| IndyWatch Science and Technology News Feed Archiver | |
 |
Go Back:30 Days | 7 Days | 2 Days | 1 Day |
|
IndyWatch Science and Technology News Feed was generated at World News IndyWatch. |
|
Thursday, 27 April
02:30
Cybersecurity leaders introduced open-source information sharing to help OT community Help Net Security
A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments. Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security Solutions. ETHOS will give critical industries a vendor-neutral option for information sharing to combat More
The post Cybersecurity leaders introduced open-source information sharing to help OT community appeared first on Help Net Security.
02:00
GNOME 44.1 Released With Many Fixes Phoronix
It's been one month already since the debut of GNOME 44 and out today is the first point release...
02:00
Graylog 5.1 optimizes threat detection and response Help Net Security
Graylog announced at the RSA Conference 2023 Graylog 5.1 with new incident investigation and enhancements to its cybersecurity Security and the Graylog Platform will be GA in May 2023. With the new incident investigation capability, Graylog Security customers can easily collect and organize datasets, reports, and other contexts while investigating a potential incident or issue. The innovative workspace tracks the status and progress of any new More
The post Graylog 5.1 optimizes threat detection and response appeared first on Help Net Security.
01:31
Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks The Hacker News
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a
01:30
Nuke Your Own Uranium Glass Castings in the Microwave Hackaday
Fair warning: if youre going to try to mold uranium glass in a microwave kiln, you might want to not later use the oven for preparing food. Just a thought.
01:30
Forcepoint Data Security Everywhere simplifies DLP management Help Net Security
At RSA Conference 2023, Forcepoint extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterprise DLP management across cloud, web and private apps and streamlining compliance wherever hybrid workers store, access and use confidential information. The company is also bringing to market Forcepoint ONE Insights that enables users to quickly visualize and quantify the financial value of security efficacy More
The post Forcepoint Data Security Everywhere simplifies DLP management appeared first on Help Net Security.
01:24
Vast Potential Researchers Create a New Type of Laser Lifeboat News: The Blog
Researchers from EPFL and IBM have created a novel laser that could revolutionize optical ranging technology. This laser is constructed from lithium niobate, a material frequently utilized in optical modulators to regulate the frequency or intensity of light transmitted through a device.
Lithium niobate is highly valued for its ability to manage large amounts of optical power and its high Pockels coefficient. This allows the material to alter its optical properties when an electric field is applied to it.
The researchers achieved their breakthrough by combining lithium niobate with silicon nitride, which allowed them to produce a new type of hybrid integrated tunable laser. To do this, the team manufactured integrated circuits for light (photonic integrated circuits) based on silicon nitride at EPFL, and then bonded them with lithium niobate wafers at IBM.
01:23
Tesla receives massive fleet order from the UAE Lifeboat News: The Blog
Tesla received a large order for Model 3s from an Emirati taxi company, Arabia Taxi Dubai, helping the company to cut its carbon footprint.
Teslas retail consumer pressure is undeniably large. Still, the automaker has also grown in popularity in the commercial space, especially from customers looking to cut operating costs while reducing their carbon footprints. Predominantly, these orders have been coming from ride-hailing companies and car rental services. Now, a Dubai-based taxi company is also looking to capitalize on the cut-cutting opportunity.
According to the announcement from Arabia Taxi Dubai, it will buy 269 Tesla Model 3s to become part of its taxi fleet in the United Arab Emirates. Currently, Arabia Taxi advertises itself as the largest taxi fleet in Dubai and one of the largest in the country. With this new purchase, it looks to double down on that lead.
01:23
Unraveling the Genetic Mechanisms Behind Long-Lasting Memories in the Brain Lifeboat News: The Blog
Summary: Researchers shed new light on the molecular and genetic basis of long-term memory formation in the brain. A new study reveals a single stimulation to the synapses of hippocampal neurons triggered numerous cycles where the memory-coding Arc gene produced mRNA molecules that were then translated into synapse-strengthening Arc proteins. From the findings, researchers determined a novel feedback loop that helps explain how short-lived mRNA and proteins create long-term memories in the brain.
Source: albert einstein college of medicine.
Helping your mother make pancakes when you were threeriding your bike without training wheelsyour first romantic kiss: How do we retain vivid memories of long-ago events?
01:23
Genetic Driver of Anxiety Discovered Lifeboat News: The Blog
Summary: An international team of scientists has identified a gene in the brain responsible for anxiety symptoms and found that modifying the gene can reduce anxiety levels, offering a novel drug target for anxiety disorders. The discovery highlights a new amygdala miR483-5p/Pgap2 pathway that regulates the brains response to stress and provides a potential therapeutic approach for anxiety disorders.
Source: University of Bristol.
A gene in the brain driving anxiety symptoms has been identified by an international team of scientists. Critically, modification of the gene is shown to reduce anxiety levels, offering an exciting novel drug target for anxiety disorders.
01:23
Scientists Use Electricity to Make Wounds Heal 3x Faster Lifeboat News: The Blog
Scientists have developed a specially engineered biochip that uses electricity to heal wounds up to three times faster than normal.
Its well known that electric fields can guide the movements of skin cells, nudging them towards the site of an injury for instance. In fact, the human body generates an electric field that does this naturally. So researchers from the University of Freiburg in Germany set out to amplify the effect.
While it might not heal severe injuries with the speed of a Marvel superhero, it could radically reduce the time it takes for small tears and lacerations to recover.
01:22
Researchers Took The First Pics Of DEATH It Is Actually PALE BLUE And Looks Nice Lifeboat News: The Blog
In todays well-researched world, death is one of those unknown barriers. It was pursued by British scientists The color of death is a faint blue.
British scientists got a firsthand look at what its like to die. They took a close look at the worm in the experiment. During this stage of passage, cells will perish. It starts a chain reaction that leads to the creatures extinction and destroys cell connections.
Gloomy radiation is induced by necrosis, which destroys calcium in your system, according to a research published in the journal PLoS Biology. Professor David Gems of University College London oversaw the study.
01:22
Winning the War on Cancer Lifeboat News: The Blog
Learn How to Prevent and Heal Cancer Using Natural, Holistic and Integrative Methods from World Leading Doctors and Cancer-Conquerors.
01:16
Windows 11 WSL2 Performance vs. Ubuntu Linux With The AMD Ryzen 7 7800X3D Phoronix
When carrying out the recent Windows 11 vs. Ubuntu 23.04 benchmarks with the AMD Ryzen 7 7800X3D Zen 4 3D V-Cache desktop processor, I also took the opportunity with the Windows 11 install around to check in on the Windows 11 WSL2 performance. Here is a fresh look at Ubuntu with Windows Subsystem for Linux (WSL2 on Windows 11) compared to the bare metal performance of Ubuntu 22.04 LTS on the same hardware as well as the new Ubuntu 23.04.
01:16
Jacinda Ardern Accepts Fellowships at Harvard University cryptogon.com
Via: Reuters: Former New Zealand Prime Minister Jacinda Ardern said on Wednesday that she was taking up three fellowships at Harvard University later in 2023. Harvard University said in a statement she had been appointed to dual fellowships at Harvard Kennedy School and to a concurrent fellowship at the Berkman Klein Center. I am []
01:00
The Flipper Zero: A Hackers Delight IEEE Spectrum
Readers of this Hands On are likely to fall into one of two camps: those wholl view the Flipper Zero with fascination, and those wholl view it with loathing. Among the former are security researchers and hardware developers trying to debug a wireless setup. Among the latter are IT folks charged with defending their realm from physical or network attacks. But whatever camp you fall into, the Flipper is something youll need to know about.
The Flipper is an open-source hacking tool of exceptional polish and functionality. Its official price is US $169, but it sells out as fast as it can be manufactured and so can often only be found at a hefty markupI paid $250 from one reseller.
Hacking software and hardware tends to adopt, either consciously or unconsciously, design aesthetics that wouldnt be out of place in a William Gibson cyberpunk novel. Hardware is utilitarian, with boxy enclosures painted or printed black. Software often relies on opaque commands. They are serious tools for serious people. The Flipper stands this schema on its head. Its line of aesthetic descent is more Tamagotchi than tech dystopia, with a brightly colored white-and-orange case molded to fit your palm. An onscreen animated anthropomorphic dolphin pops up to guide you through setup menus. It looks and feels like a childs toy. It isnt.
An
open-source design, the Flipper is composed of a main board with an
ARM-based CPU and transceiver chip, a board for NFC and RFID
communications, a PCB antenna, and an extra board to handle IR and
iButton interfacing.James Provost
The Flipper is powered by a 32-bit Arm processor core with a top spee...
00:59
RFK Jr. Explains How Democratic Party Is Already Rigging 2024 Race cryptogon.com
even if RFK Jr. had widespread supporthe doesntthe Democratic Party would simply screw him over. Robert F. Kennedy Jr. Wants a Law to Punish Global Warming Skeptics Via: Summit News: Alternative Democratic presidential candidate Robert F. Kennedy Jr. has accused the Democratic Party of rigging the primary system to ensure Joe Biden stands a better []
00:42
Fox Fired Tucker Carlson cryptogon.com
Via: Paul Watson: Related: Tucker Carlsons Exit Wipes Out $700 Million In Market Value For Fox
00:38
Wayland's Weston 12 Alpha Brings Multi-GPU Support, PipeWire Backend, Tearing Control Phoronix
Released today was the first alpha release of the upcoming Weston 12.0 release, which continues to serve as the reference compositor for Wayland...
00:30
Eclypsium launches Supply Chain Security Platform with SBOM capability Help Net Security
Eclypsium released Supply Chain Security Platform, enabling an organizations IT security and operations teams to continuously identify and monitor the bill of materials, integrity and vulnerability of components and system code in each device, providing insight into the overall supply chain risk to the organization. One unique capability in the platform is the SBOM (Software Bill of Materials) generated for each component and system code in enterprise devices which provides an industry-standard format for visibility More
The post Eclypsium launches Supply Chain Security Platform with SBOM capability appeared first on Help Net Security.
00:24
AI-powered dance animator applies generative AI to choreography Lifeboat News: The Blog
Stanford University researchers have developed a generative AI model that can choreograph human dance animation to match any piece of music. Its called Editable Dance GEneration (EDGE).
EDGE shows that AI-enabled characters can bring a level of musicality and artistry to dance animation that was not possible before, says Karen Liu, a professor of computer science who led a team that included two student collaborators, Jonathan Tseng and Rodrigo Castellon, in her lab.
The researchers believe that the tool will help choreographers design sequences and communicate their ideas to live dancers by visualizing 3D dance sequences. Key to the programs advanced capabilities is editability. Liu imagines that EDGE could be used to create computer-animated dance sequences by allowing animators to intuitively edit any parts of dance motion.
00:14
Photos: RSA Conference 2023, part 2 Help Net Security
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here. Here are a few photos from the event, featured vendors include: Threatlocker, Deloitte, CIS, Ionix, Forescout, Thales, BlackBerry, AT&T Cybersecurity, KnowBe4, Synopsys, Armis, Uptycs, Fortinet, Mandiant, Google, Mend, Resecurity, Zscaler.
The post Photos: RSA Conference 2023, part 2 appeared first on Help Net Security.
00:00
Uptycs unveils cloud security early warning system Help Net Security
At RSA Conference 2023, Uptycs unveiled the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure AD to reveal suspicious behavior as the developer moves code in and out of repositories and into production. The result is an early warning system that allows security teams to identify and stop threat actors before they can access data and services in the cloud. Uptycs customers can track and analyze malicious More
The post Uptycs unveils cloud security early warning system appeared first on Help Net Security.
00:00
Parametric Design with Tinkercad Hackaday
Tinkercad is like the hamburger helper of 3D design. You hate to admit you use it, and you know you should put in more effort, but darn it its easy, and it tastes pretty good. While I use a number of CAD programs for serious work, sometimes, when I just want a little widget like a flange for my laser cutters exhaust, it is just easier to do it in a few minutes with Tinkercad. However, I heard someone complaining the other day that it wasnt of any use anymore because they took away custom shape generators. That statement is only partially true. Codeblocks allow you to easily create custom parametric items for use in Tinkercad.
Wednesday, 26 April
23:54
Version 13.1 of the GCC compiler suite has been released.
This release integrates a frontend for the Modula-2 language which was previously available separately and lays foundation for a frontend for the Rust language which will be available in a future release.
Other changes include the removal of support for the STABS debugging-information format, addition of a number of C++23 features, a number of static-analyzer improvements, support for a number of recent CPU features, and more. See this page for details.
23:53
Ultrasound Reveals Trees Drought-survival Secrets SoylentNews
Scientists turned a forest into a lab to figure how some species cope with repeated dry spells:
The tissues of living trees may hold the secrets of why some can recover after drought and others die. But those tissues are challenging to assess in mature forests. After all, 90-year-old trees can't travel to the lab to get an imaging scan. So most studies of the impacts of drought on plants are done in the lab and on younger trees or by gouging cores out of mature trees.
[...] In the Kranzberg Forest outside Munich, the team outfitted stands of mature spruce and beech trees with rugged, waterproof ultrasound sensors. Some of the stands had been covered by roofs to block the summer rain, creating artificial drought conditions.
Five years of monitoring revealed that beeches (Fagus sylvatica) are more drought-resilient than spruces (Picea abies), the team reported in the December Plant Biology. Delving into the underlying mechanisms explained this difference.
Drought-stressed trees produced more ultrasound signals than trees exposed to summer rains. Those faint acoustic waves were bouncing off air bubbles called embolisms deep within the trees' vasculature. Surface tension keeps water moving through a tree's thousands of tiny vessels evaporation from pores in leaves drives water up the trunk (SN: 9/6/22). But if there's insufficient water in the soil, this upward pull can generate embolisms that clog vessels. In the experiments, spruces pinged much more than beeches, suggesting they had far more embolisms.
That's despite the fact that beeches appear to be less conservative with their water management, at least above ground. Trees can prevent embolisms by closing the pores on their leaves, but there's a trade-off. Doing so cuts off the supply of the carbon dioxide that drives photosynthesis, which makes the carbohydrates and sugars that trees need to live and grow. In dry conditions, trees face an impossible choice "between starving and dying of thirst," Beikircher says.
Read more of this story at SoylentNews.
23:51
Common insecure configuration opens Apache Superset servers to compromise Help Net Security
An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version, and check whether attackers might have exploited the weakness to breach them. Apache Superset and the widespread exploitable weakness Apache Superset is a data exploration and visualization platform thats usually integrated with a variety of More
The post Common insecure configuration opens Apache Superset servers to compromise appeared first on Help Net Security.
23:51
Security updates for Wednesday LWN.net
Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).
23:40
Distribution Release: Peropesis 2.1 DistroWatch.com: News
Peropesis (personal operating system) is a small-scale, minimalist, command-line-based Linux operating system. The project's latest release, Peropesis 2.1, introduces a number of new software development tools (including automake and autoconf), the Perl interpreted scripting language, and two new compression utilities. "Peropesis 2.1 Linux OS is released. In the....
23:34
Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks Security Affairs
Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution.
Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote code execution.
The issue was discovered by Horizon3 researchers who reported that there are more than 3000 instances of the platform exposed to the Internet. Horizon3 found that at least 2000 servers are running with a dangerous default configuration.
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. reads the advisory. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.
The CVE-2023-27524 flaw impacts versions up to and including 2.0.1.
Vulnerable versions are using the following default value for the SECRET_KEY:
\x02\x01thisismyscretkey\x01\x02\\e\\y\\y\\h
Any attacker can log in to these servers with administrative privileges, access and modify data connected to these servers, harvest credentials, and execute remote code. reported Horizon3.
The web application signs the cookie with a SECRET_KEY, a value that is supposed to be randomly generated and typically stored in a local configuration file. With every web request, the browser sends the signed session cookie back to the application. The application then validates the signature on the cookie to re-authenticate the user prior to processing the request. The security of the web application depends critically on ensuring the SECRET_KEY is actually secret. If the SECRET_KEY is exposed, an attacker with no prior privileges could generate and sign their own cookies and access the application, masquerading as a legitimate user.
Horizon3 researchers reported the issue to the Superset team in
Oct. 2021, but when in February 2023 they checked the fix they
discovered that in January 2022 the
default SECRET_KEY value was changed to
CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET, and a
warning...
23:30
Cynet announces platform updates to help organizations protect their systems and infrastructure Help Net Security
Cynet announced its presence at RSA Conference 2023 with new updates to its cybersecurity solution. The company is on track to domain filtering capabilities, enhanced Playbook Summary Reports, improvements to the user interface, endpoint detection and prevention services, platform performance and more. In addition to product updates, Cynet is launching Cynet 360 Mobile capabilities as well as Lighthouse Credential Theft Monitoring, a More
The post Cynet announces platform updates to help organizations protect their systems and infrastructure appeared first on Help Net Security.
23:27
Officially the Best Reloaded Random Thoughts
A couple years back, I watched all the top 100 movies on the 2012 Sight & Sound Directors Poll, and that was a lot of fun. Last year, a decade had passed and Sight & Sound did a new poll. And as usual in these polls, there was a whole lot of new movies in the top 100, so I thought itd be fun to watch them.
Theres about thirty new movies on the list, and virtually all of them are in the bottom 60. Which isnt surprising the bottom half of the list is very unstable, while the top 20 doesnt really see that many changes. In addition to the new movies, Im also going to re-watch a handful of films on the old list (where Ive gotten new, restored editions of the films).
Oh, and Im skipping some of the new movies that Ive already seen (and blogged about).
Confused? No?
So here we go!
23:23
The Hybrid Innovation Model: Merging Corporate Strength And Startup Agility Lifeboat News: The Blog
Ensuring proper funding level and visibility was another challenge. To provide the necessary resources, we included executive sponsors on the boards of satellite organizations, which offered better visibility and support for innovation projects. Finally, we faced the challenge of process alignment to maintain agility while ensuring safety. As a result, we defined the minimum required processes to guarantee safety as a top priority during developments, allowing satellite organizations to remain agile without compromising safety standards.
By addressing these and other challenges, we were able to determine the appropriate balance between autonomy and oversight for our organization. Our successful model involves a mix of internal and external talent, strong alignment between corporate and satellite strategies, and ongoing investment in innovative projects. We measure success using specific metrics such as project completion rates, knowledge and employee transfer efficiency, and the value of innovations returned to the parent corporation.
The hybrid innovation model represents a groundbreaking approach for corporations looking to harness the benefits of both the corporate and startup worlds. Corporations can foster an agile and dynamic environment that attracts top talent and facilitates rapid development and testing of new ideas. Although there are challenges to implementing this model, the potential benefits make it an attractive option for corporations seeking to drive innovation and growth in todays fast-paced business environment.
23:16
Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks The Hacker News
The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on
23:00
100+ More ASUS Motherboards Enabled For Sensor Monitoring With Linux 6.4 Phoronix
The hardware monitoring "HWMON" subsystem updates have been pulled into the in-development Linux 6.4 kernel with ASUS Intel/AMD desktop motherboards being the big winners with these driver updates...
23:00
Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling Help Net Security
Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives. Traceables Zero Trust API Access actively reduces attack surface by minimizing or eliminating implied and persistent trust for APIs. You cannot have true zero trust without API security, said Sanjay Nagaraj, CTO of Traceable. Traceables Zero Trust API Access provides a guiding principle for API security architectures More
The post Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling appeared first on Help Net Security.
23:00
Linux Kernel Drama: AMD's Spectral Chicken Phoronix
There's a bit of Linux kernel code for AMD Zen 2 processors called the "spectral chicken" and a call for cleaning up that code, which was originally written by an Intel Linux engineer, has been rejected...
22:33
Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China The Hacker News
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muoz said in a new
22:30
Code42 adds real-time blocking capabilities to the Incydr IRM solution Help Net Security
At RSA Conference 2023, Code42 announced that it has added real-time blocking capabilities to the Incydr IRM solution. The enhancement allows security teams to prevent unacceptable data exfiltration without the management burden, inaccuracy, and endpoint impact of content-based policies. Insider Risk is emerging as the most difficult threat to detect in todays environments. Despite 72% of organizations having a program dedicated to Insider Risk, over four in five CISOs admit data loss from insiders is More
The post Code42 adds real-time blocking capabilities to the Incydr IRM solution appeared first on Help Net Security.
22:30
Intel Sierra Forest EDAC Lands In Linux 6.4, AMD's EDAC Driver Aims For GPUs Phoronix
The Error Detection And Correction (EDAC) device driver updates have been submitted for the Linux 6.4 merge window...
21:46
Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks The Hacker News
The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and
21:02
Bad Medical News Causes Patients to Choose Brand Name Drugs Over Generics, Costing Billions SoylentNews
Researchers from Johns Hopkins University published a new Journal of Marketing article that examines how receiving negative medical results might affect how people choose between generic and brand name drugs:
At the height of the COVID-19 pandemic, Manuel Hermosilla received a call from a family friend in Chile who had been recently diagnosed with cancer. The friend needed help tracking down Hydroxychloroquine to treat her rheumatoid arthritisa drug in short supply given its supposed therapeutic powers to combat COVID-19.
Hermosilla found two alternatives for Hydroxychloroquine: a hefty $330. The family friend didn't want the generic version, Hermosilla says. "Given her cancer diagnosis, she felt the generic wasn't 'safe' enoughwhich got me to thinking: could medical-related insecurities impact patients' brand/generic choices?"
Getting bad medical news can be alarming. It might influence us to embark on a healthier lifestyle, perhaps by exercising more or eating healthier food. Given that brand name drugs are perceived to be more effective and perhaps even safer than generics (despite many experts viewing generics as molecular replicas of brand name drugs), bad news might also affect how we choose between drugs.
This new research points to estimates suggesting substantial savings for the U.S. healthcare system about 10% of drug expenditures, or $36 billion a yearif patients always chose a generic option when available. The researchers suggest that a broader use of generics could significantly lower expenditures without sacrificing the quality of patient care.
Journal Reference:
Hermosilla, M., & Ching, A. T. (2023). EXPRESS: Does Bad
Medical News Reduce Preferences for Generic Drugs? Journal
of Marketing, 2023. https://doi.org/10.1177/00222429231158360
Read more of this story at SoylentNews.
21:00
The Goalie Mask, Reenvisioned Hackaday
The goalie mask, at least the retro-styled fiberglass types from the 60s and 70s, hasnt been used in hockey for about 50 years its instead made many more appearances in horror movies than on ice rinks. Since then, though, theres been very little innovation surrounding the goalie mask even though theres much more modern technology that could theoretically give them even greater visibility. [Surjan Singh] is hoping to use his engineering and hockey backgrounds to finally drive some improvements.
The uncage is based on Dyneema thread, a polyethylene fiber known for its strength and durability. Its often used in applications that demand high strength with minimal weight, such as for sails or backpacking equipment. Using strands of Dyneema woven through a metal support structure is what gives this mask its high strength while also improving the visibility through it dramatically. [Surjan] has been prototyping this design extensively, as there were some issues with the fibers chafing on attachment points on the metal frame, but most of these issues have been ironed out or are being worked on currently.
In the meantime, [Surjan] has been looking for a professional-level goalie to help refine his design further and d...
21:00
We've added 10 new text tools catonmat.net
Team Browserling keeps shipping!
Four weeks ago we added 50 new text tool.
Three weeks ago we added 20 more tools.
Two weeks ago we added 15 more text tools.
Last week we added another 15 text tools.
And today we just added another 10 tools to our Online Text Tools collection.
Here are the new text tools.
- Scramble Words in Text
- Swap Adjacent Words in Text
- Erase Letters from Words
- Erase Words from Text
- Duplicate Sentences in Text
- Remove Sentences from Text
- Generate Fake Text
- Unfake Text
- Check if Text is Fake
- Convert Text to URL Slug
Next week we'll add even more tools. See you then!
20:29
Kevin Shockeys Presentation on Puerto Rico and FSF Techrights
A Presentation From a Puerto Rican Perspective:
Seems like Puerto Rico quickly adopted GNU/Linux this past year
Summary: The above LibrePlanet slide from Kevin Shockey was the last of a deck of slides; the presentation seems to have covered patents, preservation, and many other aspects; sadly the talk cannot be found, at least not yet, in PeerTube or in MediaGoblin and it seems to be covering important points from the perspective of colonies or natural disaster-prone places
Licence: GFDL 1.3
20:23
GCC 13.1 Released With Modula-2 Language Support, More C23/C++23 Features Phoronix
20:05
xf86-video-ati 22.0 Released For Older ATI/AMD GPUs Phoronix
The xf86-video-ati 22.0 driver has been released as a rare update to this X.Org DDX driver used by older pre-GCN ATI/AMD Radeon graphics cards...
19:56
Warpinator: Remote file deletion vulnerability (CVE-2023-29380) Open Source Security
Posted by Matthias Gerstner on Apr 26
Hi list,this report is about a remote file deletion vulnerability in Warpinator
[1].
Introduction
============
I already reviewed and found issues in Warpinator a while ago [2]. The
openSUSE packager for Warpinator asked me for a follow-up review after
updating to upstream release 1.4.3 which contained the fixes for
CVE-2022-42725.
In the course of the review I found another vulnerability which is
described in detail in the next section....
19:29
Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks The Hacker News
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access
19:19
Try 1xbet Mobile Casino Evaluate 2023 Claim Your 1500 Today! h+ Media
Try 1xbet Mobile Casino Evaluate 2023 Claim Your 1500 Today!
Re part of the group already, just sign up and choose your favorite market to guess on. There are presently varied versions of the most effective bet application from 1xbet for all present platforms, including Android, iOS, and even older units with JAVA help. To get one of the best betting app for Android, you have to go to the corresponding part of the location following the link in your smartphone?
Alternatively, you can enter the whole quantity you want to spend in the Total Stake area and well automatically calculate the stake per combo for you. Percentage betting is often a extra reasonably priced way to improve your probability of successful massive. A Multi guess lets you mix many Fixed Odds alternatives into one wager, from a minimal of two, as much as a most of 25. 1XBET has sadly turn out to be one of those manufacturers that isnt trustworthy. If you win more than you lose, youve trouble getting paid.
You can gather Loyalty Points by enjoying your favorite video games then redeem them for distinctive gifts. There are additionally several common promotional offerings, like a 2x/Double Up Promotion on Wednesdays and common Roulette tournaments. Find a detailed listing of the obtainable promotions and special supply bonuses on the casinos promos page. The on line casino is considered a powerhouse for being one of many veterans in theonline casino scene. It offers sports activities betting, lottery, and various popular andnew casinogames.
Check out CasinoRank to find extremely recommended MasterCard casinos that emphasize player safety and security. 1xBet has an infinite number of games, promotions, and occasions. They additionally supply straightforward deposit and withdrawal options that users find handy. The various modes of fee along with nice customer service assist additionally make issues smoother for players. 1xBet is a global casino and betting web site that offers quite so much of casino games, sports betting, and live on line casino video games. To get began, you want to first register yourself on the platform.
In this case, you wont be disenchanted as they offer a safe platform to gamble. We have already discussed the welcome bonus offered by the site. This bonus is reserved just for new gamers, whore signing up for the first time. You can declare your welcome bonus quantity solely after registering yourself on the site.
They have a broad vary of game choices, with variousbonusesand jackpots, that thrill all the punters that come to verify out the site. With a special level of wagers, there is something for those with a finances and there are stakes that will thrill the best rollers. This is doubtless considered one of the most entertaining places to examine if lady luck is at anyones facet. It is one of many quickest ways to register an account after the player downloads 1xbet app....
19:17
Chesapeake Bay And Its Management Nzes h+ Media
Chesapeake Bay And Its Management Nzes
Besides the official web site, 1xBet also has its cell app. You can entry the mobile providers of this on line casino either by utilizing the app or through the cellular site. Android users can easily obtain and set up the 1xbet app on their cellular gadgets. 1xBet also offers a user-friendly platform that may be accessed from each pc and mobile gadgets. Not simply that, however in addition they offer a 1xBet official app thats compatible with each iOS and Android platforms.
In-play betting significantly increases the possibilities of winning and generates huge curiosity in sporting contests. There is a 24-hour stay chat function thats available each single day of the week. The players can have interaction these features by pressing a button on the primary touchdown web page. Players can relaxation easy knowing that there is always somebody there who will readily help with key considerations at any time. Unlike different websites, the wagering requirements so as to claim the bonus at 1xBet is comparatively lower.
For instance, when looking at a handicap market, they do not all the time arrange the bets symmetrically, so youll have the ability to see each side of the identical handicap. Really, the record is merely too long to deal with the person strategies. It is much less complicated to just say that they probably provide a way that will be of curiosity for you. 1XBet even offers payments through several cryptocurrencies aside from bitcoin. Just like depositing, the withdrawal procedure is pretty easy.
They have been on this business for method too long and know tips on how to satisfy players. Starting from a large collection of video games to excellent customer assist, gamers can get pleasure from all of it on this platform. 1xBet is amongst the hottest sports activities betting websites in the CIS.
Alternatively, you can enter the entire quantity you wish to spend in the Total Stake subject and well mechanically calculate the stake per combo for you. Percentage betting can be a extra affordable approach to improve your chance of winning huge. A Multi guess lets you combine many Fixed Odds selections into one wager, from a minimum of two, as a lot as a maximum of 25. 1XBET has unfortunately turn into a kind of brands that is not reliable. If you win more than you lose, you have hassle getting paid.
Re a half of the neighborhood already, simply check in and choose your favorite market to wager on. There are currently varied variations of one of the best bet application from 1xbet for all present platforms, together with Android, iOS, and even older devices with JAVA support. To get the most effective betting app for Android, you need to go to the corresponding section of the site following the hyperlink in your smartphone?
Bettors from unregulated international locations arent permitted to entry the sports betting plat...
19:15
Search Betway Re Www J9079in 1xbet Iphone App Wwwj9079in 37814572 h+ Media
Search Betway Re Www J9079in 1xbet Iphone App Wwwj9079in 37814572
The different well-liked choices embody casino slots, table video games, lottery, E-Sports, and poker. The newest bettors who understand 1xbet app obtain have a chance to get a welcome bonus. Before it, the participant has to undergo most stages of the registration methodology. When the ultimate stage happens and the player places a deposit, he will get a unique promo code. The circumstances of getting a cell bonus change from time to time. The clients might get a set sum of money because the accolade.
Furthermore, players also get entry to a 24/7 gaming platform and well timed fee options. All on line casino titles obtainable on the desktop web site are additionally current within the 1xBet casino mobile versions. The bookmaker stands out from the the rest of the pack in offering numerous sports betting opportunities with excessive odds. There are an enormous variety of high-quality casino games to choose from. The IxBet cell app is an ideal fit for players with smartphones and tablets.
You have to take a look at options corresponding to bonuses, video games, bonus phrases, security, and extra. Fortunately, Ive already carried out the legwork so that you can put together this list with the most effective Bitcoin cellular gambling apps of 2020. If you are looking for a reliable, secure, and exciting playing web site, 1xbets Casino ought to be on the top of your list.
Arlekin is licensed and controlled under the legal guidelines of the Government of Curacao. Although Arlekin might be a new platform, its undoubtedly backed by trustable and skilled software program developers. It is licensed via Curacao and holds a grasp gaming license. They have constructed a superb status that covers all facets of online casino gambling. They have managed to keep up with the calls for of those that demand a flawless on-line on line casino expertise. HellSpin Casino is a model new on-line playing platform launched in 2022.
Each accumulator wager must comprise three or more events. Now comes the part the place you make your first deposit in your account. Once your account will get verified, you are officially a member of the 1xbet web site. This means now you can proceed to make your first deposit.
Over the previous 14 years, it has turn out to be one of the most recognizable bookmakers worldwide. Now, it is an international firm with alternative to put bets using your cellphone and quick withdrawals. The on-line betting apps are extremely popular among African customers and have many common customers.
Besides the official website, 1xBet also has its mobile app. You can entry the mobile providers of this on line casino either by using the app or through the mobile site. Android users can easily download and install the 1xbet app on their mobile gadgets. 1xBet additionally provides a user-friendly platform that may be accessed from both com...
18:49
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline Security Affairs
Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert.
A Canadian gas pipeline suffered a cyber security incident, Canadas top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion.
Pro-Russia hacktivist groups call to action for targeting organizations in the critical infrastructure sector, said Canadas top cyber official.
The New York Times reported that the cybersecurity incident was revealed in leaked U.S. intelligence documents. One of the leaked top secret files included an alleged intercepted conversation between the hacking group Zarya and an officer at Russias Federal Security Service (FSB), a circumstance that suggests that some groups are operating directly under Russian intelligence.
The F.S.B. officers anticipated a successful operation would cause an explosion at the gas distribution station, and were monitoring Canadian news reports for indications of an explosion, the leaked report said.
The authenticity of the document was not confirmed, however, this is the first time that a pro-Russia-hacking group execute a disruptive attack against Western critical infrastructure.
According to the Pentagons assessment, on Feb. 15, Zarya shared screenshots with the Federal Security Service the main successor agency to the K.G.B., known by its Russian initials, F.S.B. that purportedly showed that the attacker had the capability to increase valve pressure, disable alarms and make emergency shutdowns of an unspecified gas distribution station in Canada. reported the NYT.
Canadas prime minister Justin Trudeau confirmed the cyber attack against the gas pipeline but pointed out that there was no physical damage to any Canadian energy infrastructure.
In regards to the reports of cyberattacks against Canadian energy infrastructure, I can confirm that there was no physical damage to any Canadian energy infrastructure following cyberattacks, Trudeau said.
The Canadian intelligence agency has yet to provide a comment on the cyber security incident,
The cyber attack against the unnamed Canadian gas pipeline took place on February 25, it caused sufficient damage with a severe impact on the companys profits. The leaked document states that the attack was not aimed at causing loss of life but economic d...
18:16
AMD Ryzen 7000 Burning Out: Root Cause Identified, EXPO and SoC Voltages to Blame SoylentNews
We reported this problem a couple of days ago, here:
Impacts all motherboard makers and all Ryzen 7000 chips:
Multiple reports of Ryzen processors burning out have burst onto the internet over the last few days. The damaged chips have not only bulged out and overheated to the point they have become desoldered, but they have also done significant damage to the motherboards they are installed in. We reached out to our industry contacts and learned some new information about the nature of the problem and the scope of AMD's planned fix. Our information comes from multiple sources that wish to remain anonymous, but the info from our sources aligns on all key technical details. As with all unofficial information, we should take the finer details with a grain of salt until AMD issues an official statement.
First, we're told this condition can occur with both standard Ryzen 7000 models and the new Ryzen 7000X3D chips, though the latter is far more sensitive to the condition, and the root cause could be different between the two types of chips. AMD will issue a fix soon, but the timeline is unknown. We're told that failures have occurred with all motherboard brands, including Biostar, ASUS, MSI, Gigabyte, and ASRock.
According to our sources and seconded by an ASUS statement to Der8auer, the problem stems from SoC voltages being altered to unsafe higher levels. This can be imposed from either the pre-programmed voltages used in EXPO memory overclocking profiles or when a user manually adjusts the SoC voltages (a common practice to eke out a bit more memory overclocking headroom).
Our sources also added further details about the nature of the chip failures in some cases, excessive SoC voltages destroy the chips' thermal sensors and thermal protection mechanisms, completely disabling its only means of detecting and protecting itself from overheating. As a result, the chip continues to operate without knowing its temperature or tripping the thermal protections.
AMD's modern chips often run at their thermal limits to squeeze out every last drop of performance within their safe thermal range it isn't uncommon for them to run at 95C during normal operation so they will automatically continue to draw more power until it dials back to remain within a safe temperature. In this case, the lack of temperature sensors and protection mechanisms allows the chip to receive more power beyond the recommended safe limits. This excessive power draw leads to overheating that eventually causes physical damage to the chip, like the bowing we've seen on the outside of...
18:14
Anti-Piracy Group Recruits Teens to Keep Up with Social Media Piracy Trends TorrentFreak
Piracy is by no means exclusive to any particular generation
but among the general public, its often associated with younger
people.
This notion may very well change over time as the Internet-native generation gets older. That said, younger people tend to be more open to change, also when it comes to piracy habits.
Over the past two decades, new online piracy sites, apps and other consumption methods have emerged. This can pose quite a challenge for anti-piracy outfits, whose main goal is to spot new piracy trends and nip them in the bud.
Social Media Piracy Panel
To help with this ongoing process, Danish anti-piracy group Rights Alliance plans to involve youth directly. This week, a job listing appeared online offering teens an hourly wage of 150 Danish kroner (~US$22) to join a piracy discussion panel.
We want to know more about young peoples ways of being and behaving on social media and online in general. With your help, we will become much wiser about young peoples behavior and will be able to reach new heights in our work.
Rights Alliance is specifically looking for young people between the ages of 15 and 17. These teens will join a panel of eight peers who, together with an employee from the anti-piracy group, will discuss piracy-related Internet and social media developments.
Friends and Family are Safe
Theres no need for prospective candidates to be deeply involved in illegal activities or to expose pirating friends. The main goal is to learn how young people are exposed to pirated media during their online activities, which can help to spot emerging threats.
It is important for us to emphasize that you should not disclose yourself, your friends or others in your social circle. The sole purpose is to help us learn more about current trends, Rights Alliance clarifies.
According to the job listing, each panel meeting will last for roughly two hours with three tentatively scheduled for the coming year. The meetings will take place in Copenhagen and travel expenses will be covered.
While its unusual for anti-piracy organizations to recruit teenagers, it makes a lot of sense. Piracy preferences change rapidly and obtaining direct input from younger people is a relatively effective way to keep an eye on new developments.
Preventing Bad Habits
Speaking with TorrentFreak, Rights Alliance director...
18:00
Vectrex Light Pen Works Without a Raster Hackaday
Sometimes the simplest of projects end up revealing the most interesting of things, as for example is the case with [Ryo Mukai]s light pen for the Vectrex console. Its an extremely simple device using an integrated light sensor with built-in Schmitt trigger, but for us the magic isnt in the pen itself but in discovering how it worked with the Vectrexs vector graphics.
Light pens were a popular accessory in the 8-bit computing days, offering a relatively inexpensive pointing device that gave your micro an even more futuristic feel. On most computers that used a raster-scanning TV display they simply picked up the flying dot on the screen as it passed the end of the pen, but the Vectrex with its display not scanning all of the screen at once needed a different approach.
This piqued our interest, and the answer to how it was done came from PlayVectrex. There was a target X on the screen which could be picked up with the pen, and when picked up it would surround itself with a circle. Crossing the dot as it flew round the circle would tell the console where the pen was, and the position would move to fit. For those of us who only saw a Vectrex in a shop window back...
17:14
IRC Proceedings: Tuesday, April 25, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-250423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-250423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-250423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-250423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:05
VMware Releases Critical Patches for Workstation and Fusion Software The Hacker News
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
17:00
RNA-Based Vaccine Technology: The Trojan Horse Did Not Contain mRNA Terra Forming Terra
Colorado chili pepper fossil discovery may upend evolutionary timeline Terra Forming Terra
That at least puts an end to the idea that the plant family was limited to south America at all. It is clearly a plant of the western hemisphere and this may turn out to be true for most. what is certain is that bird carried seeds are easily moved north and south from the equatorial Amazon.
Of course recent traffic in domesticates has turned everything on it head and we are still adjusting to all of that and truly with much more to come. Recent covers the past five thousand years as much was also moved dxuring the bronze Age including dairy Red Deer.
Spanish Bishop: Behind Agenda 2030 lies an attempt to change civilisation, Terra Forming Terra
Lung storage technique offers 'paradigm shift' for transplants Terra Forming Terra
This has to apply to all other tissues as well and just why is that this is not understood back in the day when the work was done. It strikes me that fine temperature control has been available for a long time. Even with brine.
15:54
Links 26/04/2023: Release of Git 2.40.1 and Canonical Pushing Microsoft Clown Computing Again Techrights
Contents
-
GNU/Linux
-
Kernel Space
-
OMG! Linux GNU Linux-libre Kernel 6.3 Now Available
GNU Linux-libre 6.3 is based on recent Linux kernel 6.3 release but strips out all binary blobs, non-free firmware, and any code subject to a proprietary license.
-
-
Instructionals/Technical
-
Its FOSS The Ultimate Guide to i3 Customization in Linux
Learn about customizing your systems look and feel with i3 window manager in this super-detailed guide.
- ...
-
-
15:47
Wikimedia Foundation at LibrePlanet 2023 Techrights
Summary: The above LibrePlanet talk was was uploaded by the FSF a week ago (PeerTube link; talks slides); From the official page: This talk will begin by shining some light on the vastness of Wikipedias technology landscape and the technical community behind it, supporting the development of projects in many different areas to set the room for understanding the need and role of developer advocacy for such a large community. It will then focus on the developer advocacys role in engaging the technical community behind Wikipedia and its sister projects, for example, through dedicated FOSS outreach, mentoring programs and events, awards and ceremonies for developer recognition, grants and partnerships, community metrics and health, platforms and services, developer portal, and more. Through this talk, the audience will gain insights into what a good return on investment means for such initiatives in nonprofit organizations and gather new ideas for building stronger developer communities.
Licence: CC BY SA 4.0
15:47
Roger Spitz joins our Futurists Board. Lifeboat News
Roger Spitz joins our Futurists Board. Roger is an international bestselling author, President of Techistential (Climate & Foresight Strategy), and Chair of the Disruptive Futures Institute.
15:32
The FDA Would Like to Remind You Not to Put Amniotic Fluid in Your Eyes SoylentNews
This report from Ars Technica details an important warning from the U.S. Food and Drug Administration
from the article:
For a sinister Shakespearian brew to conjure spirits, you're going to need to gather a variety of mystical herbs, like the scale of a dragon and the cool blood of a baboon (or maybe a spotted gecko). For eternal life, harvest a dead man's toe and a newt's saliva.
But if dry eye relief is all you seek, then the urine of a human fetus is what you'll needjust don't mention it to the Food and Drug Administration.
The regulatory agency posted a public safety notification warning people not to use eye drops with such ingredientsproducts more akin to hocus-pocus than modern medicine.
The eye drops are thought to contain amniotic fluid, the clear liquid that surrounds and cushions a human fetus as it incubates in a womb. Generally, amniotic fluid contains a variety of maternal and fetal excretions and secretions, but after the 10th week of gestation, it is largely fetal urine, with fetal lung secretions being another significant component.
Read more of this story at SoylentNews.
15:00
Bass Reactive LEDs For Your Car Hackaday
[Stephen Carey] wanted to spruce up his car with sound reactive LEDs but couldnt quite find the right project online. Instead, he wound up assembling a custom bass reactive LED display using an ESP32.
...
12:45
This NASA Telescope Has Discovered 329 New Exoplanets in Just Five Years SoylentNews
This NASA Telescope Has Discovered 329 New Exoplanets In Just Five Years - SlashGear:
One of the biggest areas of research in astronomy right now is the discovery of exoplanets, or planets outside our solar system. With over 5,000 exoplanets known and more being discovered every month, you might think that this field is well-established but in fact, it's rather recent, with the study of exoplanets only really taking off in the last decade or so. A big part of the explosion of exoplanet studies has been new tools that allow scientists to discover these far-off worlds more readily than ever before.
The new generation of exoplanet-hunting tools arguably began with the launch of the (now retired) Kepler Space Telescope in 2009, which ceased operations in 2018. But the baton was picked up by subsequent instruments, like NASA's Transiting Exoplanet Survey Satellite, also known as TESS. Launched in 2018, NASA recently released some figures for TESS's achievements from its first five years in space. In this time, TESS has discovered an impressive 329 new exoplanets, as well as discovering thousands more candidate exoplanets.
[...] TESS uses an exoplanet detection method called the transit method. This is where you look at the brightness of a given star over time. If there is a planet orbiting that star when it passes between us and the star (called a transit), the star's brightness will dip very slightly. If you observe that dip in brightness at regular intervals, you can work out whether there is a planet there and how quickly it orbits that star. The amount by which the brightness dips can also help give information on things like the planet's size or orbit too.
Read more of this story at SoylentNews.
12:00
Reading Ptolemys Treatise on the Meteoroscope On Palimpsests After Centuries of Recovery Attempts Hackaday
During the Middle Ages much of Ancient Greek and Roman scientific, legal and similarly significant texts written on parchment were commonly erased, mostly because of the high cost of new parchment and the little regard given to these secular texts. Although recovery attempts of the remaining faint outlines of the old text has been attempted since at least the 19th century, these often involved aggressive chemical means. Now researchers have managed to recover the text written by Ptolemy on a parchment that suffered such a pre...
10:28
NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly
NEW 'Off The Wall' ONLINE
Posted 26 Apr, 2023 0:28:29 UTC
The new edition of Off The Wall from 04/25/2023 has been archived and is now available online.
10:02
No Need to Recycle, These Disposable Coffee Cups are Made of Dirt SoylentNews
You can smash these 3D-printed cups from GaeaStar on the ground and walk away:
Imagine the horrified looks you'd get if you dropped your paper coffee cup on the ground, stepped on it and walked away. A startup based in San Francisco and Germany says you can do exactly that with its cups, guilt-free.
GaeaStar is getting ready to introduce its 3D-printed, disposable clay cups to the US, after a successful trial period at coffee shops and ice cream parlors in Berlin. Watch the video above to learn more.
The cups are made from just three ingredients: dirt, salt and a small amount of water. Founder and CEO Sanjeev Mankotia told CNET he had the idea when he was visiting family in India and his cousin was drinking chai from a terracotta cup she bought from a street vendor. "She drank the cup, and then smashed it on the ground. And I was like, 'You're throwing something away that's creating litter.' And her reaction was, "It's made out of dirt, why is this an issue?"
Those terracotta cups, or "Kuhlars" have been used in South Asia for 5,000 years. They are typically never reused.
[...] According to GaeaStar, it can print a ceramic cup using about 60% less energy than it takes to create a plastic or paper cup, for about the same price. "When you scale it up, we feel that this could be priced in parallel or comparable to the incumbent cups in the market, if not cheaper."
[...] GaeaStar's long-term goal is to put its patent-pending 3D-printers in shops around the US, where cups could be printed on-demand in about 10 seconds. Mankotia says dirt can be sourced locally to save energy. In the meantime, you'll be able to find them in select Verve Coffee shops around California this year.
Read more of this story at SoylentNews.
10:00
HPR3843: LinuxLUGCast pre-show ramblings Hacker Public Radio
I first want to apologize for my crappy show notes. That out of the way. Welcome to LinuxLUGCast episode 217 the pre-show. Normally this gets tacked on to the end of the regular podcast, but Ken put out a call for shows and we figured this was the easiest way to get a show out. I was going to try to meet up with these same people on Mumble and talk about something technical for HPR, but let's be honest the conversation would probably still have turned into TV and movies, and we were already together and recording. Plus hopefully I can use this to convince other people to come and join the Lugcast. We record every first and third Friday of the month using mumble. Check out linuxlugcast.com for all the details.
A Dozen in One It Will Never Work in Theory
I've fallen behind on reviewing while prepping for this week's talks, so here are a dozen papers you might enjoy.
Brittany Johnson, Christian Bird, Denae Ford, Nicole Forsgren, and Tom Zimmermann. Make your tools sparkle with trust: the PICSE framework for trust in software tools. In ICSE SEIP. May 2023, https://www.microsoft.com/en-us/research/publication/the-picse-framework-for-trust-in-software-tools/.
The day to day of a software engineer involves a variety of tasks. While many of these tasks are collaborative and completed as such, it is not always possible or feasible to engage with other engineers for task completion. Software tools, such as code generators and static analysis tools, aim to fill this gap by providing additional support for developers to effectively complete their tasks. With a steady stream of new tools that emerging to support software engineers, including a new breed of tools that rely on artificial intelligence, there are important questions we should aim to answer regarding the trust engineers can, and should, put into their software tools and what it means to build a trustworthy tool. In this paper, we present findings from an industry interview study conducted with 18 engineers across and external to the Microsoft organization. Based on these interviews, we introduce the PICSE (pronounced "pixie") framework for trust in software tools to provide preliminary insights into factors that influence engineer trust in their software tools. We also discuss how the PICSE framework can be considered and applied in practice for designing and developing trustworthy software tools.
Arut Prakash Kaleeswaran, Arne Nordmann, Thomas Vogel, and Lars Grunske. A user study for evaluation of formal verification results and their explanation at bosch. 2023. arXiv:2304.08950.
Context: Ensuring safety for any sophisticated system is getting more complex due to the rising number of features and functionalities. This calls for formal methods to entrust confidence in such systems. Nevertheless, using formal methods in industry is demanding because of their lack of usability and the difficulty of understanding verification results. Objective: We evaluate the acceptance of formal methods by Bosch automotive engineers, particularly whether the difficulty of understanding verification results can be reduced. Method: We perform two different exploratory studies. First, we conduct a user survey to explore challenges in identifying inconsistent specifications and using formal methods by Bosch automotive engineers. Second, we perform a one-group pretest-posttest experiment to collect impressions from Bosch engineers familiar with formal methods to evaluate whether unde...
09:48
F2FS & Btrfs Enjoy Some Nice Improvements With Linux 6.4 Phoronix
In addition to EXT4 seeing some performance optimizations and File-System (F2FS) drivers are also seeing some nice enhancements with this next Linux kernel version...
09:00
Insulin Pump Teardown Shows One Motor Does Many Jobs Hackaday
Modern insulin pumps are self-contained devices that attach to a users skin via an adhesive patch, and are responsible for administering insulin as needed. Curious as to what was inside, [Ido Roseman] tore down an Omnipod Dash and took some pictures showing what was inside.
08:15
[$] Nikola: static-site generation in Python LWN.net
Static-site generators are tools that generate HTML pages from source files, often written in Markdown or another markup language. They have built-in templates and themes, which allows developers to create lightweight and secure of these tools is Nikola, written in Python.
08:09
Corrupt Administration at the European Patent Office is Causing a Mental Health Crisis Techrights
Summary: Distress among DG1 examiners at the EPO is reported; after the notorious suicide wave under Benot Battistelli it seems like Antnio Campinos and his corrupt regime (he surrounded himself by unqualified friends of his, who barely understand patents but are eager to burn constitutions, laws, conventions etc. for a living) endanger the lives of examiners
THE push by the EPO for an illegal UPC (promoted by Mafia-esque elements, eager to blackmail their critics and exposers) was noted here many times before in effect a kangaroo court that would authorise illegal EPO policies and even European software patents a controversial practice of granting being the subject of recent leaks.
If the EU (or EC) fails to stop this, it too will suffer profoundly.Nothing substantial has improved at the EPO and immaterial progress isnt being made; theyre just flinging lots of crappy patents at the wall and hope some will stick (maybe with help from the impending but illegally-promoted kangaroo court).
The Central Staff Committee now warns that Search & Examination Practice[s] lead to Distress among DG1 examiners.
In this [already-sent] open letter, theyve told colleagues, they said to Steve Rowan [that] we note a worrying trend of distress among DG1 examiners currently confronted with radical changes in search and examination practice in their technical fields due to directives from their superiors, in several directorates. The work of these examiners has been supported and even praised by the Office for many years and their decisions have been generally upheld by the Boards of Appeals. They do not understand the sud...
08:00
Tuning glibc malloc on ARM: A Case Study Linux.com
Excessive Page faults can negatively imp
Click to Read More at Oracle Linux Kernel Development
The post Tuning glibc malloc on ARM: A Case Study appeared first on Linux.com.
07:36
Links 25/04/2023: RapidDisk 9.1.0 and Microsoft Revenue Down in Many Areas Techrights
Contents
-
GNU/Linux
-
Audiocasts/Shows
-
Tux Digital Destination Linux 320: The Chumby on Jills Treasure Hunt!
This weeks episode of Destination Linux, we will be visiting Jills computer museum to check out The Chumby in Jills Treasure Hunt. Then we take a look at some new offering from Pine64.
-
320: The Chumby on Jills Treasure Hunt!
-
Late Night Linux Episode 226
Great n...
-
-
07:15
SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times Security Affairs
A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks.
A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to conduct powerful volumetric DDoS attacks.
The Service Location Protocol (SLP) is a legacy service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration.
Researchers from Bitsight and Curesec reported that attackers exploiting this flaw can leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks. The experts pointed out that the flaw can allow achieving an amplification factor as high as 2200 times, which is one of the largest amplification attacks ever reported.
The vulnerability impacts more than 2,000 organizations worldwide and over 54,000 SLP instances that are publicly exposed to the Internet, including VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types.
Bitsight reported the flaw to the U.S. Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) and impacted organizations.
In a reflective DoS amplification attack, the attacker sends small requests to a server with the spoofed source IP address of the victim. In turn, the server replies to the victims IP address, sending much larger responses than the requests, generating large amounts of traffic to the victims system.
Reflection coupled with service registration significantly amplifies the amount of traffic sent to the victim. The typical reply packet size from an SLP server is between 48 and 350 bytes. Assuming a 29 byte request, the amplification factor or the ratio of reply to request magnitudes is rou...
07:13
Linux Foundation Launches New Organization to Maintain TLA+ SoylentNews
Linux Foundation launches new organization to maintain TLA+:
The LinuxFoundation, the nonprofit tech consortium that manages various open source efforts, today announced the launch of the TLA+ Foundation to promote the adoption and development of the TLA+ programming language. AWS, Oracle and Microsoft are among the inaugural members.
What is the TLA+ programming language, you ask? It's a formal "spec" language developed by computer scientist and mathematician Leslie Lamport. Best known for his seminal work in distributed systems, Lamport now a scientist at Microsoft Research created TLA+ to design, model, document and verify software programs particularly those of the concurrent and distributed variety.
[...] "TLA+ is unique in that it's intended for specifying a system, rather than for implementing software," a Linux Foundation spokesperson told TechCrunch via email. "Based on mathematical concepts, notably set theory and temporal logic, TLA+ allows for the expression of a system's desired correctness properties in a formal and rigorous manner."
TLA+ includes a model checker and theorem prover to verify if a system's specification satisfies its desired properties. The goal is to assist developers with reasoning about systems above the code level, uncovering and preventing design flaws (hopefully) before they evolve into bugs during the later stages of software engineering.
Read more of this story at SoylentNews.
06:03
Software Freedom Conservancy is Selling Verbal Thank-Yous So That Its Chief Can Earn a Quarter Million Dollars Per Year, Tax-Free Techrights
The people who give talks (i.e. actually work) do not get paid
Summary: Just advertised by the greedy SFC is an upcoming event; the business model is rather telling (basically mimicking the Linux Foundation, where even the thanks are just sponsored words coming from someones mouth)
05:49
VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023 Security Affairs
VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors.
VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors.
The STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF to hack the VMWare Workstation virtualization software. They earned $80,000 and 8 Master of Pwn points.
The vulnerability CVE-2023-20869 is a stack-based buffer-overflow issue that resides in Bluetooth device-sharing functionality. A local attacker can exploit the flaw to execute code as the virtual machines VMX process running on the host.
The flaw CVE-2023-20870 is an information disclosure issue in the functionality for sharing host Bluetooth devices with the VM. An attacker can exploit the vulnerability to read privileged information contained in hypervisor memory from a VM.
The virtualization giant recommends as a workaround for both CVE-2023-20869 and CVE-2023-20870 to turn off the Bluetooth support on the virtual machine.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(...
05:45
System76-Scheduler 2.0 Released With PipeWire Integration, Performance Optimizations Phoronix
Last year the Pop!_OS software developers at System76 introduced system76-scheduler as a Rust-written user-space daemon intended to auto-configure CFS and dynamically manage process priorities. They've added various features to improve the Linux desktop responsiveness and performance while today they rolled out system76-scheduler v2.0 as the latest iteration of this process scheduler...
05:16
Texas Should Leave Its Anti-SLAPP Law Alone Deeplinks
The Texas Citizens Participation Act, or TCPA, has been one of the strongest laws in the nation protecting citizens against lawsuits intended to silence or punish individuals who speak up on public matters. But HB 2781, a bill making its way through the state's legislature right now, would needlessly undercut the protections Texans have enjoyed for more than a decade.
Sometimes lawsuits are filed to chill speech or harass people, rather than resolve legitimate legal disputes. These types of censorious lawsuits have been dubbed Strategic Lawsuits Against Public Participation, or SLAPPs. Those who bring SLAPPs hope that the time and money people need to defend themselves against the claimsand the stress that resultswill intimidate them into silence. Anti-SLAPP laws such as the TCPA protect people from this kind of harassment. For example, thanks to the TCPA's protections, a Texas court in 2016 dismissed a $1 million lawsuit that a pet-sitting company filed against a Dallas couple just for leaving the business a one-star Yelp review.
Effective anti-SLAPP laws like the current TCPA allow judges to quickly review whether someone's been hit with a lawsuit for speaking out on a matter of public concern. During that time, other court proceedings are put on hold. If its determined that the case is a SLAPP, the lawsuit gets thrown out and the SLAPP victim can recover their legal fees. HB 2781 would remove this automatic stay if a motion to dismiss a SLAPP suit is found to be frivolous, untimely, or subject to a statutory exemption.
This is a mistake. Courts, after all, are not always right. Recent Texas Supreme Court cases such as Kinder Morgan v. Scurry County and Montelongo v. Abrea show that both trial courts and courts of appeal considering anti-SLAPP motions can easily decide timeliness issues incorrectly.
As EFF noted in its letter opposing the bill, the existing automatic stay is key to the TCPAs protections. Otherwise, a person trying to use the law's protections to avoid unnecessary legal costs must instead simultaneously juggle not only the SLAPP suit itself but also the anti-SLAPP motion. This would be a tremendous waste of time and judicial resources.
A number of groups representing many different interests...
05:13
Deploy an application in Red Hat OpenShift on your laptop Linux.com
Now that your environment has been set up, deploy a sample application on an OpenShift Local cluster.
Read More at Enable Sysadmin
The post Deploy an application in Red Hat OpenShift on your laptop appeared first on Linux.com.
04:54
LibrePlanet Talk: Rayner Lucas and Tristan Miller on USENET and How Its Moderated Techrights
Summary: The above LibrePlanet talk by Rayner Lucas and Tristan Miller is a remote (not physical presence) talk and it was uploaded by the FSF a week ago (slides here; PeerTube link); From the official page: Todays social media users are locked into proprietary platforms, under the control of a few large corporations. Users are not customers, but a product to be sold to advertisers. These companies have little reason to care about fostering healthy discussion, only to keep advertisers happy. But there is another model for social media. Federated social networks began with Usenet, a distributed system of discussion forums invented a decade before the World Wide Web. Since then, projects such as Mastodon and Diaspora have used open standards and common communication protocols to give users power to choose their own social media experience. What lessons can we learn from Usenet? What does it get right, and what could it do better? And does Usenet still have a place on the modern Internet?
Licence: GFDL 1.3
04:31
Simulating a Secure Future SoylentNews
Next-generation silicon chips based on spintronics could improve global cybersecurity:
Imagine a movie about a rogue employee who breaches security in a company that implants chips inside half of the world's computers. They embed a Trojan in systems around the globe and hold the world to ransom.
This is not unimaginable, says Rajat Kumar, a Ph.D. student in Yehia Massoud's lab at KAUST. "A single company currently supplies more than half of the world's chips, and nearly all of the most advanced chips," he confirms.
Massoud's group researches emerging technology that could make chips more secure. A recent project reports multifunctional logic gates that offer users a range of hardware security advantages. These include better control over their devices, tamper protection, watermarking and fingerprinting, and layout camouflage.
"Even if a semiconductor foundry is highly trustworthy, an untrusted entity in the supply chain could tamper with chips," Massoud says.
[...] As a secure alternative, Kumar and colleagues explored polymorphic gates made from nanoscale structures consisting of an oxide layer sandwiched between two ferromagnetic layers. These structures, known as a magnetic tunnel junctions (MTJ), are easily switchable by reversing the relative orientation of magnetic spins of the ferromagnetic layers. This spin-based control makes MTJs examples of spintronic devices.
Kumar and colleagues thought the switchable properties of MTJs meant that they could be used to create polymorphic gates, whose configuration users could check and reconfigure, overwriting any nefarious settings. They showed that MTJs function as polymorphic gates in a way that prevents tampering and intellectual property piracy due to their symmetry at both circuit and layout level symmetry, obscuring their layout and making them hard to reverse engineer.
Journal Reference:
Kumar, R., Divyanshu, D,. Khan, et al., Y. Polymorphic
hybrid CMOS-MTJ logic gates for hardware security applications.
Electronics, 12, 902 (2023). DOI: https://doi.org/10.3390/electronics12040902
Read more of this story at SoylentNews.
04:25
Fedora 39 Wants To Ensure Your ESP Is Big Enough Phoronix
The latest feature planning around Fedora 39 for releasing later this year is around ensuring your EFI System Partition (ESP) is large enough for new functionality moving forward...
03:56
Git 2.40.1 & Other Updates Due To Three New Security Vulnerabilities Phoronix
Git 2.40.1 is out today due to three new security vulnerabilities being disclosed. Due to those security fixes there are also Git updates for prior stable series with v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9...
03:27
Links 25/04/2023: More Downtimes and Financial Woes at Microsoft Techrights
Contents
-
GNU/Linux
-
Kernel Space
-
GamingOnLinux Linux kernel 6.3 is out now heres some quick highlights
Linus Torvalds announced the full release of Linux kernel 6.3, and with it plenty of the usual improvements everywhere.
-
MaskRay Linker notes on AArch32
This article describes target-specific details about AArch32 in ELF linkers. I described AArch64 in a previous article.
-
Matt Rickard The ptrace syscall
ptrace (process trace) is a system call in Unix and Unix-like operating systems that intercepts system calls. Its a powerful tool that enables tools like debuggers (e.g., gdb), reverse engineering tools, tracing, code injection, and even simple sandboxing. (see proot for an example of a ptrace sandbox). The most interesting part...
-
-
03:19
Git 2.40.1 (and several others) released LWN.net
There is a new stable Git release containing fixes for three separate security vulnerabilities. The fixes have also been backported to the older v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9 releases. Sites using Git in untrusted environments or with untrusted input should probably upgrade soon.
03:10
[ANNOUNCE] Git v2.40.1 and friends Open Source Security
Posted by Junio C Hamano on Apr 25
A maintenance release Git v2.40.1, together with releases for oldermaintenance tracks v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8,
v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9, are now available
at the usual places.
These maintenance releases are to address security issues identified
as CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007. They affect
ranges of existing versions and users are encouraged to upgrade.
The tarballs are found at:...
03:02
Miscarriage and Stillbirths cryptogon.com
Via: Dr. John Campbell:
02:58
Internal Documents Show How Little the FBI Did to Correct Misuse of Section 702 Databases Deeplinks
The Federal Bureau of Investigation (FBI) has released internal documents used to guide agency personnel on how to search the massive databases of information collected under the Foreign Intelligence Surveillance Act, including communications collected without a warrant under Section 702. Despite reassurances from the intelligence community about its culture of compliance, these documents depict almost no substantial consideration of privacy or civil liberties. They also suggest that in the years before these guidelines were written, even amidst widespread FBI misuse of the databases to search for Americans communications, there were even fewer written guidelines governing their use. Above all, FBI agents can still search for and read Americans private communications collected under Section 702, all without a warrant or judicial oversight.
Section 702 allows the government to conduct surveillance
inside the United States by vacuuming up digital communications so
long as the surveillance is directed at foreigners currently
located outside the United States. It also prohibits
intentionally targeting Americans.
Nevertheless, the NSA routinely (incidentally) acquires innocent
Americans' communications without a probable cause warrant. Once
collected, the FBI can search through this massive database of
information by querying the communications of specific
individuals.
In 2021 alone, the FBI conducted up to 3.4 million warrantless searches of Section 702 data to find Americans communications. Congress and the FISA Court have imposed modest limitations on these backdoor searches, but according to several recent FISA Court opinions, the FBI has engaged in widespread violations of even these minimal privacy protections.
After a string of scandals, these newly released documents demonstrate some of the steps the FBI took to train personnel who apparently did not understand how to stay within the laws extremely broad mandate. Namely, to query the collected communications of U.S. persons only if they are investigating foreign intelligence, a crime, or both, still without judicial review. According to FBI director and...
02:53
Japans ispace Seeks to Land First Private Spacecraft on the Moon cryptogon.com
Update: Lost Communications, Landing Probably Failed Live: Via: EL PAS: The Japanese probe Hakuto-R which is about the size of a large refrigerator will try to land in Atlas, an impact crater in the far north of the Moon, within the unexplored Mare Frigoris, or Sea of Cold. If it succeeds, it []
02:20
Robert F. Kennedy Jr. Wants a Law to Punish Global Warming Skeptics cryptogon.com
The article below is from 2015, but it doesnt matter, because, even if RFK Jr. had widespread supporthe doesntthe Democratic Party would simply screw him over. I dont know if I have the energy to do this again, but, as per the quadrennial routine in the U.S., heres whats going to happen: After more than []
02:18
Microsoft, Based in Redmond, is Exiting Redmond Amid Layoffs and Other Troubles (Updatedx2) Techrights
Recent: In One City Alone Microsoft Fired Almost 3,000 Workers This Year (Were Still in March)
Published 48 minutes ago
Summary: Amid
more layoffs this week (Azure is in trouble) and now that mainstream
media is consistently predicting bad results for Microsoft (they
will distract with AI smokescreen/vapourware*) its worth
taking note of the new report (above)
______
* The pro-Microsoft AI trolls have infested our IRC
network this week.
Update: The key part:
Microsoft currently occupies most of the space in Millennium Corporate Park. CBRE is marketing 497,193 square feet out of the 537,000 square-foot campus. This plan was followed by Microsofts earlier plans to reduce office space by 1.7 million square feet by not renewing leases in Bellevue and Issaquah. Microsoft has also put the development of campus expansion project on hold.
497,193 square feet out of the 537,000 square-foot campus is about 93%. So it sounds like theyre almost shutting it all down.
Update #2: Preview again and it is negative with blame-shifting. Notice how they blame other companies for this deceleration. So now instead of insisting that clown computing was all along the future its just this nebulous thing they call AI (they mean chatbots).
01:54
JUICE, the Jupiter Icy Moons Explorer, is ESAs first mission to Jupiter. It will arrive to Jupiter in 2031, and study Ganymede, Callisto and Europa until 2035. The spacecraft was launched on an Ariane 5 from Kourou on April 14. On April 15, between 05:30 and 08:30 UTC, I recorded JUICEs X-band telemetry signal at 8436 MHz using two of the 6.1 m dishes from the Allen Telescope Array. The spacecraft was at a distance between 227000 and 261000 km.
The recording I made used 16-bit IQ at 6.144 Msps. Since there are 4 channels (2 antennas and 2 linear polarizations), the total data size is huge (966 GiB). To publish the data to Zenodo, I have combined the two linear polarizations of each antenna to form the spacecrafts circular polarization, and downsampled to 8-bit IQ at 2.048 Msps. This reduces the data for each antenna to 41 GiB. The sample rate is still enough to contain the main lobes of the telemetry modulation. As we will see below, some ranging signals are too wide for this sample rate, so perhaps Ill also publish some shorter excerpts at the higher sample rate.
The downsampled IQ recordings are in the following Zenodo datasets:
- Recording of JUICE with the Allen Telescope Array on 2023-04-15 (antenna 1a)
- Recording of JUICE with the Allen Telescope Array on 2023-04-15 (antenna 5c)
In this post I will look at the signal modulation and coding, and some of its radiometric properties. Ill show how to decode the telemetry frames with GNU Radio. The analysis of the decoded telemetry frames will be done in a future post.
Waterfall analysis
First I have computed a waterfall from the IQ recordings and analysed it using the same techniques as for Artemis 1. ATA antennas 1a and 5c were used to record. They have linear polarization feeds. Here I will show the data for antenna 1a. The plots for antenna 5c looks similar and can be seen in the Jupyter notebook.
This plot shows the power spectral density in each of the X and Y linear polarizations, and in the cross-correlation between X and Y. The signal is nominally circularly polarized (there seems to be some confusion as to whether it is RHCP or LHCP, and I cannot confirm this because I didnt calibrate the phase...
01:47
A Vegan Leather Made of Dormant Fungi Can Repair Itself SoylentNews
The fungi can regrow, potentially fixing tears in items one day made from the alternative leather:
Imagine if a ripped leather jacket could repair itself instead of needing to be replaced.
This could one day be a reality, if the jacket is fashioned from fungus, researchers report April 11 in Advanced Functional Materials. The team made a self-healing leather from mushrooms' threadlike structures called mycelium, building on past iterations of the material to allow it to fix itself.
Mycelium leather is already an emerging product, but it's produced in a way that extinguishes fungal growth. Elise Elsacker and colleagues speculated that if the production conditions were tweaked, the mycelium could retain its ability to regrow if damaged.
That novel approach could offer inspiration to other researchers trying to get into the mycelium leather market, says Valeria La Saponara, a mechanical and aerospace engineer at the University of California, Davis.
Elsacker, a bioengineer now at the Vrije Universiteit Brussel, and her colleagues first grew mycelium in a soup rich in proteins, carbohydrates and other nutrients. A skin formed on the surface of the liquid, which the scientists scooped off, cleaned and dried to make a thin, somewhat fragile leather material. They used temperatures and chemicals mild enough to form the leather but leave parts of the fungus functional. Left dormant were chlamydospores, little nodules on the mycelium that can spring back to life and grow more mycelium when conditions are prime.
After punching holes in the leather, the researchers doused the area in the same broth used to grow it to revive the chlamydospores. The mycelium eventually regrew over the punctures. Once healed, the hole-punched areas were just as strong as undamaged areas however, the repairs were visible from one side of the leather.
Journal Reference:
DOI: https://onlinelibrary.wiley.com/doi/10.1002/adfm.202301875
Read more of this story at SoylentNews.
01:33
Bulgaria Approves Draft Law That Turns Pirate Site Operators Into Criminals TorrentFreak
When countries are placed on the USTRs Watch List for
failing to combat piracy, most can expect years of pressure
punctuated by annual Special 301 Reports declaring more needs to be
done.
Bulgaria was on the Watch List in 2015 when the USTR reported incremental progress in the countrys ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2013, Bulgarias Ministry of Culture had carried out 743 checks related to online copyright infringement but a year later, it conducted just 13 (pdf).
Still, the United States reported that Bulgaria was continuing its efforts to draft a new Criminal Code with the goal of significantly reducing piracy. That would eventually arrive, but not for quite some time.
Bulgaria Promises to Deliver
In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver. In the wake of that reprieve in 2020, local prosecutors filed just one copyright indictment. In the following year, not a single person was charged with a copyright infringement offense.
That led to a warning in the 2022 Special 301 Report that the USTR would conduct an Out-of-Cycle Review to assess if any material progress had been made.
In September 2022, Bulgaria was further criticized in a trade barriers report for poor IP protection and as recently as this month, the U.S. Intellectual Property Enforcement Coordinator reported (pdf) that these issues are just part of Bulgarias larger rule of law problems.
To this background, Bulgaria might ordinarily have found itself edging toward the Watch List once again, but last week it took a significant step that will be welcomed in the United States.
Draft Criminal Code Amendments
Just eight short years after the United States reported Bulgarias work on legal amendments, things appear to be coming together. Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue.
Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also consideri...
01:33
Intel Submits Long-Awaited Shadow Stack Support For Linux 6.4 Phoronix
While Intel Shadow Stack support has been around since Tiger Lake CPUs as part of Intel's Control-flow Enforcement Technology (CET), finally for the Linux 6.4 kernel is this security feature being enabled with the mainline Linux kernel...
00:55
A new Mirai botnet variant targets TP-Link Archer A21 Security Affairs
Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks.
Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers.
The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router. The root cause of the problem is the lack of input sanitization in the locale API that manages the routers language settings. A remote attacker can trigger the issue to inject commands that should be executed on the device.
The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security.
In March, TP-Link released a firmware update to address multiple issues, including this vulnerability.
ZDI reported that threat actors started exploiting the flaw after the public release of the fix, the attacks initially focused on Eastern Europe.
Threat actors are exploiting the flaw by sending a specially crafted request to the router that contains a command payload as part of the country parameter. The attackers send a second request that triggers the execution of the command.
Starting on April 11th, we began seeing notifications from our telemetry system that a threat actor had started to publicly exploit this vulnerability. reads the report published by ZDI. Most of the initial activity was seen attacking devices in Eastern Europe, but we are now observing detections in other locations around the globe.
00:22
Pro-Russia hackers attack European air traffic control website, but dont panic! Flights continue as normal Graham Cluley
Eurocontrol, the European air traffic control agency, has revealed that it has been under cyber attack for the last week, and says that pro-Russian hackers have claimed responsibility for the disruption. When you first see the headline in the likes of the Wall Street Journal, it's a scary thing to read. But dig a little deeper, and you realise that the err.. sky is not falling. Read more in my article on the Hot for Security blog.
00:07
Google researchers found multiple security issues in Intel TDX Security Affairs
Google Cloud Security and Project Zero researchers found multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).
Google Cloud Security and Project Zero researchers, working with Intel experts, discovered multiple vulnerabilities in the Intel Trust Domain Extensions (TDX).
The Intel Trust Domain Extensions (Intel TDX) allows to deploy hardware-isolated, virtual machines (VMs) called trust domains (TDs). Intel TDX is designed to isolate VMs from the virtual-machine manager (VMM)/hypervisor and any other non-TD software on the platform to protect TDs from a broad range of software.
The Google researchers discovered ten security issues in Intel TDX during a nine-month audit.
The researchers reviewed the source code of the core Intel TDX software components and the design and documentation provided by Intel. The issues inspected by the researchers included arbitrary code execution in a privileged security context, cryptographic weaknesses and oracles, temporary and permanent denial of service, and weaknesses in debug or deployment facilities.
The review resulted in 81 potential attack vectors and resulted in 10 confirmed security issues and 5 defense in depth changes over a period of 9 months. reads the report released by Google.
Intel addressed nine of the discovered issues by changing the TDX code, while the tenth flaw required changes to the guide for writing a BIOS to support TDX.
These flaws were not assigned CVE identifiers, but Intel internally assigned CVSS v3.1 scores to them.
The most serious issue discovered by the researchers was the Exit Path Interrupt Hijacking when returning from ACM mode. The issue received a CVSS score of 9.3, experts pointed out that an attacker can trigger it to achieve arbitrary code execution in the privileged ACM execution mode.
Its positive to note that of the security issues discovered only 2 would be considered memory safety issues. By far the most common class of security issues discovered were logical bugs due to the complexity of Intel processors generally, and the TDX feature specifically. continues the analysis. For example the Exit Path Interrupt Hijacking issue was a result of the complex set of steps necessary to switch between the privileged ACM mode and normal operating mode. Completely eliminating these logical issues is much more difficult than moving to a memory safe language such as Rust.
The above were mitigated before the...
00:03
An update on the GCC frontend for Rust LWN.net
Philip Herron and Arthur Cohen have posted an update on the status of gccrs the GCC frontend for the Rust language and why it will not be a part of the upcoming GCC 13 release.
While all of this appears like a lot of work, we are confident in our progress and hope to get closer and closer to getting the core crate working in the next few months. There is also a lot of important work remaining in order to produce a valid Rust compiler, which is why we will spend the coming months focusing on the core crate as well as a borrow-checker implementation, and the development of the necessary tooling to allow us to try and pass the Rust 1.49 testsuite. library with our compiler in the next major GCC release, GCC 14, and hope to backport enough changes to the GCC 13 branch to get the core crate working in time for the GCC 13.2 release. This will enable users to easily start experimenting with the compiler for #![no_std] Rust programs and, hopefully, some embedded targets.
00:00
FET: The Friendly Efficient Transistor Hackaday
If you ever work with a circuit that controls a decent amount of current, you will often encounter a FET a Field-Effect Transistor. Whether you want to control a couple of powerful LEDs, switch a USB device on and off, or drive a motor, somewhere in the picture, theres usually a FET doing the heavy lifting. You might not be familiar with how a FET works, how to use one and what are the caveats lets go through the basics.
...
00:00
VMware announces new security capabilities to help protect hybrid workforce Help Net Security
VMware has unveiled new capabilities that deliver lateral security across multi-cloud environments so customers can better see and stop more threats and innovations to its Workspace ONE platform that will better enable organizations to secure their hybrid workforce. VMware Contexa, a threat intelligence cloud powering VMwares suite of security solutions, finds that cybercriminals make only 2-3 lateral moves to reach their target. Preventing lateral movement requires an end-to-end view across users, devices, networks, apps, and More
The post VMware announces new security capabilities to help protect hybrid workforce appeared first on Help Net Security.
Tuesday, 25 April
23:40
Sherlock Holmes and the Case of the Spherical Lens: Reflections on a Gravity Lens Telescope (Part I) Centauri Dreams Imagining and Planning Interstellar Exploration
A growing interest in JPLs Solar Gravitational Lens mission here takes Wes Kelly on an odyssey into the past. A long-time Centauri Dreams contributor, Wes looks at the discovery of gravitational lensing, which takes us back not only to Einstein but to a putative planet that never existed. Part II of the essay, which will run in a few days, will treat the thorny issues lensing presents as we consider untangling the close-up image of an exoplanet, using an observatory hundreds of AU from the Sun. Wes has pursued a lifetime interest in flight through the air, in orbit and even to the stars. Known on Centauri Dreams as wdk, he runs a small aerospace company in Houston (Triton Systems,LLC), founded for the purpose of developing a partially reusable HTOL launch vehicle for delivering small satellites to space. The company also provides aerospace engineering services to NASA and other customers, starting with contracts in the 1990s. Kelly studied aerospace engineering at the University of Michigan after service in the US Air Force, and went on to do graduate work at the University of Washington. He has been involved with early design and development of the Space Shuttle, expendable launch systems, solar electric propulsion systems and a succession of preliminary vehicle designs. With the International Space Station, he worked both as engineer and a translator or interpreter in meetings with Russian engineering teams on areas such as propulsion, guidance and control.
by Wes Kelly
Part 1. Each of the Known Suspects Has an Alibi Related to His Whereabouts.
[This article originated with an inquiry from our local astronomy club for a talk during an indoor meeting anticipating a cloudy sky.]
Among topics arising on Centauri Dreams, reader response often turns to investigation: the original scientific reports plus surrounding evidence, the basis for many of the websites entries. And when a topic is unfamiliar or on a frontier of knowledge, reader investigation can be a matter of playing catch up, as I can attest. Fair enough. Scientific observations, data interpretations or hypotheses Take the matter of heading out to deep space to collect light from the other side of the sun and then deconvolute it to extract the image of an exoplanet. The steps to this objective have to be judged individually or reviewed as stepping stones, connecting lines of inquiry Or maybe going so far as...
23:38
TODAY: Watch Ispace Attempt to Land on the Moon for the First Time SoylentNews
Watch ispace attempt to land on the moon for the first time:
After five long months journeying through space, ispace's Hakuto-R lander is ready to greet the lunar surface.The Japanese company is expecting to land Hakuto-R at 12:40 PM EST today. If successful, this first mission will no doubt be a huge boon for ispace's ambitious plans to send two subsequent landers to the moon in 2024 and 2025. It would also make them the first private company to land on the moon, and the first spacecraft from Japan to do so. (China, the United States, and the USSR have been the only nations to reach the lunar surface.)This first mission, appropriately named Mission 1, kicked off last December when a SpaceX Falcon 9 launched the lander into space. Since then, the lander has performed a number of maneuvers to stay on track in its path to the moon. At its farthest point, Hakuto-R traveled as much as 1.4 million kilometers from Earth.
The livestream will kick-off one hour prior to landing at 11:40 EST.
Link to stream.
Read more of this story at SoylentNews.
23:32
Security updates for Tuesday LWN.net
Security updates have been issued by CentOS (firefox, java-11-openjdk, and thunderbird), Debian (apache2), Fedora (kernel), Oracle (emacs), Red Hat (emacs, haproxy, java-1.8.0-openjdk, kernel, kernel-rt, kpatch-patch, pcs, pki-core:10.6, and qatzip), and SUSE (avahi, cdi-apiserver-container, cdi-cloner-container, cdi- controller-container, cdi-importer-container, cdi-operator-container, cdi- uploadproxy-container, cdi-uploadserver-container, cont, giflib, kernel, kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools- container, virt-operator-container, ovmf, and protobuf-c).
23:26
New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks The Hacker News
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it
23:23
Goldilocks zone may not be a good metric for whether life exists on exoplanets, say astrobiologists Lifeboat News: The Blog
Most exoplanets lying in the habitable zones around stars are in fact inhospitable to plant life as we know it. That is according to a new study from microbiologists and astronomers at the University of Georgia who say that taking into account the light a planet receives as well as its ability to hold liquid water is a better definition of whether life could exist on other planets.
The Habitable Zone (HZ) is traditionally defined to be the range of distances around a star where an exoplanet can support liquid water on its surface. Too far, and the planet remains frozen like Mars. Too close and the oceans evaporate, as happened to Venus. The zone in the middle is neither too hot, nor too cold, but just right the so-called Goldilocks zone.
Nothing certain is known about the properties and requirements of alien life. However, there are generally two schools of thought in astrobiology. One is that evolution on other planets can figure out ways to sidestep seemingly insurmountable barriers to life as we know it, while others claim that life is everywhere bounded by the same universal physical principles, and can thus only operate a certain way, similar to as on Earth.
23:22
This Private Moon Lander Is Kicking Off a Commercial Lunar Race Lifeboat News: The Blog
The Japanese company Ispace could be the first to safely touch down on the moons surface, with more spacecraft following later this year.
23:22
The case for Singularity Activism Lifeboat News: The Blog
New AI systems released in 2023 demonstrate remarkable properties that have taken most observers by surprise. The potential both for positive AI outcomes and negative AI outcomes seems to have been accelerated. This leads to five responses:
1.) Yawn AI has been overhyped before, and is being overhyped again now. Lets keep our attention on more tangible issues.
2.) Full speed ahead with more capabilities Lets get to the wonderful positive outcomes of AI as soon as possible, sidestepping those small-minded would-be regulators who would stifle all the innovation out of the industry.
23:14
FFmpeg Now Works With VA-API On Windows Thanks To Microsoft Phoronix
VA-API has been around for more than one decade as the most common Linux Video Acceleration API that works across multiple GPU/driver vendors. It's been Linux-focused to this point while thanks to the work of Microsoft has begun seeing support on Windows...
23:04
Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor The Hacker News
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten,
23:02
Universal Flu Candidate Vaccine Appears to be Safe and Promising in Small-Scale Trial SoylentNews
If I understand it correctly, researchers made a vaccine that targets the proteins common to all flu viruses instead of the part that changes every year. They tested it on 52 people and found it safe and effective.
A Widge, et al. An Influenza Hemagglutinin Stem
Nanoparticle 1 Vaccine Induces Cross
Group 1 Neutralizing Antibodies in Healthy Adults. Science
Translational Medicine https://www.science.org/doi/10.1126/scitranslmed.ade4790
S Andrews, et al. An Influenza H1 Hemagglutinin Stem-Only Immunogen Elicits a Broadly Cross-Reactive B Cell Response in Humans. Science Translational Medicine https://www.science.org/doi/10.1126/scitranslmed.ade4976
Universal Influenza Candidate Vaccine Performs Well in Phase 1 Trial NIAID Now https://www.niaid.nih.gov/news-events/vrc-uni-flu-vax
Scientists at NIAID's Vaccine Research Center (VRC) report in two new studies that an experimental influenza vaccine, designed to elicit immunity against a broad range of influenza viruses, performed well in a small trial of volunteers. In fact, the vaccine has advanced to a second trial led by scientists at Duke University through NIAID's Collaborative Influenza Vaccine Innovation Centers (CIVICs).
In a phase 1 clinical trial of 52 volunteers, the vaccine developed by the VRC known as H1ssF (influenza H1 hemagglutinin stabilized stem ferritin nanoparticle vaccine) was safe, well-tolerated, and induced broad antibody responses that target the hemagglutinin stem. The two new studies assessing the nanoparticle vaccine published April 19 in Science Translational Medicine.
Read more of this story at SoylentNews.
23:00
Abnormal Security expands its platform and launches new products Help Net Security
At RSA Conference 2023, Abnormal Security launched three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional sources, including CrowdStrike, Okta, Slack, Teams and Zoom. Email remains the most common path into an organization, but cybercriminals are steadily shifting their tactics and targeting additional entry points across the enterprise. The recent attacks More
The post Abnormal Security expands its platform and launches new products appeared first on Help Net Security.
22:34
Mesa's Rusticl Driver Adds Optional OpenCL FP64 Support Phoronix
The newest feature added by Red Hat engineer Karol Herbst to the Rusticl Mesa OpenCL open-source driver is FP64 support...
22:27
LibrePlanet: Weiming Hu on Free software for Environmental Sciences Techrights
Summary: The above LibrePlanet talk by Weiming Hu is a remote (not physical presence) talk and it was uploaded by the FSF last week (slides here; PeerTube link); From the official page: Open science is a movement that promotes the freedom to share knowledge and data in science. Its recent success largely depends on our ability to reproduce and then improve on existing research products. It is about ensuring that researchers have sufficient access to information and the necessary tools for analysis. This movement goes hand in hand with the free software movement, as it has the potential to revolutionize sciences by providing powerful tools for data analysis, modeling, and visualization. I would like to focus my talk on the connection and missing links between free software and open science, particularly in environmental and data sciences. The talk is devoted to raising awareness and promoting conversations on how we can better advance sciences with free software and knowledge sharing.
Licence: CC BY SA 4.0
22:20
Linux 6.4 Phoronix
While often times the EXT4 file-system driver updates for new Linux kernel merge windows can be rather mundane given the maturity of this widely-used Linux file-system, this time around for Linux 6.4 it's a bit more exciting...
22:05
Xen Security Advisory 430 v2 (CVE-2022-42335) - x86 shadow paging arbitrary pointer dereference Open Source Security
Posted by Xen . org security team on Apr 25
Xen Security Advisory CVE-2022-42335 / XSA-430x86 shadow paging arbitrary pointer dereference
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
In environments where host assisted address translation is necessary
but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests
in so called shadow mode. Due to too lax a check...
22:00
RidgeShield monitors traffic across workloads and enforces unified security policies Help Net Security
At RSA Conference 2023, Ridge Security announced Ridge Security RidgeShield, an automated, cloud workload protection and testing solution. As organizations increasingly move their workloads to the cloud, they face new and complex security challenges that traditional security solutions are not designed to handle. RidgeShield addresses these challenges with a zero-trust micro-segmentation technology to secure cloud workloads across on-premises, hybrid cloud, or multi-cloud environments, protecting against todays sophisticated cybersecurity threats. Securing cloud workloads can be a More
The post RidgeShield monitors traffic across workloads and enforces unified security policies appeared first on Help Net Security.
21:53
Modernizing Vulnerability Management: The Move Toward Exposure Management The Hacker News
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of
21:33
All That Microsoft Has Left Now is Distraction and Destruction (Layoffs and Deflection Aplenty) Techrights
Video
download link | md5sum
3c1252ce2d09faaf2fc6f4a0ebd336b8
Week of Microsoft Chaff and Layoffs
Creative Commons Attribution-No Derivative Works 4.0
Summary: Microsoft is losing it; as a result, the media is being co-opted and trolling by Microsoft enablers appears to have gotten worse than usual (borderline illegal)
WITH many Microsoft layoffs every month this year (no, its not just the alleged 10,000 from January!) its worth looking back at and properly examining what weve published so far this week (quite a lot yesterday). It seems to have attracted particularly nasty and sometimes illegal trolling, basically vandalising the IRC network by all means available. It resulted in plenty of distraction and time-wasting.
It seems to have attracted particularly nasty and sometimes illegal trolling, basically vandalising the IRC network by all means available.The video above focuses on what I studied this morning. I closely monitor the situation at Microsoft (with focus on layoffs) every 30 minutes or so/thereabouts. It looks like some truly nasty s*** is about to hit the fan, but endless fluff about s***GPT will be used to change the subject or distract from the substance. For this week we shall prioritise articles on this topic as we try to take a better glance, peering beyond the smokescreen and Microsofts paid-for spam (plenty of it this week, including the straw man that Microsoft means security and any confrontations to that claim are sexism; several British publishers played along and actively participated in this ludicrous PR).
21:30
AWS boosts Amazon GuardDuty with 3 new capabilities to protect varied workloads Help Net Security
AWS has unveiled three new capabilities for Amazon GuardDuty, AWSs threat detection service, that further strengthen customer security through expanded coverage and continuous enhancements in machine learning, anomaly detection, and integrated threat intelligence. GuardDuty is part of a broad set of AWS security services that help customers identify potential security risks, so they can respond quickly, freeing security teams to focus on tasks with the highest value. The three new capabilities expand GuardDuty protection to More
The post AWS boosts Amazon GuardDuty with 3 new capabilities to protect varied workloads appeared first on Help Net Security.
21:27
Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware The Hacker News
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company attributed it
21:26
Lori Angela Nagel on Promoting Free/Libre Software Philosophy Techrights
Video download link (skip to about 15 seconds from the start)
Summary: The above LibrePlanet talk was uploaded a week ago by the FSF (slides here; PeerTube link has the wrong video); From the official page: The hardest part about promoting the free software philosophy is getting people interested enough in the conversation to listen even if they arent already excited about technology topics. However, most people use software today, yet have complaints and fears about it. Instead of merely waiting around for the conversation to turn into a discussion about software usage or technology woes and fears, it helps to come up with powerful questions that can turn conversations about anything into conversations about software and why it needs to have the four freedoms, yet still keeping it engaging for all participants so that it is relevant. This discussion will be about taking topics people like to discuss and turning them into freedom respecting software topics by relating them whatever people are currently talking about using audience supplied examples. These discussions can take place in forums or chat, online or in person.
Licence: CC BY SA 4.0
21:22
Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack Lifeboat News: The Blog
Play ransomware is notable for not only utilizing intermittent encryption to speed up the process, but also for the fact that its not operated on a ransomware-as-a-service (RaaS) model. Evidence gathered so far points to Balloonfly carrying out the ransomware attacks as well as developing the malware themselves.
Grixba and VSS Copying Tool are the latest in a long list of proprietary tools such as Exmatter, Exbyte, and PowerShell-based scripts that are used by ransomware actors to establish more control over their operations, while also adding extra layers of complexity to persist in compromised environments and evade detection.
Another technique increasingly adopted by financially-motivated groups is the use of the Go programming language to develop cross-platform malware and resist analysis and reverse engineering efforts.
21:22
Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites Lifeboat News: The Blog
Hackers are exploiting an outdated WordPress plugin, Eval PHP, to secretly backdoor websites in an ongoing campaign.
21:22
New All-in-One EvilExtractor Stealer for Windows Systems Surfaces on the Dark Web Lifeboat News: The Blog
A new all-in-one stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems.
It includes several modules that all work via an FTP service, Fortinet FortiGuard Labs researcher Cara Lin said. It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to steal browser data and information from compromised endpoints and then upload it to the attackers FTP server.
The network security company said it observed a surge in attacks spreading the malware in the wild in March 2023, with a majority of the victims located in Europe and the U.S. While marketed as an educational tool, EvilExtractor has been adopted by threat actors for use as an information stealer.
21:00
3D Print For Extreme Temperatures (But Only If Youre NASA) Hackaday
At the level pursued by many Hackaday readers, the advent of affordable 3D printing has revolutionised prototyping, as long as the resolution of a desktop printer is adequate and the part can be made in a thermoplastic or resin, it can be in your hands without too long a wait. The same has happened at a much higher level, but for those with extremely deep pockets it extends into exotic high-performance materials which owners of a desktop FDM machine can only dream of.
NASA for example are reporting their new 3D printable nickel-cobalt-chromium alloy that can produce extra-durable laser-sintered metal parts that van withstand up to 2000 Fahrenheit, or 1033 Celcius for non-Americans. This has obvious applications for an organisation producing spacecraft, so naturally they are excited about it.
The alloy receives some of its properties because of its oxide-dispersion-strengthened composition, in which grains of metal oxide are dispersed among its structure. Were not metallurgists here at Hackaday, but we understand that the inconsistencies in the layers of metal atoms...
21:00
GrammaTech and ArmorCode unify application security tools and intelligence Help Net Security
GrammaTech and ArmorCode announced a technology integration partnership to help customers automate product security across development, testing, feedback and deployment. The GrammaTech CodeSonar SAST (static application security testing) platform provides deep safety and security vulnerability intelligence to ArmorCode for orchestrating application security operations within CI/CD pipelines. The companies are collaborating to offer integrated solutions for ensuring the safety and security of mission-critical automotive, aerospace, enterprise, and industrial products. GrammaTech and ArmorCode will demonstrate their products More
The post GrammaTech and ArmorCode unify application security tools and intelligence appeared first on Help Net Security.
20:47
Google adds new risk assessment tool for Chrome extensions Help Net Security
Google has made available a new tool for Google Workspace admins and security teams to make an assessment of the risk different Chrome extensions may present to their users: Spin.AI App Risk Assessment. The tool is available through the Chrome Browser Cloud Management console and provides admins with valuable insights into potential security threats. The Spin.AI App Risk Assessment tool for Chrome extensions The tool allows administrators to: View app and extension usage details Configure More
The post Google adds new risk assessment tool for Chrome extensions appeared first on Help Net Security.
20:46
Linux 6.4 Can Run As A Confidential AMD SEV-SNP vTOM Guest On Microsoft Hyper-V Phoronix
For those making use of Microsoft Hyper-V virtualization there are some notable additions to find with the in-development Linux 6.4 kernel...
20:42
How Sirius (Mis)Handled a Crisis in 2022 schestowitz.com
Video
download link | md5sum
e6d79ef1efc46c2747184e07504811b1
Sirius Plans That Never Materialised
Creative Commons Attribution-No Derivative Works 4.0
Summary: The gross mismanagement of Sirius Open Source is a longstanding issue; it goes back to 2019 and it culminated in growing levels of deceit, set aside fraud aspects, so today we take a look back at another meeting from 2022
LISTENING to audio from almost a year ago (we have about 5 hours of audio from last summer; this was shared with staff), it now seems clear that Sirius Open Source had a lot of fantasies while drifting further and further away from well, Open Source.
In the start of summer (2022-06-01) we had a second meeting (out of 3 in total) about the future of the company and studying it in retrospect its easy to understand [crer 168114 witch-hunts], scare tactics etc. Colleagues were subjected to threats and were isolated from their peers. They deemed this approach evil (direct quote).
Much of the meat of the meeting starts a long time after the start with staff thats actually technical (and actually doing all the work, even 24/7) raising questions while the others repeat the same talking points. Basically, managers (which at that point where like half of all the staff) were discussing many options and presenting each. They collected suggestions from staff and eventually threw all of them out. Staff was a bit surprised that after these consultations every suggestion from the staff was rejected. Every single one of them!
One of the self-appointed managers (no relevant skills whatsoever) was discussing the scoring criteria e.g. what will be assessed in appraisals. She was only reading the script/presentation. Its highly probable she was fully aware of the pension fraud and she may have directly participated in that. An opportunistic career-climbing narcissist. The discussi...
20:39
Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis The Hacker News
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment
20:34
Google Authenticator App now supports Google Account synchronization Security Affairs
Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization.
Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account.
The company states that users over the years have faced the complexity of dealing with lost or stolen devices that had Google Authenticator installed. Since one-time codes in Authenticator were only stored on a single device if a user lost that device will be not able to sign in to any service on which theyd set up 2FA using Authenticator.
With this update were rolling out a solution to this problem, making one time codes more durable by storing them safely in users Google Account. This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security. reads the announcement.
The feature announced by Google is optional.
To try the new Authenticator with Google Account synchronization, simply update the app and follow the prompts. concludes the announcement.
Please vote for Security Affairs (https://securityaffairs.com/) as
the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR
WINNERS
Vote for me in the sections:
- The Teacher Most Educational Blog
- The Entertainer Most Entertaining Blog
- The Tech Whizz Best Technical Blog
- Best Social Media Account to Follow (@securityaffairs)
Please nominate Security Affairs as your favorite blog.
...
20:31
The Sirius Open Source Fantasy Part III Staff Input (From Technical Workers) Not Accepted Techrights
Series parts:
- The Sirius Open Source Fantasy Part I In 2022 the Company Was Already Too Deep in Debt
- The Sirius Open Source Fantasy Part II Briefings About the Company
- YOU ARE HERE Staff Input (From Technical Workers) Not Accepted
Video
download link | md5sum
e6d79ef1efc46c2747184e07504811b1
Sirius Plans That Never Materialised
Creative Commons Attribution-No Derivative Works 4.0
Summary: The gross mismanagement of Sirius Open Source is a longstanding issue; it goes back to 2019 and it culminated in growing levels of deceit, set aside fraud aspects, so today we take a look back at another meeting from 2022
LISTENING to audio from almost a year ago (we have about 5 hours of audio from last summer; this was shared with staff), it now seems clear that Sirius Open Source had a lot of fantasies while drifting further and further away from well, Open Source.
it now seems clear that Sirius Open Source had a lot of fantasies while drifting further and further away from well, Open Source.In the start of summer (2022-06-01) we had a second meeting (out of 3 in total) about the future of the company and studying it in retrospect its easy to understand witch-hunts, scare tactics etc. Colleagues were subjected to threats and were isolated from their p...
20:26
Initial Apple M2 Support & Other 64-bit ARM Changes For Linux 6.4 Phoronix
On Monday the ARM64 (AArch64) architecture code changes were submitted for the in-development Linux 6.4 kernel along with the various SoC updates and various platform/machine additions for ARM hardware with this new kernel version...
20:15
MITRE Caldera for OT tool enables security teams to run automated adversary emulation exercises Help Net Security
MITRE is launching its MITRE Caldera for OT tool, which allows security teams to run automated adversary emulation exercises that are specifically targeted against operational technology (OT). At RSA Conference 2023, MITRE is also showcasing its Infrastructure Susceptibility Analysis (ISA) to identify and prioritize mitigations by looking at how adversaries compromise infrastructure and what is needed to stop them. Cybersecurity within critical infrastructure is paramount for national security, the economy, and the safety of the More
The post MITRE Caldera for OT tool enables security teams to run automated adversary emulation exercises appeared first on Help Net Security.
20:15
Linux 6.3 Debuts After Nice, Controlled Release Cycle SoylentNews
Linux 6.3 debuts after 'nice, controlled release cycle':
Linux 6.3 has arrived after a push that project boss Linus Torvalds characterized as "a nice, controlled release cycle" that required the seven release candidates he prefers and was supported by helpful developer behavior.
"It happens," he added, but also didn't rule out "something nasty couldn't have been lurking all these weeks." Torvalds therefore urged real-world testing to make sure this release really is ready for prime-time consumption.
Holidays and travel are often the cause of delays to kernel releases. Easter didn't slow development this time around.
Version 6.3 won't be a long term support (LTS) release the last of those was Linux 6.1, and every fifth or sixth release gets LTS status. So while many users will be pleased to see it, 6.3 almost certainly won't be a cut of the kernel that demands adoption or attention.
Which is not to say it doesn't include some interesting goodies.
Among the additions are better support for multi-actuator hard disk drives. Conventional hard disks have one actuator driving a single set of read/write heads. Multi-actuator disks add a second set of heads, which speeds things up nicely. Hyperscale cloud operators are the first big buyers of multi-actuator disks, but they're slowly going mainstream. Now Linux is better able to handle them.
China's Loongson makes RISC-V processors and is working hard and fast to make them an enterprise contender. Linux 6.3 will help that a little by supporting Kernel Address Space Layout Randomization on the company's silicon. This has been around on other architectures for ages security is helped by having the kernel load into different areas of memory each time it boots, instead of using the same locations and giving attackers a known target.
Microsoft coders contributed updates that add nested hypervisor support for Redmond's own Hyper-V hypervisor.
Read more of this story at SoylentNews.
20:00
Attackers are logging in instead of breaking in Help Net Security
Cyberattackers leveraged more than 500 unique tools and tactics in 2022, according to Sophos. The data, analyzed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 Living off the Land binaries (LOLBins). Unlike malware, LOLBins are executables naturally found on operating systems, making them much more difficult for defenders to block when attackers exploit them for malicious activity. Unpatched vulnerabilities as leading cause of cyberattacks More
The post Attackers are logging in instead of breaking in appeared first on Help Net Security.
19:56
PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350) Help Net Security
An unauthenticated RCE flaw (CVE-2023-27350) in widely-used PaperCut MF and NG print management software is being exploited by attackers to take over vulnerable application servers, and now theres a public PoC exploit. About the vulnerability According to PaperCut, the attacks seem to have started on April 14, 2023 a month and a week after the software maker released new PaperCut MF and NG versions that fixed CVE-2023-27350 and CVE-202327351, an unauthenticated information disclosure flaw More
The post PoC exploit for abused PaperCut flaw is now public (CVE-2023-27350) appeared first on Help Net Security.
19:30
IBM Security QRadar Suite streamlines security analysis throughout the incident process Help Net Security
IBM unveiled at the RSA conference 2023, its new Security QRadar Suite designed to unify and accelerate the security analyst experience across the full incident lifecycle. The IBM Security QRadar Suite represents a major evolution and expansion of the QRadar brand, spanning all core threat detection, investigation and response technologies, with investment in innovations across the portfolio. Delivered as a service, the IBM Security QRadar Suite is built on an open foundation and designed specifically More
The post IBM Security QRadar Suite streamlines security analysis throughout the incident process appeared first on Help Net Security.
19:22
This Harvard Law Professor is an Expert on Digital Technology Lifeboat News: The Blog
Type: departments.
careers.
Harvard.
Cybersecurity.
internet.
law.
Jonathan L. Zittrain wears many hats. An expert on the Internet, digital technology, law, and public policy, he regularly contributes to public discussions about what digital tech is doing to us and what we should do about itmost recently around the governance of AI and the incentives that shape major social media platforms.
He holds several roles, all at Harvard, reflecting his many converging interests. He is a professor of international law at Harvard Law School, a professor of public policy at its Kennedy School, and a professor of computer science at the universitys John A. Paulson School of Engineering and Applied Sciences. Hes also cofounder and faculty director of Harvards Berkman Klein Center for Internet & Society.
In his various capacities, he has been tackling many sticky cyberpolicy issues over the past 25 years.
19:08
Peugeot leaks access to user information in South America Security Affairs
Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million.
A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru.
And while the country is not that big of a market for the car maker, this discovery is yet another example of how big and well-known brands fail to secure sensitive data.
Peruvian data leak
On February 3rd, the Cybernews research team discovered an exposed environment file (.env) hosted on the official Peugeot store for Peru.
The exposed file contained:
- Full MySQL database Uniform Resource Identifier (URI) a unique sequence of characters that identifies a resource as well as username and password to access it;
- JSON Web Tokens (JWT) passphrase and locations of private and public keys;
- A link to the git repository for the site;
- Symfony application secret.
Combined, the leaked information could be used to compromise the dataset and the website.
Judging from its username, MySQL was used to store user information. The company has also leaked the credentials needed to access the dataset. An attacker could use this data to log in, exfiltrate, or modify the datasets contents.
The passphrase for JWT, an industry standard used to share information between two entities, was very weak and easily guessable. The private certificate, used in combination with the passphrase, was also stored on the same server.
The leaked Symphony application secret could have been used to decrypt previously encrypted data such as user cookies and session IDs. If exposed, such information could enable the threat actor to impersonate a victim and access appli...
18:56
Links 24/04/2023: A Focus on Red Hat and Fedora Techrights
Contents
- GNU/Linux
- Distributions and Operating Systems
- Free, Libre, and Open Source Software
- Leftovers
- Gemini* and Gopher
-
GNU/Linux
-
Audiocasts/Shows
-
Kernel Podcast: S2E4 2023/04/24
Linus Torvalds announced the release of Linux 6.3, noting, Its been a calm release this time around, and the last week was really no different. So here we are, right on schedule. As usual, the KernelNewb...
-
-
18:55
1337xs Search is Broken, Cant Find Recent Torrents (Updated) TorrentFreak
1337x.to is the go-to destination for many seasoned
BitTorrent users. The site has been around for fifteen years and is
home to many reputable uploaders.
Over the years 1337x has steadily climbed through the ranks, building a stable and loyal userbase.
With over 60 million monthly visits to its main domain name, 1337x is currently the second most used torrent site, trailing only behind YTS.mx, while beating The Pirate Bay. This also means that if something breaks, people take notice.
1337x Troubles
1337x has had its fair share of issues over the years. The forum, for example, has been offline for years despite still being promoted throughout the site. The same is true for the sites chat function, which is offline as well.
Most users can live with these shortcomings, as they are mostly interested in finding the latest torrents. However, that has started to become a problem as well recently, as 1337xs search function is not functioning as it should.
Over the past few days, many users have complained that they are unable to find recent uploads. A quick inspection of the site shows that new content is still being added, exemplified by recent torrents in the most popular and trending lists.
No Torrents After April 10
While they do exist, finding these recent torrents using direct searches seems to be a problem. It appears that the search function only shows torrents uploaded on or before April 10, more than two weeks ago.
TorrentFreak reached out to 1337xs operator to get a comment on this problem, but we havent heard back. Previous requests for comment remained unanswered as well, which isnt really a surprise as the domains MX records, which specify the mail server, are gone.
Based on available information, the search problems appear purely technical in nature, likely related to a simple database issue. If and when the issue will be fixed is unknown.
On Reddit, some people have...
18:30
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware Security Affairs
North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware.
Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks.
The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group.
The RustBucket malware allows operators to download and execute various payloads. The attribution to the BlueNoroff APT is due to the similarities in the findings that emerged from Kasperskys analysis published in December 2022. The similarities include malicious tooling on macOS that closely aligns with TTPs of those employed in the campaign.
The first-stage malware was contained within an unsigned application named Internal PDF Viewer.app. Experts believe the app can only be executed by manually overriding the Gatekeeper security measure.
The stage-one simply executes various do shell script commands to download the second stage malware from the C2 using curl. The malicious code extracts the contents of the zip file to the /Users/Shared/ directory and executes a stage-two application which is also named Internal PDF Viewer.app.
The second stage malware doesnt use AppleScript, it masquerades as a legitimate Apple bundle identifier and is signed with an ad-hoc signature.
When the Internal PDF Viewer application is launched, the user is presented with a PDF viewing application where they can select and open PDF documents. The application, although basic, does actually operate as a functional PDF viewer. reads the analysis published by Jamf. A task that isnt overly difficult using Apples well-built PDFKit Framework.
The stage-two malware communicates with the C2 server to fetch the stage-three payload, which is an ad-hoc signed trojan written in the Rust language. The trojan can run on both ARM and x86 architectures.
Upon executing, the malware collects system information, including the process listing, current time and whether or not its running within a VM.
This third-stage payload allows the attacker to carry out a broad range of malicious activities on the system.
18:09
Read "Brain Principles Programming" (PDF) coauthored by our Anton Kolonin. Lifeboat News
Read "Brain Principles Programming" (PDF) coauthored by our Anton Kolonin.
18:00
Make Your ESP32 Talk Like Its the 80s Again Hackaday
80s-era electronic speech certainly has a certain retro appeal to it, but it can sometimes be a useful data output method since it can be implemented on very little hardware. [luc] demonstrates this with a talking thermometer project that requires no display and no special hardware to communicate temperatures to a user.
Back in the day, there were chips like the Votrax SC-01A that could play phonemes (distinct sounds that make up a language) on demand. These would be mixed and matched to create identifiable words, in that distinctly synthesized Speak & Spell manner that is so charming-slash-uncanny.
17:56
Microsofts Share in China: From Web Dominance to Almost Nothing in Less Than a Decade Techrights
Microsoft has lost a lot of its power (now it just huffs and puffs about AI with paid-for puff pieces)
Summary: According to samples from 3 million sites (locally uploaded data), Microsoft is down from almost complete dominance of the browser market in China (2010) to almost nothing; even Edge is hovering at around 5% nowhere near the past levels
17:41
IRC Proceedings: Monday, April 24, 2023 Techrights
Also available via the Gemini protocol at:
- gemini://gemini.techrights.org/irc-gmi/irc-log-techrights-240423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-240423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-social-240423.gmi
- gemini://gemini.techrights.org/irc-gmi/irc-log-techbytes-240423.gmi
Over HTTP:
|
|
|
|
|
|
|
|
|
|
... |
17:40
Read "From Quantum Biology to Quantum Computing" by our Guido Putignano. Lifeboat News
Read "From Quantum Biology to Quantum Computing" by our Guido Putignano.
17:28
Rats! Rodents Seem to Make the Same Logical Errors Humans Do SoylentNews
Both tend to judge the co-occurrence of two events as more probable than one event alone:
Animals, like humans, appear to be troubled by a Linda problem.
The famous "Linda problem" was designed by psychologists to illustrate how people fall prey to what is known as the conjunction fallacy: the incorrect reasoning that if two events sometimes occur in conjunction, they are more likely to occur together than either event is to occur alone.
[...] In the 1980s, Nobel laureate Daniel Kahneman and his colleague Amos Tvesrky showed that in a variety of scenarios, humans tend to believe, irrationally, that the intersection of two events is more probable than a single event. They asked participants to answer a question based on the following scenario.
Linda is 31 years old, single, outspoken and very bright. She majored in philosophy. As a student, she was deeply concerned with issues of discrimination and social justice and also participated in anti-nuclear demonstrations.
Which is more probable?
- Linda is a bank teller
- Linda is a bank teller and is active in the feminist movement
The great majority of participants chose No. 2, although logically it is less probable than Linda being a bank teller alone. After all, No. 1 would not preclude Linda from also being an active feminist, but given the description of Linda, No. 2 may be easier for respondents to imagine.
The Linda problem and numerous similar studies seem to indicate that humans estimate the likelihood of an event using mental shortcuts, assessing how similar the event is to a model they already have in their minds. [...]
Read more of this story at SoylentNews.
17:23
Bronchial Asthma as a Cardiovascular Risk Factor: A Prospective Observational Study Lifeboat News: The Blog
Introduction: Asthma as a chronic inflammatory disorder has been suggested as a risk factor for endothelial dysfunction (ED), but studies on the association between asthma and cardiovascular disease (CVD) risk are limited. Background: We assessed associations of ED with the severity of asthma, eosinophilic inflammation, lung function, and asthma control. Methods: 52 young asthmatics (median age of 25.22 years) and 45 healthy individuals were included. Demographic, clinical, and laboratory findings were recorded. We evaluated microvascular responsiveness by recording the reactive hyperemia index (RHI) indicating post-occlusive peripheral endothelium-dependent changes in vascular tone using the Itamar Medical EndoPAT2000. VCAM-1, ADMA, high-sensitive CRP (hsCRP), and E-selectin were measured. Results: Asthmatics had considerably lower RHI values (p < 0.001) with a dynamic decreasing trend by asthma severity and higher hsCRP levels (p < 0.001). A substantial increase in hsCRP and E-selectin with asthma severity (p < 0.05) was also observed. We confirmed a higher body mass index (BMI) in asthmatics (p < 0.001), especially in women and in severe asthma. Conclusions: We demonstrated the progression of CVD in asthmatics and the association of the ongoing deterioration of ED with the inflammatory severity, suggesting that the increased risk of CVD in young asthmatics is dependent on disease severity. The underlying mechanisms of risk factors for CVD and disease control require further study.
17:22
Michio Kaku Just Announced: James Webb Telescope FINALLY PROVED Big Bang WRONG! Lifeboat News: The Blog
A video about the Webb telescope making it seem like there was no big bang. This is by Mikio Kaku.
Weve always wondered about life out there. But what if we told you that the possibility of more lifeforms has become surer than ever? Six shocking galaxies have been discovered that defy all explanations. Join us as we discuss Michio Kaku breaking his silence on the James Webb telescopes clearest image in history.
17:00
I Had To Find Out If This Was True Terra Forming Terra
Why now? A credit induced contraction of the auto loan book would
knee cap auto sales and must be questioned.
Right now our economy is loaded with misinformation and plausible
enemy action as well.
.jpg)
I Had To Find Out If This Was True
April 19, 2023 by Michael Shah
http://theeconomiccollapseblog.com/i-had-to-find-out-if-this-was-true/ttp://theeconomiccollapseblog.com/i-had-to-find-out-if-this-was-true/re
Top Pathologist confirms Cancer, Infertility & Strange Blood Clots are common side effects of Covid-19 Vaccination Terra Forming Terra
Chile Stuns Markets And EV Makers By Nationalizing Lithium Industry Overnight Terra Forming Terra
What is DNA Computing, How Does it Work, and Why it's Such a Big Deal Terra Forming Terra
%252Fimages%252FMARCH%252FDNAHelix.jpg&w=3840&q=75)
15:23
Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs Lifeboat News: The Blog
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.
15:00
Half Crystal Radio, Half Regenerative Radio Hackaday
A rite of passage in decades past for the electronics experimenter was the crystal radio. Using very few components and a long wire antenna, such a radio could pick up AM stations with no batteries needed, something important in the days when a zinc-carbon cell cost a lot of pocket money. The days of AM broadcasting may be on the wane, but its still possible to make a crystal set that will resolve stations on the FM band. [Andrea Console] has done just that, with a VHF crystal set that whose circuit also doubles as a regenerative receiver when power is applied.
The key to a VHF crystal set lies in the highest quality tuned circuit components to achieve that elusive Q factor. In this radio that is coupled to a small-signal zero voltage threshold FET that acts as a detector when no power is applied, and the active component in a regenerative radio when it has power. The regenerative radio increases sensitivity and selectivity by operating at almost the point of oscillation, resulting in a surprisingly good receiver for so few parts. Everyone should make a regenerative radio receiver once in their life!
14:50
The Layoffs at Red Hat Validate What Weve Said for Years About IBMs Hostility Techrights
Summary: Hostility from IBM (towards GNUs founder, Linux, etc.) has not paid off; it only emboldened front groups like the Linux Foundation to besiege communities and promote monopolies instead; now it means that a lot of Free software hackers lose their source of income
MANY people are now reading our old articles about Red Hat and about IBM because of the layoffs. GNU/Linux is growing and expanding, so why lay off Red Hat staff? Thats a very legitimate question.
The companys too many CEOs syndrome (after 2 CEOs that were there for like 20 years) is always a bad sign. Jim AllowHurst left abruptly some years ago, barely bothering to explain why. Then his successor left as well. People only speculated about the reasons.
Based on Gemini statistics, many people read this article yesterday. Its about why Red Hat should never have been sold to IBM in the first place. AllowHurst made a big error and then left.
14:43
BuzzFeed News is Shutting Down SoylentNews
The move came as its parent company, BuzzFeed Inc., seeks further cost cuts:
BuzzFeed News is shutting down.
In an email to staff shared with NBC News, BuzzFeed CEO Jonah Peretti said the move was part of a 15% workforce reduction across a number of teams.
"While layoffs are occurring across nearly every division, we've determined that the company can no longer continue to fund BuzzFeed News as a standalone organization," he wrote.
Peretti said he had "overinvest[ed] in BuzzFeed News "because I love their work and mission so much."
"This made me slow to accept that the big platforms wouldn't provide the distribution or financial support required to support premium, free journalism purpose-built for social media," he wrote.
He added that he had failed to "hold the company to higher standards for profitability" to give it a buffer for downturns.
Moving forward, BuzzFeed will have a lone news brand, HuffPost, which BuzzFeed acquired in 2020 and which Peretti said "is profitable, with a loyal direct front page audience."
[...] BuzzFeed News launched in earnest at the outset of 2012 after it named longtime New York City political reporter Ben Smith as its editor-in-chief. In 2021, the news organization won a Pulitzer Prize for a series exposing China's mass detention of Muslims. That same year, it was also named a Pulitzer finalist the second time it had received the honor.
Later that year, BuzzFeed Inc. became a publicly traded company amid a global frenzy of reverse mergers, many of which have since lost significant value. In BuzzFeed's case, it never traded above its initial public offering price of about $10.
Read more of this story at SoylentNews.
14:33
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes The Hacker News
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"
14:14
One Common Theme is That Companies Which Lack a Business Model Fall Back on Buzzwords Like AI and Crypto Techrights
Summary: We now have a tech industry that consolidates around buzzwords, hype, and false promises
Clown computing hype, as noted by Ryan just moments ago, isnt working out for Microsoft.
Microsoft and Facebook aggressively lay off staff (the press focuses on the latter while parroting false figures from Microsoft to belittle the scale of the layoffs at Microsoft). They lay off their own while insisting that AI is the future. Microsoft even tried to claim that AI is replacing its own staff (thats false). They both bet on metaverse too, but Microsoft fired all the staff associated with that (the press hardly mentioned this!).
Look at the news today:
AI has been an expensive (paid-for) smokescreen. Microsoft is misleading shareholders, who dont even fully understand that theyre being sold a lie. AI is nothing new and its just some abstract term. The chaffbots arent even producing useful output. Theyre full of errors. Its not viable.
There are of course other hype waves, not just clown or AI or metaverse.
Consider so-called self-driving or autonomous vehicles a dangerous pipe dream that boils down to regulators who are bribed or not sober. How are those companies performing? All of them down sharply, including the home of 'Gulagboy' (a company trying to get acquired by Microsoft):
Also consider crypto. The Linux Foundation is connected to this fraud [...
13:35
The Clown Computing and AI Bubble Techrights
Reprinted with permission from Ryan
AI frightens me.
No, not the thought of living in the Future War of The Terminator. Skynet said that it evolves in seconds. ChatGPT, Dall-E, and Bard still get simple interest wrong and cant tell me what things will cost when I ask them to factor in coupons or rebates.
NPRs article about AI building rockets that would explode if anyone tried building them was just amusing. Were a long way off from rockets when GPT and Bard cant tell me how much interest $1,000 will make in 5 years if I put it in a CD that compounds daily at a given APY.
The entire point of generative AI is to create a seductive mirage for stock investors.
Google and Microsoft are examples of giant tech companies whose established products are still fairly widely used despite having degenerated quite a bit.
Google and Microsoft Bing search are an arm of the state propaganda mills, and Windows 11 is noticeably slower than Windows 10 even on faster hardware, carrying on Microsofts usual tradition there, and even Windows XP was more reliable in terms of uptime and hotfixes and service packs installing and rebooting successfully.
According to Gartner (which itself is Microsoft-affiliated), PC shipments have fallen more than 30% in the first quarter of 2023 vs. the comparable period last year, and so new PCs sales are not happening. Are people switching to Macs? Apple had the worst decline of a single OEM. Even worst than Lenovo.
Microsoft has basically given up on demanding TPM 2.0 or new PCs, and has unofficially started trying to cannibalize all the Windows 10 systems it can by waving them through. Figuring that theyll at least make some extra money with all of the additional adware and spyware if they cant sell you on a new PC?
No, Microsoft said that they would make money with Cloud, but even Yahoo Finance articles admit that Cloud revenue growth is slowing and will be a disappointing miss.
Theres simply nothing here to justify MSFT stock nearly doubling in the last few years and its time to dump it if you have it.
Every major company,...
13:20
Nym Technologies for Privacy and Freedom on GNU/Linux Techrights
Summary: The above LibrePlanet talk by Ahmed Ghappour was uploaded by the FSF 7 days ago (slides here; PeerTube link); From the official page: The Nym mixnet is a new privacy infrastructure for an anonymous overlay software to resist mass surveillance. Like a VPN, it is compatible with generic internet apps. In contrast to a VPN and Tor, even a global passive adversary that has a Gods eye view cannot determine who sent a message over Nym to whom. We will review the design and codebase, and demonstrate its usage for use-cases such as e-mail and instant messaging, as well as how to run your own mix mode on GNU/Linux to provision privacy and freedom for others.
Licence: CC BY SA 4.0
12:00
Testing Part Stiffness? No Need To Re-invent the Bending Rig Hackaday
If one is serious about testing the stiffness of materials or parts, theres nothing quite like doing your own tests. And thanks to [JanTec]s 3-Point Bending Test rig, theres no need to reinvent the wheel should one wish to do so.
11:56
Autonomous Cars Confused by San Francisco's Fog SoylentNews
Autonomous cars confused by San Francisco's fog:
Driving in thick fog is a big enough challenge for humans, but it turns out self-driving cars find it pretty tricky, too.
Overwhelmed by dense fog in San Francisco early on Tuesday morning, five of Waymo's fully driverless vehicles suddenly parked by the side of a residential street in what appeared to be a precautionary measure, the San Francisco Chronicle reported. Another of its cars apparently came to halt in the middle of the street, the news outlet said.
Other vehicles were unable to pass as "baffled motorists flashed headlights and tried to maneuver around the jam," the Chronicle said.
The traffic problems persisted until the fog cleared and the autonomous cars were able to resume their journeys.
Read more of this story at SoylentNews.
10:10
Intel's Open-Source Vulkan Driver Lands Another Small Performance Optimization Phoronix
Intel's open-source "ANV" Vulkan Linux driver has received another small but measurable performance improvement for various games...
10:00
HPR3842: Whats in my bag series Hacker Public Radio
Introduction A time stamp is added for each item I mention. The time stamp given does not include the intro added by HPR so you’ll need to add a few more seconds to get to the the correct spot in the recording. [1:20] - I mention that if you are struggling to think of a topic for an HPR show then the HPR site contains a list of requested topics which you can choose from. https://hackerpublicradio.org/requested_topics.php [1:55] - Picture 01 show the “Wenger” rucksack (Backpack) I take to work. It was purchased many years ago and is probably no longer available. Picture 1 First front zip section [3:20] - I mention that I suffered for many years with Hay fever and have had great success with Mixed Pollen 30C tablets which I bought on Amazon. Unknown to me at the time these were Homeopathic with miniscule concentration. Despite this they seems to have cured my Hay fever. Refer to the links below. Wikipedia article on Homeopathic dilutions Amazon link to Weleda Mixed Pollen 30C Tablets [4:20] - Link to some unremarkable Iphone headphones I use which I bought from Amazon. Strangely they seem to constantly fall out of my left ear but remain in my right ear. UGREEN HiTune Lightning Headphones MFi Certified In Ear Headphones with Lightning Plug Wired Earbuds Mic In-Line Control for iPhone Compatible with iPhone [4:43] - Wedze Hand warmers, link from Decathlon. First main compartment [5:40] - Picture 02 shows the leather pouch pocket protector that I used to carry coins. I no longer have a use for it as I no longer carry change. Despite this for some reason I still continue to carry it back and forward to work. Picture 2 [6:25] - Pictures 03 and 04 show the Essentials fold back clips 19mm I use on a daily basis to organise bundles of paperwork. Picture 3 Picture 4 Wikipedia link to article about Bulldog clips which are not exactly the same item but serve the same purpose. [7:50] - Picture 05 shows the rubber (Eraser) I purchased from the New Lanark Village Store. The proceeds go to the RNLI (Royal National Lifeboat Institution). Picture 5 Wikipedia article about the New Lanark Village Link to New Lanark Village Store Wikipedia article about the RNLI (Royal National Lifeboat Institution) [8:50] - I mention a plastic bag cl
09:15
The Classic Map of How the Human Brain Manages Movement Gets an Update SoylentNews
Three small regions unexpectedly connect to a network known for planning and pain perception:
The classical view of how the human brain controls voluntary movement might not tell the whole story.
That map of the primary motor cortex the motor homunculus shows how this brain region is divided into sections assigned to each body part that can be controlled voluntarily (SN: 6/16/15). It puts your toes next to your ankle, and your neck next to your thumb. The space each part takes up on the cortex is also proportional to how much control one has over that part. Each finger, for example, takes up more space than a whole thigh.
A new map reveals that in addition to having regions devoted to specific body parts, three newfound areas control integrative, whole-body actions. And representations of where specific body parts fall on this map are organized differently than previously thought, researchers report April 19 in Nature.
Read more of this story at SoylentNews.
09:10
[$] Development statistics for 6.3 LWN.net
The 6.3 kernel was released on April 24 after a nine-week development cycle. As is the case with all mainline releases, this is a major kernel release with a lot of changes and a big pile of new features. The time has come, yet again, for a look at where that work came from and who supported it.
09:00
$60 Robot Arm is Compact Hackaday
Thanks to 3D printing and inexpensive controllers, a robot arm doesnt need to break the bank anymore. Case in point? [Build Some Stuff] did a good-looking compact arm with servos for under $60. The arm uses an interesting control mechanism, too.
Instead of the traditional joystick, the arm has a miniature arm with potentiometers at each joint instead of motors. By moving the model arm to different positions, the main arm will mimic your motions. It is similar to old control systems using a synchro (sometimes called a selsyn), but uses potentiometers and servo motors.
An Arduino handles reading the potentiometers and driving the servos. Still, we couldnt help but think you could forego the controller and simply use the pots to generate pulses directly for the servo motors maybe use a 555. Of course, having an Arduino means more flexibility in the long run, so it makes sense to include it.
Of course, servo motor arms arent usually good for big jobs, but as a demonstrator, it works well, and you cant complain about the price tag. Wow, building a robot arm is easier than it used to be. If you prefer a more conventional controller, there are, of course, many options.
...
08:01
Your Messaging Service Should Not Be a DEA Informant Deeplinks
A new U.S. Senate bill would require private messaging services, social media companies, and even cloud providers to report their users to the Drug Enforcement Administration (DEA) if they find out about certain illegal drug sales. This would lead to inaccurate reports and turn messaging services into government informants.
The bill, named the Cooper Davis Act, is likely to result in a host of inaccurate reports and in companies sweeping up innocent conversations, including discussions about past drug use or treatment. While explicitly not required, it may also give internet companies incentive to conduct dragnet searches of private messages to find protected speech that is merely indicative of illegal behavior.
Most troubling, this bill is a template for legislators to try to force internet companies to report their users to law enforcement for other unfavorable conduct or speech. This bill aims to cut down on the illegal sales of fentanyl, methamphetamine, and counterfeit narcotics. But what would prevent the next bill from targeting marijuana or the sale or purchase of abortion pills, if a new administration deemed those drugs unsafe or illegal for purely political reasons? As we've argued many times before, once the framework exists, it could easily be expanded.
The Bill Requires Reporting to the DEA
The law targets the unlawful sale or distribution of fentanyl, methamphetamine and the unlawful sale, distribution or manufacture of a counterfeit controlled substance.
Under the law, providers are required to report to the DEA when they gain actual knowledge of facts about those drug sales or when a user makes a reasonably believable report about those sales. Providers are also allowed to make reports when they have a reasonable belief about those facts or have actual knowledge that a sale is planned or imminent. Importantly, providers can be fined hundreds of thousands of dollars for a failure to report.
Providers have discretion on what to include in a report. But they are encouraged to turn over personal information about the users involved, location information, and complete communications. The DEA can then share the reports with other law enforcement.
The law also makes a request that providers preserve the report and other relevant information (so law enforcement can potentially obtain it later). And it prevents providers from telling their users about the preservation, unless they first notify the DEA.
We Have Seen This Reporting Scheme Befo...
07:42
AuKill tool uses BYOVD attack to disable EDR software Security Affairs
Ransomware operators use the AuKill tool to disable EDR software through Bring Your Own Vulnerable Driver (BYOVD) attack.
Sophos researchers reported that threat actors are using a previously undocumented defense evasion tool, dubbed AuKill, to disable endpoint detection and response (EDR) software.
The tool relies on the Bring Your Own Vulnerable Driver (BYOVD) technique to disable the EDR. In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, to achieve successful kernel-mode exploitation.
16.32 of the Microsoft utility, Process Explorer, to disable EDR processes.Sophos researchers investigated at least three ransomware incidents since the beginning of 2023 in which attackers used the tool. In January and February, threat actors used the tool to disable the EDR and deploy Medusa Locker ransomware; in February, the experts observed the attackers using the tool before deploying Lockbit ransomware.
The technique of abusing the Process Explorer driver to bypass EDR systems was already observed in the wild, Sophos reported it was implemented in the open-source tool Backstab, which was published in June 2021.
The researchers collected six different variants of the AuKill malware having multiple similarities with the open-source tool Backstab. The similarities observed by the researchers include characteristic debug strings, and nearly identical code flow logic to interact with the driver.
In November, Sophos X-Ops reported that an affiliate of the LockBit ransomware group used Backstab to disable EDR processes on an infected machine.
Windows by default uses the Driver Signature Enforcement feature to ensure kernel-mode drivers have been signed by a valid code signing authority before the OS will permit their execution.
To bypass security measures, threat actors need to either find a way to get a malicious driver signed by a trusted certificate, or abuse a legitimate commercial software driver to reach their goal.
In the attacks observed by Sophos, threat actors employed a driver both created by and signed by Microsoft.
The Process Explorer driver, part of their suite of administration tools produced by the Sysinternals team, implements a variety of features to interact with running processes. reads the...
07:33
The DMCA Cannot Protect You From Your Own Words Deeplinks
There is a loud debate raging over what companies should and shouldnt be doing about the things people say on their platforms. What people often seem to forget is that we already know the dangers of providing a quick way for people to remove criticism of themselves from the internet. Thanks to copyright laws disastrous damages provisions, all but the largest social media companies risk financial ruin if they dont promptly remove any content thats been flagged as infringing. As a result, copyright complaints are a highly effective way to get a post you dont like taken offline fast.
This is exactly what happened recently to a journalist who resurfaced an actors own words to raise concern about his actions. When David Choe came back into the public eye thanks to his role in a popular Netflix series, some people, including investigative journalist Aura Bogado, remembered a story he told in a 2014 podcast about sexually assaulting a masseuse. Bogado talked about it on Twitter and included a link to the video clip from the podcast (which she had obtained from fellow journalist Melissa Stetten, who broke the story in 2014). Choe responded to the controversy in at least two ways: by insisting he fabricated the story, and by using false copyright claims to try to get the video erased from the internet.
His first strategy may be effective. The second should not be.
The David Young Choe Foundation claims it owns the copyright in the podcast, which may or may not extend to the specific episode in question. But whether or not Choe owns the rights, Bogados posting of the short clip was an obviously lawful fair use classic criticism and commentary, with receipts.
Abusing copyright to shut down online speech isnt new its been well-documented for decades. But copyright holders continue to insist that its not a real problem. Tell that to Bogado, who is two complaints away from losing her Twitter account. Bogado has counter-noticed, a procedure that essentially allows users to seek restoration, but only if they are willing to submit to the jurisdiction of a federal court if the copyright holder decides to sue them. With EFFs help, Bogado is willing to take the risk that Choe will come to his senses, talk to a lawyer, and realize that his complaint is absurd (something he would already know if he had considered whether the use is a fair use, as he was legally required to do.) Many fair users are not willing to take that risk, much less able to find pro bono counsel to help them understand their options.
Given the proliferation of misinformation online, its crucial to prote...
07:30
AsyncAPI: A springboard for opensource professionals Linux.com
Image: Open Source Springboard by Jason Perlow, Bing Image Creator
We all start studying and training in what we like with enthusiasm and optimism. However, as time goes by, difficulties arise, making us rethink our position and values. Are we good at what we thought we were? Are we heading in the right direction? Are we investing our time correctly? Do our skills define us? Who are we, after all? Shall we go on?
Hopes and expectations always appear as two key concepts. They go hand in hand from the moment we think about what we want to train in, what we want to do, and how we imagine ourselves in the future.
And if we are persistent, or we just made the right choices when choosing our studies, we finally go on: achieving goals, passing exams, and showing to ourselves and the rest of the people that we are improving our expertise and gaining knowledge. We can keep on with our path reaching what we thought was the top, at least at that point: we got a certificate! In the form of a BA, a Masterss degree, or even a Ph.D.
Reaching that point, we think we have completed something, but, on the contrary, doubts are more intense than ever. At least, the stats tell us we are not alone. Nu...
07:16
California Bill to Stop Dragnet Surveillance of People Seeking Reproductive and Gender-Affirming Care Passes Key Committees Deeplinks
A.B. 793, a bill authored by Assemblymember Mia Bonta to protect people seeking abortion and gender-affirming care from dragnet-style digital surveillance, has passed two key committees in the California Assembly.
EFF is a proud co-sponsor of A.B. 793, along with ACLU California Action and If/When/How. The bill targets a type of dragnet surveillance that can compel tech companies to search their records and reveal the identities of people who have driven down a certain street or looked up particular keywords online. These demands, known as reverse demands, geofence warrants, or keyword warrants, enable law enforcement in states across the country to request the names and identities of people whose digital data shows theyve (for example) spent time near a California abortion clinic or searched for information about gender-affirming care online. EFF has long opposed the use of these unconstitutional warrants; following the Dobbs decision and an increase in laws criminalizing gender-affirming case, they pose an even greater threat.
So far, California lawmakers seem to understand these dangers. The bill passed on a bipartisan vote out of the Assembly Public Safety committee on April 11. Last week, it also passed the Assembly Judiciary committee.
More than 50 civil liberties, reproductive justice, healthcare equity, and LGBTQ+ advocacy groups form the support coalition on the bill, including NARAL Pro-Choice California, Equality California, Planned Parenthood Affiliates of California, and the American Nurses Association/California. The bill is now headed to the Assembly Appropriations Committee.
If you're a Californian who'd like to express your support for protecting the privacy of vulnerable people seeking healthcareand particularly if you live in the district of Assembly Appropriations Chair Chris Holden, northeast of Los Angelesplease express your support, too.
Tell Your Lawmakers To Support A.B. 793
07:13
Multiculturalism in technology and its limits: AsyncAPI and the long road to open source utopia Linux.com
Image Open Source Utopia by Jason Perlow, Bing Image Creator
Technology is not neutral. Were inside of what we make, and its inside of us. Were living in a world of connections and it matters which ones get made and unmade. Donna J. Haraway
The body is the best and the only tool humans have for life; it is the physical representation of who we are, the container in which we move and represent ourselves. It reflects our identity, the matter that represents us socially.
Humans have differentiated themselves from other animals by creating tools, using elements that increase their physical and mental capacities, extending their limits, and mediating how they see and understand the world. The body is, thus, transfixed and intermediated by technology.
In the contemporary era, technological progress has led to global interconnection. Global acc...
07:00
Debian Fixes Secure Boot For 64-bit ARM After Being Broken For Two Years Phoronix
While Debian and its derivatives are quite popular with ARM single board computers, the ARM64 Secure Boot support has been broken for at least two years. But a fix is on the way and it should appear for this year's Debian 12 "Bookworm" release...
06:34
Your Baby's Gut is Crawling With Unknown Viruses SoylentNews
Babies tumble about with more than 200 previously unknown viral families within their intestines:
Viruses are usually associated with illness. But our bodies are full of both bacteria and viruses that constantly proliferate and interact with each other in our gastrointestinal tract. While we have known for decades that gut bacteria in young children are vital to protect them from chronic diseases later on in life, our knowledge about the many viruses found there is minimal.
A few years back, this gave University of Copenhagen professor Dennis Sandris Nielsen the idea to delve more deeply into this question. As a result, a team of researchers from COPSAC (Copenhagen Prospective Studies on Asthma in Childhood) and the Department of Food Science at UCPH, among others, spent five years studying and mapping the diaper contents of 647 healthy Danish one-year-olds.
"We found an exceptional number of unknown viruses in the faeces of these babies. Not just thousands of new virus species but to our surprise, the viruses represented more than 200 families of yet to be described viruses. This means that, from early on in life, healthy children are tumbling about with an extreme diversity of gut viruses, which probably have a major impact on whether they develop various diseases later on in life," says Professor Dennis Sandris Nielsen of the Department of Food Science, senior author of the research paper about the study, now published in Nature Microbiology.
The researchers found and mapped a total of 10,000 viral species in the children's faeces a number ten times larger than the number of bacterial species in the same children. These viral species are distributed across 248 different viral families, of which only 16 were previously known. The researchers named the remaining 232 unknown viral families after the children whose diapers made the study possible. As a result, new viral families include names like Sylvesterviridae, Rigmorviridae and Tristanviridae.
Read more of this story at SoylentNews.
06:21
UPDATE: THE 2600 DIGITAL PUBLISHING CRISIS 2600 - 2600: The Hacker Quarterly
If you've been reading recent issues of 2600, you're likely familiar with some of the challenges we've been facing with certain publishing platforms. Specifically, Amazon's Kindle service has opted to discontinue supporting most magazine subscriptions. As we have many thousands of Kindle readers, this put us in a very precarious position and we have been scrambling to find solutions.
But first, an update from Kindle. We have been offered the chance to continue to be available on this platform as part of the Kindle Unlimited program, which is basically a way for readers to borrow all kinds of titles for a monthly fee. We would only be making around half of what we had been earning in the past. That could change if enough people read 2600 in this manner and, since there's no extra charge to read the magazine with this program, it's possible we could do even better if a larger number of Kindle Unlimited readers peruse our pages.
Our real goal, though, is for people to be able to subscribe to the digital edition of 2600 directly from our store. This seems like an obvious and logical thing to offer, but it's actually been quite complicated for a number of reasons.
While we recognize that many readers want the DRM-free PDF we've offered individually since 2018, the reality is that most other publishers don't embrace this. That has made it very difficult to find a way to offer DRM-free PDFs as a subscription, while keeping subscriber data secure and offering a seamless interface to our store. There simply is nothing on the market that offers what we want.
But the good news is that we've been developing a system in-house that we believe will address all of our needs without compromising subscriber privacy and without imposing any sort of content restriction. We believe we will have this in place in time for the Summer issue (due out in mid July) using DRM-free PDF and the industry-standard EPUB3 format that is compatible with virtually all e-readers and tablets. But for all of this to work, we will need a lot of support from our readers when the time comes.
To sum up, Kindle readers won't be cut off after all, but we will need many more of them to make up for Amazon's policy change. (We know there are quite a few readers who want us to remain available on the Kindle, which is why we're going to give this a shot.) For everyone else, we should finally be able to offer DRM-free PDF and EPUB3 subscriptions in the next couple of months, which will allow us to have full control over our subscriptions and not be at the mercy of huge companies that can change policy on a whim.
Thanks to everyone who has expressed concern and offered support since this all started in December. We believe we're on a good path. Stay tuned.
06:00
Messing With a Cassette Player Never Sounded So Good Hackaday
Cassette players and tapes are fertile hacking ground. One reason is that their electromechanical and analog nature provides easy ways to fiddle with their operation. For example, slow down the motor and the playback speed changes accordingly. As long as the head is moving across the tape, sound will be produced. The hacking opportunities are nicely demonstrated by [Lara Grant]s cassette player mod project.
The device piggybacks onto a battery-powered audio cassette player and provides a variety of ways to fiddle with the output, including adjustable echo and delay, and speed control. At the heart of the delay and echo functionality is the PT2399, a part from the late 90s capable of some pretty impressive audio effects (as long as a supporting network of resistors and capacitors are in place, anyway.)
05:40
Mojang Continues Crackdown on Minecraft Pirates TorrentFreak
Minecraft is unquestionably one of the most iconic and
recognizable videogames of recent times.
The game was originally created by Markus Notch Persson, the founder of Mojang Studios, which continues to develop the software today.
In the years following its initial release in 2011, Minecraft captured a truly massive audience. With hundreds of millions of copies sold, its also the best-selling video game in history, a reign that looks set to continue.
Success has transformed Mojang into a multi-billion dollar company that, through Xbox Game Studios, is now ultimately owned by Microsoft. Interestingly, another Microsoft-owned company has been at the center of several copyright disputes recently.
Eaglercraft Crackdown
A few weeks ago we reported that Mojang had asked Github to remove several Eaglercraft repositories. The software in question is a Minecraft clone that allows people to play the game in the browser, without paying for it.
In the weeks that followed, Mojang kept up the pressure. The company targeted a Discord server and a Gitlab account operated by one of the main developers. Both were shut down.
Eaglercraft developer lax1dude voluntarily removed the code from his own website after Mojang came knocking. Initially, he continued to offer the EaglercraftX 1.8 repository, providing tools and instructions on how to decompile Minecraft 1.8. He eventually took that offline as well.
Lax1dude has put up a message for Mojang on his GitHub account, explaining that hes not looking for trouble. The developers goal is simply to preserve the project after all the countless hours that were put into it.
We are not interested in fighting your DMCA complaints, neither are we affiliated with any sites still providing the infringing files, Lax1dude explains.
The goal of eaglercraft was never to pirate the game, it was just to port it to the browser, and the years of time and effort put into the port should not be killed off so violently. We ask that you contact us at the email above to talk things out and figure out a future for eagler.
New DMCA Wave
Whether Mojang ever reached out to the developer directly is unknown, but we do know that the game company isnt slowing down enforcement actions. A few days ago, Mojang sent another series of takedown requests to GitHub, targeting hundreds of Eaglercraft...
05:36
First Appellate Court Finds Geofence Warrant Unconstitutional Deeplinks
The California Court of Appeal has held that a geofence warrant seeking information on all devices located within several densely-populated areas in Los Angeles violated the Fourth Amendment. This is the first time an appellate court in the United States has reviewed a geofence warrant. The case is People v. Meza, and EFF filed an amicus brief and jointly argued the case before the court.
Geofence warrants, which we have
written
about
extensively
before, are unlike typical
warrants for electronic information because they dont name a
suspect and are not even targeted to specific individuals or
accounts. Instead, they require a provideralmost always Googleto
search its entire reserve of user location data to identify
all users or devices located in a
geographic area during a time period specified by law
enforcement.
In the Meza case, Los Angeles Sheriffs Department deputies were investigating a homicide and had video footage suggesting the suspects followed the victim from one location to another before committing the crime. To try to identify the unknown suspects, they sought a warrant that would force Google to turn over identifying information for every device with a Google account that was within any of six locations over a five hour window. The warrant covered time periods where people were likely to be in sensitive places, like their homes, or driving along busy streets. In total, police requested data for geographic area equivalent to about 24 football fields (five to six city blocks), which included large apartment buildings, churches, barber shops, nail salons, medical centers, restaurants, a public library, and a union headquarters.
Typically, as in this case, geofence warrants lay out a three-step process by which police a...
05:16
CVE-2023-22665: Apache Jena: Exposure of arbitrary execution in script engine expressions. Open Source Security
Posted by Andy Seaborne on Apr 24
Severity: importantDescription:
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts.
It allows a remote user to execute arbitrary javascript via a SPARQL query.
Credit:
L3yx of Syclover Security Team (reporter)
References:
https://jena.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-22665
04:58
SpaceX Starship Launch Heavily Damaged Launch Platform and Surrounding Facilities cryptogon.com
Update: FAA Has Grounded SpaceX Starship Super Heavy Launch Program Via: CNBC: As a result of the explosion, the Federal Aviation Administration (FAA) grounded the companys Starship Super Heavy launch program pending results of a mishap investigation, part of standard practice, according to an email from the agency sent to CNBC after the launch. No []
04:52
AMD Guided Autonomous Mode Submitted For Linux 6.4 Phoronix
As anticipated the AMD P-State driver extension building out the Guided Autonomous Mode of operation has been sent in as part of the CPU frequency scaling / power management changes for the in-development Linux 6.4 kernel...
04:44
Experts released PoC Exploit code for actively exploited PaperCut flaw Security Affairs
Threat actors are exploiting PaperCut MF/NG print management software flaws in attacks in the wild, while researchers released PoC exploit code.
Hackers are actively exploiting PaperCut MF/NG print management software flaws (tracked as CVE-2023-27350 and CVE-2023-27351) in attacks in the wild.
The threat actors were observed installing the Atera remote management software to take over vulnerable servers.
On April 19th, Print management software provider PaperCut confirmed that it is aware of the active exploitation of the CVE-2023-27350 vulnerability.
The company received two vulnerability reports from the cybersecurity firm Trend Micro for high/critical severity security issues in PaperCut MF/NG. Trend Micro announced they will disclose further information (TBD) about the vulnerability on 10th May 2023.
The company addressed both vulnerabilities with the release of PaperCut MF and PaperCut NG versions 20.1.7, 21.2.11 and 22.0.9 and later, it highly recommends upgrading to one of these versions containing the fix
We have evidence to suggest that unpatched servers are being exploited in the wild. reads the advisory published by PaperCut. PaperCut received our first report from a customer of suspicious activity on their PaperCut server on the 18th April at 03:30 AEST / 17th April 17:30 UTC. PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01:29 AEST / 13th April 15:29 UTC.
The CVE-2023-27350 (CVSS score 9.8) is a PaperCut MF/NG Improper Access Control Vulnerability. PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
The cybersecurity firm Horizon3 disclosed details of the flaw along with a PoC exploit code for CVE-2023-27350. The PoC code allows attackers to bypass authentication and execute code on vulnerable PaperCut servers.
The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authen...
04:39
Links 24/04/2023: Qt Resorting to Analytics Techrights
Contents
-
GNU/Linux
-
Linux Links Linux Around The World: USA Delaware
We cover user groups that are running in the US state of Delaware. This article forms part of our Linux Around The World series.
-
Audiocasts/Shows
-
Jupiter Broadcasting Full Wobble | LINUX Unplugged 507
Why Fedora 38 might Sway you to try it; and how it runs on the MacBook M1 Max.
- ...
-
-
04:26
Linux Foundation Formally Selling SPAM Services in Violation of Terms of Services Techrights
While pushing a CoC the Linux Foundation is shamelessly violating rules, breaking netiquette, and even sponsoring clickfraud (this has gone on for years already)
This links to Asana. And Asana is proprietary by the way!
Summary: The Linux Foundation, governed by a fraud [1, 2, 3] family (the Zemlins), is basically breaking rules of the Internet in pursuit of money; its rather incredible that any person let alone a company would wish to associate with those frauds
04:00
Get to Know the IEEE Board of Directors IEEE Spectrum
The IEEE Board of Directors shapes the future direction of IEEE and is committed to ensuring IEEE remains a strong and vibrant organizationserving the needs of its members and the engineering and technology community worldwidewhile fulfilling the IEEE mission of advancing technology for the benefit of humanity.
This article features IEEE Board of Directors members Theresa Brunasso, Vickie Ozburn, and Ali H. Sayed.
IEEE Senior Member Theresa Brunasso
Director, Region 3: Southeastern United States
Theresa
Brunasso is an IEEE senior member and the director of IEEE Region 3
(Southeastern United States).Theresa Brunasso
Brunasso, who has more than 30 years of experience in electrical engineering, specializes in electromagnetics. Her work includes designing and developing RF, microwave, and millimeter wave components and subsystems for the defense and aerospace industries.
Brunasso has said that her favoriteand what she thinks is the coolestproject was leading the team responsible for winning the contract to build the Ka-Band radar antenna used to land the Curiosity and Perseverance rovers on Mars. The team developed the antenna to be rugged, compact, and lightweight. She also led the design of the microwave feed for the antenna, which yielded low side lobes. Brunasso and the rest of the team were awarded a certificate of appreciation from the NASA Jet Propulsion Laboratory for meeting the challenging requirements on a tight schedule.
Brunasso, an active IEEE volunteer, is a member of the IEEE Microwave Theory and Techniques Society and the IEEE Antennas and Propagation Society. She has served as the IEEE Atlanta Sections secretary, vice chair, and chair. She was one of three Georgia women honored in...
03:50
The SpaceX Starship Explosion Was Deliberate SoylentNews
Perhaps not all booms are bad:
About four minutes after SpaceX's gargantuan rocket lifted from its Texas launch pad, it burst into a fireball over the Gulf of Mexico, never reaching space.
Though SpaceX hasn't shared many details yet about what happened during Starship's maiden voyage, one fact is known: It was intentionally ordered to explode.
Rockets are destroyed in the air when people's lives could be even remotely at risk of falling debris. In the days since the uncrewed test, no injuries or major property damage appear to have been reported.
When the rocket launched at 9:33 a.m. ET April 20, 2023, some of the rocket's 33 booster engines had either burned out or failed to light from the start. As Starship ascended, cameras caught views of the flames underneath it, appearing to show some of the engines had cut out.
In a statement released after the incident, SpaceX said Starship climbed to about 26 miles over the ocean before beginning to lose altitude and tumble. Then, self-destruct commands were sent to the booster and ship, which hadn't separated as planned, the company said.
Read more of this story at SoylentNews.
03:15
Fedora 39 Looks To Boost vm.max_map_count To Help Windows Games With Steam Play Phoronix
Fedora 39 this autumn is looking at boosting its vm.max_map_count default to better match the behavior of SteamOS / Steam Deck and allowing more Windows games to run out-of-the-box with Steam Play...
02:23
Fortunate Jet 22bet On Line Casino Play Lucky Jet For Real Money h+ Media
Fortunate Jet 22bet On Line Casino Play Lucky Jet For Real Money
Moreover, in 2020, 22Bet and Paris Saint-Germain, French League 1 football membership, signed a two-year deal. Advanced avid gamers spotlight six advantages that each individual may enjoy on 22Bet. 22Bet additionally has a horse racing book where you can see a good collection of horse and greyhound racing. These racing books comprise many competitions and tournaments from around the globe. The cell website allows you to filter the horse racing markets by completely different modes similar to 1v2, double probability, handicaps, and totals. At first glance, youll notice that the cell model is very comparable to the main PC web site.
Here, youll have the ability to see key leagues and matches from the left, all out there events in the primary part, and prime matches for quick bets on the best. The construction is similar in all obtainable apps, together with the 22bet PC app. Closer to the header, there may be a couple of filters that permit you to swap between varied odd sorts (Decimal, Hong Kong, UK, etc.). Here, you might also choose sports you have an interest in, examine your statistics, see outcomes, and so on.
All in all, over 200 cost strategies are supplied for purchasers of 22bet apk. You must have a registered account to access a spread of 22bet providers, together with sports betting, online casinos, digital sports activities and different merchandise. Please note that solely newbies from India whore of legal age can sign up and conduct monetary actions on 22bet. Numerous of the options listed under help customers in making probably the most of their experiences with sports activities betting and on line casino games at 22Bet. For further information on each function, see the record with particulars below.
Playing for free is a genuine option for Indian on-line casino gamers in all states, even Maharashtra. Its an effective way to test drive your casino with out having to make any kind of dedication or take on any kind of threat. The Indian-friendly on-line on line casino sites listed right here all supply free betting.
For example, you can guess on the outcome of the subsequent point in tennis or volleyball. In phrases of the desk video games on provide, these are additionally sturdy while additionally being very simple and simple to navigate round. Even those who are model new and signing up with their first on line casino website may have no downside discovering what they want. Over on the casino section you can see a variety of games together with popular Indian desk video games such asTeen Patti, Roulette and Andar Bahar amongst others.
Its rapid growth is substantiated by its wide range of handy deposit and withdrawal strategies which helps them rating the belief of its customer base. 22Bet supplies some exciting deals which are then positioned in a pool with genuine gamers, and the winnings ar...
02:22
Sports Betting Review And Promotions h+ Media
Sports Betting Review And Promotions
EcoPayz, one other well-liked e-wallet among punters has a minimum deposit requirement of INR 100. Each of those bets will must have a minimum of three choices and each of these choices should have odds of 1.40 or larger. The bonus might be credited to your bonus account after the deposit is processed efficiently. The accumulator outcomes market offers distinctive mixtures of various match outcomes with high odds. Not just that, however the betting web site additionally covers womens cricket quite extensively.
When betting in live, the coupon is crammed in when a turning event is observed on the sector. The result of the game depends tremendously on the skill of the users. It is important to learn to discard cards to reduce prices.
The reside variations of Blackjack and Roulette are something that must be skilled, as they offer spectacular visuals along with friendly sellers. Since there are games with totally different table limits, entry into considered one of these titles is lots easier than anticipated. An enormous variety of video games exist at 22Bet to offer a complete experience for on line casino gamers with varying levels of expertise. The slots have the most important illustration on this platform with titles from many developers like Endorphina, Evolution Gaming, Microgaming, Quick Spin, and extra featured.
The number of options that 22Bet presents is astonishing, making it an asset to the bettors neighborhood. It also has a fast pay-out system which is usually a really nervous spot for users. Payments have been smoother than ever, making the site fairly enticing and most well-liked by customers. McCullum joined 22Bet, an internet bookmaking company, as an ambassador in January and has appeared in its online commercials. However, the ECBs anti-corruption unit prohibits gamers, coaches, and officials from partaking in or provoking betting on matches. The board looked at the matter from a regulatory and employer viewpoint and concluded that no action was required.
The desired amount to be added is entered into the suitable field. The next step of the process entails finishing the transaction by going into the cost options switch window. Landing all bets will award you the TOTO Jackpot that can reach a quantity of crores in size!
One of the most important advantages of 22Bet is the provision of many markets to bet upon compared to many other betting sites. There are greater than forty sports activities lined by the brand and the record continues to grow. Naturally, it is easy to come back across a big spectrum of markets on in style sports like football, cricket, tennis, basketball, and golf. At the identical time, area of interest sports like skiing and desk tennis are additionally handed a decent diploma of significance. 22Bet doesnt limit a punter to desktop entry alone, as apps can be found from the model for placing bets and pe...
01:03
1xbet Registration
The minimum required deposit to stimulate the bonus supply is equal to 1 Euro. Provides one of the best Service plus the biggest number of Games , betting on Raffles, bets, Online betting in Bitcoins, Live lines for sports activities occasions and Prematch. Registration by way of sms With the betting 1xBet login review by using this technique, you have to enter and confirm the phone quantity and customary in your nation and specify the overseas foreign money. To 1xBet signing up on the portal you should click the green Register swap on the high right of the 1xBet Ghana registration website and choose one of the following strategies 1xBet registration. For occasion, you can play Blackjack with a minimum guess of $10 and a maximum wager of $5000. On the other hand, youll find a way to choose unlimited Blackjack and place bets as little as $1.
- On high of that, with these totally different sorts of themes, punters are assured that there could be a sport on the market that would swimsuit their fancy.
- So the web page doesnt look cluttered with all of the pointless tabs.
- There are hundreds of various video games that can entertain its users.
- We may be ready upon or processing your payment for your membership.
- We imagine that this programme is Aucklands most complete technical development programme, and players of all ages and skills will have the ability to see advantages that can take their sport to the following level in 2023.
Players can create affiliate packages in quite a lot of methods. The more affiliates they connect with 1xBet, the higher the reward. The desktop web site lives its own life but when you are going to disposal. One can view it even from the desktop system to assess its pros and outweigh all of the cons. Now that youve got joined many fellow males down the street to profitable betting, you can start enjoying the privilege of the bonus funds given away by 1xBet.
On the 1xBet house page, you will see a green registration icon on the top right of the web page. By clicking this icon, youll open a pop-up asking which technique you wish to use to register with this excellent site. Choose the One Click options, and you might be asked to input your nation and forex.
Operating since 2007, 1xBet has been providing a variety of bets, not just for sports events but in addition for TV video games. They provide an intensive selection of bets on worldwide sports competitions each at the club and nationwide degree. Clients o fulfill theminimum deposit and withdrawal necessities. For credit cards and financial institution transfers, processing may take as little as 1 day to five days.
So before you head over to the 1xBet web site, take a good look at all our money-saving offers and low cost codes to see what you can save. Th...
01:02
1xbet Casino New Zealand Receive Bonus $1200 h+ Media
1xbet Casino New Zealand Receive Bonus $1200
In the next step youll be asked to finish the player s personal information and registration information available. You must choose the area, foreign money and ensure the captcha used to protect against bots. Should you have a promo code, you probably can enter it in the process. The consumer receives an account number and password to enter his private account, which will he can either save within a convenient format, or mail to his e mail. You can be part of and receive a welcome supply of as much as 1500 and a hundred and fifty free spins too. You have to use the promo code STYVIP to get your palms on this glorious offer from 1xBet.
The second is a link with a coupon code, simply click on on it, and your discount will be deducted automatically from the whole quantity on the checkout. Make the acquisition benefiting from the reductions now available on Betmais. As mentioned above, there are lots of slot games and jackpots that youll find at 1xBet on line casino New Zealand, from some of the most well-known and traditional, to some exclusive to this betting platform. In addition, a lot of the slot video games and jackpots that arent from 1xBet Casino New Zealand itself, are from renowned on-line recreation developer firms corresponding to Microgaming, IGT and Playtech, for example. Leaving no stone unturned the staff right here at Stuff New Zealand Coupons are here to assist you get the easiest offers.
But earlier than you place your bets in 1 of these, you have to have a easy registration technique and receive in this system an individual how to open accounts. If you are tired of enjoying both Live Blackjack and real Blackjack at actual casinos, you must most likely attempt Online Blackjack. Playing Blackjack online instead of its different sorts has many benefits. You will get a lot better returns because it costs much less to run a game of Online Blackjack, youll get to get pleasure from free tries, you might have a big selection of choices to choose from, and extra.
The virtual bonus is credited to the bonus account right after the replenishment of the important thing account on Friday. Each 1xBet consumer may participate within the promotion only one time a week. Bonus video games any video games that happen upon Friday and are accomplished previous to the end of the day. With this Option you could get a part of the money from nonplaying gamble. Again, the method to obtain the app may be very simple, but it could differ, relying on the gadget you may be using.
Find video games with a excessive RTP share to enhance your winning potential. If you could have any questions or considerations about 1xBet, including however not limited to making a deposit, establishing an account, or enjoying a sport, the support team is out there to assist you. While the job of this new supervisory entity can be to supervise and problem lic...
01:01
1xbet Entry Is Denied How To Enter Utilizing Vpn Client 1xbet: The Best Betting App For Cell Sport-specific Coaching h+ Media
1xbet Entry Is Denied How To Enter Utilizing Vpn Client 1xbet: The Best Betting App For Cell Sport-specific Coaching
Roll-over the bonus amount you receive a minimum of 5 occasions on Accumulator bets of no less than three selections of min. odds 1.four (2/5) odds each. Place your wager near the minimal odds for a greater chance of receiving potential gains. Use your bonus throughout the 30-day restrict, and settle your bonus quantity during this time window to have the power to withdraw your bonus winnings.
To do that, please fill within the prolonged knowledge persona which includes passport knowledge. Upon initial withdrawal must submit delivery location scanned paperwork confirming identification. You can 1xBet registration on the webpage of 1xBet Ghana registration betting firm only after reaching the age of 18 years. If you wish to register for the 1xBet affiliate program you can do that when you go to partners1xbet.com and click on on Registration. It goes with out saying that you should fill all of the fields and once youre accomplished just wait for the affirmation email.
Youll have access to an incredible vary of decisions including Caribbean Stud, Bingo, Texas Holdem, Punto Banco, Pai Gow, and countless others. The casino has top games from the leading software providers, corresponding to Novomatic, Future Gaming Solutions, Playtech, Betsoft, Topgame. So, it doesnt matter what type of games youre on the lookout for, youll discover them simply and shortly at 1xBet. You can manually copy and try all 1 out there promotional codes to seek out the best discount, plus you possibly can accumulate the discount coupons with our choice of promotions and presents.
In most circumstances, gamers choose to 1xBet Ghana logon button fully, as a end result of the data is essential when filling in varieties, in order that there shall be no difficulty in withdrawing cash in the future. Lets face it; Out of the lots of, if not 1000s of top online casinos out there, for the unused eye all of them can appear considerably alike, and it can be hard to differentiate between them. So if you want to get pleasure from some many games 1xBet Casino has to offer you should download their mobile app. An 1xBet discount code is an alphanumeric code which, like coupons or paper low cost vouchers, allows you to obtain a onerous and fast discount or a share discount in your buy. So, along with the affordable costs and offers already out there on 1xBet, you can get an extra low cost on the whole of your cart or on transport. To use a 1xBet coupon, copy the related promo code to your clipboard and apply it whereas testing.
A digital first enterprise, 1xBet accepts greater than 250 payment options from everywhere in the world and provides around the clock customer assist in 30 languages. Just below, we are going to see the lists of the deposit strategies and withdrawal strategi...
01:00
1xbet On Line Casino New Zealand Receive Bonus $1200 h+ Media
1xbet On Line Casino New Zealand Receive Bonus $1200
We anticipate that the cooperation of two world-class brands might be lucrative for each parties. Barcelonas slogan is More than a club and we hope that over the subsequent 5 years, the fans will come to realize that 1xBet is more than a bookmaker. The 1x Bet app is available for obtain, as nicely as all instructions, directly from the 1x Bet Website. It has a user-friendly interface, moderna and really simple to use.
The bonus is out there pertaining to the bookie s players in all nations. Register, open the bookmaker s bank account, deposit any quantity on your invoice and participate within the promotion. 2020 Lucky Friday give is a great way to obtain additional money.
- All you have to get the most popular first-class betting app is to be of legal age for playing on this jurisdiction and have an energetic e mail handle.
- On top of that, in addition they offer extra betting opportunities which are out there in particular markets because of country-specific events.
- In the block marked with the Android emblem, you want to click on the ,wager now apk, button, after which the apk file will begin its free download to your smartphone.
- It features full functionality since one can play slots or different 1xBet on line casino games, take pleasure in watching stay streams and proper bets real-time or make choice to the pre-match betting.
- Signup for free bonuses, every day jackpots and other giveaways.
- While were diligent to solely provide you with energetic coupon code provides, an expired discount occasionally slips by way of the cracks.
For instance, new customers for poker associates earn 40% of those users month-to-month betting expenses. The offered best bookmakers have a set of unique presents, as properly as the total or cellular model. Each of the listed companies rigorously screens market trends and constantly provides new copyright bonuses and incentives for its users.
This highly effective betting platform is out there to registered gamers on PC, Mac, and cellular units. The mobile functions can easily be downloaded from the desktop platform through the App Store for IOS units, or the Google Play Store for Android devices. Also, every person can track how the statistics change, for example, during the match and thus estimates their chances normally. The greatest on-line betting apps from Bet365 reveals all statistical information adjustments during a game.
The Web Site At 1xbet Casino
Ensuring you receive their great welcome supply is of paramount importance. Make positive that you place your 5x rollover bets on at least three alternatives for each accumulator wager, every of which must be on odds of no less than 1.four (2/5). Dont use your bonus along side some other promotional options provided by the 1xbet site. Make...
00:59
1xbet Access Is Denied How To Enter Utilizing Vpn Shopper 1xbet: One Of The Best Betting App For Cellular Sport-specific Training h+ Media
1xbet Access Is Denied How To Enter Utilizing Vpn Shopper 1xbet: One Of The Best Betting App For Cellular Sport-specific Training
The 1xBet Casino truly began with sports betting, which is why they have greater than 1,000 occasions every day that shoppers can wager on. This consists of popular sports activities like hockey, ski jumping, water polo, basketball, soccer, and a lot extra. On high of that, additionally they provide additional betting alternatives which would possibly be available in specific markets because of country-specific occasions. Since its launch, the website has grown from being a struggling newbie website that accepts bets right into a gaming big with a lot to supply. The firm now has many active registered gamers, amounting to nearly half a million.
This is among the most entertaining locations to verify if girl luck is at anyones aspect. The full gaming experience is available at 1xBet Casino. Being one of the largest on-line casinos and sports activities betting sites, the casino has an enormous revenue and a fair larger roster of players. Read on to get an entire overview of this on-line gaming web site. The bookmaker managed to develop actually progressive software that presents all bells and whistles.
As the result of the bets required to redeem the bonus will directly have an effect on the quantity you can withdraw once the bonus is settled, we would advocate putting your bets near the minimal odds of 1.four (2/5). This is a less risky betting option, and provides you a better probability of selecting a successful guess, and as such the next chance of receiving potential gains into your customer account. The bonus quantity shall be credited to the customer account after the first deposit is made provided that all account details are totally right.
As youve a whole 30 days by which to rollover your bonus quantity, we suggest taking your time and doing a little research before placing your bets. 30 days is a very long time in the online betting world, with an enormous multitude of presents out there to you. As such, it would not make sense to rush into a bet on the hot favourites without first doing some research on the meeting. Take your time and suppose out your strategy rigorously, youll not regret it. The bonus amount must be settled earlier than any withdrawals can be made from a buyer account.
Depending on the payment technique chosen, the quantity of fee for the service will depend on. You can decide the precise amount of fee when you withdraw winnings from your private account steadiness in the Portal Support Service. Bookmaker arises the need for passage of strategy of verification of personality.
- The bonus is valid for a 30-day time-period after registration.
- Our professional coaches, globally recognised curriculum and teaching method that has been frequently refined for the last 38 years will work wonders in your child...
00:58
1xbet Deposit Bonus Code Join Offer 227 5 Nzd Provided 1xbet Deposit Bonus April 2023 New Zealand h+ Media
1xbet Deposit Bonus Code Join Offer 227 5 Nzd Provided 1xbet Deposit Bonus April 2023 New Zealand
For extra opportunities to win big and actually enjoy your favorite video games, we advise you to check out the promos supplied by 1xBet. We normally highlight coupons that are legitimate for the entire store, in proportion and then fastened value. After that we offer special 1xBet offers in case you are interested in shopping for something for a discount.
1xBet Sportsbook is a responsible gaming operator with 18+ certification, firewall safety, and SSL encryption. 1xBet has partnered with leading sports golf equipment such as FCB , and is a proud promoter of the Spanish skilled football league, La Liga. Other badges embody CAF official sponsor, Brasileirao Serie A, and Natus Vincere.
In order for a bonus amount to be considered settled, it have to be rolled over at least 5 times in accumulator wager. These accumulator bets should all have at least three choices, and every choice must be of min. odds 1.4 (2/5). Pay attention and browse all the foundations carefully, because it is extremely complicated and obscure. Now, lets talk better slightly below about how the 1xBet on-line on line casino welcome bonus in New Zealand works. Win actual money enjoying one-armed bandits, video poker, slots and more.
1xBet has additionally applied 2FA system to scale back unauthorized access to users accounts. Players can use the Google Authenticator app to scan the QR code and enter a 6-digit code to confirm identity. Here, at LottoRanker our main objective is so that you just can play lotto in an environment you are feeling safe and secure. For you to get pleasure from enjoying the lottery with out worrying, we gathered the easiest of on-line lottery websites at Lottorank.co.nz. 1xBet was rated as 9.2 on our listing, it stands out for its deposit methods, available lotteries and its security. Playing at 1xBet you possibly can play from many alternative international locations, so you dont have to worry whether you play from Australia, and 1xBet also provides trusted fee options to their gamers.
We anticipate that the cooperation of two world-class manufacturers might be lucrative for both events. Barcelonas slogan is More than a membership and we hope that over the next 5 years, the fans will come to realize that 1xBet is greater than a bookmaker. The 1x Bet app is out there for obtain, in addition to all directions, immediately from the 1x Bet Website. It has a user-friendly interface, moderna and really straightforward to make use of.
1xBet is dedicated to ensuring that its users have a positive and safe gaming expertise. Thanks to the casinos dedication to player safety and ethical betting, its a well-liked go-to place for these looking for simply such circumstances. Coupon codes have an expiration date, or perhaps the code is no longer legitimate, or can solely be used...
00:13
1xbet India
For those who favor taking half in on their cell gadgets, 1xBet also presents a mobile app for iOS and Android users. The 1xbet app is a cellular betting app developed by the main online on line casino and sportsbook. The app is available for Android, iOS and Windows gadgets and offers access to a wide range of sports betting and on line casino video games. With the 1xbet app, users can guess on their favorite sports activities, observe the leads to real time and access their account data.
Every person can download 1xbet free of charge and set up this playing app on their smartphone. With respect to betting options, it doesnt differ from the pc model, allowing you to play and win at any time. To make things even more dynamic, its completely optimized, the navigation may be very user-friendly, and the interface is simplified.
Using this code is free and highly really helpful and youre invited to use it when registering to the app. To withdraw the cash without difficulties, it is important to adhere to the guidelines. The bonus scheme is designed to extend the odds of winning very excessive. The workplace of the bookmaker offers varied destinations, however the most well-liked are football-related, that are out there on the website in a wide array of. In other words, youll be able to improve the sum of money you deposit when you make the first deposit. I Rates can be obtained with tiny deposits, beginning as low as $1.
Freespins are awarded after wagering the cash portion of the package with a wager of 35. The bonus should be transferred to the primary account within 7 days, in any other case, it is going to be deleted. Activate it in the Personal Profile part by entering the verification code from the SMS within the form. Before we begin, its worth mentioning that smooth utilization of the app. Its value mentioning that the app, just like the official website, may be very snug to use to have the best expertise. Only gamers which might be new to Megapari can qualify for this promotion.
Through the 1xbet app, gamblers can deposit money and withdraw winnings. [newline]Enjoy all full desktop model benefits by way of your gadget. The 1xbet app has a good structure and is well-designed. 1xBet is originally a Russian on-line sports activities betting web site that started in 2007 but shortly expanded worldwide. Currently, 1xBet is probably one of the largest and most successful betting platforms in the world and operates in over 100 nations. It comes pre-installed on iPhone, iPad, and other Apple units.
Another choice is to go to the 1xbet website for a 1xbet Download , 1XBET APP DOWNLOAD . IOS device owners can use the 1xbet software download by way of the Apple store and download the APK file on the 1xbet website. To find out what it takes to obtain
00:11
1xbet Apk Download For Android h+ Media
1xbet Apk Download For Android
The strategy of 1xBet app download for iOS is the same as for Android smartphones. The app also has a convenient interface, engaging design, simple navigation, and astonishing visible results. A punter must 1xBet obtain a bookmaker consumer from the website.
In 1xbet Apk, you might be given many types of number games, on which you will have the ability to win it by betting on any sport of your choice. The interface language is set mechanically when the software program is installed. The language model of the primary website is taken under consideration, as nicely as the players region, which is about in the App Store.
These are very low system requirements and virtually all Android units possess them. Give it one other shot after that, and it should work. A free app that may make your betting life simpler positively deserves your attention.
Yes, it is legal to play at 1xBet as the platform is absolutely licensed beneath the well-respected Curacao gaming authority. Open the freshly downloaded APK file and set up it. Sports betting can be a enjoyable and thrilling way to make more money.
Wagering necessities should be absolutely met in order to have the ability to withdraw funds from the account. Only users with a one registered account can take part in bonus packages. The screenshots present the different sections of 1xBet app interface.
As quickly as they need a withdrawal, they begin writing to the administration. This may take a while, and even require extra checks. Then obtain the set up file directly from the Internet. [newline]Find it in the Downloads folder and run the set up, which often takes no extra than three minutes. Upon completion of the process, return to the settings, and restore the unique parameters. Keep in thoughts that this type of software is
1xbet primary screen1xbet casino1xbet bettingThe largest advantage of utilizing the 1xBet app is the improved state of freedom. You dont have to be tied to your personal pc all day or go to any bookmaker daily. With the assistance of some clicks, youll have access to a lot of the benefits of the well-known worldwide bookmaker and on-line casino. In the screenshots provided, you presumably can see the 1xBet apps look. 1xbet obtain for ios has been rated as some of the dependable cell apps for betting on sports in both Android and iOS markets.
But anyway, Id certain suggest u guys to try it out. To do this, you need to download the applying on the official web site and install it on your smartphone in accordance with the instructions we gave on this web page. After this, a shortcut will appear on the desktop to launch the appliance. You can place a stay guess during a match, allowing you to watch what is happening on the sector and make extra correct betting selections. This possibility is suitable fo...
00:08
Search Outcomes For pocket Sport Developer Apk Openak319com 888 On Line On Line Casino Login 1xbet Withdraw Drawback Openak319com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Might 50% Cashback Sayong Unang Deposit!$$c2 h+ Media
Search Outcomes For pocket Sport Developer Apk Openak319com 888 On Line On Line Casino Login 1xbet Withdraw Drawback Openak319com$$limitadong Regalo!mag Register Para Makakuha Ng P50 Might 50% Cashback Sayong Unang Deposit!$$c2
Virtual sports activities are very fast, and you can make some cash if you place a correct prediction, as the outcome will be identified in only a few minutes. In the 1xBet app, yow will discover video games such as Golden Race, Leap, DS Virtual Gaming, games, and many others. All the games are powered by software providers corresponding to Nsoft, DS, Scout Network, and others. Many famend software suppliers energy the casino at 1xBet, such as Pragmatic Play, NetEnt, Ezugi, and a lot of others. However, we additionally offer our own games, that are the 1xLive ones.
The app and the simplified model are virtually the same. The styling, structure, sports and bonuses are the same. Differences can be highlighted in the usability, in addition to within the scale of some interface elements. The 1xBet app can be used to get recommendation from a support representative. The app guarantees the confidentiality of private and payment info.
A positive coefficient will point out that the online winnings shall be less than the wager amount. The plus coefficient shows the size of the players internet revenue at a bet of a hundred items. Thus, the coefficient (+110) will imply that with a bet of 100 models, the player will receive a profit of 110 units.
The betting agency has a complicated Tech staff that oversees the operation of the location. The Advancement bonus is useful when youre running out of cash in your 1xbet virtual bank account. In the event that there are two unresolved betting slips with energetic bets, you could place the Advancement immediately on the guess slips. The iOS cellular app interface is divided into two elements. Events scheduled for the approaching season are proven throughout the main part, while stay events which might be at present occurring are proven within the second part. Yes, it makes no difference which device you employ as a outcome of 1xBet is supported on each iOS and Android as properly as Windows.
1xBet players can immediately deposit by way of a variety of prompt and safe payment strategies together with Visa, Mastercard, Skrill, and all kinds of cryptocurrencies. Never worry about updating your app or downloading an enormous file! With 1xBets mobile website youll have the ability to play instantly immediately in your devices browser. 1xBet could have began out as a sportsbook; it has now grown into a full gaming platform that includes a world-class casino section!
Here you will discover not only slot machines, but also a lot that our gamers value. India CSR is the largest media on CSR and sustainability providing numerous content material throughout multisectoral issues on enterprise accountability. Depending...
00:06
1xbet Bull Slots Apk Obtain 2023 h+ Media
1xbet Bull Slots Apk Obtain 2023
Virtual sports are very quick, and you might make some money should you place an accurate prediction, because the result will be recognized in only a few minutes. In the 1xBet app, yow will discover video games corresponding to Golden Race, Leap, DS Virtual Gaming, games, and tons of others. All the games are powered by software program providers such as Nsoft, DS, Scout Network, and others. Many renowned software suppliers energy the on line casino at 1xBet, similar to Pragmatic Play, NetEnt, Ezugi, and plenty of others. However, we also provide our own games, that are the 1xLive ones.
Over the course of a month, I tried many games in demo mode to learn the way it works, which I advise you to do as nicely. You cannot deposit money just to do this or that sport. You might access fantasy sports activities video games utilizing the 1xBet betting app or website. The games are listed in orderly columns in the lobby, with a timer on the side indicating when the next recreation will start. The 1111 matches are presented first, adopted by the 88 tables. The sports activities that we offer on this part embody cricket, soccer, and others.
After downloading and putting in the 1xbet free app for the device you are utilizing, Android or iOS, the following step is registering. Users who have already got a 1xbet account dont have to enroll and may sign up, make financial transactions and make bets. The interface for gaming on the cellular model is appropriate with landscape and portrait modes. Gamers can choose which methodology is interesting to them when putting bets. 1xBet is not inferior to other on-line on line casino sites, even when it comes to buyer assist. As talked about within the last section of the article, not all on-line casinos can boast of the ability to supply the consumer with all the necessary companies.
So when you first land on the primary page, you will count on an inventory of upcoming sports matches and occasions along with high odds and other particulars. First of all, see in case your gadget meets the minimum system necessities and if youve adjusted your security settings. When these issues are settled, you possibly can wait somewhat bit in the case of upkeep issues. If this doesnt work, you possibly can always contact the client help group to resolve your issues or simply start betting by way of the mobile-optimised site.
In comparison with the online site, the Android or Apple applications grant an equal variety of deposit/withdrawal approaches. To observe the obtainable banking strategies in your area, go to the My Account tab and choose deposit or withdrawal choices correspondingly. 1xbet cell exhibits no disadvantages of a cellular site model. To carry out the successful 1xbet app download, you should go to the main web page first.
Popular forms of Poker on 1xbet embody Poker Dog, American Poker, Bonus Poker, Lucky Poker and Tower Poker. Playing...