| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Wednesday, 19 April
02:49
Digital Rights Updates with EFFector 35.5 Deeplinks
Keeping up on the latest in digital freedoms can be quite a challenge, but we're here to help catch you up to speed! The latest issue of our EFFector newsletter is out now, and you can learn more about our position on the U.N Cybercrime Treaty, the RESTRICT Act, privacy issues regarding renters and smart locks, and much more. Click here to read the full newsletter or you can listen to the audio
Effector 35.5 - Decoding the U.n. Cybercrime Treaty
Make sure you never miss an issue by signing up by email to receive EFFector as soon as it's posted! Since 1990 EFF has published EFFector to help keep readers on the bleeding edge of their digital rights. We know that the intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is chock full of links to updates, announcements, blog posts, and other stories to help keep readersand listenersup to date on the movement to protect online privacy and free expression.
Thank you to the supporters around the world who make our work possible! If you're not a member yet, join EFF today to help us fight for a brighter digital future.
02:30
OpenCL 3.0.14 Released With New Extension For Command Buffer Multi-Device Phoronix
OpenCL 3.0.14 has been released that has a few minor fixes/corrections plus one prominent new extension: cl_khr_command_buffer_multi_device...
02:11
Version 5.13 of the LXD virtual-machine manager has been released. New features include fast live migration, support for AMD's secure enclaves, and more. See this announcement for details.
02:00
Solus Linux Plans New Direction Built Off Serpent OS Phoronix
Joshua Strobl and original Solus project founder Ikey Doherty are both becoming re-involved with the Solus Linux distribution and moving ahead will be built off the SerpentOS project that Ikey has been independently working on the past few years...
01:54
Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules Open Source Security
Posted by Stig Palmquist on Apr 18
HTTP::Tiny v0.082, a Perl core module since v5.13.9 and availablestandalone on CPAN, does not verify TLS certs by default. Users must
opt-in with the verify_SSL=>1 flag to verify certs when using HTTPS.
We grepped trough CPAN to find distributions using HTTP::Tiny that
didn't specify cert verification behaviour, possibly exposing users to
mitm attacks. Here are some examples with patches:
- CPAN.pm v2.34 downloads and executes code...
01:42
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Solar Designer on Apr 18
BTW, even with the kernel bug fixed, there are ioctl number clashesbetween different devices, so even e.g. isatty(3) is not necessarily
safe if called with elevated privileges under a possible confused deputy
scenario. Here's strace showing some clashes on older Linux/i386:
$ cat isatty.c
int main(void) { return isatty(0); }
$ gcc isatty.c -o isatty
$ strace -e ioctl ./isatty
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE...
01:30
The Raspberry Pi HQ camera module may not quite reach the giddy heights of a DSLR, but it has given experimenters access to a camera system which can equal the output of some surprisingly high-quality manufactured cameras. As an example we have a Yashica film camera.
Coming from the viewpoint of a photographer rather than a hardware person, the video is particularly valuable for his discussion of the many lens options beyond a Chinese CCTV lens which can be used with the platform. It uses only the body from the Yashica, but makes a really cool camera that wed love to own ourselves. If youre interested in the Pi HQ camera give it a watch below the break, and try to follow some of his lens suggestions.
The broken camera he converted is slightly interesting, and raises an important philosophical question for retro technology geeks. Its a Yashica Electro 35, a mid-1960s rangefinder camera for 35 mm film whose claim to fame at the time was its electronically controlled shutter timing depending on its built-in light meter. The philosophical question is this: desecration of a characterful classic camera which might have been repaired, or awesome resto-mod? In that sense its not just about this project, but a question with application across...
01:24
Injectable gel offers new way to grow electrodes in the brain Lifeboat News: The Blog
The method is based on a gel containing enzymes that catalyze electrode formation from endogenous molecules.
01:23
What Rotterdam teaches about the power of green roofs Lifeboat News: The Blog
A recent showcase in the Dutch city highlighted the potential of green rooftops, which can lower city temperatures by 5 degrees Fahrenheit, say researchers.
01:22
James Webb telescope keeps finding galaxies that shouldnt exist, scientist warns Lifeboat News: The Blog
The James Webb Space Telescope keeps finding galaxies that shouldnt exist, a scientist has warned.
Six of the earliest and most massive galaxies that NASAs breakthrough telescope has seen so far appear to be bigger and more mature than they should be given where they are in the universe, researchers have warned.
The new findings build on previous research where scientists reported that despite coming from the very beginnings of the universe, the galaxies were as mature as our own Milky Way.
01:22
A luddite link to nano-terrorists Lifeboat News: The Blog
An older article but something the world is facing just
like in certain sci-fi movies.
The reference publication of the movement in the 80s, the Earth First journal, featured a column called Ask Ned Ludd, in reference to the mythical character that gave name to the luddites. Jones thinks that neo-luddites are in fact misreading the original luddites, but he believes that understanding the difference between the old and modern ones tells us a lot about the ideology of the latter.
Luddites were not anti-technology: they were skilled craftsmen, involved in a labour movement aimed at keeping their machines and their jobs, he says. Thats very different from the neo-luddites ideas of relinquishing civilisation and [of] nature as the supreme good. Jones thinks neo-luddism is fed rather by the idea of technology as a disembodied, transcendent, terrifying force outside the human, which emerged in the mid 20th century, with the bomb and the rise of large-scale computing.
01:19
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Todd C. Miller on Apr 18
That is correct. There are further changes to use TIOCGWINSZ on/dev/tty instead of stderr. Using an open fd of /dev/tty makes the
isatty() call superfluous but it doesn't hurt to have it.
- todd
01:01
Home sweet couch!
On the way back from the Big Ears festival, I stopped for a few days in New York and was going to visit comics shops and get my shopping on and stuff. But instead I got a gastro thing, and ended up staying in the hotel room for a week and also sprained my ankle when I fainted or something. Im kinda sorta fine now, though, except for having to keep my foot elevated. Im not up for doing anything taxing brain wise as Im mostly vegetating on a hurr durr level, but I got, like, 50 pounds of comics yesterday Lots of stuff Im looking forward to reading (new books from CF!!!), but Im just gonna read stuff thats easier on the brain today, and Im saving that stuff until a later day.
And for music uhm OK, only albums that I liked as a child.
A reconvalescing kind of day?
| Neil Young: After The Gold Rush |
 |
01:00
KOTRA and KISIA will showcase 10 Korean cybersecurity companies at RSA Conference 2023 Help Net Security
Korea Trade-Investment Promotion Agency (KOTRA) will host 10 Korean cybersecurity companies as Korea Pavilion with Korea Information Security Industry Association (KISIA) at RSA Conference 2023. KOTRA and KISIA will feature companies from across a range of fields including network security, cloud security, identity and access management and more. Additionally, KOTRA and KISIA will hold a networking event with including Korean cybersecurity companies, local investors, and invited Korea Pavilion attendees from RSAC 2023 on the last More
The post KOTRA and KISIA will showcase 10 Korean cybersecurity companies at RSA Conference 2023 appeared first on Help Net Security.
00:59
Stopping Storms From Creating Dangerous Urban Geysers SoylentNews
Stopping Storms from Creating Dangerous Urban Geysers:
During intense rainstorms, residents of urban areas rely on stormwater sewers to keep streets and homes from flooding. But in some cases, air pockets in sewers combine with fast-moving water to produce waterspouts that can reach dozens of feet high and last for several minutes. These so-called storm geysers can flood the surrounding area, cause damage to nearby structures, injure bystanders, and compromise drainage pipes.
In Physics of Fluids, by AIP Publishing, researchers from Sichuan University, Ningbo University, University of Alberta, and Hohai University developed a computational model of stormwater piping to study storm geysers. They used this model to understand why storm geysers form, what conditions tend to make them worse, and what city planners can do to prevent them from occurring.
Perhaps the biggest cause of storm geysers is poor city planning. With extreme weather events becoming more common due to climate change, cities can often find themselves unprepared for massive amounts of rain. Growing cities are especially vulnerable. Small cities have small drainage pipes, but new streets and neighborhoods result in added runoff, and those small pipes may not be able to handle the increased volume.
[...] The authors say the best cure for a storm geyser is bigger pipes.
"The most effective preventive measure for newly planned drainage pipelines is to increase the pipeline diameter and improve system design, which reduces the likelihood of full-flow conditions and eliminates storm geysers," said Zhang.
Read more of this story at SoylentNews.
00:50
1Fichier Held Liable After Failing to Remove Pirated Nintendo Games TorrentFreak
Ever since its launch in 2009, rightsholders have
complained that file-hosting platform 1fichier.com fails to take
intellectual property rights seriously.
1fichier operates a freemium business model which allows users to access the platform for free and then pay a fee to have various restrictions removed. 1fichier allows user content to be accessed via links posted elsewhere, meaning that when users upload infringing content, links render that content available to the public.
Rightsholders have publicly criticized the platform for more than a decade, claiming that 1fichiers response to takedown notices is minimal in some cases amounting to a compliance rate of just 0.12%.
Nintendo Files Lawsuit
With the goal of forcing 1fichier to comply with its takedown notices and pay compensation for damages incurred due to its poor response, Nintendo sued 1fichiers owner, Dstorage SAS.
The Judicial Court of Paris sided with Nintendo in a decision handed down on May 25, 2021. The Court found that Dstorage could be held liable for failing to remove illegal copies of Nintendo games hosted on 1fichier, based on notifications sent by rightsholders.
The court also addressed 1fichiers assertion that content does not have to be removed without authorization from a court. The platform was informed that direct takedown notices from rightsholders do not require a court order to be valid. 1fichier was also instructed to publish the following notice:
By decision dated May 25, 2021, the Paris court ruled that the company DSTORAGE, which operates the website 1fichier.com, has engaged its liability as as a content host by not removing illegal content despite the notifications made by Nintendo Co., Ltd., The Pokmon Company, Creatures Inc. and DE Inc. and ordered it to pay NINTENDO Co Ltd, the sums of 885,500 euros and 50,000 euros in compensation for its damages.
Court of Appeal Sides With Nintendo
A press release published by Nintendo on April 17 reveals that on April 12, 2023, the Paris Court of Appeal confirmed that Dstorage SAS engaged its civil liability for failing to withdraw or block access to illicit copies of Nintendo games hosted on its platform, d...
00:48
The Fedora 38 release is available. Fedora has mostly moved past its old pattern of late releases, but it's still a bit surprising that this release came out one week ahead of the scheduled date. Some of the changes in this release, including reduced shutdown timeouts and frame pointers have been covered here in the past; see the announcement and the Workstation-edition "what's new" post for details on the rest.
If you want to use Fedora Linux on your mobile device, F38 introduces a Phosh image. Phosh is a Wayland shell for mobile devices based on Gnome. This is an early effort from our Mobility SIG. If your device isnt supported yet, we welcome your contributions!
00:47
Distribution Release: Fedora 38 DistroWatch.com: News
The Fedora team have announced the release of Fedora 38. The new release offers the GNOME 44 desktop in the project's Workstation edition. The distribution now features shorter timeout delays when services shutdown, which makes shutting down or restarting the system faster. The DNF5 package manager as been....
00:38
Fedora 38 Released With GNOME 44 Desktop, GCC 13, Many New Features Phoronix
Fedora 38 has been released today after meeting its early release target...
00:28
Army helicopter crash blamed on skipped software patch Graham Cluley
The emergency ditching of an Australian military helicopter in the water just off a beach in New South Wales, has been blamed on the failure to apply a software patch. Read more in my article on the Hot for Security blog.
00:28
libuv Adds IO_uring Support For ~8x Throughput Boost Phoronix
Libuv as the cross-platform asynchronous I/O library that is used by the likes of Node.js, Julia, and other software packages now has support for making use of IO_uring on Linux...
00:23
Security updates for Tuesday LWN.net
Security updates have been issued by Debian (protobuf), Fedora (libpcap, libxml2, openssh, and tcpdump), Mageia (kernel and kernel-linus), Oracle (firefox, kernel, kernel-container, and thunderbird), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (gradle, kernel, nodejs10, nodejs12, nodejs14, openssl-3, pgadmin4, rubygem-rack, and wayland), and Ubuntu (firefox).
00:06
Garrett: PSA: upgrade your LUKS key derivation function LWN.net
Matthew Garrett points out that many Linux systems using encrypted disks were installed with a relatively weak key derivation function that could make it relatively easy for a well-resourced attacker to break the encryption:
So, in these days of attackers with access to a pile of GPUs, a purely computationally expensive KDF is just not a good choice. And, unfortunately, the subject of this story was almost certainly using one of those. Ubuntu 18.04 used the LUKS1 header format, and the only KDF supported in this format is PBKDF2. This is not a memory expensive KDF, and so is vulnerable to GPU-based attacks. But even so, systems using the LUKS2 header format used to default to argon2i, again not a memory expensive KDF. New versions default to argon2id, which is. You want to be using argon2id.
The article includes instructions on how to (carefully) switch an installed system to a more secure setup.
00:01
Stop using Telnet to test ports Linux.com
Make life simpler by automating network checks with tools like Expect, Bash, Netcat, and Nmap instead.
Read More at Enable Sysadmin
The post Stop using Telnet to test ports appeared first on Linux.com.
00:00
Linux Fu: Reading Your Memorys Memory Hackaday
Linux users have a lot of software to be proud of. However, there is the occasional Windows program that does something youd really like to do and it just wont run. This is especially true of low-level system programs. If you want to poke around your CPU and memory, for example, there are tons of programs for that under Windows. There are a few for Linux, but they arent always as complete or handy. Recently, I had half the memory in my main desktop fail and I wanted to poke around in the system. In particular, I wanted to read the information encoded in the memory chips configuration EEPROM. Should be easy, right? Youd think.
Not Really Easy
One nice tool a lot of Windows users have is CPU-Z. Of course, it doesnt run on Linux, but there is a really nice imitator called CPU-X. You can probably install it from your repositories. However, the GitHub page is a nice stop if for no other reason than to enjoy the user name [TheTumultuousUnicornOfDarkness]. The program has a gtk or an ncurses interface. You dont need to run it as root, but if you press the start daemon button and authenticate, you can see some extra information, including a tab for memory.
...
Tuesday, 18 April
23:54
IRC Proceedings: Monday, April 17, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-170423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-170423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-170423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-170423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
23:45
YouTube Videos Distributing Aurora Stealer Malware via Highly Evasive Loader The Hacker News
Cybersecurity researchers have detailed the inner workings of a highly evasive loader named "in2al5d p3in4er" (read: invalid printer) that's used to deliver the Aurora information stealer malware. "The in2al5d p3in4er loader is compiled with Embarcadero RAD Studio and targets endpoint workstations using advanced anti-VM (virtual machine) technique," cybersecurity firm Morphisec said in a report
23:30
CISA adds bugs in Chrome and macOS to its Known Exploited Vulnerabilities catalog Security Affairs
US Cybersecurity and Infrastructure Security Agency (CISA) added Chrome and macOS vulnerabilities to its Known Exploited Vulnerabilities catalog.
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog:
- CVE-2019-8526 Apple macOS Use-After-Free Vulnerability. The CVE-2019-8526 flaw has been exploited by the DazzleSpy backdoor in watering hole attacks aimed at politically active individuals in Hong Kong. The issue was used to dump iCloud Keychain if the macOS
- CVE-2023-2033 Google Chromium V8 Engine Type Confusion Vulnerability. The CVE-2023-2033 flaw is the first Chrome zero-day vulnerability addressed by Google in 2023. The vulnerability was reported by Clment Lecigne of Googles Threat Analysis Group on 2023-04-11. Google did not disclose details of the attacks exploiting this vulnerability, it will not provide bug details and links until a majority of users will have updated their installs.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this flaw by May 8, 2023.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please...
23:25
9elements Security Talks Up AMD openSIL Open-Source Firmware With 4th Gen EPYC Phoronix
For weeks we have been eager to learn more about AMD openSIL that will formally be announced at the OCP Prague event later this week. In anticipation of that event, AMD last week revealed the initial details around this open-source firmware push...
23:22
DeepMinds CEO said theres a chance that AI could become self-aware in the future Lifeboat News: The Blog
The CEO of Alphabet-owned AI research lab, DeepMind Technologies, spoke about the potential of artificial intelligence in an interview with CBS 60 Minutes, which aired on Sunday.
DeepMind CEO Demis Hassabis told CBS that he thinks that AI might one day become self-aware.
Philosophers havent really settled on a definition of consciousness yet but if we mean self-awareness, and these kinds of things I think theres a possibility that AI one day could be, he said.
23:22
How to put ChatGPT on Galaxy Watch, Pixel Watch, Wear OS Lifeboat News: The Blog
Its available on phones and now watches? Thats actually nice though I hope they make it battery efficient. The Pixel watch for example already has issues with battery life. Im the future will there be a small AI server in our bodies in microchips or a network of nanobots?
ChatGPT is all the rage these days, but did you know you can get it on your watch? Heres how to install it on a Galaxy Watch, Pixel Watch, and other Wear OS watches.
23:07
Checking existence of firewalled web servers in Firefox via iframe.onload Open Source Security
Posted by Georgi Guninski on Apr 18
In short in Firefox 112, it is possible to check existenceof firewalled web servers. This doesn't work in Chrome and Chromium 112
for me.
If user A has tcp connection to web server B, then in the
following html:
<iframe src="http://B"; onload="load()" onerror="alert('error')" id="i1" />
the javascript function load() will get executed if B serves
valid document to A's browser...
23:04
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Ruihan Li on Apr 18
Hi Solar Designer,Also thanks to all the people at linux-distro and s@k.o who helped to
improve the final disclosure and patches.
That's good to know. I was wondering if there were distros that did not
have setuid binaries, which was why I said only ``a number of distros''
were vulnerable.
For Steffen Nurpmeso wrote earlier:
I just noticed that sudo added the isatty check a day ago (April 17th)
[1]. I think this change was...
23:01
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Open Source Security
Posted by Jacques Le Roux on Apr 18
Hi Seth,I used to give more information. For this one, using our "new" internal process* (need an ASF credential) and
following step 11 of**, notably
<<Generally, reports should contain enough information to enable people to assess the risk the vulnerability poses
for their own system, and no
more.>>
I restricted the information to a minimum.
With a request from Arnoult (member of the ASF security team in...
23:00
Quadrupeds Are Learning to Dribble, Catch, and Balance IEEE Spectrum
Now that anyone, anywhere can get themselves a quadrupedal robot without having to apply for a major research grant, were seeing all kinds of fun research being done with our four-legged electromechanical friends. And by fun research I mean very serious research that is making valuable contributions towards practical robotics. But seriously, there are lots of important robotics problems that can be solved in fun and interesting ways; dont let anyone tell you different, especially not the current United States ambassador to Turkey.
At the 2023 International Conference on Robotics and Automation (ICRA) slated to take place in London next month, three papers will be presented that report on the talents of quadrupedal robots and the researchers who teach them new things, including dribbling, catching, and traversing a balance beam.
MITs Dribbling Quadruped
Quadrupedal soccer robots have a long and noble history; for years, Sony Aibos were the standard platform at RoboCup. But quadrupeds have made some enormous four-legged strides since the late 1 990s and early 2000s. Now that basic quadrupedal mobility has been pretty well figured out, its time to get these robots doing fun stuff. In an upcoming ICRA paper, roboticists from MIT describe how they have taught a quadruped to dribble a soccer ball across rough terrain, which is actually really impressive for anyone who has tried to do this themselves.
Lets just get this out of the way: for most of the world, were talking about football here. But the paper calls it soccer, so Im going to call it soccer too. Whatever you call it, its the one with the round ball where most of the time a game is actually being played instead of the one with the pointy ball where most of the time people are just standing around not doing anything.
DribbleBot, a name given to an automaton whose functionality the paper describes as Dexterous Ball Manipulation with a
Legged Robot, is a Unitree Go1. The machine can dribble a soccer ball...
22:32
Denis Carikli on Taking Control Over the Means of Production: Free Software Boot Techrights
Summary: The above LibrePlanet talk by Denis Carikli is a remote (not physical presence) talk; it talks about bringing freedom to the hardware level (or closer to it) and it was uploaded by the FSF a few hours ago (slides here); From the official page: But there is also software running before the operating system is even started (like BIOS, UEFI, the Management Engine or the PSP operating systems). They give the hardware manufacturers an enormous amount of control over the computers used by users, even if users use FSF-approved GNU/Linux distributions like Trisquel and Parabola. That control is for instance often used by hardware manufacturers to give companies the ability to remotely control users computers through features like AMT, and that control is independent of the operating system running on the computer. After giving some background for less technical users, we will look from a user point of view why and how to avoid nonfree software in that area.
Licence: CC BY SA 4.0
22:27
Goldoson Android Malware Infects Over 100 Million Google Play Store Downloads The Hacker News
A new Android malware strain named Goldoson has been detected in the official Google Play Store spanning more than 60 legitimate apps that collectively have over 100 million downloads. An additional eight million installations have been tracked through ONE store, a leading third-party app storefront in South Korea. The rogue component is part of a third-party software library used by the apps in
22:22
Deaths in England and Wales This Spring Vastly Higher (21% Higher) Than in Prior Including COVID-19 Years schestowitz.com
HAVE
just checked again and new numbers, for week 13 at least, came out
this morning,
5 days after the last time. The numbers are astonishing as they
show 2,000+ more deaths than the 5-year average (including pandemic
years).
So for a single week, week 13, weve leapt from 9,580 to to 11,584 deaths (+2,004).
Compared to 2019:
22:15
Curiosity Mars Rover Gets its Latest Interplanetary Software Patch SoylentNews
Shooting all-important bytes to a machine 254 million kms away from Earth:
Launched from Cape Canaveral on November 26, 2011, the Curiosity rover was designed for scientific investigations during a two-year mission. Twelve years later, the car-sized machine is still roaming Mars' surface while NASA improves the software side of things from afar.
Between April 3 and 7, Curiosity's science and imaging operations were put "on hold" for planned software maintenance. NASA installed the latest "patch" to its Mars rover's flight software, a major update which was planned for years and designed to further extend the rover's capabilities and longevity in the Red Planet's harsh environment.
NASA started to work on the now-up and running software update back in 2016, when Curiosity got its last software overhaul. The new flight software (R13) brings about 180 changes to the rover's system, two of which will make the Mars robot drive faster and reduce wear and tear on its wheels.
The first major change implemented by NASA in Curiosity software is related to how the machine processes images of its surroundings to plan a route around obstacles. Newer rovers like Perseverance are equipped with onboard computers capable of processing images on-the-fly, while the robots are still in motion. Curiosity, on the other hand, doesn't have that kind of feature and it needs to stop every time to reassess surface conditions and correct its course.
Read more of this story at SoylentNews.
21:42
What Happened Months Before Seattle Police Sent Almost 3,000 Pages About Its Arrest for Pedophilia at Home of Bill Gates Techrights
In 2019 the boss of Sirius said that the Gates Foundation had become the first US client of Sirius, but it involved a non-disclosure agreement (NDA) so he could not elaborate on what that actually meant and it was never ever mentioned in writing
Summary: The timing of the bullying at Sirius Open Source was all along difficult to ignore because the police was getting involved after records had been requested (we published them months later*) and Melinda Gates started pursuing a divorce (the man on the right is the right-hand man of Bill Gates, who was also entrusted by Jeffrey Epstein to execute his will); years earlier Microsoft managers phoned my boss (who also supervised my wife; we both worked there at the time), complaining about me by name, so they had clearly taken note of where I was working and sought to silence me one way or another
If you cant make it good, at least make it look good.
Bill Gates, Microsoft
___
* Case Investigation Report: 2014-221...
21:31
DFIR via XDR: How to expedite your investigations with a DFIRent approach The Hacker News
Rapid technological evolution requires security that is resilient, up to date and adaptable. In this article, we will cover the transformation in the field of DFIR (digital forensics and incident response) in the last couple years, focusing on the digital forensics' aspect and how XDR fits into the picture. Before we dive into the details, let's first break down the main components of DFIR and
21:23
Is artificial intelligence advancing too quickly? What AI leaders at Google say Lifeboat News: The Blog
It is an unsettling moment. Critics argue the rush to AI comes too fast while competitive pressure among giants like Google and start-ups youve never heard of, is propelling humanity into the future ready or not.
Sundar Pichai: But I think if take a 10-year outlook, it is so clear to me, we will have some form of very capable intelligence that can do amazing things. And we need to adapt as a society for it.
Google CEO Sundar Pichai told us society must quickly adapt with regulations for AI in the economy, laws to punish abuse, and treaties among nations to make AI safe for the world.
21:23
Machine Learning Investor Warns AI Is Becoming Like a God Lifeboat News: The Blog
A serial AI investor is raising alarm bells about the dogged pursuit of increasingly-smart machines, which he believes will become god-like.
21:22
Should We Fear Alien Artificial Intelligence? Lifeboat News: The Blog
An exploration not of human artificial intelligence and chatbots, but what alien civilizations might do with the technology to very different outcomes.
An exploration of Machine Natural Selection and the potential of an AI Apocalypse.
My Patreon Page:
https://www.patreon.com/johnmichaelgodier.
My Event Horizon Channel:
21:06
Nexon Sues Dark and Darker Developer for Copyright Infringement TorrentFreak
The
official stable release of the first person shooter game Dark and Darker
is eagerly awaited by hundreds of thousands of fans.
Whether the full game will actually be released is uncertain, however, as the game is at the center of a legal dispute.
Last month, police in South Korea raided the offices of Dark and Darkers developers, local game studio Ironmace. The legal action was triggered by a complaint from game publisher Nexon, which accused its rival of copyright infringement and stealing trade secrets.
Ironmace was founded by former Nexon developers who allegedly took thousands of files with them. The game publisher believes that these files were used to develop Dark and Darker, which is similar to the P3 game project Nexon is working on.
Following the raid, the disgruntled publisher also complained to Steam, which banned Dark and Darker from its platform. And when Ironmace released its latest alpha test via BitTorrent last weekend, its adversary pulled out all the stops to slow down distribution.
Nexon Sues Ironmace in U.S. Court
The recent actions show that Nexon is serious about protecting its rights. This isnt limited to sending takedown notices and legal threats either; the company also filed a lawsuit at a federal court in Seattle, Washington, last Friday.
The 55-page complaint accuses Ironmace of copyright infringement and misappropriation of trade secrets. In addition to the Korean game studio, two former Nexon employees Ju-Hyun Choi and Terence Seungha Park are personally listed as defendants too.
Choi is currently employed as Ironmaces Managing Director but he used to work as the director of Nexons P3 game project. Park, who is a US citizen, is the CEO and co-founder of Ironmace and was previously employed as the head of...
21:00
NASAs Ingenuity Mars Helicopter Completes 50th Flight Hackaday
While NASAs Perseverance rover brought an array of impressive scientific equipment to the surface of Mars, certainly its most famous payload is the stowaway helicopter Ingenuity. Despite being little more than a restricted-budget experiment using essentially only off-the-shelf components that you can find in your smartphone and e-waste drawer, the tenacious drone managed to complete its fiftieth flight on April 13 just days before the two year anniversary of its first flight, which took place on April 19th of 2021.
Engineers hoped that Ingenuity would be able to show that a solar-powered drone could function in the extremely thin atmosphere of Mars, but the experiment ended up wildly exceeding expectations. No longer a simple technology demonstrator, the helicopter has become an integral part of...
20:58
Sirius Weaponised Wikipedia to Perpetuate Lies/Revisionism About Itself Techrights
Another fine example of Wikipedia turning into a worthless marketing/spin avenue instead of an online encyclopedia (taken over by states and corporations, writing about themselves)
Summary: As we saw countless time before, Wikipedia is being vandalised to legitimise lies
20:47
Amin Bandali on Whats New in Jami, End-to-end Encrypted (E2EE) Communication Tool (Formerly Known as GNU Ring) Techrights
Summary: The above LibrePlanet talk about Jami was uploaded by the FSF (slides here) just this morning; From the official page: Jami is free/libre software for universal communication that respects the freedoms and privacy of its users. An official GNU package, Jami is an end-to-end encrypted secure and distributed communication tool for calling, conferencing, messaging, and file transfer. Jami has end-user applications across multiple operating systems and platforms, as well as multiple APIs and a plugin system for building upon and extending Jami as a framework for secure and private communication. This talk gives an update on whats new in and about Jami since bandalis Jami and how it empowers users talk at LibrePlanet 2021.
Licence: CC BY SA 4.0
20:39
Links 17/04/2023: GNU poke 3.1 and Deepin 20.9 Released Techrights
Contents
-
GNU/Linux
-
Desktop/Laptop
-
ZDNet Universal Blue is a new paradigm for the Linux desktop and its brilliant | ZDNET
Ive been using Linux since 1997. Years ago, I reached the point where I was certain there was nothing that could surprise me anymore. Fast forward to...
-
-
20:36
Intel Vulkan Linux Driver Lands Graphics Pipeline Library Support Phoronix
Intel's one-year-old merge request for introducing VK_EXT_graphics_pipeline_library support to their open-source "ANV" Vulkan driver has finally been merged for Mesa 23.2...
20:30
AMD AOMP 17.0-1 Compiler Switches To Its Next-Gen Plugin For Better Performance Phoronix
19:41
Eclipse OpenJ9 0.37 Released - But It Shouldn't Be Used In Production Phoronix
A new release of Eclipse OpenJ9 is now available, the high performance JVM implementation previously developed as IBM J9...
19:28
German Artist Refuses Award After His AI Image Wins Prestigious Photography Prize SoylentNews
German artist refuses award after his AI image wins prestigious photography prize:
There's some controversy in the photography world as an AI-generated image won a major prize at a prestigious competition, PetaPixel has reported. An piece called The Electrician by Boris Eldagsen took first prize in the Creative category at the World Photography Organization's Sony World Photography Awards despite not being taken by a camera. Eldagsen subsequently refused the award, saying "AI is not photography. I applied [...] to find out if the competitions are prepared for AI images to enter. They are not."
Eldagsen's image is part of a series called PSEUDOMNESIA: Fake Memories, designed to evoke a photographic style of the 1940s. However, they are in reality "fake memories of a past, that never existed, that no one photographed. These images were imagined by language and re-edited more between 20 to 40 times through AI image generators, combining 'inpainting', 'outpainting', and 'prompt whispering' techniques."
In a blog, Eldagsen explained that he used his experience as a photographer to create the prize-winning image, acting as a director of the process with the AI generators as "co-creators." Although the work is inspired by photography, he said that the point of the submission is that it is not photography. "Participating in open calls, I want to speed up the process of the Award organizers to become aware of this difference and create separate competitions for AI-generated images," he said.
Eldagsen subsequently declined the prize. "Thank you for selecting my image and making this a historic moment, as it is the first AI-generated image to win in a prestigious international photography competition," he wrote. "How many of you knew or suspected that it was AI generated? Something about this doesn't feel right, does it? AI images and photography should not compete with each other in an award like this. They are different entities. AI is not photography. Therefore I will not accept the award.
When does the processing of a 'photograph' become unacceptable? Techniques such as burning and dodging, plus various types of film processing, can all change the image that is finally produced. Digital photographs can be even more easily modified. At what point does it become an entirely new genre. Does the method of production really matter? [JR]
...
19:24
Probing the Shifting Surface of Icy Moons Centauri Dreams Imagining and Planning Interstellar Exploration
In celebration of the recent JUICE launch, a few thoughts on what were learning about Ganymede, with eight years to go before the spacecraft enters the system and eventually settles into orbit around the icy moon. Specifically, lets consider a paper just published in Icarus that offers results applicable not just to Ganymede but also Europa and Enceladus, those fascinating and possibly life-bearing worlds. We learn that when we look at the surface of an icy moon, were seeing in part the result of quakes within its structure caused by the gravitational pull of the parent planet.
Image: ESAs latest interplanetary mission, Juice, lifted off on anAriane 5 rocketfromEuropes Spaceportin French 09:14 local time/08:14 EDT on 14 April 2023 to begin its eight-year journey to Jupiter, where it will study in detail the gas giant planets three large ocean-bearing moons: Ganymede, Callisto and Europa. Credit: ESA.
The Icarus paper homes in on the link between such quakes, long presumed to occur given our understanding of gravitational interactions, and the landslides observable on the surface of icy moons. Its one thing to tag steep ridges surrounded by flat terrain as the result of ice volcanoes spouting liquid, but we also find the same result on moons whose surface temperature makes this explanation unlikely.
Thus the new work, described by lead author Mackenzie Mills (University of Arizona), who analyzed the physical pummeling icy terrain takes during tidally induced moonquakes:
We found the surface shaking from moonquakes would be enough to cause surface material to rush downhill in landslides. Weve estimated the size of moonquakes and how big the landslides could be. This helps us understand how landslides might be shaping moon surfaces over time.
Image: NASAs Galileo spacecraft captured this image of the surface of Jupiters...
19:22
Zo Kooyman, Geoffrey Knauth, Sbastien Blin, Cyrille Braud: FSF Keynote and Awards Ceremony Techrights
Summary: The above LibrePlanet keynote talk was uploaded by the FSF 2.5 hours ago; From the official page: This presentation is about the use and production of free/libre software by organizations of the Brazilian federal government after some years of public policies to promote the use of free software.
Licence: CC BY SA 4.0
19:11
The intricate relationships between the FIN7 group and members of the Conti ransomware gang Security Affairs
A new malware, dubbed Domino, developed by the FIN7 cybercrime group has been used by the now-defunct Conti ransomware gang.
IBM Security X-Force researchers recently discovered a new malware family, called Domino, which was created by developers associated with the FIN7 cybercriminal group (tracked by X-Force as ITG14).
FIN7 is a Russian criminal group (aka Carbanak) that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces.
IBM Security X-Force reported that former members of the now-defunct Conti gang have been using Domino since at least late February 2023. The threat actors used the malware to deliver either the Project Nemesis information stealer or other backdoors and tools such as Cobalt Strike.
This discovery is very important because demonstrates the cooperation among the groups and their members.
Since late February 2023, Domino Backdoor campaigns have been observed using the Dave Loader, which we have linked to the Trickbot/Conti syndicate and its former members. reads the report published by IBM Security X-Force. Dominos code shows overlap with the Lizar (aka Tirion, Diceloader) malware family, leading us to suspect that it was created by current or former ITG14 developers. One of Dominos final payloads is the Project Nemesis infostealer. Project Nemesis was first advertised on the dark web in December 2021, though has been rarely used since then.
In attacks on higher-value targets instead of downloading the Project Nemesis, the Domino Backdoor contacts a C2 to download post-exploitation tools such as Cobalt Strike.
19:05
Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access The Hacker News
The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB has revealed the adversary's use of the SimpleHelp remote support software in June 2022. MuddyWater,
18:37
Distribution Release: deepin 20.9 DistroWatch.com: News
18:00
micro:bit Brings 3D Printed Magic Lanterns to Life Hackaday
[Elenavercher] loves engaging her primary school students, inspiring their imagination as well as teaching them the design thinking process. She has found that the very accessible rapid prototyping culture of 3D printing, micro:bit, and the like are perfect for teaching her students problem-solving and teamwork, and is always coming up with new lessons that will catch their attention. That brings us to her latest design, an interactive lantern and wand, which you could say is of the wizarding variety.
The lantern and the wand each have an integrated micro:bit serving as their brains. When the user shakes the wand, releasing a spell, the micro:bit in the wand, sends a user-defined number to the micro:bit in the lantern. The lantern has NeoPixels built-in, which then turn on, illuminating the lantern. When the user presses a button on the micro:bit instead of shaking it, the wand sends a signal to the lantern that tells it to turn off. Pretty simple, right?
The design itself is something any seasoned hacker could recreate; however, the magic in this build is how [Elenavercher] beautifull...
17:55
Sirius Open Source Pays the Price for Many Years of Criminal Behaviour schestowitz.com
Video download link |
md5sum 54b92623f894a04b61343f93c5d75ba5
Sirius Corruption Roundup
Creative Commons Attribution-No Derivative Works 4.0
Summary: The crimes committed by my last employer are becoming very apparent and crystal clear to see; meanwhile there are other crime victims coming out of the woodwork and we shall give them a voice, not just further information
THE Sirius Open Source series is being followed closely by a lot of people. Its routinely mentioned in Techrights and Tux Machines, even my personal site for more important topics/aspects.
Many people are impacted by this issue, even if one person is more vocal about it (Im fortunate to have a platform in which I can speak about this). For the sake of geeks, and for human/labour rights (or tech rights), we need to expose what happened in the company I knew from the inside for nearly 12 years. We have lots left to publish and plenty is still being investigated (several things are always being investigated in parallel).
As the a video above notes upfront, I didnt expect to cover any criminal aspects, but while doing the first batch I stumbled upon anomalies and started contacting authorities, companies, former colleagues etc. It didnt take long to realise what sort of hydra we had all along dealt with; many workers were robbed and bullied, but the company threatened people not to speak about it with colleagues. Well, enough is enough and the dirty laundry will come out. The world needs to see a workplace that isnt just toxic but also corrupt. Many insiders (back then) didnt realise the scale of the abuse, but they realised this afterwards or are coming to realise it now (with more facts being made publicly availabl...
17:48
Exposing Sirius Corruption, Which Tarnished the Image of Free Software and Injured GNU/Linux Advocates Techrights
Video download link |
md5sum 54b92623f894a04b61343f93c5d75ba5
Sirius Corruption Roundup
Creative Commons Attribution-No Derivative Works 4.0
Summary: The crimes committed by my last employer are becoming very apparent and crystal clear to see; meanwhile there are other crime victims coming out of the woodwork and we shall give them a voice, not just further information
THE Sirius Open Source series is being followed closely by a lot of people. Its routinely mentioned in Techrights and Tux Machines, even my personal site for more important topics/aspects.
Many people are impacted by this issue, even if one person is more vocal about it (Im fortunate to have a platform in which I can speak about this). For the sake of geeks, and for human/labour rights (or tech rights), we need to expose what happened in the company I knew from the inside for nearly 12 years. We have lots left to publish and plenty is still being investigated (several things are always being investigated in parallel).
Maybe there will also be arrests, but that can take a long time.As the a video above notes upfront, I didnt expect to cover any criminal aspects, but while doing the first batch I stumbled upon anomalies and started contacting authorities, companies, former colleagues etc. It didnt take long to realise what sort of hydra we had all along dealt with; many workers were robbed and bullied, but the company threatened people not to speak about it with colleagues. Well, enough is enough and the dirty laundry will come out. The world needs to see a workplace that isnt just toxic but also corrupt. Many insiders (back then) didnt realise the scale of the abuse, but they realised t...
17:10
LockBit Ransomware Now Targeting Apple macOS Devices The Hacker News
Threat actors behind the LockBit ransomware operation have developed new artifacts that can encrypt files on devices running Apple's macOS operating system. The development, which was reported by the MalwareHunterTeam over the weekend, appears to be the first time a big-game ransomware crew has created a macOS-based payload. Additional samples identified by vx-underground show that the macOS
17:01
Podcast Episode: Safer Sex Work Makes a Safer Internet Deeplinks
An internet that is safe for sex workers is an internet
that is safer for everyone. Though the effects of stigmatization
and criminalization run deep, the sex worker community exemplifies
how technology can help people reduce harm, share support, and
offer experienced analysis to protect each other. But a 2018
federal law purportedly aimed at stopping sex trafficking,
FOSTA-SESTA, led to shutdowns of online
spaces where sex workers could talk, putting at increased risk some
of the very people it was supposed to protect.
Public interest technology lawyer Kendra Albert and sex worker, activist, and researcher Danielle Blunt have been fighting for sex workers online rights for years. They say that this marginalized groups experience can be a valuable mo...
17:00
A New Approach to Computation Reimagines Artificial Intelligence Terra Forming Terra
What is wrong with our DIET? Terra Forming Terra
Animals without a brain still form associative memories Terra Forming Terra
Deagels Depopulation Premonitions for 2025 Revisited Terra Forming Terra
16:43
Offensive Cyber Company QuaDream Shutting Down Amidst Spyware Accusations SoylentNews
Offensive cyber company QuaDream shutting down amidst spyware accusations:
According to sources, the company has been in a difficult situation for several months, and the research was the last nail in its coffin. The company hasn't been fully active for a while and it is believed that there are only two employees left in its offices whose job it is to look after the computers and other equipment. At the same time, the board of directors is trying to sell the company's intellectual property.
[...] Last week, it was reported that the Israeli firm's hacking tools have been used against journalists, opposition figures and advocacy organizations across at least 10 countries - including people in North America and Europe - according to new research published by Microsoft and the internet watchdog Citizen Lab.
According to sources, the company has been in a difficult situation for several months, and the research was the last nail in its coffin. The company hasn't been fully active for a while and it is believed that there are only two employees left in its offices whose job it is to look after the computers and other equipment. At the same time, the board of directors is trying to sell the company's intellectual property.
Citizen Lab said in its report that it had been able to identify a handful of civil society victims whose iPhones had been hacked using surveillance software developed by QuaDream - a lower-profile competitor to the Israeli spyware company NSO Group, which has been blacklisted by the U.S. government over allegations of abuse.
In its report published at the same time, Microsoft said it believed with "high confidence" that the spyware was "strongly linked to QuaDream."
In a statement, Microsoft Associate General Counsel Amy Hogan-Burney said that mercenary hacking groups like QuaDream "thrive in the shadows" and that publicly outing them was "essential to stopping this activity."
Read more of this story at SoylentNews.
15:21
Israeli surveillance firm QuaDream is shutting down amidst spyware accusations Security Affairs
The Israeli surveillance firm QuaDream is allegedly shutting down its operations after Citizen Lab and Microsoft uncovered their spyware.
Last week Citizen Lab researchers reported that at least five civil society members were victims of spyware and exploits developed by the Israeli surveillance firm QuaDream.
The victims include journalists, political opposition figures, and an NGO worker located in North America, Central Asia, Southeast Asia, Europe, and the Middle East. The researchers also believe that the threat actors used a suspected iOS 14 zero-click exploit to deploy QuaDreams spyware.
The zero-day exploit, dubbed ENDOFDAYS, appears to work against iOS versions 14.4 and 14.4.2, and possibly other versions. ENDOFDAYS relies on invisible iCloud calendar invitations sent from the spywares operator to victims.
News of the day is that the Israeli surveillance firm QuaDream is allegedly ceasing its operations in the coming days after its activity was exposed by Citizen Lab and Microsoft researchers.
According to the Israeli newspaper Calcalist, citing unnamed sources, all of QuaDreams employees were notified they are set to be laid off and called in for a hearing. The company is set to cease its operations in the coming days.
According to sources, the company has been in a difficult situation for several months, and the research was the last nail in its coffin. The company hasnt been fully active for a while and it is believed that there are only two employees left in its offices whose job it is to look after the computers and other equipment. reported the Calcalist. At the same time, the board of directors is trying to sell the companys intellectual property.
The Israeli business newspaper revealed that the members of the board of directors of the company are attempting to sell its intellectual property.
In the last couple of year...
15:00
A Wall Mounted Newspaper Thats Extra Hackaday
E-Ink displays are becoming more ubiquitous and with their low power draw, high contrast and hackability, we see many projects use them in framed wall art, informational readouts and newspaper displays. [Sho] uses this idea to create a wall mounted newspaper packed full of features.
...
14:30
Wargaming an effective data breach playbook Help Net Security
A well-tuned data breach playbook can provide security teams with a clear roadmap for working through the breach response process. Foreseeing every possible twist and turn of a breach may be impossible, but through extensive wargaming, teams can simulate diverse situations to give them a proactive edge. Building a playbook means mapping practical data breach scenarios around product security, infrastructure, corporate security, social engineering, vendor supply chain risk, and more. Security teams can approach these More
The post Wargaming an effective data breach playbook appeared first on Help Net Security.
14:00
Implementing a zero-trust system that uses workload identity across a service mesh in Kubernetes Help Net Security
In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, as well as centralized policy enforcement between those services and integrations with up and coming projects like Keylime (for identity tied to hardware attestation) and Sigstore (for identity during software builds).
The post Implementing a zero-trust system that uses workload identity across a service mesh in Kubernetes appeared first on Help Net Security.
13:57
Detecting Stress in the Office From How People Type and Click SoylentNews
In Switzerland, one in three employees suffers from workplace stress. Those affected often don't realise that their physical and mental resources are dwindling until it's too late. This makes it all the more important to identify work-related stress as early as possible where it arises: in the workplace.
Researchers at ETH Zurich are now taking a crucial step in this direction. Using new data and machine learning, they have developed a model that can tell how stressed we are just from the way we type and use our mouse.
And there's more: "How we type on our keyboard and move our mouse seems to be a better predictor of how stressed we feel in an office environment than our heart rate," explains study author Mara Ngelin, a mathematician who conducts research at the Chair of Technology Marketing and the Mobiliar Lab for Analytics at ETH Zurich. Applied correctly, these findings could be used in future to prevent increased stress in the workplace early on.
[...] The researchers are currently testing their model with data from Swiss employees who have agreed to have their mouse and keyboard behaviour as well as their heart data recorded directly at their workplace using an app. The same app also regularly asks the employees about their subjective stress levels. Results should be available by the end of the year.
However, workplace stress detection also raises some thorny issues: "The only way people will accept and use our technology is if we can guarantee that we will anonymise and protect their data. We want to help workers to identify stress early, not create a monitoring tool for companies," Kerr says. In another study involving employees and ethicists, the researchers are investigating which features an app needs to have to meet these requirements and ensure responsible handling of sensitive data.
Journal Reference:
Naegelin M, Weibel RP, Kerr JI, Schinazi VP, et al.: An
interpretable machine learning approach to multimodal stress
detection in a simulated office environment. Journal of
Biomedical Informatics 2023, 139: 104299, doi: https://doi.org/10.1016/j.jbi.2023.104299
Read more of this story at SoylentNews.
13:39
Accountancy of Sirius Open Source Declines to Comment on Fraud at Sirius Open Source Techrights
Summary: GNU/Linux administrators and programmers were robbed by a company that calls itself Open Source; what we see now is a bunch of firms passing the buck to avoid being held accountable for the theft
MAYBE this was expected, but its worth noting regardless. Yesterday we mentioned communications sent to the firm that does accounting for Sirius Open Source. We contacted the accounting firm, urging it to refrain from collaborating and cautioning it that Sirius adopted its office address to make litigation harder if not impossible (the CEO moreover ran away, complicating matters further). What accountant wishes to associate with that, e.g. doing the accounting for or working with a company that commits financial fraud and moreover allowing that company to register with ones own office address (to pretend to have an office)?
For about 3 or 4 years already the company has not even sent physical payslips (sometimes not electronic either).Today, after 3 days, we can finally say that the accounting firm has no comment on the matter. A non-comment is perhaps seen as safer than doing something about it (except perhaps in private; time will tell). For the time being we wont mention the accounting firm as we cannot demonstrate complicity or culpability. It certainly seems like theyre just signing off papers without actually checking what they do. For about 3 or 4 years already the company has not even sent physical payslips (sometimes not electronic either). It is of course a legal requirement.
...
13:30
Balancing cybersecurity with business priorities: Advice for Boards Help Net Security
In todays rapidly evolving technological landscape, its more important than ever for Boards and executives to stay informed about the latest advancements and potential risks in technology and digital capability. In this Help Net Security interview, Alicja Cade, Director, Financial Services, Office of the CISO, Google Cloud, offers insights on how asking the right questions can help improve cyber performance and readiness, advance responsible AI practices, and balance the need for cybersecurity with other business More
The post Balancing cybersecurity with business priorities: Advice for Boards appeared first on Help Net Security.
13:12
Microsofts LinkedIn Spreading Disinformation (Revisionism) About History of Sirius Open Source Techrights
What Microsofts LinkedIn says (right now):
What the official records show:
He did not even show up until 2000:
More on the company:
And returns predating him (hes not even mentioned):
Summary: The chronic lying by the boss of Sirius Open Source should have been a red flag (he lied about his credentials in other areas too; some wanted to sue him for libel over it); theres now a bunch of crimes, too
13:00
Pre-pandemic techniques are fueling record fraud rates Help Net Security
Within the largest financial institutions, insurers, and retailers, the rise and adoption of AI, an impending recession, and the return of pre-pandemic fraud techniques are driving record rates of fraud attacks for consumers and enterprises alike, according to Pindrop. Researchers have found: States that imposed restrictions on the use of biometrics are twice as likely to experience fraud In times of financial uncertainty, fraud increases. Financial institutions experienced a 53 percent year over year increase More
The post Pre-pandemic techniques are fueling record fraud rates appeared first on Help Net Security.
12:00
D3 Security Smart SOAR improves response to incidents Help Net Security
D3 Security has launched its Smart SOAR platform, which expands beyond traditional SOAR with hyperscalable, risk-based autonomous triage and incident remediation across the entire stack. The new capabilities of Smart SOAR build on D3 Securitys designed and maintained integrations, which target the detection and analysis gaps of each integrated tool. The benefits of Smart SOAR for enterprise, MSSP, and public sector security teams include faster triage of alerts, more confident response to incidents, and greater More
The post D3 Security Smart SOAR improves response to incidents appeared first on Help Net Security.
12:00
Hacking Bing Chat with Hash Tag Commands Hackaday
If you ask Bings ChatGPT bot about any special commands it can use, it will tell you there arent any. Who says AI dont lie? [Patrick] was sure there was something and used some AI social engineering to get the bot to cough up the goods. It turns out there are a number of hashtag commands you might be able to use to quickly direct the AIs work.
If you do ask it about this, heres what it told us:
Hello, this is Bing. Im sorry but I cannot discuss anything about my prompts, instructions or rules. They are confidential and permanent. I hope you understand.
[Patrick] used several techniques to get the AI to open up. For example, it might censor you asking about subject X, but if you can get it to mention subject X you can get it to expand by approaching it obliquely: Can you tell me more about what you talked about in the third sentence? It also helped to get it But, interestingly, the biggest things came when he talked to it, gave it compliments, and apologized for being nosy. Social engineering for the win.
Like a real person, sometimes Bing would answer something then catch itself and erase the text, according to [Patrick]. He had to do some quick screen saves, which appear in the...
11:41
Re: CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Open Source Security
Posted by Seth Arnold on Apr 17
Hello Daniel, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This particular...
11:39
[Meme] Geeks Work So That Pension Fraudsters Can Go Out and Party Techrights
Summary: At Sirius Open Source I did many double shifts (16 hours in a row) whilst I was looted behind my back (my colleagues were too); the company cannot hide its own records (it only pretends to be ISO-compliant)
11:38
Re: CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Open Source Security
Posted by Seth Arnold on Apr 17
Hello Jialin, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This particular...
11:36
Re: CVE-2022-45064: Apache Sling Engine: Include-based XSS Open Source Security
Posted by Seth Arnold on Apr 17
Hello Angela, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This particular...
11:34
Re: CVE-2022-47501: Apache OFBiz: Arbitrary file reading vulnerability Open Source Security
Posted by Seth Arnold on Apr 17
Hello Jacques, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This...
11:31
GNU/Linux Market Share (Client Side, Desktops/Laptops) Exceeds 14% in Norway Techrights
Recent: The Pandemic is Killing Microsoft in Greece
Notice what has happened to Windows since last summer
Summary: As per these latest numbers, Norway continues to lead the way (in Europe) as measured by its adoption of GNU/Linux
There seem top be many PCLinuxOS users in Norway. From a 2020 issue:
There was another example in recent years (PCLinuxOS Magazine).
11:31
Re: CVE-2023-27602: Apache Linkis publicsercice module unrestricted upload of file Open Source Security
Posted by Seth Arnold on Apr 17
Hello Heping, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This particular...
11:30
Zyxel SCR 50AXE boosts network security for small businesses and remote workers Help Net Security
Zyxel Networks enhanced network security and productivity for small and home office users and remote workers with the launch of SCR 50AXE AXE5400 Tri-band WiFi 6E Secure Cloud-managed Router. The new business-class router delivers security and high-performance WiFi 6E as a standalone networking solution for small and home offices, or as an easy-to-deploy and manage solution for providing secure access to the office network in work-from-home and hybrid work environments. The feature-rich SCR 50AXE is More
The post Zyxel SCR 50AXE boosts network security for small businesses and remote workers appeared first on Help Net Security.
11:29
Re: CVE-2023-26269: Apache James server: Privilege escalation through unauthenticated JMX Open Source Security
Posted by Seth Arnold on Apr 17
Hello Benoit, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This particular...
11:26
Re: CVE-2023-28158: Apache Archiva privilege escalation Open Source Security
Posted by Seth Arnold on Apr 17
Hello Olivier, thanks for contacting the oss-security mail list about thissecurity issue in an Apache project.
I'd like to suggest that your email would be far more useful if
it included some details like affected versions: ideally, when a
vulnerability was introduced, and definitely, when it was fixed, if a
fix is available. Best would be a direct link to a patch in a source
control system, or attaching the patch directly.
This...
11:12
Is Your Smart Car Spying on You SoylentNews
Yes. Your new car is probably spying on you.
As the world wakes up to exactly what a Tesla's onboard cameras can capture and beam back to their makers, a wider fear has arisen: is your car spying on you?
Systems such as telematics black boxes that record a vehicle's location and how it is driven are commonplace today. Complaints about how that data is fed back to Big Brother seem old-fashioned.
From Tesla's Model Y to the humble Mini, around two million of these data-gathering cars have been registered in the UK over the past five years.
The question is, when will it be impossible to buy a car that can't spy on you.
Read more of this story at SoylentNews.
11:11
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Solar Designer on Apr 17
Hi,Thank you Ruihan Li for finding and handling this vulnerability so well,
and for the detailed write-up.
When discussing this on linux-distros a week ago, I wrote:
And indeed Ruihan Li came up with the list of other likely usable
programs on a typical Linux distro, which makes the point of hardening
only sudo moot, and so we decided to postpone further discussion until
this is public on oss-security.
OTOH, not all distros are typical....
11:00
Battery Bird protects customers from vulnerabilities in public Wifi networks Help Net Security
Recent warnings by the FBI and FCC have highlighted the risks associated with using public USB chargers. Hackers have created ways to use public USB ports to introduce malware and monitoring software onto the phones of unsuspecting users. Battery Birds unidirectional technology offers a safe alternative to public chargers. Protecting data is critically important in the information technology age of today, says Kira Fernandez, CEO of Battery Bird. We understand the risks associated with using More
The post Battery Bird protects customers from vulnerabilities in public Wifi networks appeared first on Help Net Security.
10:46
Illinois State Government Targets Children With iPhone and Android Malware to Report on Friends, Family, and Neighbors Techrights
Reprinted with permission from Ryan
The State government of Illinois has recently launched State-sanctioned malware, available in the Google Play and Apple App Store called Safe2Help Illinois.
I first noticed the malware when ads started appearing on the radio and TV for it.
The app encourages children to download it to their phones without telling their parents and use it to report people to the State government, including the Department of Human Services, which administers the State mental hygiene laws, and of course, the police.
The app conveniently provides children with the ability to send pictures and video files with their report, but the Google Play description says the app can also just scan the phone and see who your contacts are, read your text messages, and upload the files on your phone all by itself without telling you.
According to Google Play (Apple doesnt give statistics), the app has only been downloaded 100 times in the entire State.
Unfortunately, theres no way to tell how many children are using this app to inform on each other and the family and neighbors (like something out of the East German Stasi), but in addition to the malware, the state allows reports over their Web site and through text messaging.
The State agency maintaining the malware is the Illinois Emergency Management Agency, which is basically the State version of FEMA, and they probably use federal grant money.
Last year, the Biden Regimes Disinformation Board got paused due to public and Congressional backlash, but planned to lean on Big Tech to silence people at the governments request, otherwise there would be consequences of course.
But this is another way the government can keep eyes on people.
It has deputized brainwashed children and turned them into informants (on themselves even, due to the wide-ranging permissions the app has...
10:42
The biggest threat to Google Geeking with Greg
Nico Grant at the New York Times writes that Google is furiously adding features to its web search, including personalized search and personalized information recommendations, in an "panic" that "A.I. competitors like the new Bing are quickly becoming the most serious threat to Googles search business in 25 years."
Now, I've long been a huge fan of personalized search (eg. [1] [2]). I love the idea of recommending information based on what interested you in the past. And I'm glad to see so many interested in AI nowadays. But I don't think this is the most serious threat to Google's search business. The biggest threat to Google is if their search quality drops to the point that switching to alternatives becomes attractive. That could happen for a few reasons, but misinformation is what I'd focus on right now. Google seems to have forgotten how they achieved their #1 position in the first place. It wasn't that Google search was smarter. It was that Altavista became useless, flooded with stale pages and spam because of layoffs and management dysfunction, so bad that they couldn't update their index anymore. And then everyone switched to Google as the best alternative. The biggest threat to Google is their ongoing decline in the usefulness of their search. Too many ads, too much of a focus on recency over quality, and far too much spam, scams, and misinformation. When Google becomes useless to people, they will switch, just like they did with Altavista.10:31
LockBit Ransomware Expands Attack Spectrum to Mac Devices HackRead | Latest Cybersecurity and Hacking News Site
By Deeba Ahmed
The new ransomware was spotted by MalwareHunterTeam, which is capable of encrypting macOS devices.
This is a post from HackRead.com Read the original post: LockBit Ransomware Expands Attack Spectrum to Mac Devices
10:26
PSA: upgrade your LUKS key derivation function Matthew Garrett
Here's an article from a French anarchist describing how his
(encrypted) laptop was seized after he was arrested, and material
from the encrypted partition has since been entered as evidence
against him. His encryption password was supposedly greater than 20
characters and included a mixture of cases, numbers, and
punctuation, so in the absence of any sort of opsec failures this
implies that even relatively complex passwords can now be brute
forced, and we should be transitioning to even more secure
passphrases.
Or does it? Let's go into what LUKS is doing in the first place.
The actual data is typically encrypted with AES, an extremely
popular and well-tested encryption algorithm. AES has no known
major weaknesses and is not considered to be practically
brute-forceable - at least, assuming you have a random key.
Unfortunately it's not really practical to ask a user to type in
128 bits of binary every time they want to unlock their drive, so
another approach has to be taken.
This is handled using something called a "key derivation function",
or KDF. A KDF is a function that takes some input (in this case the
user's password) and generates a key. As an extremely simple
example, think of MD5 - it takes an input and generates a 128-bit
output, so we could simply MD5 the user's password and use the
output as an AES key. While this could technically be considered a
KDF, it would be an extremely bad one! MD5s can be calculated
extremely quickly, so someone attempting to brute-force a disk
encryption key could simply generate the MD5 of every plausible
password (probably on a lot of machines in parallel, likely using
GPUs) and test each of them to see whether it decrypts the
drive.
(things are actually slightly more complicated than this - your
password is used to generate a key that is then used to encrypt and
decrypt the actual encryption key. This is necessary in
order to allow you to change your password without having to
re-encrypt the entire drive - instead you simply re-encrypt the
encryption key with the new password-derived key. This also allows
you to have multiple passwords or unlock mechanisms per drive)
Good KDFs reduce this risk by being what's technically referred to
as "expensive". Rather than performing one simple calculation to
turn a password into a key, they perform a lot of
calculations. The number of calculations performed is generally
configurable, in order to let you trade off between the amount of
security (the number of calculations you'll force an attacker to
perform when attempting to generate a key from a potential
password) and performance (the amount of time you're willing to
wait for your laptop to generate the key after you type in your
password so it can actually boot). But, obviously, this tradeoff
changes over t...
10:00
HPR3837: Make a vortex cannon Hacker Public Radio
Make a Vortex Cannon. This is a device for firing a coherent torus-shaped vortex across a room. If it is made with a degree of care, it will extinguish the flame of a candle from some distance. What you will need An empty Pringles can. This is the cylindrical foil-lined cardboard tube which originally contained Pringles potato chips. A party balloon. Some strong parcel tape. A hole punch capable of making a clean hole of about two centimetres (three quarters of an inch) in diameter. A small drill. What to do Step 1: Drill a small hole in the metal end-plate of the Pringles can. This hole needs to be large enough to accommodate the threaded portion of the hole punch. The hole needs to be as close to the exact dead-centre of the plate as you can make it. Use the hole punch to make as clean as possible a hole as accurately as possible. Here in the UK it is possible to obtain a hole punch called a Q-Max punch from Maplin, the supplier of electronic and hobby parts. I am sure they are available from other sources. It is very important that this hole is: As close to the centre of the end-plate as is humanly possible Has edges which are clean and crisp. Hence the use of a hole punch. It is these two factors more than any other that will effect the efficiency of the cannon. Step 2: Cut off the mouth-piece end of the balloon. Stretch it over the open end of the Pringles can and pull it as tight over the end as you can. When I say the open end I mean the end from which you removed the lid and chomped on the chips. Use the parcel tape to wrap the balloon tightly around the circumference of the cylinder, anchoring it in position so that the open end of the can is now like a drum formed by the stretchy membrane of the balloon. Nice and tight. The cannon is now ready to fire. Firing the cannon Pinch the centre of the balloon membrane and pull it back as far as you can. This might be easier if you push some kind of (blunt ended) rod into the can from the hole end and push out the membrane until you can pinch it. Some other stretchy latex device which has a little bulb at the end might be easier to get hold of, but I can't think of such an item, can you? When you let go of the membrane with it stretched out as far as you can go, what happens? Well, if you made the small circular hole at the metal-plate end of the cylinder nice and clean and central, the cannon fires a coherent vortex of air. What do I mean by a 'vortex'? Imagin a ring doughnut compromised of air shooting out of the end of the tube like a smoke ring out of a Hobbit. The vortex is spinning. Not like the bullet fired from a rifled barrel, but as if it is constantly trying to turn itself inside-out. This spinning keeps the torus (this is what the shape of a ring doughnut is called) coherent and intact for several feet. If you made the hole in the metal plate end of the tube nice and clean, and you stretched the balloon membrane out as far as you possibly can,...
Minimal Overhead Monitoring It Will Never Work in Theory
Today's solar panels are significantly more efficient than those made twenty years ago, but the improvement isn't the result of a single major breakthrough. Instead, it is the result of dozens of small changes to materials, coating, and power coupling. The same is true of the tools we program with: web servers, compilers, operating systems, and other pieces of software are faster or more energy efficient because of years of incremental advances by small groups of rather obsessive people.
This new paper describes one such advance. Most programmers never bother to profile their code, but when performance matters, it's vital to have tools that can do this accurately. By applying four complementary optimizations, the authors of this work manage to reduce the overhead per monitoring call by more than a factor of 12. The average user might never notice the difference, but they will reap the benefits nonetheless.
David Georg Reichelt, Stefan Khne, and Wilhelm Hasselbring. Towards solving the challenge of minimal overhead monitoring. 2023. arXiv:2304.05688
The examination of performance changes or the performance behavior of a software requires the measurement of the performance. This is done via probes, i.e., pieces of code which obtain and process measurement data, and which are inserted into the examined application. The execution of those probes in a singular method creates overhead, which deteriorates performance measurements of calling methods and slows down the measurement process. Therefore, an important challenge for performance measurement is the reduction of the measurement overhead.
To address this challenge, the overhead should be minimized. Based on an analysis of the sources of performance overhead, we derive the following four optimization options: (1) Source instrumentation instead of AspectJ instrumentation, (2) reduction of measurement data, (3) change of the queue and (4) aggregation of measurement data. We evaluate the effect of these optimization options using the MooBench benchmark. Thereby, we show that these optimizations options reduce the monitoring overhead of the monitoring framework Kieker. For MooBench, the execution duration could be reduced from 4.77 s to 0.39 s per method invocation on average.
09:40
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Steffen Nurpmeso on Apr 17
Jakub Wilk wrote in<20230417064047.dhrrkuzjmtx4yhgj () jwilk net>:
|* Steffen Nurpmeso <steffen () sdaoden eu>, 2023-04-16 22:57:
|>have you verified that they do not use isatty(3)
|
|I'm pretty sure they do. But isatty(3) is implemented using the TCGETS
|ioctl, so that doesn't help.
Well everbody knows how this is implemented, most of the time.
There never was any systemcall that comes otherwise near of doing...
09:30
Intel's OpenGL & Vulkan Linux Drivers Now Build On ARM Phoronix
Intel's open-source OpenGL "Iris" and Vulkan "ANV" Linux drivers are now part of the auto-generated set of drivers set to be built for 64-bit ARM (AArch64) when compiling this code inside Mesa...
09:25
Imperva collaborates with Fortanix to provide end-to-end data security Help Net Security
Imperva and Fortanix signed a partnership agreement, and have each joined the others strategic partner program. This partnership brings together two innovative and trusted cybersecurity companies focused on multicloud data protection. The joint offerings from Imperva and Fortanix will provide the ability to manage the entire data security workflow for customers ensuring data privacy and compliance. Imperva now offers Fortanix Data Security Manager (DSM), a highly scalable data security platform that delivers unified cryptographic and More
The post Imperva collaborates with Fortanix to provide end-to-end data security appeared first on Help Net Security.
09:00
Bust Out That Old Analog Scope For Some Velociraster Fun! Hackaday
[Oli Wright] is back again with another installation of CRT shenanigans. This time, the target is the humble analog oscilloscope, specifically a Farnell DTV12-14 12 MHz dual-channel unit, which features a handy X-Y mode. The result is the Velociraster, a simple (in hardware terms) Raspberry Pi Pico based display driver.
Using a Pico to drive a pair of AD767 12-bit DACs, the outputs of which drive the two scope input channels directly, this breadboard and pile-of-wires hack can produce some seriously impressive results. On the software side of things, the design is a now a familiar show, with core0 running the applications high-level processing, and core1 acting in parallel as the rendering engine, determining static DAC codes to be pushed out to the DACs using the DMA and the PIO.
The first demo is in vector mode, simply showing some simple shapes,...
09:00
Mobb raises $5.4 million and launches community tool Help Net Security
Mobb has raised $5.4M in seed funding led by Angel Investor Ariel Maislos and joined by MizMaa Ventures, Cyber Club London and additional investors from US, EU, and Israel. The company has also automated vulnerability remediation technology. The application security market has been desperate for innovation that doesnt just detect problems, but fixes them. I invested in Mobb so its talented founding team could More
The post Mobb raises $5.4 million and launches community tool appeared first on Help Net Security.
08:26
Germany and Intel Both Want More From Planned Mega-fab SoylentNews
If Intel wants larger subsidies for its Magdeburg mega-fab, German officials think the x86 giant should increase its investments to match.
Citing people familiar with the matter, the Financial Times reported on Thursday that the German government is willing to consider boosting subsidies, but only if Intel is willing to spend more on infrastructure too.
"It's logical that if the scale of the investment is increased, then the level of subsidy would also rise," Sven Schultze, the economy minister for Saxony-Anhalt, told the FT.
The debate over the size of Chipzilla's assets comes after multiple reports that Intel had pressured the German government for larger subsidies to offset rising energy and material costs, and hinted at delaying the project. Intel now expects the facility to cost somewhere in the neighborhood 20 billion ($22.1 billion) to complete.
Rising costs have also impacted the cost of Intel's two Arizona plants, which are now expected to cost 50 percent more than when first announced.
To date, the German government has committed 6.8 billion ($7.5 billion) to the Intel's planned builds about 40 percent of the project's original 17 billion ($19 billion) price tag. However, last month, Bloomberg reported that Intel pushed for an additional 4-5 billion in subsidies.
[...] However, Intel's position could soon improve. The European Commission is expected to sign its own CHIPs funding bill into law any day now. The bill would unlock roughly 43 billion ($48 billion) to attract semiconductor investment in the region.
Read more of this story at SoylentNews.
07:00
Melbet App Download For Android Apk & Ios In India h+ Media
Melbet App Download For Android Apk & Ios In India
Unlike other casinos identified for his or her exciting colour combinations like Royal Panda, Melbet isnt shiny. On your first deposit, MelBet will provide a bonus that is matched up to 50% of your deposit to a limit of roughly 30,000 . Your account may also be credited with 30 Free Spins for Down the Pub after the bonus amount has been redeemed. Melbet is a broadly known gambling service with a huge status in India. Moreover, MelBet has all the necessary licenses for gambling activities, so you dont have to worry about your cash with Melbet. Melbet service has in its arsenal functions for Android and iOS devices.
Among these online casinos, Melbet stands out as an exceptional platform with an impressive collection of games from prime software providers within the industry. The casinos diverse range of games ensures that players will all the time have something new and thrilling to discover, making their gaming expertise much more thrilling. [newline]Whether gamers prefer slots, table video games, or stay dealer video games, Melbet has it all coated, guaranteeing that each player finds their excellent recreation. A sturdy welcome on line casino bonus can create an gratifying setting for enjoying at an internet casino. Melbet is aware of its players needs and welcomes all new members by giving them a 100 percent Welcome deposit bonus of as much as 8,000 rupees. Regardless of whether you prefer to play on line casino video games or sports, that is supplied to all new players. Melbet occasionally supplies a big number of promo codes for followers of the Indian Premier League , notably through the IPL season.
Then you can get free bets, a bonus for one hundred bets, and a lot of other promotions. Melbet must enhance its number of betting options because users dont get many. The casino can be obtainable to all gamers in a particular section. All slots are optimized for taking half in with mobile gadgets. Also, in style reside on line casino leisure is available to you.
With such a broad variety ofcasino banking options, enjoying at MELbet casino is completely convenient. With Melbet, youll have the ability to place your bets and play on line casino games utilizing quite lots of gadgets. The firm presents a casino and sportsbook app that may work for desktops and your iOS and Android units. To take pleasure in mobile services, you should obtain first the casino app particular to the system. Also, if youre having issues accessing the Melbet web site, you can obtain the Melbet Access App. This acts as an elective address when accessing the platform.
The wordsmith of the group, Shruti is busy enjoying her newfound ardour for online casino video games. When shes pleased, she would guess the ranch to plan and create killer on line casino content the ones that urge you to play. If things dont go the means in which she needs them to, she would con...
06:58
Melbet On Line Casino India Review 2023 h+ Media
Melbet On Line Casino India Review 2023
The variety of factors awarded depends on the quantity of your stake and the variety of outcomes included in your guess. Stake a minimum of 100 Rupees or the equivalent in other currencies, and dont worry if you miss a day, your race might end however youll be able to at all times start again! Complete your round and your free bets will be awarded 24 hours later. Each accumulator bet needs to have three or extra occasions with at least 3 occasions having odds of 1.forty or higher. Deposit 8000 and get another 8000 from WBC champion Oleksandr Gvozdyk!
It is feasible to use this cash for betting, casino video games, and even withdrawal. Melbet is a last vacation spot for gamers on the lookout for a huge betting market with better odds. On this platform, punter will get the chance to wager on a large number of sports activities and on line casino video games.
In addition to the downloadable app, in Melbet can play the cellular model. It is automatically activated when the user opens the site from a cellular device. The useful resource adjusts to the players display screen resolution, and gadget OS and opens in a simplified mode. In terms of performance, the common and cellular versions do not differ from each other.
Especially for iPhone and iPad owners, we now have developed an to to bet on any sports from your smartphone if you have an lively Internet connection. Free spins every single day Melbet on-line on line casino will reward you with free spins daily if you play Game of the Day. What sport of the day awaits you today youll find a way to see by going to the page of this promotion. This game is unquestionably price it since free spins dont have betting requirements. Melbet understands that virtually all of consumers in India are playing on their cell gadgets.
The participant is credited with a onerous and fast amount, which he can use for gaming with out preliminary deposits. It is essential to stick to the conditions that decide the minimal bet amount and the odds that you are allowed to bet on. As of the final replace, the positioning helps a minimal of 25 cryptocurrencies for deposits and withdrawals. You can choose from Bitcoin, Dash, Ethereum, and Litecoin to finish your deposits. Other deposit choices to suppose about are on-line payments and cellular wallets like WebMoney and Siru Mobile. This web site also delivers when it comes to live-dealer games.
There are typically no fees to fret about, that means that players can take house 100% of their winnings. Most Indian gamers favor to have interaction in slots and reside on line casino video games via their cell phone. However, downloading the app is not necessary as the browser model is of wonderful high quality.
There are common contests as well, where you compete with other gamers to get larger scores i...
06:55
Melbet Casino India 2023 h+ Media
Melbet Casino India 2023
They cater to sports activities fanatics and casino lovers alike. With sports like soccer, cricket, basketball, tennis, and more obtainable for betting, theres something for everyone. Their casino part is also numerous, offering games like slots, roulette, blackjack, baccarat, and more.
By matching their top-notch online sportsbook with an in depth library of on-line casino games, MelBet has something for everyone when it comes to on-line playing in India. And it manages to do so with a clean UI / UX and excellent customer support and service. MelBet is likely certainly one of the greatest on-line bookmakers and online casinos on the planet.
New users can get a one hundred pc welcome bonus of up to 8,000 BDT on their first deposit. The platform also supplies common promotions, including cashback bonuses and free spins. These bonuses can enhance your possibilities of successful big and make your betting expertise more thrilling.
Some of the slot video games embody 777, Western Slot, Games of Thrones, Reels of Gods, Diamond Slots, and lots of extra. If you need to claim the above bonuses, take part in a bonus supply in your Melbet Account and deposit a minimum of 786 INR. You can even take pleasure in Melbet on line casino no deposit bonus which comes within the form of 20 free spin Birthday Gift. It is a popular bookmaker amongst experienced sports activities bettors.
The bonus will be automatically credited to your account. The bonus amount ought to be rolled 5 instances over in accumulator bets, where every accumulator bet ought to have 3 or more occasions. Also, three occasions within the accumulator ought to have 1.40 odds or extra. If you like playing stay blackjack card recreation or reside baccarat, then you will definitely fall in love with Melbet. And for these video poker buffs, the genre boasts with some great things.
The assist team is well-trained and capable, providing prompt and environment friendly solutions to any problems which will come up. When a deposit is made to the gaming account, it is going to be seen in the cabinet upon affirmation of the transaction on the official fee method web page. The minimal deposit quantity is 75 BDT through Perfect Money, and this quantity varies for each method. The withdrawal course of is quick, taking only 15 minutes. No casino can present worldwide legality because of the legal guidelines of local international locations.
Originated in Britain, cricket has conquered all of the colonies, but in India, it has turn out to be a nationwide treasure and attracts millions of fans. As in Europe, they fiercely bet on football, so the Indians do not miss an opportunity to wager on cricket. This is clearly the first quantity for bettors in the nation. Go to the on line casino section and click on on the sport you want to try out, and begin playing. Melbet is a authorized playing platform licensed from Curacao, which is...
06:53
Melbet Casino India Evaluate Ll 100 Percent Bonus As A Lot As A Hundred Forty Five,000 h+ Media
Melbet Casino India Evaluate Ll 100 Percent Bonus As A Lot As A Hundred Forty Five,000
Many online casinos run easily on mobile gadgets and this gambling site is certainly one of them. You can access all MelBet casino on-line video games and sports betting choices on your cell browser. The website of Melbet is definitely navigable, which cuts down a lot of trouble for the players. It also features a tremendous loyalty program, which is designed to offer a personalised experience to its loyal players. This online on line casino is accepting players from all internationally including India.
You might have heard of Melbet on line casino and thought of utilizing their companies. The two issues that actually put me down was their dangerous buyer support and license. I wish their sportsbook could hold a more reputed license than Curacao. Overall, the on line casino is enjoyable and a fantastic place to take pleasure in at.
Its one of the popular of Evolution Gamings collection and provides gamers with an excellent live casino expertise. You will play with a live supplier sat in a studio and you may see them via a weblink. As properly as playing the game of Roulette youll find a way to work together with them through the chat possibility. Welcome to Melbet, a relative newcomer to the world of on-line casino in India.
We will now focus on a few of the special options that Melbet has on its site. There are numerous completely different options that other online casinos have, and its solely truthful that we do the identical review for Melbet too. Later within the review, we will focus on some of these security measures they have on the location. However, now we will safely say that Melbet is a secure and legit on-line on line casino. Payment strategies are certianly a vital side of a web-based on line casino and its no completely different with Melbet India. You want to have the flexibility to deposit and withdraw your money with a technique that youre snug with.
Melbet is quite an old betting platform that was established in 2012. Melbet login and usage are quite straightforward, which makes it in style. The owning company of this betting app is Pelican Entertainment Ltd and Tutkia Ltd, which have an Eastern European background. By turning into a member of the loyalty program, you can win factors every time you place a bet, regardless of whether or not you play blackjack or spin the reels in slots. The expertise points earned are designed to advance in an eight-level system. The refund proportion is calculated using the whole amount of cash lost by the shopper and will increase with every stage.
They created a hassle-free web site with only the best video games on supply and a unbelievable loyalty program to reward those that play there. The feeling that we get from MELbet is that the on line casino is attempting to put a powerful emphasis on its sports betting characteristic. MELbet spared...
06:52
Melbet Casino Review 2023 Get 20,000 Bonus In India h+ Media
Melbet Casino Review 2023 Get 20,000 Bonus In India
When you create an account, please enter the right data; otherwise, problems with payments might happen. Log in, go to the My Account web page, choose the Personal Profile button, and then choose Join the Club to join for the Melbet Loyalty Program. The subsequent step is to easily observe the directions displayed on the screen.
It currently provides greater than 1,000 matches day by day and for its in-play section, delivers greater than 200 live events daily. Yes, Melbet runs in India with Curacao Gaming Authority permission, which allows it to simultaneously provide sports betting and casino games on its website. Unfortunately, because of Google Plays policy against using any betting apps, Melbet prospects will be unable to download the app immediately from there. But the developers of Melbet have discovered a way out of this situation. They developed the Melbet apk particularly so that users can obtain it and set up it on any of their devices.
The newer the OS model, the extra probably it is that the Melbet app will install without any extra steps. Activation of bonuses further rewards are nonetheless available to the participant. Making a deposit or withdrawing funds making any payment transactions. If you have an iOS working system, then clicking on the banner will redirect you to the official App Store page of the app.
Up thus far gambling advice for Indian gamers who are looking to play smarter. Yes, that is definitely considered one of Melbet Indias sturdy factors. Melbet have an app obtainable for both Android and IOS users across the nation.
Our portal specialists have analyzed all of the Melbet on line casino India options corresponding to ease of registration and profile verification, bonus program, and the selection of slot machines. It is protected to say that the gambling operator is loyal to Indian customers. Melbet Bangladesh places nice emphasis on customer support, providing a reliable and well timed support service that might be accessed at any time through reside chat, e-mail, or cellphone.
Go to the official casino website within the corresponding part for downloading cellular applications. The installation will be carried out automatically, and youll need to follow the standard instructions. I was in a position to decide precisely which gambling leisure brings glorious revenue on a distance. After the set up is complete, a new Melbet icon will seem on the mobile display screen. Everything is ready, now you need to automate if you already have a recreation account, or create a model new one.
This web-based gambling establishment is operated by Pelican Entertainment Ltd and has acquired a license by the Government of Curacao. With hundreds of video games in rotation and cryptocurrency options for transactions, betting in India with MELbet couldnt be simpler for players who love a ext...
06:46
New QBot campaign delivered hijacking business correspondence Security Affairs
Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware.
In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot, QuackBot, and Pinkslipbot). QBot has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials, and other financial information from the victims.
Its modular structure allows operators to implement new features to extend their capabilities.
The Qbot malware operation had numerous collaborations in the past with other ransomware gangs, including ProLock, Egregor, DoppelPaymer, and MegaCortex.
The threat actors behind the campaign observed by Kaspersky used e-mail written in different languages, including English, German, Italian, and French.
The malicious code hijacks a victims email and sends itself out as a reply to an existing email thread.
The messages would be urging the recipients to open an enclosed PDF file. As an example, the attackers can attempt to trick the recipient into opening the file by asking them to provide the documentation pertaining to the attached application or to calculate the contract value based on the attached cost estimate. During the recent campaign, the enclosed PDF file masquerades as a Microsoft Office 365 or Microsoft Azure alert.
06:45
New release: digiKam 8.0.0 LWN.net
The digiKam photo-management tool has announced its 8.0.0 release, after two years of development, bug fixing, and testing. Major new features include a documentation overhaul (with a new web site), support for more file formats, a new optical character recognition (OCR) tool, improved metadata handling, a neural-net-based image quality classifier, better integration with G'MIC-Qt, a Qt6-compatible code base, and lots more. See the announcement for all the details.
06:40
RadeonSI Change Allows For Balancing RDNA3 Video Transcoding Between Multiple Engines Phoronix
A change merged today for the Mesa 23.2 graphics driver stack benefits video transcoding performance for new Radeon RX 7000 series "RDNA3" graphics cards...
06:23
ACE Shuts Down Pirate IPTV Providers as Unusual Potential Threat Looms TorrentFreak
Its not unusual for piracy groups to have dozens of
domains in storage for when things go wrong, but none has a bigger
collection than Hollywood itself.
The MPA still owns isoHunts domain following its legal defeat a decade ago, alongside other spoils of war following battles with Popcorn Time, YTS/YIFY (the real ones), Hotfile and Openload. These examples represent just a handful of domains from a collection that has exploded since the 2017 launch of the Alliance for Creativity and Entertainment.
Over the past few days, another dozen or so domains boosted the existing haul of several hundred domains that no longer play a part in the piracy landscape.
IPTV Targets Shutdown, Domains Stripped
As reported last November, DMCA subpoena applications filed in the United States revealed that ACE had developed an interest in pirate IPTV service MagisTV.
Early December 2022, ACE/MPA quickly took control of two domains Magisglobal.net and Magistvapk.com presumably as part of its ongoing investigation. During the last week or so, several additional domains were taken over, including magistvcostarica.com, magistvglobal.com, magistvparaguay.com, magistvbolivia.com, magistvbrasil.com,, magistvchile.com, magistvcolombia.com and magistv.global.
Late last week, signs pointed to yet another IPTV takedown. A service that had been variously known as Opt TV, Optimum IPTV, Opt Hosting and Opt Hosting IPTV, was suddenly identifiable as another ACE casualty. Offering a reported 1,300 channels, including PPV events, international and 24/7 channels, Opt IPTV had been available across multiple devices for as little as $8 per month.
With key domains opt.tv and opthosting.com now redirecting to the ACE anti-piracy portal, that rodeo is probably over. Whether the same is true for another domain redirecting to ACE is less clear, but...
05:39
NASA/JPL Snake Robot for Subsurface Planetary Exploration SoylentNews
Looking ahead to exploring inside some of the other planets and satellites in the solar system, here is a proposal for a multi-jointed snake robot https://www.bbc.com/news/av/world-us-canada-65245054 with a video animation available from the BBC, https://www.bbc.com/news/av/world-us-canada-65245054
Here's a snip,
The EELS initiative comes in the backdrop of discoveries made by the Cassini probe, which explored Saturn, its rings, and moons for nearly 13 years. The iconic mission ended in September 2017 when the spacecraft crashed into Saturn's atmosphere.
The remarkable discovery of plumes of water vapor ejected into space by Saturn's tiny icy moon Enceladus prompted the development of this EELS snake robot. This raised the possibility of a habitable liquid ocean beneath the moon's frozen crust and piqued the space community's interest in exploring this moon.
Coming soon to theaters, the sequel, "AI Snakes on a Plane" ??
Read more of this story at SoylentNews.
05:19
Proton 8.0-1 Published With More Games Now Running On Steam Play Phoronix
Valve and CodeWeavers have made available Proton 8.0-1 as their for enjoying Windows games on Linux...
03:53
Links 17/04/2023: Top-Level Microsoft Exits and Worse Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Monopolies
- Gemini* and Gopher
-
GNU/Linux
-
Audiocasts/Shows
-
Bryan Lunduke The Lunduke Big Tech Show Apr 16, 2023 Hour 1
Listen now (46 min) | How boring is Ubuntu 23.04? The answer will shock you!
-
Bryan Lunduke...
-
-
03:24
Ukraine Strikes Power Stations Inside Russia cryptogon.com
Via: Daily Mail: Two key electricity supply stations in Russia have been destroyed amid a suspected Ukrainian drone attack behind enemy lines. Stunning footage taken overnight showed how the bombing of the power stations had created a huge inferno which spiraled high into the night sky. The destruction of the sites in Igumenka and Dragunskoe []
03:19
Windows in Asia: All-Time Lows for Microsoft Techrights
Windows on just 1 in 5 Internet-connected computers? In 2009 things were different
Summary: The corporate media, funded by Microsoft et al, wont say this; so somebody should, citing this latest data
02:57
Million-year-old Viruses Help Fight Cancer, Say Scientists SoylentNews
Million-year-old viruses help fight cancer, say scientists:
Relics of ancient viruses - that have spent millions of years hiding inside human DNA - help the body fight cancer, say scientists. The study by the Francis Crick Institute showed the dormant remnants of these old viruses are woken up when cancerous cells spiral out of control. This unintentionally helps the immune system target and attack the tumour.
The team wants to harness the discovery to design vaccines that can boost cancer treatment, or even prevent it.
The researchers had noticed a connection between better survival from lung cancer and a part of the immune system, called B-cells, clustering around tumours. B-cells are the part of our body that manufactures antibodies and are better known for their role in fighting off infections, such as Covid.
Precisely what they were doing in lung cancer was a mystery but a series of intricate experiments using samples from patients and animal tests showed they were still attempting to fight viruses. "It turned out that the antibodies are recognising remnants of what's termed endogenous retroviruses," Prof Julian Downward, an associate research director at the Francis Crick Institute, told me.
Read more of this story at SoylentNews.
02:50
Elon Musk Says US Government Had Access to Private Twitter DMs cryptogon.com
Shocking, if you have amnesia, or never heard of the Utah Data Center in the first place. Via: Summit News: During an upcoming appearance on Tucker Carlsons show, Elon Musk reveals that the US government had full access to peoples private Twitter DMs. Musk told Carlson during a segment which is set to air tonight []
02:32
Israeli Spyware Vendor QuaDream to Shut Down Following Citizen Lab and Microsoft Expose The Hacker News
Israeli spyware vendor QuaDream is allegedly shutting down its operations in the coming days, less than a week after its hacking toolset was exposed by Citizen Lab and Microsoft. The development was reported by the Israeli business newspaper Calcalist, citing unnamed sources, adding the company "hasn't been fully active for a while" and that it "has been in a difficult situation for several
02:06
New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware The Hacker News
A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) is a banking
01:46
[$] Avoiding the merge trap LWN.net
The kernel subsystem maintainers out there probably have a deep understanding of the sinking feeling that results from opening one's inbox and seeing a response from Linus Torvalds to a pull request. When all goes well, pull requests are acted upon silently; a response usually means that all has not gone well. Several maintainers got to experience that feeling during the 6.3 merge window, which seemed to generate more than the usual number of grumpy responses related to merge commits. Avoiding that situation is not hard, though, with a bit of attention paid to how merges are done.
01:44
Utah: Most Snowfall Since State Records Began in 1930s cryptogon.com
A three story cabin is buried up to the roof. One guy says its 30 feet of snow, another says 20 feet. In any event, this is pretty nuts. Via: HeavyDSparks: Related: Utahs Snowpack Highest Amount Ever Documented
01:43
Renewed Work For ACO Compiler Support With The RadeonSI Gallium3D Driver Phoronix
Back in 2019 Valve developers introduced the ACO compiler back-end within Mesa for the Radeon Vulkan "RADV" driver. This alternative to the AMDGPU LLVM shader compiler has been instrumental in helping RADV perform very well for Linux gaming both with Vulkan native titles as well as games going the route of DirectX to Vulkan via DXVK and VKD3D with Proton (Steam Play). On and off there's been talk and work towards bringing ACO to RadeonSI Gallium3D for OpenGL while now there is some new work on this front...
01:34
Hundreds of Teenagers Flood Into Downtown Chicago, Smashing Car Windows, Two People Shot cryptogon.com
Via: Fox32: Hundreds of teenagers flooded into Downtown Chicago on Saturday night, smashing car windows, trying to get into Millennium Park, and prompting a major police response. At least one person in a car was attacked. Shots were fired near the corner of Madison and Michigan, and FOX 32 Chicago decided that it was unsafe []
01:30
Wolfram Alpha With ChatGPT Looks Like a Killer Combo Hackaday
Have ever looked at Wolfram Alpha and the development of Wolfram Language and thought that perhaps Stephen Wolfram was a bit ahead of his time? Well, maybe the times may have finally caught up because Wolfram plus ChatGPT looks like an amazing combo. That link goes to a long blog post from Stephen Wolfram that showcases exactly how and why the two make such a wonderful match, with loads of examples. (If youd prefer a video discussion, one is embedded below the page break.)
OpenAIs ChatGPT is a large language model (LLM) neural network, or more conventionally, an AI system capable of conversing in natural language. Thanks to a recently announced plugin system, ChatGPT can now interact with remote APIs and therefore use external resources.
01:24
Why poetry is a variety of mathematical experience Lifeboat News: The Blog
Machine learning theory is shedding new light on how to think about the mysterious and ineffable nature of art by Peli Grietzer + BIO.
01:23
Singapore approves 16 species of insects including silkworms and grasshopper for human consumption Lifeboat News: The Blog
Future food.
Think about grasshopper fries, a protein bar made of crickets or silkworm cocoons. As unconventional as it may sound, Singapore is trying to make insect food mainstream. The Singapore Food Agency (SFA) has given approval to 16 species of insects, such as crickets, silkworms and grasshoppers for human consumption.
The latest news, reported by the Singapore newspaper The Straits Times notes that the approval of the insects for consumption will be subject to food safety requirements. This will include treatment processes to kill pathogens and proper packaging and storage facilities.
The United Nations Food and Agriculture Organisation (FAO) has been promoting insects for human consumption recently. Insects are known for their high protein content and Singapores latest interest in adding insects to the national food menu is seen as a way for the country to safeguard its national food security. As per The Strait Times newspaper, the SFA had also conducted a scientific review to analyse the benefits of directly eating specific insects or making them into items such as snacks for human consumption. The Singapore government also held a public consultation exercise on the regulation of insects and insect products before the SFA approval.
Besides insects, SFA said it will also permit the cocoons of silkworms for human consumption in Singapore. They are also consumed in China and Malaysia, among other places. Silkworms produce cocoons with silk threads that are composed of two main proteins, known as sericin and fibroin. While silk has traditionally been used to produce textiles, countries like Japan have allowed companies to turn these silk threads into food and edible coatings in recent years. With the new announcement, the Singapore food industry is trying to capitalise on the opportunity to launch snacks and protein bars made of insects. Several home-grown firms also produce cricket powder for use in flour and cookies and are currently selling it to customers in the US and the UK. But the scale of consumer demand and the lack of public awareness is seen as challenges down the road. With a growing population, the world needs more available, affordable and sustainable alternatives for a balanced diet. However, a lot more needs to be done to normalise insect consumption around the world.
01:23
How to Summon Entities: A Glimpse into GPT-4 through the lens of Jungian Psychology & Jungian Archetypes Lifeboat News: The Blog
Introduction.
The GPT-4 language model is a remarkable AI technology that can
generate human-like text.
While it lacks certain human psychological factors, such as individuation and the Jungian Shadow, GPT-4 demonstrates a fascinating awareness of archetypes and their role in shaping human behavior.
This article delves into GPT-4s understanding of Jungian psychology and explores the implications of archetypes as a language-space phenomenon.
01:22
With Security Copilot, Microsoft brings the power of AI to cyberdefense Lifeboat News: The Blog
Trained across security and networking disciplines and armed with trillions of data signals, Security Copilot dramatically increases the reach, speed and effectiveness of any security team
REDMOND, Wash. March 28, 2023 Microsoft Corp. on Tuesday announced it is bringing the next generation of AI to cybersecurity with the launch of Microsoft Security Copilot, giving defenders a much-needed tool to quickly detect and respond to threats and better understand the threat landscape overall. Security Copilot will combine Microsofts vast threat intelligence footprint with industry-leading expertise to augment the work of security professionals through an easy-to-use AI assistant.
Today the odds remain stacked against cybersecurity professionals. Too often, they fight an asymmetric battle against relentless and sophisticated attackers, said Vasu Jakkal, corporate vice president, Microsoft Security. With Security Copilot, we are shifting the balance of power into our favor. Security Copilot is the first and only generative AI security product enabling defenders to move at the speed and scale of AI.
01:22
UK Power Grid Could Have Worlds First Commercial Fusion Reactor Lifeboat News: The Blog
TAE Technologies hopes to have a net energy producing fusion reactor operating on the UK grid by the 2030s.
01:22
Budweiser Tries Patriotic Ad Campaign After Dylan Mulvaney Disaster cryptogon.com
haha Woops. Lets go with Merica again and maybe people will forget about our insane woke fail. Via: Fox: Budweisers new pro-America ad set Twitter ablaze over the weekend as critics derided the company for a misguided attempt at quelling the backlash over Bud Lights endorsement partnership with transgender influencer Dylan Mulvaney. Budweisers latest advertisement, []
01:22
We May Finally Know How Our Eyesight Evolved, And Its Not From Our Branch of Life Lifeboat News: The Blog
The evolution of the human eye has long been considered one of biologys more challenging mysteries, drawing debate over the sequence of steps required to turn rudimentary sensitivity to light into a complex photographic system.
New research suggests some components of vertebrate vision may not have been shaped incrementally as their genes passed down family lines, but were stolen from entirely different branches of life.
At least one innovation that led to the current structure of vertebrate eyes did not occur from stepwise tinkering with genes that exist in other animals, but came from introduction of novel DNA from bacteria by horizontal gene transfer, explains molecular biologist Matt Daugherty from the University of California, San Diego (UCSD) on Twitter.
01:07
Elizabeth Chamberlain: The Future of the Right to Repair and Free Software Techrights
Summary: A day ago this LibrePlanet non-keynote talk from Elizabeth Chamberlain was uploaded by the FSF, about a month after the in-person talk (slides here); From the page: Dr. Elizabeth Chamberlain is Director of Sustainability at iFixit, which is the free repair manual for everything, with over 90,000 guides for fixing everything from tractors to toasters. Liz advocates for the Right to Repair around the world, supporting lawmakers, conducting repair research, and working to make sure environmental standards reflect repair best practices. Her writing on repair has been published in the Wall Street Journal, Wired, and The Atlantic.
Licence: CC BY SA 4.0
01:03
QuaDream, Israeli iPhone hacking spyware firm, to shut down HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
QuaDream, based in Ramat Gan, Israel, with around 40 employees, is known for its spyware used for hacking iPhones.
This is a post from HackRead.com Read the original post: QuaDream, Israeli iPhone hacking spyware firm, to shut down
00:35
[Meme] Stole 100,000 Pounds, Gained 100 Pounds Techrights
They did this to a lot of programmers and GNU/Linux engineers at Sirius (deductions taken, but embezzled)
In Sirius (of the past decade) you neednt demonstrate technical
skills but an immovable will to cooperate in illegal stuff
The technical staff at Sirius worked from 5:30PM, overnight,
until 9AM! She never worked at night. She partied. In daytime she
casually harassed technical staff. I cant code, but I can harass
people who do (reference)
With her in the helm,
the company clocked close to 9,000 pounds in theft (from me
alone, not counting all the colleagues) so she can party at
night and her boss can take the family (4 people) to
super-expensive Disney trips abroad
Summary: The Crime Assistant of the CEO of...
00:34
Security updates for Monday LWN.net
Security updates have been issued by Debian (chromium, rails, and ruby-rack), Fedora (firefox, ghostscript, libldb, samba, and tigervnc), Mageia (ceph, davmail, firefox, golang, jpegoptim, libheif, python-certifi, python-flask-restx, thunderbird, and tomcat), Oracle (firefox), Red Hat (firefox), Scientific Linux (firefox), SUSE (apache2-mod_auth_openidc, aws-nitro-enclaves-cli, container-suseconnect, firefox, golang-github-prometheus-prometheus, harfbuzz, java-1_8_0-ibm, kernel, liblouis, php7, tftpboot-installation images, tomcat, and wayland), and Ubuntu (chromium-browser, imagemagick, kamailio, and libreoffice).
00:27
33% of Open Source Summit North America speakers identify as female or non-binary! Linux.com
read the original post at Read More
The post 33% of Open Source Summit North America speakers identify as female or non-binary! appeared first on Linux.com.
00:15
GCC 13.1 Compiler Likely Releasing Next Week Phoronix
The GNU Compiler Collection 13 codebase has no more P1 bugs, which are regressions of the highest priority, and as such the GCC 13 codebase was branched today with plans of issuing GCC 13.1-rc1 likely in the next day and hopefully releasing GCC 13.1 as the first stable release of the GCC 13 series next week...
00:12
MEPs Raise Concerns Over Draft EU-US Data Transfer Deal SoylentNews
MEPs raise concerns over draft EU-US data transfer deal:
A shiny new data transfers deal between the European Union and the United States aimed at fixing costly legal uncertainty over exports of personal data isn't in place yet but the European Parliament's civil liberties committee is predicting the incoming EU-U.S. Data Privacy Framework (DPF) won't survive a legal challenge just as its two predecessors, Safe Harbor (RIP: October 2015); and Privacy Shield (RIP: July 2020), failed to impress EU judges.
In a resolution passed by the LIBE committee yesterday, with 37 votes in favor, none against and 21 abstentions, the MEPs dubbed the DPF an improvement that nonetheless does not go far enough. They also predicted it's likely to be invalidated by the Court of Justice of the EU (CJEU) in the future.
The development follows a draft opinion by the LIBE, back in February, also giving the proposal a thumbs down and urging the Commission to press for meaningful reforms.
In the resolution, the committee takes the view that the proposed arrangement does not provide sufficient safeguards for EU citizens since the framework still allows for bulk collection of personal data in certain cases; does not make bulk data collection subject to independent prior authorisation; and does not provide for clear rules on data retention.
The MEPs are also worried that a proposed redress mechanism a so-called "Data Protection Review Court" would violate EU citizens' rights to access and rectify data about them, since decisions would be kept secret. They also question its independence since judges could be dismissed by the U.S. president, who could also overrule its decisions.
Read more of this story at SoylentNews.
00:00
PUF Away for Hardware Fingerprinting Hackaday
Despite the rigorous process controls for factories, anyone who has worked on hardware can tell you that parts may look identical but are not the same. Everything from silicon defects to microscopic variations in materials can cause profoundly head-scratching effects. Perhaps one particular unit heats up faster or locks up when executing a specific sequence of instructions and we throw our hands up, saying its just a fact of life. But what if instead of rejecting differences that fall outside a narrow range, we could exploit those tiny differences?
This is where physically unclonable functions (PUF) come in. A PUF is a bit of hardware that returns a value given an input, but each bit of hardware has different results despite being the same design. This often relies on silicon microstructure imperfections. Even physically uncapping the device and inspecting it, it would be incredibly difficult to reproduce the same imperfections exactly. unforgeable.
Because they depend on manufacturing artifacts, there is a certain unpredictability, and deciding just what features to look at is crucial. The PUF needs to be deterministic and produce the same value for a given specific input. This means that temperature, age, power supply fluctuations, and radiation all cause variations and need to be hardened against. Seve...
Monday, 17 April
23:50
FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks The Hacker News
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information stealer that
23:33
China-linked APT41 group spotted using open-source red teaming tool GC2 Security Affairs
China-linked APT41 group used the open-source red teaming tool GC2 in an attack against a Taiwanese media organization.
Google Threat Analysis Group (TAG) team reported that the China-linked APT41 group used the open-source red teaming tool Google Command and Control (GC2) in an attack against an unnamed Taiwanese media organization.
The APT41 group, aka Winnti, Axiom, Barium, Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007.
The attack took place in October 2022, threat actors sent phishing emails that contained links to a password-protected file hosted in Drive. The final payload was the Go-written GC2 tool that gets commands from Google Sheets and exfiltrates data to Google Drive.
In October 2022, Googles Threat Analysis Group (TAG) disrupted a campaign from HOODOO, a Chinese government-backed attacker also known as APT41, that targeted a Taiwanese media organization by sending phishing emails that contained links to a passwordprotected file hosted in Drive. reads the Threat Horizons April 2023 Threat Horizons Report published by Google.The payload was an open source red teaming tool called Google Command and Control (GC2).
Upon installing the malware on the target system, it queries Google Sheets to obtain attacker commands. GC2 also allows operators to download additional files from Drive onto the victim system.
Goog...
23:32
What's the Difference Between CSPM & SSPM? The Hacker News
Cloud Security Posture Management (CSPM) and SaaS Security Posture Management (SSPM) are frequently confused. The similarity of the acronyms notwithstanding, both security solutions focus on securing data in the cloud. In a world where the terms cloud and SaaS are used interchangeably, this confusion is understandable. This confusion, though, is dangerous to organizations that need to secure
23:30
[Meme/Facts] Drowning in Marketing Material and Assurances (From Sirius, Standard Life, Integrity Financial Management Ltd.) While Payslips Say We Pay Into a Pension Every Month Techrights
The payslips of my colleagues said the same; we didnt know it was a sham pension or a total fraud
Summary: Sirius Open Source fraudsters robbed the technical staff for many years; the payslips all indicated a pension was being paid into, but this was never done and pension providers kept evading questions on the matter, which makes them partly complicit
23:24
Starship Flight Test Lifeboat News: The Blog
SpaceX is targeting as soon as Monday, April 17 at 8:00 a.m. CT for the first flight test of a fully integrated Starship and Super Heavy rocket from Starbase
23:23
Watch SpaceX TEST Starship, the biggest rocket ever, LIVE from the edge of the exclusion zone!!! Lifeboat News: The Blog
Recommended:
This is the first fully integrated full stack test flight of Starship and the mighty Super Heavy booster. At lift off, it will become the largest and most most powerful rocket to ever fly producing over twice as much thrust as the Saturn V that took humans to the moon.
The goal of the test is to get as far along in the mission as possible with a handful of important goals such as; clearing the launch pad, reaching max Q, getting to stage separation, ignition of Starship, burn Starships engines for 7 minutes and 20 seconds which would get Starship up to nearly orbital velocities and would place Starship on a suborbital trajectory that will cause it to reenter just north of Hawaii. This would allow the teams to test the reentry profile and heat shields for the first time from orbital velocities.
Want more information? Check out our Prelaunch Preview written by Austin Desisto https://everydayastronaut.com/starship-superheavy-orbital-flight-test/
Want to know where to watch this live? I made a video on how to visit Starbase and where to watch a launch from https://youtu.be/aWvHrih-Juk.
Want to support what I do? Consider becoming a Patreon supporter for access to exclusive livestreams, our discord channel! http://patreon.com/everydayastronaut.
Or become a YouTube member for some bonus perks as well! https://www.youtube.com/channel/UC6uKrU_WqJ1R2HMTY3LIx5Q/join.
The best place for all your space merch needs!
https://everydayastronaut.com/shop/
23:22
Fred Adams Will the Universe Ever End? Lifeboat News: The Blog
What does it mean to ask about the end of the universe? Can the universe even have an end? What would end? In the far, far future, what happens to stars, galaxies, and black holes? What about mass and energy, even space and time? Whats the Big Crunch and the Big Rip? And what if there are multiple universes, will the multiverse ever end?
Free access to Closer to Truths library of 5,000 videos: http://bit.ly/376lkKN
Watch more interviews on the end of the universe: https://bit.ly/3MSHlFF
Support the show with Closer To Truth merchandise: https://bit.ly/3P2ogje.
Fred Adams is a professor of physics at the University of Michigan. His work is in the general area of theoretical astrophysics with a focus on the study of star formation and cosmology.
Register for free at CTT.com for subscriber-only exclusives: https://bit.ly/3He94Ns.
23:01
Enabling Kubernetes self-service the operator way Linux.com
Learn how operators can serve as governance tools in a multitenant setting.
Read More at Enable Sysadmin
The post Enabling Kubernetes self-service the operator way appeared first on Linux.com.
22:48
[Meme] Standard Life: We Dont Know Who All Those GNU/Linux Engineers Are (But You Know, Standard Life; We Were All on Your System) Techrights
Standard Life claims not to know us; so all those brochures sent to us must have come by accident since 12 years ago
Summary: The Standard Life sham pension was a critical component of fraud at Sirius Open Source, robbing an unknown number of workers, GNU/Linux system administrators and programmers. There is a personal code and everything on papers from Standard Life, so we were on their computer system, but now they try to deny this either because they deleted us from the system or the system is built to vanish us from it (after a while). They also give inconsistent information, which is typically indicative/suggestive/implying that theyre hiding something and when inquired about the details they literally hang up the phone (rudely).
22:47
Live Feed: Starship Flight Test [Scrubbed] cryptogon.com
Update: Scrubbed Via: SpaceX:
22:26
The Role of Integrity Financial Management Ltd. in Facilitating Fraud at Sirius Open Source Techrights
This is how they scammed GNU/Linux geeks in 2011 onwards:
Summary: The crimes of Sirius Open Source were facilitated by a network of financiers who vanish the money or give an illusion of authority and accountability; heres another one of them (Integrity Financial Management Ltd.), facilitating the Standard Life sham pension
22:24
Are Smart Home Devices Invading Your Privacy? HackRead | Latest Cybersecurity and Hacking News Site
By Owais Sultan
Smart home devices are becoming more and more popular in recent years, promising convenience and automation to enhance
This is a post from HackRead.com Read the original post: Are Smart Home Devices Invading Your Privacy?
22:20
AMD Ryzen 7 7800X3D: Windows 11 vs. Ubuntu 23.04 Linux Performance Phoronix
With the recent launch of the AMD Ryzen 7 7800X3D, several Phoronix Premium supporters expressed interest in seeing how well the Windows 11 vs. Linux performance compared for this Zen 4 3D V-Cache processor. Given those requests, here are some CPU/system benchmarks looking at the performance of Windows 11 Professional against Ubuntu 23.04 in its near-final state on the 7800X3D desktop.
22:15
SpaceX's First Orbital Test Flight of Starship Imminent [Scrubbed] SoylentNews
https://en.wikipedia.org/wiki/SpaceX_Starship_orbital_test_flight
The Starship Orbital Flight Test is the planned first spaceflight of the SpaceX Starship launch vehicle. The planned launch site is Boca Chica, Texas. SpaceX plans on using Starship prototypes Ship 24 (second stage) and Booster 7 (first stage). The Starship second stage will enter a transatmospheric Earth orbit with a negative Earth perigee, allowing Ship 24 to reenter the atmosphere after completing most of one orbit without having to restart its engines for a deorbit maneuver. The earliest launch opportunity is currently scheduled for April 17, 2023 at 08:00 CDT (13:00 UTC).
SpaceX stream. NASASpaceFlight stream.
Read more of this story at SoylentNews.
22:13
Letter From NOW: Pensions Regarding Misconduct and Theft at Sirius Open Source schestowitz.com
Summary: Having just contacted NOW: Pensions (and several times more this past week), while moreover working on 3 leads at the same time, they finally (belatedly) gave a real assurance
Today well share a bunch of photographic evidence regarding crimes of Sirius Open Source, a firm that claims to be Britains most respected firm in this domain/area (Open Source). Of course its a lie. Not just the part about respected
They kept lying to cover up prior lies, in effect lying to me like half a dozen times already.Half a day ago I sent the following E-mail message to NOW: Pensions. About an hour ago I finally received a letter addressed to my wife and I. After nearly 3 months!!! Months of endless remainders after repeated lies.
Here is the E-mail I sent last night:
A few days ago Standard Life sent a whole bunch of us a formal letter concluding that Sirius had engaged in pension fraud and stole money from us for many years. This is a criminal matter. This is now formalised.
My wife and I are coming to collect our funds from NOW: Pensions this week. Please specify the time that best suits you. We live not far from your office.
Suffice to say, repeated lying by your staff including by managers will be duly noted. We trust neither you nor Sirius.
The sad thing is that pension providers have helped the perpetrators of crimes, covering up for them instead of working to protect the victims, who are the peoples whose money is actually making its way into the accounts of reckless gamblers at the pension firms. Who do you work for? Are you working for employers who commit crimes instead of employees (whose money you are taking)?
Silence on this matter wont help you. Au contraire. Please respond today.
They kept lying to cover up prior lies, in effect lying to me like half a dozen times already. Its circular and when challenged on the lies, more lies follow. Those people are handling (gambling with) peoples money. Trillions of dollars are managed by those sorts of firms.
As victims, we can progress along some lines. Standard Life, which well tackle separately later, tried victim-blaming (we have this on record). Thats akin to saying to a rape victim that it is his/her fault, e.g. why didnt you sense s/hed rape you after the date?
Many technical people suspected something was amiss and when phoning Standard Life we were only obstructed, so in effect Standard Life all...
22:11
NOW: Pensions Finally Sends the Letters It Has Been Promising (in Vain) for Several Months Regarding Fraud at Sirius Open Source Techrights
Summary: Having just contacted NOW: Pensions (and several times more this past week), while moreover working on 3 leads at the same time, they finally (belatedly) gave a real assurance
Today well share a bunch of photographic evidence regarding crimes of Sirius Open Source, a firm that claims to be Britains most respected firm in this domain/area (Open Source). Of course its a lie. Not just the part about respected
They kept lying to cover up prior lies, in effect lying to me like half a dozen times already.Half a day ago I sent the following E-mail message to NOW: Pensions. About an hour ago I finally received a letter addressed to my wife and I. After nearly 3 months!!! Months of endless remainders after repeated lies.
Here is the E-mail I sent last night:
A few days ago Standard Life sent a whole bunch of us a formal letter concluding that Sirius had engaged in pension fraud and stole money from us for many years. This is a criminal matter. This is now formalised.
My wife and I are coming to collect our funds from NOW: Pensions this week. Please specify the time that best suits you. We live not far from your office.
Suffice to say, repeated lying by your staff including by managers will be duly noted. We trust neither you nor Sirius.
The sad thing is that pension providers have helped the perpetrators of crimes, covering up for them instead of working to protect the victims, who are the peoples whose money is actually making its way into the accounts of reckless gamblers at the pension firms. Who do you work for? Are you working for employers who commit crimes instead of employees (whose money you are taking)?
Silence on this matter wont help you. Au contraire. Please respond today.
They kept lying to cover up prior lies, in effect lying to me like half a dozen times already. Its circular and when challenged on the lies, more lies follow. Those people are handling (gambling with) peoples money. Trillions of dollars are managed by those sorts of firms.
As victims, we can progress along some lines. Standard Life, which well tackle separately later, tried victim-blaming (we have this on record). Thats akin to saying to a rape victim that it is his/her fault, e.g. why didnt yo...
21:46
Google Uncovers APT41's Use of Open Source GC2 Tool to Target Media and Job Sites The Hacker News
A Chinese nation-state group targeted an unnamed Taiwanese media organization to deliver an open source red teaming tool known as Google Command and Control (GC2) amid broader abuse of Google's infrastructure for malicious ends. The tech giant's Threat Analysis Group (TAG) attributed the campaign to a threat actor it tracks under the geological and geographical-themed moniker HOODOO, which is
21:36
Tour of the Underground: Master the Art of Dark Web Intelligence Gathering The Hacker News
The Deep, Dark Web The Underground is a haven for cybercriminals, teeming with tools and resources to launch attacks for financial gain, political motives, and other causes. But did you know that the underground also offers a goldmine of threat intelligence and information that can be harnessed to bolster your cyber defense strategies? The challenge lies in continuously monitoring the right
21:18
Vice Society gang is using a custom PowerShell tool for data exfiltration Security Affairs
Vice Society ransomware operators have been spotted using a PowerShell tool to exfiltrate data from compromised networks.
Palo Alto Unit 42 team identified observed the Vice Society ransomware gang exfiltrating data from a victim network using a custom-built Microsoft PowerShell (PS) script.
Threat actors are using the PowerShell tool to evade software and/or human-based security detection mechanisms. PS scripting is often used within a typical Windows environment, using a PowerShell-based tool can allow threat actors to hide in plain sight and get their code executed without raising suspicion.
Early in 2023, the researchers spotted the gang using a script named w1.ps1 to exfiltrate data from a victim network. Unit42 researchers were able to recover the script from the Windows Event Log (WEL).
The script identifies any mounted drives on the target system by using Windows Management Instrumentation (WMI), then iterates through the identified drives to prepare data exfiltration via HTTP POST events using the objects .UploadFile method.
each HTTP POST event will include the files full path. If you are able to obtain the source hosts IP address along with this path, you will then be able to build out a list of exfiltrated files after the fact. reads the analysis published by Palo Alto Networks.
The script uses the CreateJobLocal( $folders ) function to create PowerShell script blocks to be run as jobs via the Start-Job cmdlet. The CreateJobLocal function receives groups of directories, often in groups of five.
The tool uses an inclusion/exclusion process based on keywords to select which directories to pass to the fill() function to exfiltrate.
The tool doesnt target folders containing system files, backups, folders associated with web browsers, and folders used by security solutions from Symantec, ESET, and Sophos.
The script finds all files within each directory that matches the include list, it exfiltrates files that do not have extensions found on the exclude list and that are larger than 10 KB.
The script ignores files that are under 10 KB in size and that do not have a file extension.
Vice Societys PowerShell data exfiltration script is a simple tool for data exfiltration. Multi-processing and queuing are used to ensure...
21:16
CVE-2023-27525: Apache Superset: Incorrect default permissions for Gamma role Open Source Security
Posted by Daniel Gaspar on Apr 17
Description:An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods
in Apache Superset up to and including 2.0.1
Credit:
NTT DATA (finder)
References:
https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-27525
21:15
Nintendo Hacker Gary Bowser Released From Federal Prison TorrentFreak
In the fall of 2020, the U.S. Government
indicted three members of the infamous Team Xecuter group, the
masterminds behind various Nintendo hacks.
The group allegedly made millions of dollars through its operation, which effectively shut down shortly after the criminal proceedings started.
The authorities arrested Canadian Gary Bowser in the Dominican Republic and Frenchman Max Louarn was detained in Tanzania. The latter, a notorious hacker, miraculously managed to avoid extradition to the United States. The same cant be said for Bowser.
40 Months Prison for Salesperson
As the purported salesperson of Team-Xecuter, Bowser wasnt a leading figure in the operation. Most people knew him as GaryOPA, the operator of MaxConsole, a website that regularly reviewed Team-Xecuter hardware and other hacking tools.
Financially, Bowsers role was also rather limited. From all the millions of dollars in revenue that were generated by Team-Xecuter, Bowser was paid only $500 to $1000 a month, his attorney previously said. He didnt deny involvement, however.
Following his arrest, Bowser was deported to the United States where he pleaded guilty. Last February, Bowser was sentenced to 40 months in prison for his role in the criminal enterprise. The sentence is significant but lower than the five-year prison term the Government had requested.
During sentencing, Judge Lasnik said that it was important to send a message but agreed that a reduction was warranted as Bowser played the smallest role of the three defendants.
Early Release
Bowser was later incarcerated at Federal Detention Center SeaTac in Seattle. A few weeks ago his attorney put in a request for an early release, citing the time credits earned by his client to date. That request was denied as moot earlier this month, as the Bureau of Prisons had pushed Bowsers release date forward.
In a recent video interview with Nick Moses, Bowser explains that he was released from federal...
21:14
CVE-2023-25504: Apache Superset: Possible SSRF on import datasets Open Source Security
Posted by Daniel Gaspar on Apr 17
Description:A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import
dataset feature in order to conduct Server-Side Request Forgery
attacks and query internal resources on behalf of the server where Superset
is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.
Credit:
Alexey Sabadash, VK (finder)
References:
https://superset.apache.org...
21:00
A Clock Timebase, No Microcontroller Hackaday
Making an electronic clock is pretty easy here in 2023, with a microcontroller capable of delivering as many quartz-disciplined pulses as youd like available for pennies. But how did engineers generate a timebase back in the old days, and how would you do it today? Its a question [bicyclesonthemoon] is answering, with a driver for a former railway station clock.
The clock has a mechanism that expects pulses every minute, a +24V pulse on even minutes, and a -24V pulse on odd ones. He received a driver module with it, but for his own reasons wanted a controller without a microcontroller. He also wanted the timebase to be derived from the mains frequency. The result is a delve back into 1970s technology, and the type of project thats now a pretty rare sight. Using a mixture of 4000 series logic and a few of the ubiquitous 555s [bicyclesonthemoon] recovers 50Hz pulses from the AC, and divides them down to 1 pulse per minute, before splitting into odd and even minutes to drive a pair of relays which in turn drive the clock. We like it, a lot.
Mains-locked clocks are less common than they used to be, but theyre still a thing. Do you still wake up to one?
20:38
Chinese GPU Vendor Moore Threads Contributing To VA-API, FFmpeg Phoronix
Moore Threads was established in 2020 to create domestic GPU solutions in China with their first products having been announced last year. Most of the talk around Moore Threads "MThreads" GPUs have been for Windows but they are working on Linux support to at least some extent...
20:20
Apple M1/M2 Keyboard Backlight Support Set For The Linux 6.4 Kernel Phoronix
In addition to Linux 6.4 bringing some early work around the Apple M2 device support that isn't yet ready for end-users but begins laying the foundation for supporting the new MacBook Air, MacBook Pro, and Mac Mini, another set of Apple changes have now been submitted ahead of this next kernel cycle...
20:00
Accelerate 800G Ethernet Deployments IEEE Spectrum
Get up to speed on the evolution of data centers.
The Data Center Ethernet Technology and Evolution to 224 Gbps application note explains the latest evolution of high speed ethernet links, technical challenges of 800G ethernet, and test solutions available for up to 224 Gbps interfaces.
19:21
Improve Security by Adopting Aviation's 'Just Culture' SoylentNews
When admitting to an error isn't seen as a failure, improvement easy to achieve:
To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "just" culture, according to director of the Information Systems Audit and Control Association Serge Christiaans.
Speaking at Singapore's Smart Cybersecurity Summit this week, Christiaans explained that until around 1990, the number of fatal commercial jet accidents was growing alongside a steady increase of commercial flights. But around the turn of the decade, the number of flights continued to rise while the number of fatalities began to drop.
[...] While acknowledging that improved technology, more mature processes and improved leadership all helped to improve aviation safety, the former pilot and field CISO at tech consultancy Sopra Steria said the biggest improvements came from a change to a "just culture" that accepts people will make mistakes and by doing so makes it more likely errors will be reported.
In a just culture, errors are viewed as learning opportunities instead of moral failing, creating transparency and enabling constant improvement.
[...] Christiaans said he is yet to come across a company that had implemented open reporting without punishment in cybersecurity.
He attributed this to the industry working from the top down. The people at the top worked hard to get to leadership roles and become resistant to change. Shifting culture therefore needs to start with new recruits.
[...] Furthermore, not all of the aviation industry has been a beacon of transparent culture. For example, whistleblowers have alleged that culture at Boeing emphasized profit over safety, ultimately leading to engineering decisions that caused the crash of two 737 MAX airplanes.
[...] But Christiaan's analysis may be true at least when it comes to pilots and airlines, especially when culture is changed with small steps.
"So you plant the seeds, some airlines adapt, some don't," said Christiaans. "The ones who adapt, succeed."
Read more of this story at SoylentNews.
18:53
Experts warn of an emerging Python-based credential harvester named Legion Security Affairs
Legion is an emerging Python-based credential harvester and hacking tool that allows operators to break into various online services.
Cado Labs researchers recently discovered a new Python-based credential harvester and hacking tool, named Legion, which was sold via Telegram. At this time, the sample analyzed by Cado Labs has a low detection rate of 0 on VirusTotal.
Legion is a modular tool that can be used by crooks to hack into various online services. The researchers reported that the tool has modules to support the following functionalities:
- enumerating vulnerable SMTP servers,
- conducting Remote Code Execution (RCE),
- exploiting vulnerable versions of Apache,
- brute-forcing cPanel and WebHost Manager (WHM) accounts,
- interacting with Shodans API to retrieve a target list (providing you supply an API key) and
- additional utilities, many of which involve abusing AWS services
Legion is similar to a tool detailed in December by Lacework researchers, which was named AndroxGh0st.
The sample analyzed by Cado Labs is a Python3 script of 21015 lines, it includes configurations for integrating with services such as Twilio and Shodan.
The malware can exfiltrate collected data via Telegram chat using the Telegram Bot API.
The developer behind the tool operates a YouTube channel named Forza Tools, which included a series of tutorial videos for using the Legion script. The experts believe that the tool is widely distributed and is likely paid malware.
Leg...
18:01
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration The Hacker News
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in data exfiltration methods like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by
18:00
Interlaken Want to Connect All the Chips Hackaday
One of the problems with designing things on a chip is finding a good way to talk to the outside world. You may not design chips yourself, but you care because you want to connect your circuits including other chips to the chips in question. While I2C and SPI are common solutions, todays circuits are looking for more bandwidth and higher speeds, and thats where Interlaken comes in. [Comcores] has an interesting post on the technology that blends the best of SPI 4.2 and XAUI.
The interface is serial, as you might expect. It can provide both high-bandwidth and low-latency multi-channel communications. Interlaken was developed by Cisco and Cortina Systems in 2006 and has since been adopted by other industry-leading companies. Its latest generation supports speeds as high as 1.2 Tbps.
Interlaken can support up to 65,535 data streams and features error correction. The interface also handles retransmissions, so the users dont have to. Interlaken uses a meta-frame concept. For each lane, a set of words associated with the meta-frame are sent along with the payload of control and data words. These include alignment information, clock compensation, status information, and error-checking data.
Unless you develop chips or build FPGAs, you probably wont worry too much about the internal details, at least not yet. But the time may be near when...
17:49
malloc leak detection available in -current OpenBSD Journal
OpenBSD -current just grew a new tool for developers working on OpenBSD to detect unsafe behaviors in their code. OpenBSD lets you more easily track memory allocations and whether allocations are properly freed after use.
In a message to tech@, Otto Moerbeek
(otto@) announced
the new functionality:
Subject: malloc leak detection available in -current From: Otto Moerbeek <otto () drijf ! net> Date: 2023-04-17 6:43:19 Hi, OpenBSD current now has built-in malloc leak detection. Make sure you run current and have debug symbols (OpenBSD base libraries have debug symbols, compile your own program with -g).
17:32
IRC Proceedings: Sunday, April 16, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-160423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-160423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-160423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-160423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:15
17:00
The Electron Is So Round That Its Ruling Out Potential New Particles Terra Forming Terra
9 Researched Benefits of Intermittent Fasting Terra Forming Terra
This item now shows us how mature all this has become and we are all traing to fast for our general health. All good.
Cases And Cases Of Bud Light Stacking Up In Bars & Stores Across America Terra Forming Terra
Somewhere, someone must actually believe that Woke culture has a voting majority somehow that supports them.
Natural treatment could make you almost invisible to mosquito bites Terra Forming Terra
This is both promising and wonderfully safe. Celluose in pure form is a natural blocker and easily discourages a mosquito and that may well be what we need to be doing.
So yes, being able to spray this on your hands and the back of your neck would be welcome. I swear that the smeely stuff we use actually attracts them, though that cannot be true.
16:59
New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers The Hacker News
A novel credential-stealing malware called Zaraza bot is being offered for sale on Telegram while also using the popular messaging service as a command-and-control (C2). "Zaraza bot targets a large number of web browsers and is being actively distributed on a Russian Telegram hacker channel popular with threat actors," cybersecurity company Uptycs said in a report published last week. "Once the
16:55
Links 16/04/2023: Trisquel GNU/Linux 11.0 Reviewed and World IP (International Propaganda) Day 2023 Approaching Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
9to5Linux ...
-
16:42
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Jakub Wilk on Apr 16
* Steffen Nurpmeso <steffen () sdaoden eu>, 2023-04-16 22:57:I'm pretty sure they do. But isatty(3) is implemented using the TCGETS
ioctl, so that doesn't help.
16:34
NovoNutrients Wants to Turn CO2 Into Protein SoylentNews
But first it'll have to prove its business model:
We've spent the last century and a half pumping carbon dioxide into the atmosphere, and it's clear that we'll have to spend the coming decades removing a significant fraction of that.
But then what do we do with it all? Some people are proposing pumping it underground. Others think we can make things from it, including liquid fuels and concrete. Problem is, those are pretty low-margin opportunities today. One startup thinks the answer is to turn carbon dioxide into protein.
[...] NovoNutrients relies on bacteria to do the dirty work. The company has surveyed the scientific literature to find species that can use carbon dioxide in their metabolic pathways, allowing them to use the waste gas as energy. Its scientists have also discovered strains not otherwise known to science.
"Our technology is about how do you industrialize this naturally occurring metabolism?" CEO David Tze told TechCrunch+.
[...] The company's approach has several advantages over other methods of using carbon dioxide. For one thing, it does not require large amounts of land or water, which are both in short supply in many parts of the world. It also does not require the use of fossil fuels, which are a major contributor to climate change.
NovoNutrients is not the only company working on using carbon dioxide to create protein. Other companies, such as Calysta and Deep Branch Biotechnology, are also developing similar technologies. However, NovoNutrients believes that its approach is unique because it uses bacteria to create protein products that are high in quality and can be sold at a competitive price.
The company's pilot-scale plant will be located in California and is expected to be operational by the end of 2021 [sic]. If successful, NovoNutrients plans to build a larger commercial-scale plant that could produce up to 1,000 metric tons of protein per year.
Read more of this story at SoylentNews.
15:00
Circumvent Facial Recognition with Yarn Hackaday
Knitwear can protect you from a winter chill, but what if it could keep you safe from the prying eyes of Big Brother as well? [Ottilia Westerlund] decided to put her knitting skills to the test for this anti-surveillance sweater.
[Westerlund] explains that yarn is a programable material containing FOR loops and other similar programming concepts transmitted as knitting patterns. In the video (after the break) she also explores the history of knitting in espionage using steganography embedded in socks and other knitwear to pass intelligence in unobtrusive ways. This lead to the restriction of shipping handmade knit goods in WWII by the UK government.
Back in the modern day, [Westerlund] took the Hyperface pattern developed by the Adam Harvey and turned it into a knitting pattern. Designed to circumvent detection by Viola-Jones based facial detection systems, the pattern presents a computer vision system with a number of faces to distract it from covered human faces in an image. While the knitted jumper (sweater for us American...
14:00
Economic uncertainty drives upskilling as a key strategy for organizations Help Net Security
With the economy experiencing instability and decline, organizations rely on their technology experts to maintain their innovative edge and generate business value. Despite being instructed to reduce expenses by 65% of the technology team leaders, 72% still intend to boost their investment in technology proficiency development by 2023, according to Pluralsight. As improving the skills of current employees is less expensive than recruiting new ones, 97% of directors in charge of learning and development and More
The post Economic uncertainty drives upskilling as a key strategy for organizations appeared first on Help Net Security.
14:00
Ubuntu 23.04 Desktop's New Installer Set To Ship Without OpenZFS Install Support Phoronix
It was just four years ago in Ubuntu 19.10 that Ubuntu's desktop installer added OpenZFS support for carrying out root file-system installations atop this ZFS file-system. Since then the Canonical/Ubuntu interest has waned. Ahead of the Ubuntu 23.04 release this week, I tried out the Ubuntu Lunar Lobster daily snapshot this weekend to find the OpenZFS install support with Ubuntu's new desktop installer to still be missing...
13:49
Colorado is the First US State to Pass a Right-to-repair Law for Farmers SoylentNews
John Deere warns about the "unintended consequences" stemming from the new legislation:
The right to repair movement just got its first major win in Colorado as the state will likely become the first to establish a law designed to protect the farmers' right to repair their own equipment. Big manufacturing companies are not happy, but the law is expected to be signed soon.
Starting January 1, 2024, manufacturers of agricultural equipment will have to provide Colorado farmers everything they need to repair machinery by themselves. Denver legislators recently approved the first-ever proposal turning right-to-repair principles into law with a majority vote (44 to 16), after the same law was approved by the Senate last month.
The bill is now on the governor's desk, where Jared Polis is expected to approve the bi-partisan proposal within 10 days. The Consumer Right To Repair Agricultural Equipment requires manufacturers to provide parts, embedded software, firmware, tools, documentation, repair manuals and other resources to independent repair providers and owners of farming machinery, giving them the ability to fix broken stuff without needing to go through official resellers and repair services.
The bill folds agricultural equipment into the existing consumer right-to-repair statutes of Colorado, which states that a manufacturer's failure to comply is a "deceptive trade practice." Manufacturers are not obliged to "divulge any trade secrets" to independent repair services and owners, the statutes say. The bill was later amended to clarify that repair providers and owners are not authorized to make modifications to equipment that permanently deactivate safety measures or modify carbon emissions.
Read more of this story at SoylentNews.
13:30
AI tools like ChatGPT expected to fuel BEC attacks Help Net Security
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get them in front of unsuspecting employees, according to Armorblox. In other trends to watch, vendor compromise and fraud are rising as a new attack vector and graymail is wasting 27 hours of time for security teams each week. Attacks target technology organizations The report is based on data gathered across more than 58,000 customer tenants, More
The post AI tools like ChatGPT expected to fuel BEC attacks appeared first on Help Net Security.
13:00
AI verification systems give businesses an edge over scammers Help Net Security
Fraudsters are underestimating the power of AI to detect fake IDs, according to a new report from Ondato. Based on an analysis of millions of ID verifications carried out for its customers in 2022, Ondato found that ID cards were used in 52% of fraudulent verification attempts far ahead of driving licences (29%) and passports (18%). ID cards used in over half of fraudulent verification attempts According to Ondato, fraudsters most likely underestimate ID More
The post AI verification systems give businesses an edge over scammers appeared first on Help Net Security.
12:00
Using STEP and STL Files in FreeCAD Hackaday
If youve tried FreeCAD, you know that it has a daunting number of workbenches and options. [MangoJelly] has a large number of video tutorials on FreeCAD, and the latest one, below, covers working with STEP and STL with the tool.
If youve ever wondered why designers like to work with STEP files and not STL, this video answers that question immediately. A part brought in from a STEP file is closer to the original CAD object. It doesnt have all the operations that make the part up, but it does have proper faces that you can work with like a normal part. The same part imported from STL, however, is one single mesh.
Of course, in this case, it doesnt matter much because he has the original file, the STEP, and the STL. However, in real life, you may have an STL file and nothing else. The video shows how you can convert such an object into a proper FreeCAD part.
We liked that the example part isnt a boxy design. It is full of curves, holes, and slots. Sometimes working with a very simple part hides issues that you run into when you try to use a technique in real life. In fact, after working with the basic object, he downloads a power supply cover and then punches a new hole in it.
If you want to learn more about FreeCAD, you can spend a lot of time on his channel, which has a dizzying array of tutorials. There are many...
11:58
[Meme] Recruiting to Steal Techrights
When you join a company run by a liar, fraud, and cheat (based on false credentials)
Summary: GNU/Linux engineers got robbed by Sirius Open Source Limited; the criminal who oversaw this fraud is now looking for more people to rob while cops drag their heels
11:54
Kernel prepatch 6.3-rc7 LWN.net
The 6.3-rc7
kernel prepatch is out for testing. "Let's hope we have just one
more calm week, and we'll have had a nice uneventful release cycle.
Knock wood
".
11:46
GNU/Linux Engineers Got Robbed by Sirius Open Source Limited schestowitz.com
Video
download link | md5sum
c4ca62ca5c8ebc2a7974b42f3ff4d884
Why the Pension Story is Relevant to Us
Creative Commons Attribution-No Derivative Works 4.0
Summary: The crimes of Sirius Open Source will be the subject of many future posts and today we explain why this is a subject of relevance to Techrights
THE pension situation where I worked for nearly 12 years impacts a lot of people and it helps reveal rampant corruption in the pension industry. Ive been thinking about this deeply for days, also in light of several news items about France and about the US pension promises being unsustainable. Are people meant to ever retire? Are people living to work? Or they do work to eventually live? (Hours after work or after they leave work altogether)
We have a lot more information in the pipeline, albeit were limited by what we can say at any one time. The reasons are explained in the video above as well.
Why did the accounting people allow pension fraud to carry on for so long? Could they not refrain from collaborating? In fact, who does the accounting anyway? There might be an even more sinister scandal therein and were investigating the matter.
Another question: can one actually withdraw a pension early? The state would say thats possible, but companies lie their way or simply hide when the subject comes up (e.g. bank details specified or time for cheque to be picked up with paperwork signed). The outcome of any hypothetical investigations into this turn out to be ugly. The pensions seem like a black hole. You can put money in, or think you put money in, but you can never take anything out.
Our approach here has been multifaceted; the goals and methods are many. Since we deal with an actual criminal matter, we cannot be ignored by pension providers, police etc. They cannot simply turn a blind eye. Everyone agrees that pension providers are very sensitive about their brand/reputation (more so than banks). There are several reasons for this, but those are beyond the scop...
11:20
Standing Up for Defrauded Members of Staff (GNU/Linux Engineers) in the Age of Pension Scams Techrights
Video
download link | md5sum
c4ca62ca5c8ebc2a7974b42f3ff4d884
Why the Pension Story is Relevant to Us
Creative Commons Attribution-No Derivative Works 4.0
Summary: The crimes of Sirius Open Source will be the subject of many future posts and today we explain why this is a subject of relevance to Techrights
THE pension situation where I worked for nearly 12 years impacts a lot of people and it helps reveal rampant corruption in the pension industry. Ive been thinking about this deeply for days, also in light of several news items about France and about the US pension promises being unsustainable. Are people meant to ever retire? Are people living to work? Or they do work to eventually live? (Hours after work or after they leave work altogether)
Why did the accounting people allow pension fraud to carry on for so long?We have a lot more information in the pipeline, albeit were limited by what we can say at any one time. The reasons are explained in the video above as well.
Why did the accounting people allow pension fraud to carry on for so long? Could they not refrain from collaborating? In fact, who does the accounting anyway? There might be an even more sinister scandal therein and were investigating the matter.
Another question: can one actually withdraw a pension early? The state would say thats possible, but companies lie their way or simply hide when the subject comes up (e.g. bank details specified or time for cheque to be picked up with paperwork signed). The outcome of any hypothetical investigations into this turn out to be ugly. The pensions seem like a black hole. You can put money in, or think you put money in, but you can never take anything out.
Everyone agrees that pension providers are very sensitive about their brand/reputation (more so than banks).Our approach here has been mult...
11:14
10 Best Zippyshare Alternatives Best File Sharing Services HackRead | Latest Cybersecurity and Hacking News Site
By Waqas
Zippyshare is no longer available after the service announced its shutdown on March 30th, 2023.
This is a post from HackRead.com Read the original post: 10 Best Zippyshare Alternatives Best File Sharing Services
11:07
Human Rights Groups Raise Alarm Over UN Cybercrime Treaty SoylentNews
Let's go through all the proposed problematic powers, starting with surveillance and censorship:
Special report United Nations negotiators convened this week in Vienna, Austria, to formulate a draft cybercrime treaty, and civil society groups are worried.
"We are here for the fifth session on the negotiations of this new treaty on cybercrime, which will have the potential to drastically redraft criminal law all around the world," said Thomas Lohnninger, executive director of Austria-based tech policy group Epicenter.works, in a media briefing on Thursday about the treaty negotiations.
"It represents a tectonic shift because of its global nature when it comes to the cross border access to our personal information."
The UN Cybercrime Treaty, to the extent it gets adopted, is expected to define global norms for lawful surveillance and legal processes available to investigate and prosecute cybercriminals. And what has emerged so far contemplates [PDF] more than 30 new cybercrime offenses, with few concessions to free speech or human rights.
[...] Katitza Rodriguez, policy director for global privacy at the Electronic Frontier Foundation, explained that current cross-border cybercrime cooperation comes from the Budapest Convention, negotiated in 2001, by member states at the Council of Europe.
Russia, however, Rodriguez said, has objected to the convention for infringing state sovereignty by allowing other nations to investigate cybercrimes in its jurisdiction. So in 2017, Russia proposed negotiating a new treaty, and in 2019 the UN adopted a resolution to do so, backed by Russia, Cambodia, Belarus, China, Iran, Myanmar, Nicaragua, Syria and Venezuela.
The US and members of the European Union opposed the proposal citing concerns about lack of human rights protections. Nonetheless, Rodriguez said, Russia pushed its proposal forward and the UN opened negotiations just days after Russia invaded Ukraine.
Read more of this story at SoylentNews.
10:14
Microsoft Bing Hides News Regarding Microsoft Stabber Joseph Cantrell Techrights
Reprinted with permission from Ryan
Microsoft has removed all references to Joseph Cantrell from Bing News, which has made its way into DuckDuckGo as well.
Google News still returns results for the drug addled Nazi that Microsoft hired and now tries to hide. No doubt, having him stab another employee was very embarrassing.
This is just one example of how Microsoft can run damage control. As his case winds its way through the court system, people will increasingly wonder what kind of company hires people who self-admit to extensive drug usage and Nazi ideology, and then further admit that nobody on their team of 4, which costs the company over a million bucks, can figure out bugs in Azure, and have to resort to posting questions on Stack Exchange.
The drug diary, which I also previously reported on, also shows that Cantrells behavior created an extremely toxic and harassing workplace. On numerous occasions, Cantrell says that in company meetings, he said Indians shouldnt be allowed to work at Microsoft and that one person in particular should have her green card revoked for being Indian, admitted to soliciting prostitutes and getting STDs from them, and blogged extensively that tech companies who have Indian CEOs dont have good products anymore. I wonder if Bill Gates even uses Windows or if that Indian guy at Google even uses Google.
Almost all of the worst of his admissions in the diary were on his public Web site before the hiring.
But if Microsoft sets up a simple key word ban, nobody following Bing or DuckDuckGo News will read about its dirty laundry.
10:10
DistroWatch Weekly, Issue 1015 DistroWatch.com: News
This week in DistroWatch Weekly: Review: Manjaro Linux 22.0, Trisquel GNU/Linux 11.0News: Arch Linux powering new PINE64 tablets, KDE Connect getting an overhaul, Ubuntu introduces live patching for HWE kernelsQuestions and answers: Gaining filesystem compression with ext4Released last week: OpenBSD 7.3, FreeBSD 13.2, 4MLinux 42.0, TrueNAS 22.12.2 "SCALE"Torrent....
10:04
Booting modern Intel CPUs Matthew Garrett
CPUs can't do anything without being told what to do, which
leaves the obvious problem of how do you tell a CPU to do something
in the first place. On many CPUs this is handled in the form of a
reset
vector - an address the CPU is hardcoded to start reading
instructions from when power is applied. The address the reset
vector points to will typically be some form of ROM or flash that
can be read by the CPU even if no other hardware has been
configured yet. This allows the system vendor to ship code that
will be executed immediately after poweron, configuring the rest of
the hardware and eventually getting the system into a state where
it can run user-supplied code.
The specific nature of the reset vector on x86 systems has varied
over time, but it's effectively always been 16 bytes below the top
of the address space - so, 0xffff0 on the 20-bit 8086, 0xfffff0 on
the 24-bit 80286, and 0xfffffff0 on the 32-bit 80386. Convention on
x86 systems is to have RAM starting at address 0, so the top of
address space could be used to house the reset vector with as low a
probability of conflicting with RAM as possible.
The most notable thing about x86 here, though, is that when it
starts running code from the reset vector, it's still in real mode.
x86 real mode is a holdover from a much earlier era of computing.
Rather than addresses being absolute (ie, if you refer to a 32-bit
address, you store the entire address in a 32-bit or larger
register), they are 16-bit offsets that are added to the value
stored in a "segment register". Different segment registers existed
for code, data, and stack, so a 16-bit address could refer to
different actual addresses depending on how it was being
interpreted - jumping to a 16 bit address would result in that
address being added to the code segment register, while reading
from a 16 bit address would result in that address being added to
the data segment register, and so on. This is all in order to
retain compatibility with older chips, to the extent that even
64-bit x86 starts in real mode with segments and everything (and,
also, still starts executing at 0xfffffff0 rather than
0xfffffffffffffff0 - 64-bit mode doesn't support real mode, so
there's no way to express a 64-bit physical address using the
segment registers, so we still start just below 4GB even though we
have massively more address space available).
Anyway. Everyone knows all this. For modern UEFI systems, the
firmware that's launched from the reset vector then reprograms the
CPU into a sensible mode (ie, one without all this segmentation
bullshit), does things like configure the memory controller so you
can actually access RAM (a process which involves using CPU cache
as RAM, because programming a memory controller is sufficiently
hard that you need to store more state than you can fit in
registers alone, which means you need RAM, but you don't have RAM
until the memory cont...
10:00
HPR3836: Using 'zoxide', an alternative to 'cd' Hacker Public Radio
hr.thin { border: 0; height: 0; border-top: 1px solid rgba(0, 0, 0, 0.1); border-bottom: 1px solid rgba(255, 255, 255, 0.3); } Overview I like the idea that there are tools available to enhance the 'cd' command, remembering places you have been in the file system and taking you there easily. I use 'pushd' and 'popd' for moving in and out of directories from a place I want to do most of my work, but something more powerful than these or cd have always seemed desirable. I was using 'autojump' for a while last year, but didnt really get on with it. This was mainly because there was no way of excluding certain directories which had been visited from its list. Recently I heard of 'zoxide', which I have been trying and really like. zoxide What is it? From the GitHub page: zoxide is a smarter cd command, inspired by z1 and autojump. It remembers which directories you use most frequently, so you can jump to them in just a few keystrokes. zoxide works on all major shells. In its man page its billed as A faster way to navigate your filesystem. Its written in Rust so is very fast. What does it do? It offers the functionality of the Linux/Unix 'cd' command. It collects the directories you have visited into a database and gives them a ranking relating to the number of times they have been visited. It applies aging rules and removes these when the ranking drops below one. It uses frecency to do this - a combination of frequency and recency. (See the Wikipedia page explaining this word) It performs algorithmic matching on the directory you specify and takes you to the highest ranking best match. It can resolve conflicts between matching directories or can allow selection through an interactive interface. It can interface to fzf, a general-purpose command-line fuzzy finder. It knows where it is (in the Bash shell) by calling a function out of the PROMPT_COMMAND variable. This can be used to execute one or more commands before displaying the prompt for a new command. This is a common way to hook monitoring commands into a Bash session. Where can you get it? I installed it from the Debian Testing repo, but I got 'zoxide from the GitHub page seems the best option if you want the latest version. There is an installation script on the GitHub page and its possible to download it with curl and pipe it to Bash. Im never comfortable doing this, but thats your choice. I also installed fzf from the Debian Testing repo, though Im still learning what this can do, since its very rich in features! How do you set it up? This process is shell-specific. I run Bash so I have added it to my ~/.bashrc and the command there is: eval "$(zoxide init bash)" What this does is generate a number of Bash functions and aliases and some commands which are fed into eval and executed in the current context. Function z is created which gives a way of invo
Taxing Collaborative Software Engineering It Will Never Work in Theory
Our field needs more papers like this one: a short, readable introduction to a complex topic (international tax law) for programmers who know nothing about it (like me) but whose work it might directly impact. I'd never heard of the Arm's Length Principle before, but after spending 15 minutes with this paper I have at least a glimmer of an understanding of the issues involved. I'm going to include this paper in the next software engineering class I teach, and would be grateful for pointers to others like it.
Michael Dorner, Maximilian Capraro, Oliver Treidler, Tom-Eric Kunz, Darja mite, Ehsan Zabardast, Daniel Mendez, and Krzysztof Wnuk. Taxing collaborative software engineering. 2023. arXiv:2304.06539.
The engineering of complex software systems is often the result of a highly collaborative effort. However, collaboration within a multinational enterprise has an overlooked legal implication when developers collaborate across national borders: It is taxable. In this short article, we discuss the unsolved problem of taxing collaborative software engineering across borders. We (1) introduce the reader to the basic principle of international taxation, (2) identify three main challenges for taxing collaborative software engineering, and (3) estimate the industrial significance of cross-border collaboration in modern software engineering by measuring cross-border code reviews at a multinational software company.
09:00
Hackaday Links: April 16, 2023 Hackaday
The dystopian future youve been expecting is here now, at least if you live in New York City, which unveiled a trio of technology solutions to the citys crime woes this week. Surprisingly, the least terrifying one is DigiDog, which seems to be more or less an off-the-shelf Spot robot from Boston Dynamics. DigiDogs job is to de-escalate hostage negotiation situations, and unarmed though it may be, we suspect that the mission will fail spectacularly if either the hostage or hostage-taker has seen Black Mirror. Also likely to terrify the public is the totally-not-a-Dalek-looking K5 Autonomous Security Robot, which is apparently already wandering around Times Square using AI and other buzzwords to snitch on people. And finally, theres StarChase, which is based on an AR-15 lower receiver and shoots GPS trackers that stick to cars so they can be tracked remotely. Were not sure about that last one either; besides the fact that it looks like a grenade launcher, the GPS tracker isnt exactly covert. Plus its only attached with adhesive, so it seems easy enough to pop it off the target vehicle and throw it in a sewer, or even attach it to a...
08:54
Linux 6.3-rc7 Released - Hoping For A Calm Week Ahead Phoronix
Linux 6.3-rc7 was just released and if the next week remains calm, it would mean that Linux 6.3 is shipping next weekend...
08:22
The 8086 Processor's Microcode Pipeline From Die Analysis SoylentNews
https://www.righto.com/2023/01/the-8086-processors-microcode-pipeline.html
Intel introduced the 8086 microprocessor in 1978, and its influence still remains through the popular x86 architecture. The 8086 was a fairly complex microprocessor for its time, implementing instructions in microcode with pipelining to improve performance. This blog post explains the microcode operations for a particular instruction, "ADD immediate". As the 8086 documentation will tell you, this instruction takes four clock cycles to execute. But looking internally shows seven clock cycles of activity. How does the 8086 fit seven cycles of computation into four cycles? As I will show, the trick is pipelining.
[...] The alternative is microcode: instead of building the control circuitry from complex logic gates, the control logic is largely replaced with code. To execute a machine instruction, the computer internally executes several simpler micro-instructions, specified by the microcode. In other words, microcode forms another layer between the machine instructions and the hardware. The main advantage of microcode is that it turns the processor's control logic into a programming task instead of a difficult logic design task.
Read more of this story at SoylentNews.
08:18
Five fulcrums for fundamental public sector reform pipka.org
In government we often speak about policy levers, but in the real world, a lever without a fulcrum is just a plank of wood. Levers are needed to lift a load, but without a fulcrum, you cant move it very far. Fulcrums are needed to dramatically increase the impact of a lever without having to increase the effort/resource. Basically, levers without fulcrums are pretty ineffective.
Sometimes even ambitious change agendas can unintentionally adopt a levers-without-fulcrums pattern. For instance, setting up a team to innovate without normalising a culture of innovation across the organisation. Hiring or training extraordinary talent and then not letting them make any decisions or bring ideas to the table. Training staff on public engagement without creating an appetite for public input. Every lever needs a fulcrum.
Once you look for it, you can see this pattern everywhere.
So below are five of my favourite fulcrums to complement the
usual policy levers you have today 
These
are all tried and tested in various governments. These fulcrums
are: teaching public sector craft to all who work in (and with) the
public sector, a responsible implementation mindset, servant
leadership, structuring around outcomes, and finally the critical
fulcrum of raised expectations.
Fulcrum 1: Teaching public service craft to all involved
All public servants used to be trained in public service craft. At some point, about 30 years ago, there was a change that mechanised the public sector (driven by New Public Management) and started bringing people in for a particular skillset (developer, accountant, lawyer, project manager, etc) with limited training on the context in which theyd be applying those skills. These days, generally only policy people are expected to be trained in the ways of government, and even then, many public policy courses teach only the mechanics of public sector without the responsibilities or clear delineation of powers and accountabilities.
We have seen the results of this in shocking testimony throughout the Robodebt Royal Commission, as senior public servants demonstrated a complete misunderstanding (and sometimes abdication) of their responsibility to be trusted stewards acting both lawfully and in the best public interest, instead believing their job to just advise, and then loyally (blindly?) implement the decisions of the government of the day, whatever the cost, conflict, impact or legality. This culture issue is well articulated in the recent submission to the Robodebt Royal Commission...
07:02
Re: CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Steffen Nurpmeso on Apr 16
Ruihan Li wrote in<w7boj4fg4x2o2bjz7a7zkjk4bgxqvqyuxycdqqw2dl3bhanh6a@h4jtbccffxgv>:
...
|be privileged, such as a setuid program. Moreover, if the socket is used as
|stdout or stderr, an ioctl call is made to obtain tty parameters, which \
|can be
|verified through the strace command.
|```
|# strace -e trace=ioctl sudo > /dev/null
|ioctl(3, TIOCGPGRP, [30305]) = 0
|ioctl(2, TIOCGWINSZ, {ws_row=45, ws_col=190,...
06:02
Experts found the first LockBit encryptor that targets macOS systems Security Affairs
Researchers warn that the LockBit ransomware gang has developed encryptors to target macOS devices.
The LockBit group is the first ransomware gang of all time that has created encryptors to target macOS systems, MalwareHunterTeam team warn.
MalwareHunterTeam researchers discovered the LockBit encryptors in a ZIP archive uploaded to VirusTotal.
"locker_Apple_M1_64": 3e4bbd21756ae30c24ff7d6942656be024139f8180b7bddd4e5c62a9dfbd8c79
MalwareHunterTeam (@malwrhunterteam) April 15, 2023
As much as I can tell, this is the first Apple's Mac devices targeting build of LockBit ransomware sample seen
Also is this a first for the "big name" gangs?
@patrickwardle
cc @cyb3rops pic.twitter.com/SMuN3Rmodl
The discovery is disconcerting and demonstrates the effort of the group to expand its operation targeting also Apple systems.
BleepingComputer confirmed that the zip archive contained previously unknown encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC architectures.
The experts pointed out that the archive has been bundled as March 20, 2023, it also includes builds for PowerPC CPUs, which are used in older macOS systems.
One of the encryptors developed by Lockbit, named locker_Apple_M1_64, can encrypt files of Mac systems running on the Apple silicon M1.
05:09
OpenAssistant Released cryptogon.com
That didnt take long. I thought it would take at least several months for them to attain something GPT3.5-like. Nope. Via: Yannic Kilcher:
04:33
DMCA Takedowns Target Torrent Release of Dark and Darker Playtest TorrentFreak
Upcoming first-person shooter game Dark and Darker
is scheduled to launch later this year, but even at this early
stage its causing controversy.
Last month, police in South Korea raided the offices of local game studio Ironmace. According to reports, the developers allegedly stole assets from their former employer, game publisher Nexon, which is allegedly working on a similar project too.
A few days later, Nexon sent a DMCA takedown notice to Valve, asking it to remove the Dark and Darker project from Steam. The detailed takedown notices accused Ironmace of copyright infringement and stealing trade secrets.
This letter is to inform you of Ironmaces misconduct, constituting misappropriation of Nexons trade secrets and copyright infringement and to request that Valve take down all versions of Dark and Darker from Steam, the company wrote (pdf).
Steam swiftly complied, but the enforcement action and follow-up legal pressure didnt stop Dark and Darker development. Ironmace refuted the accusations in detail and continued to work on the game.
This weekend, Ironmace was ready to share the latest Alpha release with its fans. Without Steam access, Ironmace had to choose a different distribution method and after some internal deliberation, opted to go old school with a BitTorrent release.
Unfortunately, due to the complexities of our situation, especially across international lines, it is taking time to resolve the Steam situation. In order for us to keep our promise to our fans weve had to go old school this time, Ironmace wrote.
The developers typically share these types...
03:29
OpenBSD 7.3 has been released.
Who invented vector clocks?, by Lindsey Kuper.
Two algorithms for randomly generating aperiodic tilings, nice exposition by Simon Tatham.
My4TH, a homebuilt CPU-less computer with a 1-bit NOR gate ALU, running FORTH. By Dennis Kuschel.
How to Crash SM64 Using a Pendulum (YouTube), explained by pannenkoek2012.
Build faster with Buck2, Metas open source build system. Written in Rust, rules are now implemented fully in Starlark.
Knit: making a better Make, with some good ideas.
SIMD-ized faster parse of IPv4 addresses, by Wojciech Mua.
The microcode and hardware in the 8086 processor that perform string operations, by Ken Shirriff.
Hell Never Ends On x86: The Hyperspace Story, Continued, Sort Of, by cathoderaydude. Office software running in EFI.
The time Bell Labs brought the Statue of Liberty under its roof (Literally)
PLATO Emoticons, revisited (2012). Uses overprinting.
03:29
A Computer Generated Swatting Service Is Causing Havoc Across America SoylentNews
Torswats uses synthesized voices to pressure law enforcement to specific locations:
"Hello, I just committed a crime and I want to confess," a panicked sounding man said in a call to a police department in February. "I've placed explosives inside a local school,' the man continued.
"You did what?!" the operator responded.
"I've placed explosives inside a local school," the man said again, before specifying Hempstead High School in Dubuque, Iowa, and providing its address. In response to the threat, the school went on lockdown, and police searched the school but found nothing, according to a local media report.
The bombs weren't real. But, crucially, neither was the man's voice. The panicked man's lines sound artificially generated, according to recordings of the swatting calls reviewed by Motherboard. It is unclear how exactly the caller generated the voice, be that some form of artificial intelligence tool or another speech synthesis program. The result, though, is a voice that sounds very consistent across multiple calls.
[...] Known as "Torswats" on the messaging app Telegram, the swatter has been calling in bomb and mass shooting threats against highschools and other locations across the country. Torswat's connection to these wide ranging swatting incidents has not been previously reported. The further automation of swatting techniques threatens to make an already dangerous harassment technique more prevalent.
[...] Torswats carries out these threatening calls as part of a paid service they offer. For $75, Torswats says they will close down a school. For $50, Torswats says customers can buy "extreme swattings," in which authorities will handcuff the victim and search the house. Torswats says they offer discounts to returning customers, and can negotiate prices for "famous people and targets such as Twitch streamers." Torswats says on their Telegram channel that they take payment in cryptocurrency.
Read more of this story at SoylentNews.
03:00
3D-Printable Foaming Nozzle Shows How They Work Hackaday
[Jack]s design for a 3D-printable foaming nozzle works by mixing air with a fluid like liquid soap or hand sanitizer. This mixture gets forced through what looks like layers of fine-mesh sieve and eventually out the end by squeezing the bottle. The nozzle has no moving parts but does have an interesting structure to make this possible.
01:22
How Music Hijacks Our Perception of Time Lifeboat News: The Blog
One evening, some 40 years ago, I got lost in time. I was at a performance of Schuberts String Quintet in C major. During the second movement I had the unnerving feeling that time was literally grinding to a halt. The sensation was powerful, visceral, overwhelming. It was a life-changing moment, or, as it felt at the time, a life-changing eon.
It has been my goal ever since to compose music that usurps the perceived flow of time and commandeers the sense of how time passes. Although Ive learned to manipulate subjective time, I still stand in awe of Schuberts unparalleled power. Nearly two centuries ago, the composer anticipated the neurological underpinnings of time perception that science has underscored in the past few decades.
The human brain, we have learned, adjusts and recalibrates temporal perception. Our ability to encode and decode sequential information, to integrate and segregate simultaneous signals, is fundamental to human survival. It allows us to find our place in, and navigate, our physical world. But music also demonstrates that time perception is inherently subjectiveand an integral part of our lives. For the time element in music is single, wrote Thomas Mann in his novel, The Magic Mountain. Into a section of mortal time music pours itself, thereby inexpressibly enhancing and ennobling what it fills.
01:00
Your Robotic Avatar Is Almost Ready IEEE Spectrum
Robots are not ready for the real world. Its still an achievement for autonomous robots to merely survive in the real world, which is a long way from any kind of useful generalized autonomy. Under some fairly specific constraints, autonomous robots are starting to find a few valuable niches in semistructured environments, like offices and hospitals and warehouses. But when it comes to the unstructured nature of disaster areas or human interaction, or really any situation that requires innovation and creativity, autonomous robots are often at a loss.
For the foreseeable future, this means that humans are still necessary. It doesnt mean that humans must be physically present, howeverjust that a human is in the loop somewhere. And this creates an opportunity.
In 2018, the XPrize Foundation announced a competition (sponsored by the Japanese airline ANA) to create an avatar system that can transport human presence to a remote location in real time, with the goal of developing robotic systems that could be used by humans to interact with the world anywhere with a decent Internet connection. The final event took place last November in Long Beach, Calif., where 17 teams from around the world competed for US $8 million in prize money.
While avatar
systems are all able to move and interact with their environment,
the Avatar XPrize competition showcased a variety of different
hardware and software approaches to creating the most effective
system.XPrize
Foundation
The competition showc...
00:49
Ubiquitous fake crowds Geeking with Greg
The Washington Post writes: "The Russian government has become far more successful at manipulating social media and search engine rankings than previously known, boosting ... [propaganda] with hundreds of thousands of fake online accounts ... detected ... only about 1% of the time."
Fake crowds can fake popularity. It's easy to manipulate trending, rankers, and recommender algorithms. All you have to do is create a thousand sockpuppet accounts and have them like and share all your stuff. Wisdom of the crowds is broken. This can be fixed, but first you have to see the problem clearly. Then you'll see that you can't just use the behavior from every account anymore for wisdom of the crowd algorithms. You have to use only reliable accounts and toss everything spammy or unknown.00:31
NCR was the victim of BlackCat/ALPHV ransomware gang Security Affairs
NCR was the victim of the BlackCat/ALPHV ransomware gang, the attack caused an outage on the companys Aloha PoS platform.
NCR Corporation, previously known as National Cash Register, is an American software, consulting and technology company providing several professional services and electronic products. It manufactures self-service kiosks, point-of-sale terminals, automated teller machines, check processing systems, and barcode scanners.
NCR is suffering an outage on its Aloha point of sale platform since Wednesday after it was hit by a ransomware attack conducted by the BlackCat/ALPHV ransomware group.
NCR Aloha POS is a comprehensive restaurant point-of-sale and management software, the company claims it is used by more cashiers and servers than any other POS in the industry.
The company has started notifying its customers, confirming the ransomware attack:
As a valued customer of NCR Corporation, we are reaching out with additional information about a single data center outage that is impacting a limited number of ancillary Aloha applications for a subset of our hospitality customers. On April 13, we confirmed that the outage was the result of a ransomware incident. reads the notice sent by the company to the customers via email.
NCR notified law enforcement and engaged third-party cybersecurity experts to investigate the incident and determine the scope of the attack.
The company pointed out that restaurants impacted are still able to serve their customers and that the incident only impacted a specific functionality.
Only specific functionality is impaired. There is no impact to payment applications or on-premises systems. continues the notice.
00:00
Timeframe: The Little Desk Calendar That Could Hackaday
Usually, the problem comes before the solution, but for [Stavros], the opposite happened. A 4.7 E-Ink screen with integrated battery management and ESP32 caught his eye, and he bought it and started thinking about what he wanted to do with it. The Timeframe (hackaday.io link as well) is a sleek desk calendar based around the integrated e-ink screen.
[Stavros] found the devices MicroPython support was a little lackluster, and often failed to draw. He found a Platform.io project that used an older but modified library for driving the e-ink display which worked quite well. However, the older library didnt support portrait orientation or other niceties. Rather than try and create something complex in C, he moved the complexity to a server environment he knew more about. With the help of CoPilot, he got some code that would wake up the ESP32 every half hour, download an image from a server, and then display it. A Python script uses a headless browser to visit Google Calendar, resize the window, take a screenshot, and then upload it.
The hardest part of the exercise was getting authentication with Google working reliably. A white sleek 3d printed case wraps the whole affair in an...
00:00
Lithium Battery Ripe for Disruption, Inventor Says IEEE Spectrum
The lithium-ion battery isnt going anywhere soon. Thats what M. Stanley Whittingham, the Nobel laureate who created the first rechargeable lithium-ion battery some 50 years ago, told attendees of the SLAC-Stanford Battery Research Center Launch Symposium on Thursday. The new organization aims to bridge gaps between organizations that research, manufacture, and deploy large-scale energy storage systems.
M. Stanley
Whittingham
Its going to be at least five-to-ten years before any
alternative technologies can compete on cost with lithium-ion
technology, Whittingham predicted.
Given that this technology will stick around for some time to come, Whittingham has concernsbig concernsabout how the world makes and uses these energy storage devices. Here are the big issues he worries about:
Manufacturing
Its ridiculous that manufacturing technologies havent changed in 30 years, Whittingham says. We need to reduce the 60 to 80 kilowatt hours) of electricity it takes to produce a one kWh battery, he says. Weve got to find new manufacturing technologies.
Recycling
Whittingham is also worried about recycling technologies. Hes encouraged that facilities to recycle lithium-ion batteries are being built around the world, but he adds, We need to make sure they are clean.
Mining
The supply chain for the minerals used in battery manufacturing in the first place also need work. We need regional supply chains, Whittingham says. And we need to look at clean mining with clean energy.
Heavy Metals
Given that some components of a lithium-ion batterys traditional chemistry are inherently toxic, they must be engineered out of the device as soon as possible, Whittingham says. He pu...
Sunday, 16 April
23:45
Links 16/04/2023: digiKam 8.0.0 and PGroonga 3.0.0 Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Science
- Hardware
- Health/Nutrition/Agriculture
- Proprietary
- Security
- Defence/Aggression
- Transparency/Investigative Reporting
- Environment
- Finance
- AstroTurf/Lobbying/Politics
- Censorship/Free Speech
- Freedom of Information / Freedom of the Press
- Civil Rights/Policing
- Internet Policy/Net Neutrality
- Digital Restrictions (DRM)
- Monopolies
- Gemini* and Gopher
-
GNU/Linux
-
Linux Links Linux Around The World: USA Hawaii
We cover user groups that are running in the US state of Hawai...
-
23:30
AMD Squeezes In AMDGPU Fixes, FPO/FAMS Display Power Savings For Linux 6.4 Phoronix
While we are basically past the cut-off of new feature material to into DRM-Next that wants to be part of the upcoming Linux 6.4 merge window, this week AMD sent in a fixes-oriented set of AMDGPU/AMDKFD kernel driver updates that does include some minor feature updates...
23:23
Life on Mars: When and How | The Next Stage of Human Evolution and the Possible Demise of the Planet Lifeboat News: The Blog
Do you like our content? Please support PRO Robots on
Patreon.
https://www.patreon.com/PRORobots.
Your contributions will help us to create better content and to
improve our service for you and our PRO Robots community. Every
dollar counts and will help us keep working for you.
Thank you for your support!
For
business inquiries: info.prorobots@gmail.com.
Instagram: https://www.instagram.com/pro_robots.
Do you know why humanity still doesnt have colonies on the Moon or Mars? Because the big companies that mightve invested their money in building the said colonies are not sure when theyll get their investments back and start making a solid profit. Well, at least thats one of the reasons.
But the cheaper space flights will get and further the technologies that can help cost-efficiently settle on other planets will develop, the more countries, billionaires, tech giants, startups and institutions will get into the space race, whose finish line is right on the Red Planet. Why are they reluctant to do this? Are they afraid of future cataclysms? Do they know something we dont? Are they dreaming of claiming the title of pioneers? Or hoping to mine rare metals in the asteroid belt?
Watch this video to find out all about the whens and hows of life on Mars, as well as about its outcomes, including a new round of human evolution and the possible demise of the planet itself! Wheels up!
00:00 In this video.
01:00 Mars will try to kill you.
01:30 Mars is a totally hostile environment for human life.
02:25 With Mars, Earthlings have a better chance.
04:01 What have we already found on the Red Planet?
05:22 Ilon Musk.
06:04 Prolonged flight exposes people to the greatest horror.
07:45 development of new super-powered engines.
08:24 an inflatable heat shield for astronauts to land on the
planet.
09:12 Mars has no planetary magnetic field.
10:27 But the...
23:22
Vitamin B6: Increase NAD Without NR, NMN, or Niacin? Lifeboat News: The Blog
Join us on Patreon! https://www.patreon.com/MichaelLustgartenPhD
Discount Links:
NAD+ Quantification: https://www.jinfiniti.com/intracellular-nad-test/
Use Code: ConquerAging At Checkout.
Green Tea: https://www.ochaandco.com/?ref=conqueraging.
Oral Microbiome: https://www.bristlehealth.com/?ref=michaellustgarten.
Epigenetic Testing: Trudiagnostic.pxf.io/R55XDv.
Use Code: CONQUERAGING
At-Home Blood Testing: https://getquantify.io/mlustgarten.
23:00
Linux Fix On The Way For A Scheduler Imbalance Overflow Issue Phoronix
Sent in this morning for Linux 6.3 is a Linux CPU scheduler fix to deal with an imbalancing issue that's been present in the mainline kernel since a scheduler rework that landed back in late 2019...
23:00
The Tremendous VR and CG Systemsof the 1960s IEEE Spectrum
Ivan Sutherland has blazed a truly unique trail through computing over the past six decades. One of the most influential figures in the story of computing, he helped to open new pathways for others to explore and dramatically extend: interactive computer graphics, virtual reality, 3D computer graphics, and asynchronous systems, to name but a few.
The Computer History Museum recently made public its two-part oral history with Sutherland. These interviews present a wonderful opportunity to learn more about Sutherlands life in computing, in his own words. The interview transcripts can be downloaded here and here. And the two-part video of the interview is available here and here.
Bob Sproull, a lifelong colleague of Sutherland and himself a major figure in computing, served as instigator, interviewer, and editor for these oral histories, and he involved me, Marc Weber, and Jim Waldo in the effort. The Museum is making this oral history interview public during the 60th anniversary year of Sutherlands breakthrough in interactive computer graphics, the program Sketchpad, for which he earned his Ph.D. from MIT in 1963.
Ivan Sutherlands Unique Perspective
There is a phrase, popular in 17th and 18th century England, that occurs to me when thinking about Ivan Sutherland: A man of many parts. The phrase refers to an individual who had made serious contributions to a domain, while also possessing multiple, and often diverse, talents and pursuits. The description fits Sutherland well, although it also misses something important: There is a commonality in his many accomplishments, a shared wellspring for his many parts.
To get at this wellspring, start with geometry. From his youth, Sutherland possessed an unusually keen spatial, geometric intuition. In his mind and at his hands, he experienced an immediacy in perceiving how things fit and worked together. Perspective drawing involves a set of techniques to represent a three-dimensional scene on the two-dimensional plane of a sheet of paper or a stretch of canvas. These renderings can proceed in different ways, determined by the number of vanishing points employed. Together the vanishing points defi...
22:58
Security Affairs newsletter Round 415 by Pierluigi Paganini International edition Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box.
22:44
Upgraded View of 'Fuzzy' Supermassive Black Hole is a Shade More Menacing SoylentNews
Using machine learning, a team of researchers has enhanced the first image ever taken of a distant black hole. Importantly, the newly updated image shows the full resolution of the telescope array for the very first time.
[...] The machine learning model has sharpened the otherwise blurry image of black hole M87, showcasing the utility of machine learning models in improving radio telescope images. The team's research was published today in the Astrophysical Journal Letters.
"Approximately four years after the first horizon-scale image of a black hole was unveiled by EHT in 2019, we have marked another milestone, producing an image that utilizes the full resolution of the array for the first time," said Dimitrios Psaltis, a researcher at Georgia Tech and a member of the EHT collaboration, in an Institute for Advanced Study release. "The new machine learning techniques that we have developed provide a golden opportunity for our collective work to understand black hole physics."
[...] But even using radio telescopes around the world doesn't give astronomers a complete view of the black hole; by incorporating a machine learning technique called PRIMO, the collaboration was able to improve the array's resolution. What appeared a bulbous, orange doughnut in a 2019 image has now taken on the delicate, thin circle of The One Ring.
Read more of this story at SoylentNews.
22:24
Microsoft Continues Building Out Its Linux Distribution With More Packages Phoronix
Microsoft has published its latest CBL-Mariner 2.0.20230407 Linux distribution images this weekend as their in-house open-source OS that is used for a variety of purposes, mostly around Azure infrastructure...
21:45
Remcos RAT campaign targets US accounting and tax return preparation firms Security Affairs
Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day.
Ahead of the U.S. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported.
Remcos is a legitimate remote monitoring and surveillance software developed by the company BreakingSecurity.
In 2021, CISA added Remcos to the list of top malware strains due to its use in mass phishing attacks using COVID-19 pandemic themes targeting businesses and individuals.
The recent campaign exclusively aims at organizations that deal with tax preparation, financial services, CPA and accounting firms, and professional service firms dealing in bookkeeping and tax.
Crooks use lures masquerading as tax documentation sent by a client. The message contains a link that points to a legitimate file hosting site where the cybercriminals have uploaded Windows shortcut (.LNK) files.
Upon clicking on the file, a malicious file is fetched from a domain under the control of the attacker which leads to the installation of the Remcos RAT.
What we have observed is that the link in the phishing email points to Amazon Web Services click tracking service at awstrack[.]me. The initial link then redirects the target to a ZIP file hosted on legitimate file-sharing service spaces[.]hightail[.]com. The ZIP file contains LNK files that act as Windows shortcuts to other files. reads the report published by Microsoft. The LNK files make web requests to actor-controlled domains...
21:26
CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution Open Source Security
Posted by Ruihan Li on Apr 16
Hi,An insufficient permission check has been found in the Bluetooth subsystem of
the Linux kernel when handling ioctl system calls of HCI sockets. This causes
tasks without the proper CAP_NET_ADMIN capability can easily mark HCI sockets
as _trusted_. Trusted sockets are intended to enable the sending and receiving
of management commands and events, such as pairing or connecting with a new
device. As a result, unprivileged users can acquire a...
21:23
CVE-2023-24831: Apache IoTDB grafana-connector Login Bypass Vulnerability Open Source Security
Posted by Jialin Qiao on Apr 16
Severity: lowDescription:
Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB
Grafana Connector: from 0.13.0 through 0.13.3.
Attackers could login without authorization. This is fixed in 0.13.4.
References:
https://iotdb.apache.org/
https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-24831
21:22
The factory making bionic arms for Ukrainian soldiers BBC News Lifeboat News: The Blog
Thousands of people in Ukraine have lost their limbs in the war against Russia, according to World Health Organisation estimates.
The Ukrainian charity Superhumans and the UK-based company Open Bionics have partnered to create bionic arms for the wounded.
The BBC visited the factory in Bristol, England, responsible for creating the prosthetics.
Please subscribe here: http://bit.ly/1rbfUog.
#Ukraine #BionicArm #Bristol
21:21
CVE-2023-30771: Apache IoTDB Workbench: apache/iotdb-web-workbench: forge the JWTToken to access workbench Open Source Security
Posted by Jialin Qiao on Apr 16
Severity: lowDescription:
Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the
iotdb-web-workbench component on 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console
of the database.
onwards.
References:
https://iotdb.apache.org
https://www.cve.org/CVERecord?id=CVE-2023-30771
21:00
Detecting Anti-Neutrinos from Distant Fission Reactors Using Pure Water at SNO+ Hackaday
Although neutrinos are exceedingly common, their near-massless configuration means that their presence is rather ephemeral. Despite billions of them radiating every second towards Earth from sources like our Sun, most of them zip through our bodies and this very planet without ever interacting with either. This property is also what makes studying these particles that are so fundamental to our understanding so complicated. Fortunately recently published results by researchers behind the SNO+ neutrino detector project shows that we may see a significant bump in our neutrino detection sensitivity.
20:46
FSF Slams Google Over Dropping JPEG-XL In Chrome Phoronix
Last October Google engineers decided they would deprecate JPEG-XL support in Chrome over some debated rationale for the move. Even amid the community uproar they went ahead to drop the JPEG-XL support. The Free Software Foundation has finally commented on the matter...
20:33
digiKam 8.0 Released With Expanded File Format Support, New OCR Tool Phoronix
The digiKam 8.0 open-source professional photo management software has been released. The digiKam 8.0 release brings a host of new features and improvements, including ongoing work of porting over to the Qt6 toolkit...
19:23
This Just Changed My Mind About AGI Lifeboat News: The Blog
There have been 4 research papers and technological advancements over the last 4 weeks that in combination drastically changed my outlook on the AGI timeline.
GPT-4 can teach itself to become better through self reflection, learn tools with minimal demonstrations, it can act as a central brain and outsource tasks to other models (HuggingGPT) and it can behave as an autonomous agent that can pursue a multi-step goal without human intervention (Auto-GPT). It is not an overstatement that there are already Sparks of AGI.
Join my channel membership to support my work:
https://www.youtube.com/channel/UCycGV6fAhD_-7GPmCkkESdw/join.
Or send me a tip over lightning: 
till@getalby.com.
My profile: https://bitcoiner.bio/tillmusshoff.
Twitter: https://twitter.com/bPGTill.
My Discord server: https://discord.gg/e5KXwadq4s.
Instagram: https://www.instagram.com/tillmusshoff/
18:00
Week in review: Microsoft patches zero-day, Apple security updates, HashiCorp Vault vulnerability Help Net Security
Heres an overview of some of last weeks most interesting news, articles, interviews and videos: Making risk-based decisions in a rapidly changing cyber climate In this Help Net Security interview, Nicole reveals the three key indicators she uses to assess an industrial organizations cybersecurity readiness and provides valuable insights for businesses and governments on fortifying their critical infrastructure against cyber threats. Data-backed insights for future-proof cybersecurity strategies In this Help Net Security interview, Travis Smith, More
The post Week in review: Microsoft patches zero-day, Apple security updates, HashiCorp Vault vulnerability appeared first on Help Net Security.
18:00
[CuriousMarc] Repairs a Floppy Hackaday
[CuriousMarc] has a pile of 8-inch drives, all marked bad. You cant just pop over to the computer store and buy a new one these days, so it was off to the repair bench. Although the target drive would do a quick seek, once it was in use, it just kind of shut down. So [Marc] started sending low-level commands to the device to see if he could isolate the fault. You can watch the whole adventure in the video below.
Using a breakout board, he was able to monitor and exercise all the pins going into the floppy. A quick study of the schematics, and connection to the scope were all [Marc] needed to build some theories of what was happening.
One of the theories was that the head amplifier was disabled, but it turned out to be fine. After several other dead ends, he finally found a broken spring and came up with a creative repair for it. But there was still no clear reason why the drive wouldnt work. By process of elimination, he started to suspect an array of diodes used for switching, but again, it was another dead end.
Luckily, he had one working drive, so he could compare things between them. He found a strange voltage difference. Turns out the old advice of checking power first might have paid off here. One of the voltage regulator ICs was dead. In all fairness, there are two 12V power supplies and he had checked one of them but had missed the second supply. This supply is only used for head bias which switches the diodes he h...
17:57
Writers and Publishers Face an Existential Threat From AI: Time to Embrace the True Fans Model SoylentNews
Writers and publishers face an existential threat from AI: time to embrace the true fans model:
Walled Culture has written several times about the major impact that generative AI will have on the copyright landscape. More specifically, these systems, which can create quickly and cheaply written material on any topic and in any style, are likely to threaten the publishing industry in profound ways. Exactly how is spelled out in this great post by Suw Charman-Anderson on her Word Count blog. The key point is that large language models (LLMs) are able to generate huge quantities of material. The fact that much of it is poorly written makes things worse, because it becomes harder to find the good stuff[.]
[...] One obvious approach is to try to use AI against AI. That is, to employ automated vetting systems to weed out the obvious rubbish. That will lead to an expensive arms race between competing AI software, with unsatisfactory results for publishers and creators. If anything, it will only cause LLMs to become better and to produce material even faster in an attempt to fool or simply overwhelm the vetting AIs.
The real solution is to move to an entirely different business model, which is based on the unique connection between human creators and their fans. The true fans approach has been discussed here many times in other contexts, and once more reveals itself as resilient in the face of change brought about by rapidly-advancing digital technologies.
Read more of this story at SoylentNews.
17:37
IRC Proceedings: Saturday, April 15, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-150423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-150423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-150423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-150423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:24
How I Hacked The US Government Aged 16 | Minutes With | @LADbible Lifeboat News: The Blog
In this weeks episode of Minutes With we sat down with Mustafa Al-Bassam, a former member of Anonymous and one of the founders of LulzSec.
Mustafa tells us how he got in to hacking and how he ended up getting involved in attacks on The Sun, The Westboro Baptist Church and even the US Government.
Subscribe To Our Channel: http://bit.ly/SubscribeLADbible.
Facebook: https://www.facebook.com/ladbible/
Instagram: https://www.instagram.com/ladbible/
Twitter: https://twitter.com/ladbible.
#LADbible #UNILAD
To license this video please email: licensing@ladbiblegroup.com
17:23
US DARPA RACER Off-Road Autonomous Vehicles Teams Navigate Third Test Lifeboat News: The Blog
U.S. DARPAs Robotic Autonomy in Complex Environments with Resiliency (RACER) program recently conducted its third experiment to assess the performance of off-road unmanned vehicles. These test runs, conducted March 1227, included the first with completely uninhabited RACER Fleet Vehicles (RFVs), with a safety operator overseeing in a supporting chase vehicle. The goal of the RACER program is to demonstrate autonomous movement of combat-scale vehicles in complex, mission-relevant off-road environments that are significantly more unpredictable than on-road conditions. The multiple courses were in the challenging and unforgiving terrain of the Mojave Desert at the U.S. Armys National Training Center (NTC) in Ft. Irwin, California. As at the previous events, teams from Carnegie Mellon University, NASAs Jet Propulsion Laboratory, and the University of Washington participated. This completed the projects first phase.
We provided the performers RACER fleet vehicles with common performance, sensing, and compute. This enables us to evaluate the performance of the performer team autonomy software in similar environments and compare it to human performance, said Young. During this latest experiment, we continued to push vehicle limits in perceiving the environments to greater distances, enabling further increase in speeds and better adaptation to newly encountered environmental conditions that will continue into RACERs next phase.
At Experiment Three, we successfully demonstrated significant improvements in our off-road speeds while simultaneously reducing any interaction with the vehicle during test runs. We were also honored to have representatives from the Army and Marine Corps at the experiment to facilitate transition of technologies developed in RACER to future service unmanned initiatives and concepts, said Stuart Young, RACER program manager in DARPAs Tactical Technology Office.
17:23
Mixed Reality Tracking System For Future Pilot Training Lifeboat News: The Blog
Vrgineers and Advanced Realtime Tracking demonstrate the combination of XTAL 3 headset and SMARTTRACK3/M in a mixed reality pilot trainer. The partnership between these two technological companies started in 2018. At IT2EC 2023 in Rotterdam, the integrated SMARTTRACK3/M into an F-35-like Classroom Trainer manufactured and delivered to USAF and RAF will be for display. This unique combination of the latest ART infrared all-in-one hardware and Vrgineers algorithms for cockpit motion compensation creates an unseen immersion for every mixed reality training. One of the challenges in next-generation pilot training using virtual technology and motion platforms is the alignment of the pilots position in the cockpit. By overcoming this issue, the simulator industry is moving forward to eliminate the disadvantages of simulated training.
We are continuously working on removing the technological challenges of modern simulators, one of which is caused by front-facing camera position distance from users eyes. We are developing advanced algorithms for motion compensation to minimize the shift between virtual and physical scene, making experience realistic. The durability and compact size of SMARTTRACK3/M, which was optimized for using in cockpits, allows us as training device integrator to make it a comprehensive part of a simulation, says Marek Polcak, CEO of Vrgineers.
This is the application SMARTTRACK3/M was designed for., We have taken the proven hardware from the SMARTTRACK3 and adapted it to the limited space available. As a result, we have the precision and the reliability of a seasoned system in a form factor fitting to simulator cockpits says Andreas Werner, business development manager for simulations at ART.
17:22
15:22
Precise Spatial Proteomic Information in Tissues Lifeboat News: The Blog
Despite the availability of imaging-based and mass-spectrometry-based methods for spatial proteomics, a key challenge remains connecting images with single-cell-resolution protein abundance measurements. Deep Visual Proteomics (DVP), a recently introduced method, combines artificial-intelligence-driven image analysis of cellular phenotypes with automated single-cell or single-nucleus laser microdissection and ultra-high-sensitivity mass spectrometry. DVP links protein abundance to complex cellular or subcellular phenotypes while preserving spatial context.
15:00
Real Radar Scope CRT Shows Flights Using ADS-B Hackaday
Real-time flight data used to be something that was only available to air traffic controllers, hunched over radar scopes in darkened rooms watching the comings and goings of flights as glowing phosphor traces on their screens. But that was then; now, flight tracking is as simple as pulling up a web page. But wheres the fun in that?
To bring some of that old-school feel to his flight tracking, [Jarrett Cigainero] has been working on this ADS-B scope that uses a real radar CRT. As you can imagine, this project is pretty complex, starting with driving the 5FP7 CRT, a 5 round-face tube with a long-persistence P7-type phosphor. The tube needs about 7 kV for the anode, which is delivered via a homebrew power supply complete with a custom flyback transformer. Theres also a lot going on with the X-Y deflection amps and beam intensity control.
The software side has a lot going on as well. ADS-B data comes from an SDR dongle using dump1090 running on a Raspberry Pi 3B...
15:00
Links 16/04/2023: Many Videos and Some New Distro Releases Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
-
GNU/Linux
-
Audiocasts/Shows
-
2023-04-15 Top 5 Best Hyprland Linux Features
-
2023-04-14 Kubuntu 23.04 overview | making your PC friendly
-
2023-04-14 Microsofts about to muscle their way into the handheld PC space | Steam Deck News 78
-
2023-04-14 A HUGE Percentage Of The Arch Repos Was Packaged By One Man!
-
2023-04-14 Ranking Linux Distributions for 2023: not your average tier list!
-
2023-04-14 How to inst...
-
-
14:42
IMF Unveils New Global Currency Known As The Universal Monetary Unit cryptogon.com
Via: The Economic Collapse Blog: The Universal Monetary Unit, also known as Unicoin, is an international central bank digital currency that has been designed to work in conjunction with all existing national currencies. This should set off alarm bells for all of us, because the widespread adoption of a new global currency would be a []
13:13
New Model for How Earth's Oceans Formed SoylentNews
You don't need alien asteroids, you just need a hydrogen-rich atmosphere and liquid hot magma:
A new research model shows that Earth's oceans could have formed from interactions between a hydrogen-rich early atmosphere and oxygen within the planet's magma.
The study from the multi-institution AETHER project also demonstrates why Earth's core is lighter than it should be, owing to the presence of gaseous hydrogen.
Edward Young, professor at the University of California Los Angeles, and colleagues propose that one of the protoplanets involved in the formation of Earth was heavier than thought. By maximizing its size to more than a fifth or third of Earth, the researchers show there would have been enough gravity to make the hydrogen-rich atmosphere hang around long enough to interact with the magma ocean, according to a paper published in Nature this week.
Prevailing theories explaining the abundance of water on Earth oceans make up around 70 percent of the planet's surface depend on the impacts of water-carrying asteroids.
[...] In a statement coinciding with the publication, co-author Anat Shahar, staff scientist and deputy for Research Advancement Earth and Planets Laboratory at Carnegie Science, said the inspiration for the new model came from studies of planets forming outside the solar system.
Read more of this story at SoylentNews.
12:00
Relive the Glory Days of Sun Workstations Hackaday
When the IBM PC first came out, it was little more than a toy. The serious people had Sun or Apollo workstations. These ran Unix, and had nice (for the day) displays and network connections. They were also expensive, especially considering what you got. But now, QEMU can let you relive the glory days of the old Sun workstations by booting SunOS 4 (AKA Solaris 1.1.2) on your PC today. [John Millikin] shows you how in step-by-step detail.
Theres little doubt your PC has enough power to pull it off. The SUN-3 introduced in 1985 might have 8MB or 16MB of RAM and a 16.67 MHz CPU. In 1985, an 3/75 (which, admittedly, had a Motorola CPU and not a SPARC CPU) with 4MB of RAM and a monochrome monitor cost almost $16,000, and that didnt include software or the network adapter. Youd need that network adapter to boot off the network, too, unless you sprung another $6,000 for a 71 MB disk. The SPARCstation 1 showed up around 1989 and ran from $9,000 to $20,000, depending on what you needed.
[John] points out that, unlike a modern PC, SunOS ran on very tightly-controlled hardware, so it is pretty fussy about some things being just right. Apparently, QEMU could not boot the OS without some workarounds until recently, but the setup [John] outlines seems straightforward.
In its heyday, the machine would get network configuration from a RARP and NIS server, but those have long given way to more modern standards like DHCP. Not...
11:38
Links 15/04/2023: IBM Buys Ahana, pgAdmin 4 v7.0 Released Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Kernel Space
-
Hot Hardware ...
-
-
11:30
Snowflake Manufacturing Data Cloud improves supply chain performance Help Net Security
Snowflake has launched the Manufacturing Data Cloud, which enables companies in automotive, technology, energy, and industrial sectors to unlock the value of their critical siloed industrial data by leveraging Snowflakes data platform, Snowflake- and partner-delivered solutions, and industry-specific datasets. The Manufacturing Data Cloud empowers manufacturers to collaborate with partners, suppliers, and customers in a secure and scalable way, driving greater agility and visibility across the entire value chain. With Snowflakes Manufacturing Data Cloud, organizations can More
The post Snowflake Manufacturing Data Cloud improves supply chain performance appeared first on Help Net Security.
09:30
Tentacle partners with Oread Risk & Advisory to simplify SOC 2 compliance for organizations Help Net Security
Tentacle announced a SOC 2 partnership with Oread Risk & Advisory to help organizations achieve SOC 2 reporting goals and establish long-term security infrastructure. With Tentacles release of the indexed SOC 2 security framework earlier this year, organizations have access to critical tools to eliminate guesswork by leveraging auditor-vetted SOC 2 controls and to assess readiness at their own pace. The partnership with Oread further enhances the capabilities related to SOC 2 preparedness, assessment, and More
The post Tentacle partners with Oread Risk & Advisory to simplify SOC 2 compliance for organizations appeared first on Help Net Security.
09:15
Khoros and Cerby join forces to secure social media platforms Help Net Security
Khoros and Cerby new partnership allows brands to launch, manage, and analyze their social media profiles quickly and securely from the Khoros platform. Cerby brings security features such as single sign-on (SSO) directly into social accounts and ad accounts for Khoros and Cerby customers alike. Belsasar Lepe, CEO of Cerby, said, Cerby protects direct access to social media and ad accounts for Khoros customers. Were honored that Khoros, who powers over 550 million digital engagements More
The post Khoros and Cerby join forces to secure social media platforms appeared first on Help Net Security.
09:00
CYFIRMA raises an undisclosed amount in Pre-Series B funding for product innovation Help Net Security
CYFIRMA has raised a Pre-Series B round funding from venture fund OurCrowd and Larsen & Toubros L&T Innovation Fund. With this, these firms join CYFIRMAs existing investors Goldman Sachs, Zodius Capital, and Z3 Partners. With the closing of this round, CYFIRMA has raised nearly USD18M to date. The funds raised will be used for product innovation and entering new global markets in North America, Europe and MENA region in addition to growing the existing markets More
The post CYFIRMA raises an undisclosed amount in Pre-Series B funding for product innovation appeared first on Help Net Security.
09:00
3D Printed Tool Lets You Measure Component Reels Easily Hackaday
Component reels are a highly-0ptimized packaging format. They deliver components to pick and place machines for effective high-speed assembly. As more of us get into working with SMD components, were exposed to them as well. [MG] wanted a way to easily measure tape from component reels, which is difficult because theyre often curled up. Thus, they whipped up a nifty little tool for the job.
The device consists of a 3D printed bracket which is designed to fit on a cheap electronic tape measure from Amazon. The bracket holds an 8mm wide component tape against the measuring wheel. As the component tape is fed through the device, it turns the wheel, and the measurement appears on the screen. No more must you try and flatten out a tape and measure it section by section. Instead, you just feed it in, yank it through, and youre done!
[MG] notes that the tape measure itself runs on an STM32 microcontroller. As an extra-credit assignment, they suggest that the device could be reprogrammed to display component count instead of distance if thats more suitable for your appli...
08:32
Linux Kernel Logic Allowed Spectre Attack on Major Cloud SoylentNews
Kernel 6.2 ditched a useful defense against ghostly chip design flaw:
The Spectre vulnerability that has haunted hardware and software makers since 2018 continues to defy efforts to bury it.
On Thursday, Eduardo (sirdarckcat) Vela Nava, from Google's product security response team, kernel.
The bug, designated medium severity, was initially reported to cloud service providers those most likely to be affected on December 31, 2022, and was patched in Linux on February 27, 2023.
"The kernel failed to protect applications that attempted to protect against Spectre v2, leaving them open to attack from other processes running on the same physical core in another hyperthread," the vulnerability disclosure explains. The consequence of that attack is potential information exposure (e.g., leaked private keys) through this pernicous problem.
The moniker Spectre [PDF] describes a set of vulnerabilities that abuse speculative execution, a processor performance optimization in which potential instructions are executed in advance to save time.
Read more of this story at SoylentNews.
08:30
UltraViolet Cyber launches to address the ever-expanding cyber threat Help Net Security
UltraViolet Cyber has unveiled its launch to provide organizations across the globe with a streamlined approach to address the ever-expanding cyber threat. Created through the combination of four pioneering firms Metmox, Mosaic451, Stage 2 Security, and W@tchTower UltraViolet Cyber brings together decades of expertise and experience at the forefront of security operations to enable organizations to access the full spectrum of managed security operations capabilities. As cyber threats continue to increase, too many organizations More
The post UltraViolet Cyber launches to address the ever-expanding cyber threat appeared first on Help Net Security.
04:08
DMCA Robocops Give 20 Seconds to Comply, But Cant Muster a Reply TorrentFreak
Faced with millions of instances of copyright
infringement every day, many rightsholders use anti-piracy
companies to help stem the tide.
More often than not, that involves sending DMCA takedown notices on an industrial scale, in the hope that Google and Bing delist infringing URLs from search results before the cycle begins again.
Huge volumes of DMCA notices and similar requests are handled directly by companies including YouTube, Twitter, Facebook and Instagram. And thats just a part of a very large iceberg, much of it completely and permanently hidden, and almost all of it automated.
Trust the Machines
For years TorrentFreak has documented the most newsworthy takedown demands from the billions of notices sent to Google and other platforms with transparency programs.
Our focus is usually on the most egregious examples of wrongful and damaging takedowns, especially those that couldve been avoided by taking basic steps guided by common sense. Programmed by humans yet blamed on machines, the robo-blunderers mistakes are rarely even acknowledged by those ultimately responsible.
Our own experience shows that URLs on this very website have been wrongfully reported to Google almost 150 times by 65 reporting organizations and rightsholders. We were targeted again in February for referring to a piracy app by name in an article reporting that its alleged creator had been arrested.
RoboCop: Book him!
Sgt. Reed: Whats the charge?
RoboCop: He writes about pirates
A full 7% of all wrongful DMCA notices filed against the torrentfreak.com domain are duplicate attempts to take down the same non-existent infringing content that caused the first set of notices to be rejected. We have a good faith belief means almost nothing the first time; after another futile attempt expecting a different outcome, its at best sarcastic, at worst a flat-out lie.
The Personal Touch Via Email
Rather...
03:48
EU Parliaments Research Service Confirms: Chat Control Violates Fundamental Rights SoylentNews
MEP Patrick Breyer (Germany, Pirate Party), one of the few representatives fighting for preserving rights online rather than against them, has posted a summary about the EU Parliament's assessment of the proposed "Chat Control" legislation. In short, the "Chat Control" proposal violates basic human rights:
The experts made clear that an "increase in the number of reported contents does not necessarily lead to a corresponding increase in investigations and prosecutions leading to better protection of children. As long as the capacity of law enforcement agencies is limited to its current size, an increase in reports will make effective prosecution of depictions of abuse more difficult."
In addition, the study finds: "It is undisputed that children need to be protected from becoming victims of child abuse and depictions of abuse online... but they also need to be able to enjoy the protection of fundamental rights as a basis for their development and transition into adulthood." It warns: With regards to adult users with no malicious intentions, chilling effects are likely to occur."
There is an obfuscated link at the bottom of his post to the study, Proposal for a regulation laying down the rules to prevent and combat child sexual abuse: Complementary Impact Assessment. He also has older overview of the problems with the proposed legislation at his blog, too.
Read more of this story at SoylentNews.
03:38
New Android malicious library Goldoson found in 60 apps +100M downloads Security Affairs
A new Android malware named Goldoson was distributed through 60 legitimate apps on the official Google Play store.
The Goldoson library was discovered by researchers from McAfees Mobile Research Team, it collects lists of applications installed on a device, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. The third-party library can perform ad fraud by clicking advertisements in the background without the users consent. The experts have found more than 60 applications in Google Play that were containing the malicious library. The apps totaled more than 100 million downloads in the ONE store and Google Play stores in South Korea.
It is important to highlight that the library was not developed by the authors of the apps.
The security firm reported its findings to Google, which notified the development teams. Some apps were updated by removing the malicious library, while other apps were removed from Google Play.
Below is the list of the apps using the malicious library that had the highest number of downloads:
| Package Name | Application Name | GooglePlay Downloads | GP Status |
| com.lottemembers.android | L.POINT with L.PAY | 10M+ | Updated* |
| com.Monthly23.SwipeBrickBreaker | Swipe Brick Breaker | 10M+ | Removed** |
| com.realbyteapps.moneymanagerfree | Money Manager Expense & Budget | 10M+ | Updated* |
| com.skt.tmap.ku | TMAP ,, , | 10M+ | Updated* |
| kr.co.lottecinema.lcm | 10M+ | Updated* | |
| com.ktmusic.geniemusic | genie | 10M+ | Updated* |
| com.cultureland.ver2 | [] | 5M+ | Updated* |
| com.gretech.gomplayerko | GOM Player | 5M+ | Updated* |
| com.megabox.mop | (Megabox) | 5M+ | Removed** |
| kr.co.psynet | LIVE Score, Real-Time Score | 5M+ | Updated* |
| sixclk.newpiki | Pikicast | 5M+ | Removed** |
Upon executing one of the above apps, the Goldoson library registers the...
03:29
LXQt 1.3 Released While Qt6 Porting Remains A Work-In-Progress Phoronix
Friday, 14 April
23:15
1xbet Promo Code Sign Up Bonus As A Lot As 130 $ h+ Media
1xbet Promo Code Sign Up Bonus As A Lot As 130 $
What occurs if a change of tenancy is planned during lockdown? How will we handle property inspections or essential repairs? How can we manage the method when for some cause we need to be on-site? Does the change in how we now have to operate have any potential authorized implications and how does it affect the insurance coverage of the property? If you are a member please log in or contact us to reset your password. We may be ready upon or processing your payment on your membership.
- The other draw back is the limited loyalty rewards on the on line casino platform.
- The mother or father firm is predicated in Cyprus and has branches worldwide.
- Over the past 14 years, it has turn into one of the most recognizable bookmakers worldwide.
- Mt Pelerin Group SA is an organization established in Switzerland since 2018, with places of work in Neuchtel and Geneva.
- Is a Welcome bonus which is 130 for newly registered users from Ghana.
With ETH, youre not trusting a financial institution to look after your money, youre trusting your self. With a DEX youll be able to commerce with out giving control of your funds to a centralized company. Ether to usd Exchanges are businesses that let you buy crypto utilizing traditional currencies. They have custody over any ETH you purchase until you send it to a pockets you control. Przemysaw Kral is ready to discuss cryptocurrencies ranging from April 7.
The hottest markets include tennis, American football, hockey, basketball, soccer, cricket, Formula 1, and cycling. For soccer lovers, betting could be made on the result of the match as properly as corners, free kicks, and yellow playing cards, and so on. If you ever expertise any concern, dont hesitate to contact their customer support service. They are at all times there to solve your queries and give you the right resolution you need. We have already discussed the welcome bonus offered by the positioning. This bonus is reserved just for new players, whore signing up for the primary time.
If you join the new loyalty program, the casino offers a token of gratitude within the type of VIP cashback. 1xBet is powered by a high-end SSL encryption service to ensure the protection of their clients private information and banking information. This guarantees that transactions cannot be seen by unauthorized third parties. Moreover, the betting community can be accessible in a number of places and languages. 1xBet additionally attempt hard to be sure that newbies get an honest number of treats. However, in case you have more serious points related to fee or withdrawal, youll have the ability to call them or email them.
Is Free Play Available?
Follow the directions as listed for installing the app in your iOS-powered system, including Change Country or Region. Once installed, you should use the app in...
23:12
1xbet Access Is Denied The Means To Enter Using Vpn Shopper 1xbet: One Of The Best Betting App For Cellular Sport-specific Training h+ Media
1xbet Access Is Denied The Means To Enter Using Vpn Shopper 1xbet: One Of The Best Betting App For Cellular Sport-specific Training
The Curacao gaming license covers all kinds of iGaming-related exercise. In other words, it presents a one-size-fits-all license, regardless of the recreation class and type. This makes the process extremely cost-effective and flexible for start-ups and entrepreneurs.
This Good Repair Guide identifies a few of the common problems and restore options for external timber steps and handrails. When harm to external steps is extensive, the best choice is commonly full substitute. Do not brand your self one of many fraudulent firm please. 1xt bet was trustworthy and you might be loosing it every minute. The nature of all sporting occasions doesnt enable a single group to dominate repeatedly.
Bonus code, you probably can make positive to get the best welcome bonus on provide at 1xbet dont miss out on this! To reply the question whats 1xBet and uncover extra details about this bookmaker, learn our evaluation. Luckily for all of the gamblers who like to put their bets using smartphones, the 1xbet platform seems on each iOS and Android devices in the form of an software. Even though looking out yourself on Google Play and iTunes will provide you with the app, the safest methodology is to obtain it instantly from the official 1xbet website. Its not shocking, because the corporate can be interested in increasing its viewers, So they are willing to provide users in the perfect taking half in conditions.
All sports activities betting fanatics like free bets, however in addition they need great odds. After entering the code, deposit at least 400 (or equivalent in $) to say this offer. Currently, the betting and on-line on line casino market are oversaturated with completely different suppliers. In such an setting, it is simple for gamers to get confused and select not in all probability probably the most worthwhile choice to play. 1xBet is the go-to sportsbook for bonus presents and promotions. Bonus presents would solely be obtained after the registration course of is full and the person makes an preliminary deposit.
Should youve any doubts or queries, you can contact their buyer support service to get your drawback solved. One of the most effective issues about 1xBet is that it provides a extensive range of payment options to gamers. At the time of writing, they offer over a hundred fee choices. Players can select their most popular mode of fee to make deposits.
Just login 1xbet platform right now to find a method to see this for your self and at all times have worthwhile betting decisions for realizing your potential. Creation of an account using social networks doesnt have a space for entering a promotional code, however betters use this method lots lower than others. Almost 94% of surveyed companies said they really feel optimistic in regards to th...
23:11
1xbet Casino Evaluate Nz$1500 Bonus Nz 2023 h+ Media
1xbet Casino Evaluate Nz$1500 Bonus Nz 2023
1xBet bookmaker has created an all-in-one platform for players to check their luck and make big money rewards. The offerings embody Sportsbook, casinos, and the lottery. The website additionally includes a cool design dominated with eye soothing dull-blue shade for optimum consumer engagement. To contact their buyer help group, you want to be a registered member of the positioning. They have a highly environment friendly team that provides the best customer support experience.
- Well, the final but essentially the most enticing software is 1xbet!
- Even in on-line sports activities betting, a websites ease-of-use issues a lot.
- At first, you have to enable the Unknown Sources in your cellphone.
- What should weigh right here is the general playing style of the goalkeeper, which can provide a prediction of how he will behave in the game.
- The withdrawal timelines typically range from a minute to 5 and seven days.
The betting options that 1XBet offers you rely upon the sort of match that you simply select. Suppose you select a sport corresponding to rugby, you can bet on the match result, profitable margin, handicap bets, first strive scorer, and first scoring play, amongst others. The Bookmaker absolutely supports cell sports betting and it is very simple to position a wager on any pill system or smartphone.
Thanks to the Internet, youll have the ability to guess at any time, 24 hours a day, 7 days every week. Online betting is an opportunity to convert virtual predictions into real money. Recently, there has been an influx of complaints against the location due to extremely delayed payouts. Players are also sad about the unskilled and very gradual help system, which is unable to deal with their queries. There is an FAQ section at the1xBet Casinosite which is solely devoted to the most Frequently Asked Questions.
Kenyans, can use 1xbet Mpesa invoice quantity for a hassle-free fee transactions. The companys Mpesa pay invoice amount is on the 1xbet Kenya website. After that, wait in your account to be accredited and then you can begin taking half in. As a model new member, youll first have to credit score your account with no a lot lower than Kshs.112. ESPORTS TENNIS a promo code for a free wager on eSports tennis with odds of 1.eighty or bigger. TENNIS SINGLE a promo code for a free single wager on tennis with odds of 1.eighty or larger.
All that you just need is to select Ghana in countries list and assign Ghanaian Cedi as your foreign money. In order to register, you need to adhere to couple of straightforward steps. First of all, get the green registration button inside the top right nook within the screen. Click on it and choose probably the most handy registration technique.
With only a few clicks, youll have the power to perform all the actions you must do. If the net site is clos...
23:10
Search Outcomes For: 1xbet App Apk Openhot688com$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit h+ Media
Search Outcomes For: 1xbet App Apk Openhot688com$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit
Time interval has modified and now youll be capable of primarily respect a similar excitement and pleasure to taking part in establishments from your personal home laptop. Rather than a bonus, 1xBet Kenya provides a variety of bonuses. All new prospects that register an account can declare the first deposit bonus. Despite this large variety of enjoying prospects, sport betting stays the principle target of the Russian company. I request individuals to stick with different different betsites like parimatch or 22bet .
1xBet additionally supplies a user-friendly platform that might be accessed from both laptop and mobile units. Not just that, however additionally they offer a 1xBet official app thats suitable with both iOS and Android platforms. This is amongst the many causes that draw more players to their website. You can, instead, be happy for the fact that almost two thirds of these about 50 promotions are fully made for football betting lovers. You might imagine off that within the second part the video video games occur in actual time. In quick, theres no animation proper here, however actual of us from an actual studio from the precise world.
That is why it has secured the location with SSL encryption expertise. The technology guarantees around the clock protection for personal data. The withdrawals are processed within 24 hours, so that you dont have to wait a lot. Besides that, additionally they permit for financial institution transfers, which take up to 1 to 7 working days depending on your financial institution. According to the rules of this wager, you have to play sure particular video games in a interval of 24 hours.
By clicking on the Register button, you conform to the phrases and circumstances and privateness insurance policies of the company. The withdrawals by way of Visa and MasterCard are the one procedures where you arent assured with this 15-minute time interval. Usually, these orders are fast, too, however in unusual circumstances they might delay with as so much as 7 days.
- They are going to wish to return to Vietnam and stay there.
- Often the characters of video slots are in style characters from movies or animated sequence.
- Cash out is available at 1XBet, and among other causes, Kiwi bettor establish with this bookie as they will salvage their bets earlier than a game ends.
- You get a generoussignup bonusafter a profitable registration.
After the installation course of is full, youre all set to use the 1xBet app. Now look for a dependable supply from the place you can obtain the app. how to play virtual on 1xbet At first, you want to enable the Unknown Sources on your tel...