU Memory Management Library Phoronix
Intel has published v0.1 of its GPGMM software, the open-source General-Purpose GPU Memory Management Library. This library is intended to be used by modern software employing the Vulkan or D3D12 APIs for helping application developers deal with low-level video memory management...
20:53
Stealthy DBatLoader Malware Loader Spreading Remcos RAT and Formbook in Europe The Hacker News
A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader. "The malware payload is distributed through WordPress websites that have authorized SSL certificates, which is a common tactic used by threat actors to evade detection engines," Zscaler researchers Meghraj Nandanwar and Satyam Singh said in a report
20:52
OpenBLAS 0.3.22 Introduces EmScripten JavaScript, Fixes AMD Zen 4 Handling Phoronix
A new release of OpenBLAS is now available, the open-source BLAS and LAPACK implementation known for its wide variety of processor optimizations...
20:22
Cancer that spreads to the lung maneuvers to avoid being attacked Lifeboat News: The Blog
Cancer that has spread to areas like the lungs can apply the brakes to a natural pathway that should recruit killer T cells directly to where it has metastasized, scientists report.
That newly found strategy used by tumors that have spreadand are consequently more deadlymay help explain why sometimes promising immunotherapies designed to help the immune system kill cancer dont, says Kebin Liu, Ph.D., cancer immunologist in the Department of Biochemistry and Molecular Biology at the Medical College of Georgia.
It also may mean an additional therapeutic maneuver is needed to stop some tumors, which often are diagnosed after they have spread, says Liu, corresponding author of the study in the journal Cancer Cell.
20:20
Death Levels Sharply Above Pre-COVID-19 Levels schestowitz.com
Even if the media does not talk about this (or belittles the whole thing)
AM
sad about this, but I am not shocked.
10 minutes ago ONS released the latest mortality numbers for England and Wales. This update is a weekly occurrence (typically 10AM ish every Tuesday).
Total deaths week 11 in 2019: 10,567. Total deaths week 11 in 2022: 10,928. Total deaths week 11 in 2023: 12,133. Pandemic is over, folks. Go back your office cage and dont wear a mask or anything. COVID-19 is both mild and long now.
20:17
Europol details ChatGPTs potential for criminal abuse Help Net Security
With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large language models (LLMs) like ChatGPT can be exploited by criminals and how they can be utilized to aid investigators in their day-to-day tasks. ChatGPT and law enforcement Their insights are compiled in Europols first Tech More
The post Europol details ChatGPTs potential for criminal abuse appeared first on Help Net Security.
20:09
Bet365 Evaluation
By following the above steps, you possibly can easily obtain the .apk file on your android phone. Please stick with us to know the installation process of the app on your gadget. The Betway app has been modified over the years for Android and iOS platforms. It can higher. But if customers may dont just like the updates, they can turn off the automatic update feature from their telephone.
There are dozens of great video games all streamed in HD high quality within the live on line casino, so you positively shouldnt miss it. Players at Betway can guess on any and all football matches from any nook of the world in their betting account. Football betting is a vital a half of the positioning and it comes as no surprise to see them accomplish that well on this division too. In reality, a majority of Betway reviews on-line have praised their football part.
For occasion, you can simply access the cellular model without having to download anything. However, regardless of having to be downloaded and up to date from time to time, we should always give the sooner entry to their APK. Plus, it offers a extra dependable and smoother wagering experience and the Betway apk doesnt rely as heavily in your internet connection.
The firm provides quite so much of instruments and features to help prospects keep in cost of their spending, corresponding to deposit limits and actuality checks. Another necessary aspect of Bet365 is its customer help. The platform presents excellent customer support, with a devoted team of professionals out there 24/7 to help with any queries or points you may have.
Specify the deposit quantity, fill within the cost particulars and make sure the transaction. Please observe that the account currency can only be selected at this stage. The button to go to this class is in the lower right corner of the screen.
You will acquire entry to the data free mode on Betway once you log into your account on the app. Furthermore, you must also have a constructive steadiness in your account to enable the free information function. Before you set the Betway app to be knowledge free, you have to log in to your Betway account. However, this facet requires utilizing data, so there is no knowledge free login.
Betway has particularly made this for cricket and no different sport. Here is how one can enjoy the Boundary Money Back Special bonus. Now, lets converse of the advantages and some small drawbacks regarding the relevance of the Betway cellular app. Pretty a lot the same process applies to the downloading and installation of the Betway app for iOs devices. After the download, you want to install the app to use it additional. Can gamblers create a couple of account on the platfrom?
Before actually beginning the review, we want all our readers that know how we rank the betting web sites. The cause behind shari...
20:06
Ashneer Grover Launches Fantasy Sports App Crickpe Ahead Of Ipl h+ Media
Ashneer Grover Launches Fantasy Sports App Crickpe Ahead Of Ipl
You can get it on almost all the main smartphone platforms. In the primary case, youll get to the portal Indian.bet. Otherwise, you must scroll the main web site page to the very backside.
At the same time, you probably can guess on several outcomes from the exact match. Express This type of wager lets you predict several outcomes at the same time. The odds will be multiplied, rising the potential winnings.
The want for the cell app was caused as a solution to complaints filed about the betway official site. Before the app, customers typically had a difficult time completing their registration course of on-line. Also, the fee procedures for deposit and withdrawal of funds takes a longer period because of numerous users making an attempt to entry the server at the similar time. They will provide you with entry to all of the features and features which would possibly be available on the desktop version. This means you could make payments, play on line casino games, or even do mundane stuff like shopping the FAQ section all while on the go. The apps work smoothly on all fashionable gadgets, though you need to replace your devices OS to its newest model to make sure optimum performance.
Even though phones are becoming increasingly more refined, people are still struggling to determine which recordsdata to maintain. The RAMs of the telephones these days cant handle all of the heavy apps, and the telephone often slows down. People who face this issue sometimes attempt to access websites using their browsers, and Betway has a correct cell model for his or her site.
After youve completed the Betway obtain apk for its iOS variant, youll need to install it. To finish this procedure, simply settle for it in a specified message. For users from completely different continents, the Betway app is probably considered one of the excellent, and so they belief it implicitly.
The providing within the casino part is overwhelming as nicely. Just choose your sport or casino and begin constructing your betslip. Android and iOS customers can take pleasure in betting by downloading the Betway app, and the process for a similar is talked about in the following section.
When you wish to play for real money, you can depend on the assistance of our specialists to search out you the best deals and best casinos. The second most important query that comes to each users thoughts is whether or not the website is protected to use or not. To get the reply to this query, we have checked the license of the corporate.
You will be succesful of use them immediately for betting or enjoying on the on-line on line casino. Youll also have the flexibility to get a bonus if youre a model new Betway participant, of course. Among sports activities occasions within the Betway online betting app, yow will discover Indian, European, American or African champio...
20:06
Betway App
Open any browser in your gadget and go to the official Betway website. Now it stays to attend for a sure period of time till the funds reach your pockets or card which was used for the withdrawal. Usually, it doesnt take long, but you could have to wait up to 20 minutes.
Like the web site, the Betway app additionally provides users with a huge selection of sports markets to bet on. The Betway app is taken into account among the best cell sports activities gaming apps due to its unique features. It has emerged as an essential betting platform for Android and iOS customers. Using this, the participant can simply guess on his favorite recreation.
There is a separate cyber sports activities part, which is not typical of different on-line purposes. In addition, bookmaker customers can reap the benefits of numerous promotions via the app. India does not have any federal regulation to forbid individuals from utilizing an internet betting website registered in one other country. An on-line betting website must accept bets in Indian Rupees to be considered legal in India. Betway satisfies this condition as it accepts INR for each withdrawals and deposits. The Betway cellular app can be installed into nearly any Android or iOS gadget, utterly free of cost.
The choice of merchandise within the Betway Casino app is much like the companys web site. The identical applies to the choices required for registration, authorization, account replenishment, launching games, activating bonuses, etc. If youve questions relating to its use, youll find a way to always contact the support staff.
Here you also can make a forecast on what benefit the group will win or greater than what kind it wont concede to the opponent. For example, zero handicap may be very popular in test matches between sturdy teams. Each on-line sport has a unique approach to practice. Betway Casino ensures that their video slot machine reaches the variety of categories, together with the most recent and the normal titles. For a greater understanding of the options of the bookmaker, register and start taking half in, we guarantee you may be pleasantly stunned.
For sports activities betting lovers, the betting firm presents a welcome bonus of $150 with a huge one hundred pc first deposit bonus. This welcome offer has a particular Betway promotional code. Betways bonus program is somewhat uncommon for a bookmaker. The welcome bonus for casino players is only one, however its legitimate on your first three deposits and may bring you a total of $1,000 at the end of three phases.
Indian soccer buffs also can put money down on top-tier European occasions the Champions League and Europa League. Football is palms down the most well-liked sport on the planet and has an unlimited and loyal fan base in India. [newline]Betway comes up sturdy in this neck of the woods, too. We cant say we have been shocke...
20:04
Betway Evaluation & Bonus Code h+ Media
Betway Evaluation & Bonus Code
It allows you to enhance your odds and earn cash in your greatest information. As seen, gamers can use any fashionable browser to find Betway. The platform will match any display dimension, thus permitting high-quality gameplay. To entry the Betway mobile website, you first need to ensure your system fulfils several specs. Take a look at the extra table weve made and check the minimum requirements your cellular needs to entry the Betway platform and play.
The Betway poker app works nicely independently from a device. You can get a Windows, iOS, or Android utility free of charge by visiting the Betway portal. If the incompatibility error happens during the course of and additional progress is inconceivable, you need to get to the Support service. There, a manager will recommend to you all attainable methods out.
Popular options embrace set betting, match winner, complete games, and handicaps. The next step is selecting the odds for the sports activities category you wish to bet on. A participant can place bets on a number of matches or a single match, depending on their preference. The first step to putting a guess on the platform is logging into your account with your account info.
Then, click on the My Account tab and select Withdraw. This have to be accomplished to stop illicit registration on the app. The help agents at Betway truly go the extra mile to resolve customer queries as quickly as potential. Theyre attentive, resourceful, environment friendly, and responsive, even during rush hours. The rotating promotion banners are displayed at the centre of the web page, however they dont cowl a lot of the actual estate nor trigger muddle.
All you have to do is open the app in your telephone and luxuriate in betting and gambling anytime and wherever. Betway hasnt misplaced its high quality even after its massive recognition. The User interface of Betway is similar to the website. The company is regulated within the UK by the regional Gambling Commission and internationally by the Malta Gambling Authority. The one issue I confronted was the excessive level of margins for the betting. In the reside events, Betway also alters the percentages more drastically than the other playing sites.
If you create an account beneath a fictitious name, you will be unable to withdraw your winnings. The application takes up little house and consumes a minimal of gadget assets, which offers a quick response when selecting choices and prompt page loading. The cellular software program implements all security measures that guarantee the safety of confidential info and money account. Restart your cell and retry downloading the app from the Apple Store.
The website administration additionally permits all customers to obtain a welcome bonus. Users have two sorts to select from Welcome Sports 200% and Welcome Casino 200%. You can accept the provide, play 4rabet for money with...
19:55
President Biden Signs Executive Order Restricting Use of Commercial Spyware The Hacker News
U.S. President Joe Biden on Monday signed an executive order that restricts the use of commercial spyware by federal government agencies. The order said the spyware ecosystem "poses significant counterintelligence or security risks to the United States Government or significant risks of improper use by a foreign government or foreign person." It also seeks to ensure that the government's use of
19:41
MPA, Amazon & Apple Win $30m in Damages Against Pirate IPTV Services TorrentFreak
Operators of pirate IPTV services in the United States
risk prison sentences and civil copyright infringement lawsuits
when things dont go to plan.
The recent 66-month sentence handed to YouTuber Omi in a Hellcat is one example with a particularly hefty price tag $30+ million in restitution.
IPTV services operated by Texas resident Dwayne Johnson werent as big or as profitable, but certainly important enough for Hollywood to step in with overwhelming resources.
Powerful Coalition Sues Johnson
In December 2021, movie and TV giants Universal, Disney, Paramount, Warner, and Columbia teamed up with Netflix, Amazon, Apple, and several other studios, in a lawsuit targeting AllAccessTV (AATV) and Quality Restreams.
The complaint alleged that AATV supplied infringing movies and TV shows via its IPTV and VOD services. Titles including The Godfather, Harry Potter, Jurassic Park, and The Office were distributed to subscribers via their smart TVs, computers, set-top boxes, plus mobile and tablet devices.
The studios said that most subscribers paid between $10 to $45 per month to access around 2,500 channels.
Connected service Quality Restreams allegedly provided infringing movies and TV shows to other pirate IPTV providers, including AATV.
In addition to live IPTV channels, its VOD service supplied 600 movies and 600 TV series, organized into named categories, including Netflix, Amazon Prime Video, Hulu, and Disney+.
Disguised as a VPN Provider
While most IPTV providers make at least some effort to hide their nature, the lawsuit alleged that AATV went a little further by presenting itself as a VPN provider.
The lawsuit revealed that along with many other pieces of cross contamination evidence, the studios...
19:19
Researchers Develop Soft Robot That Shifts From Land to Sea With Ease SoylentNews
[R]esearchers at Carnegie Mellon University have created soft robots that can seamlessly shift from walking to swimming, for example, or crawling to rolling:
"We were inspired by nature to develop a robot that can perform different tasks and adapt to its environment without adding actuators or complexity," said Dinesh K. Patel, a post-doctoral fellow in the Morphing Matter Lab in the School of Computer Science'sHuman-Computer Interaction Institute. "Our bistable actuator is simple, stable and durable, and lays the foundation for future work on dynamic, reconfigurable soft robotics."
The bistable actuator is made of 3D-printed soft rubber containing shape-memory alloy springs that react to electrical currents by contracting, which causes the actuator to bend. The team used this bistable motion to change the actuator or robot's shape. Once the robot changes shape, it is stable until another electrical charge morphs it back to its previous configuration.
[...] The actuators require only a hundred millisecond of electrical charge to change their shape, and they are durable. The team had a person ride a bicycle over one of the actuators a few times and changed their robots' shapes hundreds of times to demonstrate durability.
In the future, the robots could be used in rescue situations or to interact with sea animals or coral. Using heat-activated springs in the actuators could open up applications in environmental monitoring, haptics, and reconfigurable electronics and communication.
Video of the robot in action.
Related:
- Scientists Unveil Bionic Robo-Fish to Remove Microplastics From Seas
- New Stretchable, Self-Healing and Illuminating Electronic Material for Wearables and Soft Robots
- A Soft Robotic Insect That Survives Being Flattened by a Fly Swatter
- Rubbery Figures: Scientists Create an Entirely Soft Robot
- "Soft Muscled" Robots Could Perform Delicate Tasks
19:00
Its Difficult To Read An Audiophile Guide As An Analogue Engineer Hackaday
Sitting on a train leaving the Hackaday Berlin conference, and Hacker News pops up Julian Shapiro with a guide to HiFi. What Hackaday scribe wouldnt give it a click, to while away the endless kilometres of North European Plain!
Its very easy as an analogue electronic engineer, to become frustrated while reading audiophile tracts, after all they have a tendency to blur superficial engineering talk with pseudoscience. Theres a rich vein of parody to be found in them, but nevertheless its interesting to read them because just sometimes the writer gets it and doesnt descend into the world of make-believe.
This one is probably par for the course, we raised an eyebrow at the idea of comparing different speaker setups merely from sampled recordings, and rolled our eyes at the usual price-tag worship, but at least some of the acoustics stuff isnt from another planet. The stand-out quote that motivated its write-up here though is the following, where he addresses the relationship between the audiophile industry and the audiophile press:
Also, note that almost all hifi reviews are positive. This is b...
18:27
Peter A. Swan, President of the International Space Elevator Consortium, joins our Space Settlement Board. Lifeboat News
Peter A. Swan, President of the International Space Elevator Consortium, joins our Space Settlement Board.
18:00
Are coincidences real? Terra Forming Terra
In Cods Shadow, Redfish Rise Terra Forming Terra
Stuck with the soul Terra Forming Terra
NHS Dr reveals Staff were ordered to Euthanise Patients to fraudulently increase COVID Death Count Terra Forming Terra
16:35
Microsoft Research Paper Claims Sparks of Artificial Intelligence in GPT-4 SoylentNews
Microsoft Research has issued a 154-page report entitled Sparks of Artificial Intelligence: Early Experiments With GPT-4:
Given the breadth and depth of GPT-4's capabilities, we believe that it could reasonably be viewed as an early (yet still system.
Zvi Mowshowitz wrote a post about this article:
[...] Their method seems to largely be 'look at all these tasks GPT-4 did well on.'
I am not sure why they are so impressed by the particular tasks they start with. The first was 'prove there are an infinite number of primes in the form of a rhyming poem.' That seems like a clear case where the proof is very much in the training data many times, so you're asking it to translate text into a rhyming poem, which is easy for it - for a challenge, try to get it to write a poem that doesn't rhyme.
[...] As I understand it, failure to properly deal with negations is a common issue, so reversals being a problem also makes sense. I love the example on page 50, where GPT-4 actively calls out as an error that a reverse function is reversed.
[...] in 6.1, GPT-4 is then shown to have theory of mind, be able to process non-trivial human interactions, and strategize about how to convince people to get the Covid-19 vaccine far better than our government and public health authorities handled things. The rank order is clearly GPT-4's answer is very good, ChatGPT's answer is not bad, and the actual answers we used were terrible.
[...] Does this all add up to a proto-AGI? Is it actually intelligent? Does it show 'sparks' of general intelligence, as the paper words it?
Read more of this story at SoylentNews.
16:23
Associative learning in the cnidarian Nematostella vectensis Lifeboat News: The Blog
The ability to learn and form memories allows animals to adapt their behavior based on previous experiences. Associative learning, the process through which organisms learn about the relationship between two distinct events, has been extensively studied in various animal taxa. However, the existence of associative learning, prior to the emergence of centralized nervous systems in bilaterian animals, remains unclear. Cnidarians such as sea anemones or jellyfish possess a nerve net, which lacks centralization. As the sister group to bilaterians, they are particularly well suited for studying the evolution of nervous system functions. Here, we probe the capacity of the starlet sea anemone Nematostella vectensis to form associative memories by using a classical conditioning approach. We developed a protocol combining light as the conditioned stimulus with an electric shock as the aversive unconditioned stimulus. After repetitive training, animals exhibited a conditioned response to light aloneindicating that they learned the association. In contrast, all control conditions did not form associative memories. Besides shedding light on an aspect of cnidarian behavior, these results root associative learning before the emergence of NS centralization in the metazoan lineage and raise fundamental questions about the origin and evolution of cognition in brainless animals.
16:23
Hacking phones remotely without touching via new inaudible ultrasound attack Lifeboat News: The Blog
The NearUltrasound Invisible Trojan, or NUIT, was developed by a team of researchers from the University of Texas at San Antonio and the University of Colorado Colorado Springs as a technique to secretly convey harmful orders to voice assistants on smartphones and smart speakers.
If you watch videos on YouTube on your smart TV, then that television must have a speaker, right? According to Guinevere Chen, associate professor and co-author of the NUIT article, the sound of NUIT harmful orders will [be] inaudible, and it may attack your mobile phone as well as connect with your Google Assistant or Alexa devices. That may also happen in Zooms during meetings. During the meeting, if someone were to unmute themself, they would be able to implant the attack signal that would allow them to hack your phone, which was placed next to your computer.
The attack works by playing sounds close to but not exactly at ultrasonic frequencies, so they may still be replayed by off-the-shelf hardware, using a speaker, either the one already built into the target device or anything nearby. If the first malicious instruction is to mute the devices answers, then subsequent actions, such as opening a door or disabling an alarm system, may be initiated without warning if the first command was to silence the device in the first place.
16:00
An Old Netbook Spills Its Secrets Hackaday
For a brief moment in the late 00s, netbooks dominated the low-cost mobile computing market. These were small, low-cost, low-power laptops, some tiny enough to only have a seven-inch display, and usually with extremely limiting hardware even for the time. There arent very many reasons to own a machine of this era today, since even the cheapest of tablets or Chromebooks are typically far more capable than the Atom-based devices from over a decade ago. There is one set of these netbooks from that time with a secret up its sleeve, though: Phoenix Hyperspace.
Hyperspace was envisioned as a way for these slow, low-power computers to instantly boot or switch between operating systems. [cathoderaydude] wanted to figure out what made this piece of software tick, so he grabbed one of the only netbooks that it was ever installed on, a Samsung N210. The machine has both Windows 7 and a custom Linux distribution installed on it, and with Hyperspace its possible to switch almost seamlessly between them in about six seconds; effectively instantly for the time.
[cathoderaydude]s investigation into how bargain-basement hardware from 15 years ago is able to do this revealed more mysteries than it seemed to solve at the time. At first it...
15:30
What you need before the next vulnerability hits Help Net Security
Cyberattacks tend to come from two angles: criminals take advantage of employees with privileged access or of security weaknesses in your hardware/software infrastructure. These broad categories encompass attack vectors such as phishing, man-in-the-middle attacks, misconfigurations, and vulnerability exploits. To prevent bad actors exploiting vulnerabilities, you must take action to reduce or eliminate security risks. Take stock of your software and get notifications for security issues Understand which tools your software uses: First, understand which software More
The post What you need before the next vulnerability hits appeared first on Help Net Security.
15:00
Running a security program before your first security hire Help Net Security
In this Help Net Security video, Matt Spitz, Head of Engineering at Vanta, talks about pragmatic security and illustrates what a small company with limited resources needs to do to lay the groundwork for effective protection.
The post Running a security program before your first security hire appeared first on Help Net Security.
14:41
Apple Issues Urgent Security Update for Older iOS and iPadOS Models The Hacker News
Apple on Monday backported fixes for an actively exploited security flaw to older iPhone and iPad models. The issue, tracked as CVE-2023-23529, concerns a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution. It was originally addressed by the tech giant with improved checks as part of updates released on February 13, 2023. An anonymous researcher has been
14:30
What the food and building industry can teach us about securing embedded systems Help Net Security
As one of the leading experts in product security with over 15 years of experience in security engineering and 120 cybersecurity patents under his belt, Adam Boulton is one of the most experienced software security professionals in the industry. Currently the SVP of Security Technology and Innovation at Cybellum, the Left to Our Own Devices podcast invited Adam Boulton to share his experience and his tips on building a product security strategy. Adam didnt expect More
The post What the food and building industry can teach us about securing embedded systems appeared first on Help Net Security.
14:00
Balancing security risks and innovation potential of shadow IT teams Help Net Security
Shadow IT teams, also known as rogue IT teams, have grown in popularity in recent years due to the rise of cloud-based apps and remote work. However, this has led to operational tension and security risks within many businesses. 58% of SMBs have experienced high-impact shadow IT efforts outside the purview of their official IT department, according to Capterra. Half of SMBs say shadow IT teams are most commonly formed because theres a lack of More
The post Balancing security risks and innovation potential of shadow IT teams appeared first on Help Net Security.
13:44
A Federal Judge Has Ruled Against the Internet Archive in a Lawsuit Brought by Four Book Publishers SoylentNews
Preliminary Court Setback for Libraries and Digital Lending
The Internet Archive has published a post about their ongoing fight in the lower courts over Controlled Digital Lending (CDL), specifically from the case Hachette v Internet Archive. This potentially affects all libraries with digital resources and the Internet Archive will appeal the court's decision.
Today's lower court decision in Hachette v. Internet Archive is a blow to all libraries and the communities we serve. This decision impacts libraries across the US who rely on controlled digital lending to connect their patrons with books online. It hurts authors by saying that unfair licensing models are the only way their books can be read online. And it holds back access to information in the digital age, harming all readers, everywhere.
But its not overwe will keep fighting for the traditional right of libraries to own, lend, and preserve books. We will be appealing the judgment and encourage everyone to come together as a community to support libraries against this attack by corporate publishers.
The Electronic Frontier Foundaion (EFF) pointed out that libraries have already paid publishers billions of dollars for their print collections which are being digitized at great expense as means of preserving these slowly decaying artifacts. CDL helps make full use of the books that the public have already bought and paid for in their libraries. Gizmodo had a piece a few days ago, giving a heads up about this setback: Internet Archive Faces Uphill Battle in Lawsuit Over Its Free Digital Library.
Hachette and several other publishers are fighting the Internet Archive in court to stop the practice of CDL. Basically, CDL is a model where artificial restrictions are imposed to create artificial scarcity of digital resources in emulation of the old model based on physical artifacts. This attack on basic library service is just the latest in decades of such attacks. Glyn Moody provides some context about other, long-term general attempts to remove libraries from the picture.
Read more of this story at SoylentNews.
13:00
Tausight expands its AI-based PHI Security Intelligence platform to cover new attack vectors Help Net Security
Tausight has expanded its AI-based PHI Security Intelligence platform which automates the discovery and identification of electronic PHI to enhance the protection of healthcare patients most valuable confidential information. On March 7, President Biden announced his National Cybersecurity Strategy, reflecting the growing awareness of ongoing ransomware attacks and cyber threats facing healthcare and other leading industries. Because each data security breach imposes significant fines on hospitals and disrupts patient care, the healthcare industry has unique More
The post Tausight expands its AI-based PHI Security Intelligence platform to cover new attack vectors appeared first on Help Net Security.
13:00
Long-Distance Gaming Over Packet Radio Hackaday
The amateur radio community often gets stereotyped as a hobby with a minimum age requirement around 70, gatekeeping airwaves from those with less experience or simply ignoring unfamiliar beginners. While there is a small amount of truth to this on some local repeaters or specific frequencies, the spectrum is big enough to easily ignore those types and explore the hobby without worry (provided you are properly licensed). One of the best examples of this weve seen recently of esoteric radio use is this method of using packet radio to play a game of Colossal Cave Adventure.
Packet radio is a method by which digital information can be sent out over the air to nodes, which are programmed to receive these transmissions and act on them. Typically this involves something like email or SMS messaging, so playing a text-based game over the air is not too much different than its intended use. For this build, [GlassTTY] aka [G6AML] is using a Kenwood TH-D72 which receives the packets from a Mac computer. It broadcasts these packets to his node, which receives these packets and sends them to a PDP-11 running the game. Information is then sent back to the Kenwood and attached Mac in much the same way as a standard Internet connection.
The unique features of packet radio make it both...
12:51
We've added 15 more text tools catonmat.net
Team Browserling keeps shipping!
Two weeks ago we added 50 new text tool.
Last week we added 20 more tools.
And just now we added 15 more text tools to our Online Text Tools collection.
I have done my part of the job and now it's Google's turn to index them and rank them well.
Here are the new text tools:
- Draw a Box Around Text
- Calculate Letter Sum
- Filter Words in Text
- Add Errors to Text
- Sort Text Lines
- Sort Letters in Words
- Sort Words in Text
- Sort Sentences in Text
- Sort Paragraphs in Text
- Sort All Symbols in Text
- Randomize Letters in Text
- Randomize Words in Text
- Randomize Text Lines
- Randomize Text Paragraphs
- Randomize Text Sentences
Next week we'll add even more tools. See you then!
12:37
Links 27/03/2023: GnuCash 5.0 and Ubuntu 20.04 LTS on Phones Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Unix Men ...
-
11:01
YouTube Channel Linus Tech Tips Terminated After It Was Hacked to Show Crypto-Scam Videos SoylentNews
What just happened? Linus Tech Tips, one of the largest and most popular technology YouTube channels on the platform, has been hacked. It was used by the hackers to show pre-recorded 'live-streaming' crypto-scam videos, featuring former Twitter CEO Jack Dorsey and Tesla CEO Elon Musk. The channel is now showing a message stating it has been shut down for violating YouTube's community guidelines, but it appears Linus' other channels are also being abused.
Linus Sebastian's Linus Tech Tips YouTube channel has been running since 2008 and has amassed 15.8 million subscribers. The Canadian has several channels under the Linus Media Group banner, including TechLinked, but the main one remains the most popular. Sadly for all involved, it's become the latest high-profile channel to be hacked.
[...]
YouTube has shuttered the channel for violating its guidelines, but it seems the hackers have now gone after other Linus Media Group accounts. TechLinked has been renamed Tesla and is showing the same Musk livestream.
[...]
While all the content from the channels has been deleted, Linus previously created several videos showing off the high-end hardware used to store the terabytes of backups the company created over the years.
[UPDATE: After taking back control of the channels, he released a video explaining how it all went down by way of a little bit of social engineering resulting in the attacker gaining their browser session token --hubie]
Also:
Linus Tech Tips YouTube Channel Hacked to Promote Crypto
Scams
Linus Tech Tips YouTube Channel Is Down After Crypto Scammer
Hack
VERGE STUPIDLY MAKES THEIR TITLES IMAGES NOW (Though, it could
just be the one article. This is also an article on the Linus Tech
Tips YouTube channel hack.)
Related:
Live Show
on Improving Your Security -- Wednesday June 3rd, 2020
(NCommander - 2020)
Security
Warning For 23 Million YouTube Creators Following 'Massive' Hack
Attack (2019)
...
11:00
HPR3822: A tale of wonder, angst and woe Hacker Public Radio
In December of 2022, I traveled to Hong Kong, at some point en-route or in-country, I contracted covid. Backing up a step in preparation for the trip I was required to have a negative PCR before I could board the plane from the US as well as proof of vaccination and at least one booster shot. HKSAR Department of Health - Health Declaration Form (https://hdf.chp.gov.hk/dhehd/hdf.jsp?lang=en-us) Upon arrival, I was required to quarantine for 3 days as well as take a home test (referred to as RAT: Rapid Antigen Test, by the locals) every day for the first 7 days On the 2nd full day in HK, I was required to take another clinical PCR provided at a health center, free of charge. On the third day I received my PCR and RAT tests as Covid Positive. By law I was now required to quarantine in my hotel until I tested negative on 2 consecutive days. Since my symptoms were very mild, a sniffle and low grade temp, merely 2-3 deg above normal, I could stay in the hotel and was not required to transfer to a public health center. I was also required to register the positive results with a government website. This registration kicked off a series of events, including a visit from a health representative. (he stood in the hall, I was not permitted to leave the room) I was Required to install an app on my phone called "Stay Home Safe'' and to wear a wristband that I presume was a GPS and possibly temp/pulse tracking device that connected to my phone by bluetooth. The agent installed the app, and synced the watch to it. The complete shownotes are available downloaded from http://bookewyrmm.42web.io/covid.html
Typescript Feature Adoption It Will Never Work in Theory
I started programming full-time eighteen months ago after almost ten years of doing other things. The Python I came back to was not the Python I had left: the language had acquired so many new features that it felt more like Java than like the handy little scripting language I remembered. Those features all solve real problems, but I found myself wondering how many people actually use them.
This paper attempts to answer that question for Typescript by looking at the adoption of 13 new language features over the past three years by 454 open source projects. The authors found that developers are quick to adopt new versions of the compiler, but much more conservative about features, and that some see little uptake even in the long run. I don't know if it would be possible to build models or develop methods to predict which features were going to prove popular, but I hope work like this will encourage language developers to ask, "Will it be used?" as well as, "Would it be useful?"
Joshua D. Scarsbrook, Mark Utting, and Ryan K. L. Ko. Typescript's evolution: an analysis of feature adoption over time. 2023. arXiv:2303.09802.
TypeScript is a quickly evolving superset of JavaScript with active development of new features. Our paper seeks to understand how quickly these features are adopted by the developer community. Existing work in JavaScript shows the adoption of dynamic language features can be a major hindrance to static analysis. As TypeScript evolves the addition of features makes the underlying standard more and more difficult to keep up with. In our work we present an analysis of 454 open source TypeScript repositories and study the adoption of 13 language features over the past three years. We show that while new versions of the TypeScript compiler are aggressively adopted by the community, the same cannot be said for language features. While some experience strong growth others are rarely adopted by projects. Our work serves as a starting point for future study of the adoption of features in TypeScript. We also release our analysis and data gathering software as open source in the hope it helps the programming languages community.
10:30
Hunters integrates its SOC Platform with Databricks Lakehouse Help Net Security
Hunters has integrated its SOC (Security Operations Center) Platform with the Databricks Lakehouse. For the first time, Databricks customers will be able to stand up a security data lake for security operations (data ingestion, detection, investigation and response) in just a few clicks using Hunters SOC Platform. Hunters SOC Platform is an alternative to SIEM that ingests, normalizes and analyzes data from all security and IT sources, including endpoint telemetry, network traffic, identity, and cloud More
The post Hunters integrates its SOC Platform with Databricks Lakehouse appeared first on Help Net Security.
10:30
Hackaday Berlin was Bonkers Hackaday
In celebration of the tenth running of the Hackaday Prize, we had a fantastic weekend event in Berlin. This was a great opportunity for all of the European Hackaday community to get together for a few days of great talks, fun show-and-tells, and above all good old fashioned sitting together and brainstorming. Of course there was the badge, and the location a gigantic hackerspace in Berlin called MotionLab even had a monstrous laser-eye octopus suspended from a gantry overhead. Everyone who came brought something to share or to show. You couldnt ask for more.
Unfortunately, we werent able to record the talks, so well run down the highlights for you here. [Jenny List] is writing up a bunch of the badge hacks as we speak, so well skip that for now. For the full experience, you just had to be there, but well share with you what pictures we got. Enjoy!
Talks
The morning kicked off with [Jiska Classen] taking us through her reverse engineering practice. Sh...
10:22
Re: New distros list statistics Open Source Security
Posted by Anthony Liguori on Mar 27
Yes.Yes. This is actually supported today but I'm the only one doing it and
I'm doing it privately. I'm going to pick on the OpenSSL issue from Feb of
this year to illustrate how this works. Here's the OSV file that my
tooling created:
{
"schema_version": "1.3.0",
"id": "OSS-SEC-ea843",
"modified": "2023-02-04T09:46:55+00:00",
"published":...
10:15
AU10TIX partners with Microsoft on decentralized verifiable credentials Help Net Security
AU10TIX has unveiled that it is working with Microsoft on Reusable ID a verifiable credentials (VC) architecture for identity management. VCs are reusable, unalterable digital credentials that prove the identity of a person or entity and allow the safe sharing of personal documents and biometric credentials. VC architecture also gives users the self-sovereignty to share just the right information on-demand for actions such as opening an account, applying to college, paying taxes, etc. AU10TIXs More
The post AU10TIX partners with Microsoft on decentralized verifiable credentials appeared first on Help Net Security.
09:00
AMD Continues Linux Driver Enablement For Additional "Aldebaran" Instinct GPU Phoronix
Over the weekend I wrote about AMD beginning to post new graphics driver patches for a new GPU. As pointed out in that earlier article, it looks to be a new AMD Instinct MI300 / "Aldebaran" GPU model and today more patches were posted that further confirm this target...
08:37
MPA and RIAA Megaupload Lawsuits Are Now Inactive TorrentFreak
More
than a decade has passed since Kim Dotcoms file-storage empire
Megaupload collapsed after becoming the prime target in a
high-profile
law enforcement operation.
The U.S. Government booked an early result in 2015 when programmer Andrus Nomm was handed a one-year prison sentence following a plea deal.
The case lit up again last year when two of the three remaining defendants, Mathias Ortmann and Bram van der Kolk, signed an agreement to be charged in New Zealand and avoid extradition to the United States. That left Kim Dotcom as the sole active extradition candidate.
As Dotcoms extradition battle continues, the U.S. Governments criminal case has stalled along with a pair of civil lawsuits filed by the RIAA and MPA. These are not expected to begin until the criminal case is finalized, which could take a while.
MPA and RIAA Cases Postponed Again
Over the past several years, Megaupload has repeatedly asked the court to delay these lawsuits. This bi-annual postponement cycle began in 2014 and continued earlier this month.
Defendant Megaupload hereby moves the Court to enter the attached proposed order, continuing the stay in this case for an additional six months, subject to the terms and conditions stated in the proposed order, the requests note, adding there are no objections from the RIAA and MPA.
As expected, District Judge Anthony J. Trenga who took over the Megaupload lawsuits after complaints about Judge Liam OGradys alleged financial ties to Disney swiftly signed off on the new six-month delays.
[T]his matter be stayed until September 1, 2023, on the same terms and conditions as set forth in the Courts original stay order, the...
08:35
Apple fixes recently disclosed CVE-2023-23529 zero-day on older devices Security Affairs
Apple released updates to backport security patches that address actively exploited CVE-2023-23529 WebKit zero-day for older iPhones and iPads.
Apple released security updates to backport patches that address an actively exploited zero-day flaw (CVE-2023-23529) for older iPhones and iPads.
The CVE-2023-23529 flaw is a type confusion issue in WebKit that was addressed by the IT giant with improved checks. The flaw impacts iOS, iPadOS, and macOS.
Apple addressed the vulnerability in February and US CISA added the issue to its Known Exploited Vulnerabilities Catalog on February 14, 2023.
An attacker can trick the victim into visiting malicious web pages to trigger the vulnerability and cause OS crashes or potentially gain arbitrary code execution on vulnerable devices.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. reads the advisory published by Apple.
Now Apple released security updates to fix the issue in iOS 15.7.4 and iPadOS 15.7.4.
The vulnerability impacted iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation) devices.
In January, Apple backported the security updates for another zero-day vulnerability, tracked as CVE-2022-42856, to older iPhones and iPads.
To secure older devices against attacks exploiting the above issue, Apple released iOS 12.5.7. The patches are now available also for iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation).
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
...
08:14
Very Few Consumers Want Subscriptions in Their Cars, Survey Shows SoylentNews
Automakers are pushing subscriptions, but consumer interest just isn't there:
The last decade or so has seen the creeping techification of the auto industry. Executives will tell you the trend is being driven by consumers, starry-eyed at their smartphones and tablets, although the 2018 backup camera law is the main reason there's a display in every new car.
But automakers have been trying to adopt more than just shiny gadgets and iterating software releases. They also want some of that lucrative "recurring revenue" that so pleases tech investors but makes the rest of us feel nickeled and dimed. Now we have some concrete data on just how much car buyers are asking for this stuff, courtesy of a new survey from AutoPacific. The answer is "very little."
AutoPacific asked people looking to buy a new vehicle about their interest in 11 different in-car connected features, starting with a data plan for the car for a hypothetical price of $15/month.
The results may chasten some of the investors demanding that the car companies keep traveling down this path. The most in-demand or desirable feature was Internet connection with a Wi-Fi hotspotnot an unreasonable demand for $15 per month. But only 30 percent of people looking to buy a new car said they were interested in paying for their car's Internet access.
[...] AutoPacific also broke down some of its data by age brackets. The 30- to 39-year-old group was consistently the most interested in connected subscription features for their cars28 percent want to stream video directly to the infotainment screen, 20 percent want to play video games on the infotainment screen, and 18 percent want in-car video conferencing. As you might expect, the 60- to 69-year-old bracket was the least interested in any of this stuff; just 10 percent would want in-car video streaming, with video conferencing at 5 percent and in-car gaming at just 4 percent.
In other news, water is wet...
Read more of this story at SoylentNews.
07:31
New MacStealer macOS malware appears in the cybercrime underground Security Affairs
A new MacStealer macOS malware allows operators to steal iCloud Keychain data and passwords from infected systems.
Uptycs researchers team discovered a new macOS information stealer, called MacStealer, which allows operators to steal iCloud Keychain data and passwords from infected systems.
The macOS malware can steal documents, credit card data, cookies from a victims browser (i.e. Firefox, Google Chrome, and Brave browsers), and login information.
The malicious code can steal Microsoft Office files, images, archives, and Python scripts.
It can infect Catalina and subsequent macOS versions running on Intel M1 and M2 CPUs.
The operators can control its MacStealers operations over Telegram.
The malware was advertised on cybercrime forums since early March, it is under active development and its operators planned to add new features to capture data from Apples Safari browser and the Notes app.
The malware spreads through a .DMG file, and upon opening the file, it opens a fake password prompt to gather passwords using a command line.
06:41
Portion of Twitters proprietary source code leaked on GitHub HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
Twitter had to file a DMCA request after its source code was found on GitHub.
This is a post from HackRead.com Read the original post: Portion of Twitters proprietary source code leaked on GitHub
06:34
Re: New distros list statistics Open Source Security
Posted by Solar Designer on Mar 27
Hi,Thank you very much for contributing this, Anthony!
I've just edited the wiki to credit Amazon for this (just like we did
for Gentoo's similar contribution in 2017-2019) and to assign the task
to Amazon. Please let me know whether this is right.
Yes, please do update this regularly.
Regarding the content, I notice some issues that I hope you can address:
You show "Coordinated Release Date" and "Days embargoed...
05:33
RISC-Y Business: Arm Wants to Charge Dramatically More for Chip Licenses SoylentNews
Arm is tired of seeing device makers bring in billions while it makes millions:
What's in store for the future of chip maker Arm? The company's owner, Softbank, has been in financial trouble lately, and that has caused Arm to bounce from one dramatic possibility to another. Initially, Arm was put up for sale, and Nvidia was the front-runner to buy the company. That plan was shut down by regulators, and now "Plan B" is an IPO, which is supposed to happen on the New York Stock Exchange sometime this year. If you want to succeed on the stock market, you've got to show revenue, and while Arm enables the sale of billions of dollars of devices around the world, the company's chip licensing scheme only brings in a comparatively small amount of moneyaround $500 million a quarter.
The Financial Times has a report on Arm's "radical shake-up" of its business model. The new plan is to raise prices across the board and charge "several times more" than it currently does for chip licenses. According to the report, Arm wants to stop charging chip vendors to make Arm chips, and instead wants to charge device makersespecially smartphone manufacturersa fee based on the overall price of the final product.
Let's say Motorola makes a phone with a Qualcomm Snapdragon Arm chip. Previously, Qualcomm would have signed a deal with Arm for an Arm license, and that license would extend to anyone that buys a Qualcomm Arm chip, like Motorola. Qualcomm contributes a lot to its own chip designs, but when it comes to the Arm license it is basically an Arm reseller. Arm would now want a licensing fee from Motorola (and not Qualcomm?), and it would ask Qualcomm to not sell chips to anyone that doesn't have a licensing agreement with Arm.
Read more of this story at SoylentNews.
05:15
Distribution Release: UBports 20.04 OTA-1 DistroWatch.com: News
UBports is a Linux distribution designed to run on phones and tablets. The project is a community-run continuation of Ubuntu Touch. The project has published a major update which upgrades the base distribution from Ubuntu 16.04 to 20.04. "Ubuntu Touch is the privacy and freedom-respecting mobile operating system....
05:09
Rerouting Intention And Sensation In Paralyzed Patients IEEE Spectrum
Transcript
Eliza Strickland: Paralysis used to be thought of as a permanent condition, but over the past two decades, engineers have begun to find workarounds. Theyre building on a new understanding of the electric code used by the nervous system. Im Eliza Strickland, a guest host for IEEE Spectrums Fixing the Future podcast. Today Im talking with Chad Bouton, whos at the forefront of this electrifying field of research. Chad, welcome to the program, and can you please introduce yourself to our listeners?
Chad Bouton: Yes, thanks so much, Eliza, for having me. And my name is Chad. Im at the Northwell Health Feinstein Institute for Medical research.
Strickland: And can you tell me a bit about the patient population that youre working with? I believe these are people who had become paralyzed, and maybe you can tell us how that happened and the extent of their paralysis.
Bouton: Absolutely. Absolutely. In fact, we work with folks that have been paralyzed either from a traumatic injury, stroke, or even a brain injury. And theres over 100 million people worldwide that are living with paralysis. And so its a very devastating and important condition, and we are working to restore not only movement, but were making efforts to restore sensation as well, which is often not the focus and certainly should be.
Strickland: So these are people who typically dont have much movement below the head, below the neck?
Bouton: So we have focused on tetraplegia or quadriplegia because, obviously, its extremely important and it is very difficult to achieve independence in our daily lives if you dont have the use of your hands in addition to not being able to move around and walk. And it surprisingly accounts for about half of the cases of spinal cord injury, even slightly more than half. And it used to be thought of as something that was a more rare condition, but with car accidents and diving accidents, its a prominent and critical condition that we need to really address. And theres no cure currently for paralysis. No easy solution. No simple fix at this point.
Strickland: And from your experiences working with these people, what kind of capabilities would they like to get back if possible?
Bouton: Well, individuals with paralysis would like to really regain independence. Ive had patients and study participants comment on that and really ask for advances in technology that would give them that in...
05:08
Better Carbon Sequestration With AI IEEE Spectrum
Transcript
Eliza Strickland: Technology to combat climate change got a big boost this year when the US Congress passed the Inflation Reduction Act, which authorized more than 390 billion for spending on clean energy and climate change. One of the big winners was a technology called carbon capture and storage. Im Eliza Strickland, a guest host for IEEE Spectrums Fixing the Future podcast. Today, Im speaking with Philip Witte of Microsoft Research whos going to tell us about how artificial intelligence and machine learning are helping out this technology. Philip, thanks so much for joining us on the program.
Philip Witte: Hi, Eliza, Im glad to be here.
Strickland: Can you just briefly tell us what you do at Microsoft Research, tell us a little bit about your position there?
Witte: Sure. So Im a researcher at Microsoft Research, and Im working on scientific machine learning in a broader sense and high-performance computing in the cloud. And specifically, how do you apply recent advances in machine learning in the HPC to carbon capture? And Im part of a group at Microsoft thats called Research for Industry, and were overall part of Microsoft Research, but were specifically focusing on transferring technology and computer science to solving industry problems.
Strickland: And how did you start working in this area? Why did you think there might be real benefits of applying artificial intelligence to this tricky technology?
Witte: So I was actually pretty interested in this topic for a couple years now, and then really started diving deeper into it maybe a year-and-a-half ago when Microsoft had signed a memorandum of understanding with one of the big CCS projects that is called Northern Lights. So Microsoft and them signed a contract to explore possibilities of how Microsoft can support the Northern Lights project as a technology partner.
Strickland: So well get into some of these super tech details in a little bit. But before we get to those, lets do a little basic tutorial on the climate science here. How and where can carbon dioxide be meaningfully captured, and how can it be stored, and where?
Witte: So I think its worth pointing out that there are kind of two main technologies around carbon capture, and one is called direct air capture, where you capture CO2 directly fro...
05:00
Pending RADV Driver Change Leads To Much Lower System RAM Use For Some Games Phoronix
A pending change to the Mesa Radeon Vulkan driver "RADV" is leading to much lower system RAM use for some games that make use of many Vulkan Graphics Pipeline Libraries (GPL). The game causing this issue to be investigated was Valve's Dota 2 on RADV and is now seeing an 85% reduction in system RAM use by this open-source Radeon Linux driver...
04:16
Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
This year's Pwn2Own 2023 was held in Vancouver between March 22nd and 24th, 2023.
This is a post from HackRead.com Read the original post: Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned
04:04
UK police reveal they are running fake DDoS-for-hire sites to collect details on cybercriminals Graham Cluley
There's bad news if you're someone who is keen to launch a Distributed Denial-of-Service (DDoS) attack to boot a website off the internet, but don't have the know-how to do it yourself. Rather than hiring the help of cybercriminals to bombard a site with unwanted traffic or kick rivals out of a video game, you might be actually handing your details straight over to the police. Read more in my article on the Hot for Security blog.
03:50
Ubuntu Touch OTA-1 Focal Released For Ubuntu 20.04 LTS On Smartphones Phoronix
03:30
CVE-2023-25197: apache fineract: SQL injection vulnerability in certain procedure calls Open Source Security
Posted by James Dailey on Mar 27
Severity: moderateDescription:
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software
Foundation apache fineract.
Authorized users may be able to exploit this for limited impact on components.
This issue affects apache fineract: from 1.4 through 1.8.2.
Credit:
Eugene Lim at Cyber Security Group (CSG) Government Technology Agency GOVTECH.sg (reporter)
aleks ()...
03:27
CVE-2023-25196: Apache Fineract: SQL injection vulnerability Open Source Security
Posted by James Dailey on Mar 27
Severity: importantDescription:
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software
Foundation Apache Fineract.
Authorized users may be able to change or add data in certain components.
This issue affects Apache Fineract: from 1.4 through 1.8.2.
Credit:
Zhang Baocheng at Leng Jing Qi Cai Security Lab (reporter)
Aleks () apache org (remediation developer)...
03:25
CVE-2023-25195: Apache Fineract: SSRF template type vulnerability in certain authenticated users Open Source Security
Posted by James Dailey on Mar 27
Severity: moderateDescription:
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract.
Authorized users with limited permissions can gain access to server and may be able to use server for any outbound
traffic.
This issue affects Apache Fineract: from 1.4 through 1.8.3.
Credit:
Huydoppa from GHTK (reporter)
Aleksander (remediation developer)
References:
https://fineract.apache.org/...
03:01
Automate container and pod deployments with Podman and Ansible Linux.com
Podman and Ansible are even better together for enabling automation and orchestration of container and pod lifecycles.
Read More at Enable Sysadmin
The post Automate container and pod deployments with Podman and Ansible appeared first on Linux.com.
03:00
Intel Sapphire Rapids Performance With Google Cloud Compute Engine C3 Phoronix
Back in October Google announced their Compute Engine C3 instances in private preview that featured 4th Gen Xeon Scalable "Sapphire Rapids" processors as well as making use of Google's custom Intel Infrastructure Processing Unit (IPU). Since then, back in January, was the big Sapphire Rapids launch with the likes of the Xeon Platinum 8490H being released. Last month meanwhile Google promoted the C3 VMs to public preview state. The Sapphire Rapids C3 VMs remain in "public preview" from Google Cloud during which time there are no charges involved for the CPU costs. For those wondering about the core-for-core performance of Sapphire Rapids in Google Cloud, here are my initial benchmarks of the C3 series.
02:51
Amazon is About to Go Head to Head With SpaceX in a Battle for Satellite Internet Dominance SoylentNews
In its bid to catch up with Starlink, the company plans to build as many as four satellites a day:
Amazon has applied to the FCC to increase its constellation to 7,774 satellites, which would allow it to cover regions further north and south, including Alaska, as Starlink does.
There are riches to be had: SpaceX currently charges $110 a month to access Starlink, with an up-front cost of $599 for an antenna to connect to the satellites. According to a letter to shareholders last year, Amazon is spending "over $10 billion" to develop Kuiper, with more than 1,000 employees working on the project. Andy Jassy, Amazon's current CEO, has said that Kuiper has a chance of becoming a "fourth pillar" for the company, alongside its retail marketplace, Amazon Prime, and its widely used cloud computing service, Amazon Web Services
"Amazon's business model relies on people having internet connectivity," says Shagun Sachdeva, an industry expert at the space investment firm Kosmic Apple in France. "It makes a lot of sense for them to have this constellation to provide connectivity."
Amazon is not yet disclosing the pricing of its service but has previously said a goal is to "bridge the digital divide" by bringing fast and affordable broadband to "underserved communities," an ambition Starlink has also professed. But whether costs will ever get low enough for that to be achievable remains to be seen. "Costs will come down, but to what extent is really the question," says Sachdeva. On March 14, the company revealed it was producing its own antennas at a cost of $400 each, although a retail cost has not yet been revealed.
Read more of this story at SoylentNews.
02:00
The Do-or-Die Moments That Determined the Fate of the Internet IEEE Spectrum
New technologies often are introduced through spectacle: Think of the historic demonstrations carried out by Faraday, Edison, Morse, and Bell, or, more recently, by Steve Jobs onstage in his black turtleneck at Macworld 2007, holding the first iPhone. Indeed, hyped-up product announcements at industry events like the Consumer Electronics Show (now CES) and the Game Developers Conference have become regular features of the digital world.
Theres also a parallel traditionless flashy but no less importantof industry events that focus attention on digital infrastructure. Several of these events, such as the first public demo of the ARPANET in 1972, or the mid-1980s conferences now known as Interop, alerted experts to new technologies, and, in some cases, altered the balance between competing approaches.
Although many of these gatherings have escaped the attention of historians, our view is that these events should be recognized more fully as moments where experts could glimpse possible futures and judge for themselves what was most likely to happen. Here we describe a few of these do-or-die moments. You may not have heard of any of these eventsbut if you were there, you will never forget them.
Packet Switching Comes of Age
The ARPANET was one of the first networks to apply packet switching, an approach to communications that breaks messages into discrete chunks, or packets, of data. It was a major departure from circuit-switched networks, such as telephone networks, for which communication partners were linked through a dedicated circuit.
The first node of the ARPANET was installed at the University of California, Los Angeles, in 1969. But the ARPANET didnt take off immediately. And by mid-1971, program director Lawrence Roberts of the Advanced Research Projects Agency (ARPA) was becoming impatient with the slow pace at which ARPA-funded researchers were getting connected. One of these researchers, Bob Kahn, suggested that Roberts organize a public demonstration of the ARPANET, both to educate other researchers about the networks capabilities and to encourage new partners to support the initiative. Once Kahn found a venue for the demoat the International Conference on Computer Communications (ICCC), to be held in Washington, D.C., in late October of 1972he worked feverishly to get it organ...
Monday, 27 March
06:54
Finest Android Casinos For Real Cash 2023 h+ Media
Finest Android Casinos For Real Cash 2023
Mountairycasino.com must evaluation the protection of your connection sooner than persevering with. Lowest nightly price discovered inside the previous 24 hours based totally on a 1 evening time stay for 2 adults. Millions of individuals in Ontario might be despatched cash from the federal authorities over the following few days.
Below, we expose the sections of those that we now have thought-about crucial and most related for customers. Independent bodies licensed by the DGOJ consider the correct functioning of the random number generator of the machines and thus verify the whole impartiality of the operators. Get WorkGear is a web-based ordering system for uniform suppliers that gives their customers a user-friendly approach to order and handle their product allocations. What this implies is that all data that move through the casinos techniques are encrypted. Only the casinos systems have the vital thing to un-encrypt the info and browse them or interpret them.
On the opposite hand, technological growth has also allowed at present that video games may be enjoyed directly on the website no have to download. Other necessary aspects are the apps developed to enjoy these products on mobile, in addition to the live casino expertise we told you about beneath. On our pages about roulette and online blackjack we pay particular attention to those games. If we give attention to playing, the web slot machines theyre undoubtedly the most popular. In addition, in slots its possible get pleasure from probably the most innovative software and, of course, additionally of enjoyable functions conceived by crucial online developers.
You can do this by clicking on Cashier after logging in TrueBlue Casino. You can use the positioning map at the bottom of the page to entry the cashier part. The casino can be GLI Certified, and that implies that it solely employs top-notch engineers to create and handle its numerous portfolio of choices. These workers are consultants of their respective fields, and they are expected to ship the best attainable type of service and merchandise to patrons.
They have the entire most popular games, and there are numerous totally different variations. Among the choices, you may find poker, blackjack, roulette, craps and baccarat. These all look nice, the play is easy, and the expertise is basically spectacular. A new account holder has a total of 14 days to make all three deposits and it has a relatively low 30x playthrough requirement.
New gamers, 10+ deposit, no e-wallets/prepaid cards, as a lot as 500 Free Spins, 40x Plt on Free Spins winnings. T&Cs applyNew players, 10+ deposit, no e-wallets/prepaid taking part in playing cards, as a lot as 500 Free Spins, 40x Plt on Free Spins winnings. Opt in, deposit and wager 20 on chosen video games inside 7 days of opening new account.
They have the full provide at cas...