IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Friday, 28 April

00:59

[$] Unprivileged BPF and authoritative security hooks LWN.net

When the developers of the Linux security module (LSM) subsystem find themselves disagreeing with other kernel developers, it tends to be because those other developers don't think to or don't want to add security hooks to their shiny new subsystems. Sometimes, though, the addition of new hooks by non-LSM developers can also create some friction. Andrii Nakryiko's posting of a pair of BPF-related security hooks raised a couple of interesting questions, one of which spurred a fair amount of discussion, and one that did not.

00:35

Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware Security Affairs

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware.

Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950). The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and Raspberry Robin infection. Since April 13, Lace Tempest added the PaperCut exploits to its arsenal.

In the attack observed by Microsoft, the group ran multiple PowerShell commands to deliver a TrueBot DLL, which connected to a C2 server, attempted to steal LSASS credentials, and injected the TrueBot payload into the conhost.exe service.

Then Lace Tempest dropped a Cobalt Strike Beacon implant, gathered additional information on the target environment, and used WMI for lateral movement. The group used the file-sharing app MegaSync for data exfiltration.

Microsoft is also monitoring a separate cluster of attacks exploiting PaperCut flaws to deliver the Lockbit ransomware. The company warns that other financially motivated groups could adopt a similar infection chain.

00:00

The Modern WWW, Or: Where Do We Want To Go From Here? Hackaday

From the early days of ARPANET until the dawn of the World Wide Web (WWW), the internet was primarily the domain of researchers, teachers and students, with hobbyists running their own BBS servers you could dial into, yet not connected to the internet. Pitched in 1989 by Tim Berners-Lee while working at CERN, the WWW was intended as an information management system thatd provide standardized access to information using HTTP as the transfer protocol and HTML and later CSS to create formatted documents inspired by the SGML standard. Even better, it allowed for WWW forums and personal websites to begin to pop up, enabling the eternal joy of web rings, animated GIFs and forums on any conceivable topic.

During the early 90s, as the newly opened WWW began to gain traction with the public, the Mosaic browser formed the backbone of the WWW browsers (web browsers) of the time, including Internet Explorer which licensed the Mosaic code and the Mosaic-based...

00:00

New Intel Linux Graphics Driver Patches Allow Tuning For Up To 10~15% Better Performance Phoronix

After profiling and raising an issue by Google's Chrome OS engineers, there is a set of "request for comments" patches out today for the Intel Linux graphics driver that can provide 10~15% better performance when operating in the tuned mode...

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Thursday, 27 April

23:42

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan The Hacker News

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The

23:23

High rate of concurrent retinal non perfusion encountered in Pediatric patients with optic nerve hypoplasia Lifeboat News: The Blog

A new study published in the American Journal of Ophthalmology suggests that there seems to be a significant rate of concomitant retinal nonperfusion in pediatric optic nerve hypoplasia (ONH) patients.

This study was carried out by Natasha da Cruz and colleagues to report the correlation between peripheral retinal nonperfusion, secondary problems, and optic nerve hypoplasia in pediatric patients.

The Bascom Palmer Eye Institute conducted the Retrospective case series investigation between January 2015 and January 2022. Age under 18 years old, a clinical diagnosis of optic disc hypoplasia, and an acceptable-quality FA were the inclusion criteria.

Read more

23:22

We Finally Know How Quasars Become The Brightest Objects in The Universe Lifeboat News: The Blog

The Universe is swarming with galaxies, billions upon billions as far as the eye can see. And among this multitude, some galaxies really stand out in a spectacular way.

These are the quasar galaxies. Powered by an active supermassive black hole guzzling material at such a tremendous rate, they blaze with some of the brightest light in the Universe, lighting up the galactic center right across the electromagnetic spectrum. For decades, astronomers have wondered why some galaxies have such extreme activity and others do not.

Now they think theyve cracked it. By making a careful study of nearby quasar and non-quasar galaxies, a team led by astrophysicist Jonny Pierce of the University of Hertfordshire in the UK concludes that, in a majority of cases, quasar activity is triggered when two galaxies start the process of colliding and merging.

Read more

23:22

Is our Universe standing still? Examining Einsteins key theory through the cosmic yin-yang Lifeboat News: The Blog

Is there such a thing as absolute motion? Modern science, as represented by Einsteins theory of relativity, says no. After all, absolute motion would require that there exists a single coordinate system or common reference point that all observers could agree is stationary. Such a coordinate system doesnt exist.

But modern science has also found a way to observe the coordinate system of the entire visible Universe. If one can find a coordinate system in which the visible Universe is stationary, isnt that the right one? Whats the truth behind this, and does it invalidate Einsteins theory? And how does the yin-yang symbol come into play?

Einsteins theory of relativity makes many counterintuitive claims, but those claims are consequences of one fundamental assumption: that any individual is perfectly justified in assuming that they are the one, unmoving, thing in the entire Universe. This assertion could be called the cosmic egotist principle. Essentially, you are the one thing around which the entire Universe revolves.

Read more

23:22

Study suggests that maintaining normal vitamin D levels may benefit patients with advanced skin cancer Lifeboat News: The Blog

New research indicates that for patients with advanced skin cancer, it may be important to maintain normal vitamin D levels when receiving immunotherapy medications called immune checkpoint inhibitors. The findings are published by Wiley online in CANCER, a peer-reviewed journal of the American Cancer Society.

Vitamin D has many effects on the body, including regulation of the immune system. To see whether levels of vitamin D might impact the effectiveness of immune checkpoint inhibitors, investigators analyzed the blood of 200 patients with advanced melanoma both before and every 12 weeks during immunotherapy treatment.

A favorable response rate to immune checkpoint inhibitors was observed in 56.0% of patients in the group with normal baseline vitamin D levels or normal levels obtained with vitamin D supplementation, compared with 36.2% in the group with low vitamin D levels without supplementation. Progressionfree survivalthe time from treatment initiation until in these groups was 11.25 and 5.75 months, respectively.

Read more

23:03

Photos: RSA Conference 2023 Early Stage Expo Help Net Security

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. The Early Stage Expo is an innovation space dedicated to promoting up-and-comers in the industry. The featured vendors in our photo gallery are: Paladin Cloud, Token, Privado, Fend, Cytellix, Seraphic, Inside-Out Defense, Session Guardian, Oxeye, Myota, Tromzo, Surf, Operant, At bay, HackNotice, Cybervadis, Viso Trust, Mammoth, Mesh Security, Radiant More

The post Photos: RSA Conference 2023 Early Stage Expo appeared first on Help Net Security.

23:02

Security updates for Thursday LWN.net

Security updates have been issued by Fedora (chromium, perl-Alien-ProtoBuf, and redis), Oracle (kernel), SUSE (dmidecode, fwupd, libtpms, libxml2, openssl-ibmca, and webkit2gtk3), and Ubuntu (cloud-init, ghostscript, linux, linux-aws, linux-aws-5.15, linux-azure, linux-gke, linux-gke-5.15, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle, linux-oracle-5.15, linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.19, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-raspi, and linux, linux-aws, linux-kvm, linux-lts-xenial).

22:53

Even Worms Get the Munchies SoylentNews

hubie writes:

Even worms get the munchies:

If you give a worm some weed, he might just need a snack. Worms exposed to a cannabinoid became even more interested in the kind of food they already prefer, new University of Oregon research shows. The effect is analogous to a cannabis user's craving potato chips and ice cream after a few puffs a phenomenon scientists call "hedonic feeding," but known more colloquially as "the munchies."

[...] The endocannabinoid system is a far-reaching signaling network that helps regulate key body systems like appetite, mood, and pain sensation. Molecules called endocannabinoids send chemical messages by interacting with cannabinoid receptors, special proteins that are sprinkled throughout the body and brain. Normally, these messages help keep different body systems in balance. But certain compounds in cannabis, like THC, also interact with cannabinoid receptors, making users feel "high" after partaking and causing other effects, too.

[...] To see how cannabis-like substances might affect the worms' food preferences, Lockery's team soaked the worms in anandamide. Anandamide is an endocannabinoid, a molecule made by the body that activates the body's cannabinoid receptors.

Then, they put the worms into a T-shaped maze. On one side was high-quality food; on the other side, lower-quality food. Even under normal conditions, the worms prefer the high-quality food. But when soaked in anandamide, that preference became even stronger they flocked to the high-quality food and stayed longer than usual.

"We suggest that this increase in existing preference is analogous to eating more of the foods you would crave anyway," Lockery said. "It's like choosing pizza versus oatmeal."

Read more of this story at SoylentNews.

22:30

Skyhigh Security unveils major updates to product portfolio Help Net Security

Skyhigh Security announced the addition of several new capabilities to its Security Service Edge (SSE) portfolio at RSA Conference 2023. The features and functionality converged in the Skyhigh Cloud Platform reinforce Skyhigh Securitys mission to protect the worlds data with an easy to use, customer-first approach. According to The Data Dilemma: Cloud Adoption and Risk Report, on average, organizations store 61% of their sensitive data in the cloud, a 48% increase from 2019. Most have More

The post Skyhigh Security unveils major updates to product portfolio appeared first on Help Net Security.

22:24

Zink OpenGL-On-Vulkan Driver Enables Shader Object Support Phoronix

Introduced one month ago in Vulkan 1.3.246 was the new VK_EXT_shader_object extension that was worked on by developers from Activision to Valve. Zink lead developer Mike Blumenkrantz at Valve has been busy the past few weeks on getting this shader object support wired up for use by this OpenGL-on-Vulkan driver...

21:45

LimeRAT Malware Analysis: Extracting the Config The Hacker News

Remote Access Trojans (RATs) have taken the third leading position in ANY. RUN's Q1 2023 report on the most prevalent malware types, making it highly probable that your organization may face this threat. Though LimeRAT might not be the most well-known RAT family, its versatility is what sets it apart. Capable of carrying out a broad spectrum of malicious activities, it excels not only in data

21:30

Thales CTE-RWP protects critical files and folders from ransomware attacks Help Net Security

At RSA Conference 2023, Thales launched CipherTrust Transparent Encryption Ransomware Protection (CTE-RWP), an optional licensed feature to the CipherTrust Data Security Platform. CTE-RWP will elevate the protection of customer files and folders from ransomware attacks via access management controls and encryption processes. According to the 2023 Thales Data Threat Report, 49% of IT professionals reported an increase in ransomware attacks with 22% of organisations having experienced a ransomware attack in past 12 months. Ransomware attacks More

The post Thales CTE-RWP protects critical files and folders from ransomware attacks appeared first on Help Net Security.

21:15

Photos: RSA Conference 2023, part 3 Help Net Security

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is here, and Part 2 is here. Here are a few photos from the event, featured vendors include: Tehtris, SentinelOne, Armis, Cisco, FBI, Arctic Wolf, Thales, Trellix, Palo Alto Networks.

The post Photos: RSA Conference 2023, part 3 appeared first on Help Net Security.

21:06

21:00

Is An ADS-B Receiver The Solution For Drone Pilots? Hackaday

Over the years here at Hackaday, weve covered a range of stories about the ongoing panic surrounding drone flights. From plastic bags reported as drone incidents through to airports closed with no evidence of drones being involved, its clear that drone fliers are an embattled group facing a legal and aeronautical establishment that seems to understand little about them or their craft.

It sometimes seems to be a no-win situation for fliers, but perhaps [XJet] has something which might improve matters. Hes published a video showing off a portable ADS-B receiver which could be used by drone pilots to check for any aircraft in the vicinity and perhaps more importantly allow the drone community to take the moral high ground when problems occur.

The receiver isnt particularly special, being a Raspberry Pi with LCD screen and an RTL-SDR receiver in a nice 3D printed enclosure. He says hell be publishing all software and build details in due course. But its the accessibility which makes it such a good idea, instead of being a very expensive safety device its a receiver that could probably be made with a less powerful Pi for under $100.

There is of course a flaw in the plan, that not all pilots are concerned enough for their safety to fit an ADS-B transponder to their aircraft, and so are in...

21:00

Linux Has A New Firewire IEEE-1394 Maintainer - Intends To Maintain Support To 2029 Phoronix

It's likely been years since many of you have heard of Firewire and some readers likely never had the opportunity to use it. The Firewire interface was great back in the day and during the early period of digital video cameras, but modern versions of USB and Thunderbolt are far faster, allow longer cable distances, and numerous other advantages. While Firewire hasn't seen much activity in years and can be outpaced by USB 3.0 and beyond, there is a new Firewire subsystem maintainer for the Linux kernel and he intends to keep at it for the next six years...

20:56

CryptoRom: OkCupid scam cost Florida man $480k we followed the money to Binance Security Affairs

CyberNews analyzed a classic cryptocurrency romance scam, also known as CryptoRom, explaining how scammers hid the money

CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen funds ended up in Binance accounts.

A man from Florida in the US recently reached out to Cybernews for help. Scammers had lured him into parting with $480,000 after cultivating a long-term relationship, eventually coaxing him into making cryptocurrency investments.

Usually involving fake romantic interest, the scheme is known as cryptocurrency romance or CryptoRom. This increasingly popular scam is often run by criminal gangs in Southeast Asia, where the affair is called Sha Zhu Pan, a Chinese phrase that means pig butchering.

CryptoRom scams are very sophisticated and indicate a vast criminal organization behind the curtain. This certainly necessitates a significant amount of social engineering. This type of scam has an enormous psychological toll on victims in addition to their financial loss, the researchers said.

The Cybernews research team meticulously followed the money that the victim sent to scammers in seven installments. Even though the crooks attempted to hide the funds, moving money between several accounts, the team managed to locate the victims money in Binance, the worlds largest crypto exchange.

Heres how we did it.

CryptoRom

The scam

The victim first met the scammers via OkCupid, a popular online dating app. The crooks used a fake profile to develop a romantic relationship with the victim online, slowly gaining the trust of the Floridian.

This type of fraud is particularly vicious as scammers carefully cultivate long-term relationships with their victims. Not a single word about crypto investments or even money may be uttered f...

20:48

Vulkan 1.3.249 Introduces New Ray-Tracing Extension Phoronix

Vulkan 1.3.249 is out today as the latest spec update for this industry-standard high performance graphics and compute API. Notable with Vulkan 1.3.249 is the introduction of VK_KHR_ray_tracing_position_fetch...

20:30

ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0 Help Net Security

ThreatX announced the expansion of its platform offering with the release of a new Botnet Console and API catalog 2.0. These new dashboards, unveiled at RSA Conference 2023, will help security teams rapidly investigate automated threats and attempts to abuse APIs with enhanced metrics, analytics, and visualizations. Attackers use botnets and other advanced techniques to exploit APIs and applications and evade detection thanks in part to solver services that are sold on the dark web. More

The post ThreatX strengthens API and application protection with Botnet Console and API Catalog 2.0 appeared first on Help Net Security.

20:29

The Old Radeon "R600g" Gallium3D Driver Drops Its TGSI Code Path Phoronix

For those making use of the Radeon R600 Gallium3D driver within Mesa for supporting the Radeon HD 2000 series through the HD 6000 series (pre-GCN) graphics cards, Mesa 23.2 is finally ready to drop its TGSI code path for what was once the default intermediate representation (IR) used by Gallium3D drivers but in more recent years NIR has become the preferred IR format...

20:21

Pirate Streaming Giant Pobre.tv Was Bigger Than Netflix, Now Its Gone TorrentFreak

pobreTwo years ago, the Motion Picture Association (MPA) reported the Portuguese streaming site MrPiracy to the U.S. Trade Representative.

The Hollywood anti-piracy group described the site as a notorious pirate operation that should be dealt with accordingly.

Whether this diplomatic lobbying effort had a direct effect is not clear, but MrPiracy.top shut down a few weeks later. Interestingly, however, it didnt take long for another site to step up and take its place.

Pobre.tv Rises

The successor was Pobre.tv, where Pobre is Portuguese for poor. The site offered many thousands of movies and TV shows free of charge and quickly became the go-to entertainment portal for millions of people.

This meteoric rise was in part facilitated by the old MrPiracy domains, which were redirected to Pobre without an official explanation. Perhaps the old behemoth willingly handed over the reigns to this newcomer, or there might have been some kind of deal behind the scenes.

In part due to these redirects, the popularity of Pobre.tv and Pobre.wtf in Portugal was massive from the get-go. Up until last month, it was ranked among the top 25 most visited sites in the country, beating the web traffic numbers of legitimate platforms such as Netflix, HBO, and Disney.

Top Streaming / TV sites in Portugal

pobre

Enforcement Efforts Begin

PobreTVs status didnt go unnoticed by rightsholders. Over the last year, the MPA-led Alliance for Creativity and Entertainment (ACE) tried its best to identify the operators through a series of DMCA subpoenas, targeted at Cloudflare.

The first DMCA subpoena, through which Cloudflare was asked to share identifying information of the domain names owner, was filed early last year, with another one following in November.

Whe...

20:17

PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates Help Net Security

Clop and LockBit ransomware affiliates are behind the recent attacks exploiting vulnerabilities in PaperCut application servers, according to Microsoft and Trend Micro researchers. The detected campaings Microsoft is attributing the recently reported attacks exploiting the CVE-2023-27350 and CVE-2023-27351 vulnerabilities in print management software PaperCut to deliver Clop ransomware to the threat actor tracked as Lace Tempest (overlaps with FIN11 and TA505), Microsoft shared. Lace Tempest (DEV-0950) is a Clop ransomware affiliate that has been observed More

The post PaperCut vulnerabilities leveraged by Clop, LockBit ransomware affiliates appeared first on Help Net Security.

20:15

RTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts The Hacker News

The threat actors behind RTM Locker have developed a ransomware strain that's capable of targeting Linux machines, marking the group's first foray into the open source operating system. "Its locker ransomware infects Linux, NAS, and ESXi hosts and appears to be inspired by Babuk ransomware's leaked source code," Uptycs said in a new report published Wednesday. "It uses a combination of ECDH on

20:13

Intel Lunar Lake HD Audio & Other Sound Changes For Linux 6.4 Phoronix

Linux sound subsystem maintainer and SUSE engineer Takashi Iwai submitted all of the sound driver updates this week for the ongoing Linux 6.4 kernel merge window...

20:09

Bosch to Acquire TSI Semiconductors for $1.5B to Boost US Chip Production SoylentNews

upstart writes:

Bosch to acquire TSI Semiconductors for $1.5B to boost US chip production:

Bosch will acquire the assets of U.S. chipmaker TSI Semiconductors to expand its semiconductor business with silicon carbide chips (SiC), the German engineering and technology giant said Wednesday.

The acquisition includes a $1.5 billion investment over the next few years to upgrade TSI Semiconductors' manufacturing facilities in Roseville, California. Starting in 2026, the first chips will be produced on 200-millimeter wafers based on silicon carbide.

News of more chips being produced on U.S. soil is welcome in the automotive world, one of the industries most affected by the global semiconductor shortage that began with the COVID-19 pandemic. The shortage started when factories shut or slowed production due to lockdowns, thus disrupting global supply chains. A surge in demand for electronics as people stayed inside, as well as a boom in demand from an automotive industry determined to go electric and build smarter vehicles, only exacerbated the problem.

Electric vehicles on average use more chips than their gas-powered counterparts, and most new EVs hitting the market today promise advanced driver assistance systems and high-tech infotainment systems. As a result, in 2021, the average car had about 1,200 chips, twice the number in 2010, and a figure that will likely increase.

SiCs, which Bosch's new factory will produce, have been a hot commodity among automakers, as well. The company says the market for SiCs has grown by 30% a year on average, and that's in part because they offer greater range and more efficient recharging for EVs. They also lose up to 50% less energy, last longer and require less maintenance.

Bosch expects an average of 25 of its chips will be integrated in every new vehicle by 2025.

Original Submission

Read more of this story at SoylentNews.

20:06

19:54

Microsoft Leaving Atlanta Techrights

Is Microsoft Leaving Atlanta?

Summary: In Seattle, Redmond and Bellevue (Washington) Microsoft has hit the brakes and laid off many people (more than it admits to the press); apparently Atlanta too is impacted (skip to 1:22)

19:22

More customers say tap-to-pay charged their credit card through bags, pockets Lifeboat News: The Blog

Several viewers told 7 On Your Side tap-enabled systems captured their credit card information at a variety of places a restaurant, a store, even a doctors office. So is this going to happen more? https://abc7ne.ws/3Lgpkzu.

#news #money #creditcard #technology #taptopay #abc7news

Read more

19:22

18:43

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks Security Affairs

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India.

Iran-linked Charming Kitten group, (aka APT35PhosphorusNewscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia.

Now researchers from Bitdefender uncovered a new campaign targeting users in the U.S., Europe, the Middle East and India. The Charming Kitten used a new custom malware, dubbed BellaCiao, that is tailored to suit individual targets and is very sophisticated.

The name BellaCiao comes from the Italian folk song about resistance fighting.

The researchers pointed out that after a transition of power in 2021, the IRGC and the Iran-linked APT groups adopted a more aggressive strategy. Charming Kitten and other Iran-linked APT groups were observed quickly weaponizing publicly disclosed PoCs.

Bitdefender identified multiple samples of the BellaCiao malware, each of them was customized to target a specific victim and included hardcoded information such as company name, specially crafted subdomains, or associated public IP address.

All samples that we collected included .pdb paths. PDB (Program DataBase) is a file format used by Microsoft Visual Studio for storing debugging information about an executable or DLL file. reads the report published by Bitdefender. We used it to extract build information of project, including the project name and path that was configured in Visual Studio.

Z:\BellaCiao\BellaCiao\More Targets\<Country>\<Public IP>\<Hostname>\backdoor\Microsoft...

18:34

GitHub introduces private vulnerability reporting for open source repositories Help Net Security

GitHub has announced that its private vulnerability reporting feature for open source repositories is now available to all project owners. General availability The private vulnerability reporting feature provides a direct collaboration channel that allows researchers to more easily report vulnerabilities, and maintainers to easily fix them. It has been available in public beta since November 2022. Since then, maintainers for more than 30k organizations have enabled private vulnerability reporting on more than 180k repositories, receiving More

The post GitHub introduces private vulnerability reporting for open source repositories appeared first on Help Net Security.

18:20

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware The Hacker News

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the name Lace Tempest (formerly DEV-0950), which overlaps with other hacking groups like FIN11, TA505,

18:00

Versatile DRAM Board Adds Memory to Any Heathkit H8 Variant Hackaday

A modern DRAM board for the Heathkit H8 computer

Ask anyone to name a first-generation home computer from the 1970s, and theyll probably mention the likes of the Altair 8800 and IMSAI 8080. But those iconic machines werent the only options available to hobbyists back in the day: Heathkit, famous for its extensive range of electronic devices sold in kit form, jumped on the microcomputer bandwagon with their H8. Though it always remained a bit of an obscure machine, several dedicated enthusiasts kept making H8-compatible hardware and software long after the computer itself went out of production. That tradition continues in 2023, with [Scott M. Baker] producing a brand-new DRAM board thats compatible with

Although the Heathkit H8 was designed around the Intel 8080 processor, it could also be equipped with a Z80. [Scott] had built an 8085 based CPU board as well, meaning that any other hardware he developed for the H8 had to support these three processors. For something as timing-critical as a memory board, this turned out to be way harder than hed expected.

First off, he had already made things difficult for himself by choosing DRAM rather than the simpler SRAM. Whereas SRAM chips can be more or less directly hooked up to the CPUs address and data buses, a DRAM setup needs refresh circuitry to ensure the data doesnt leak out of the chips internal capacitors. [Scott] decided to use the classic D8203 DRAM controller to do...

17:26

China Joins US and Europe in Musing on 3D-printed Moon Bases SoylentNews

upstart writes:

Chang'e 8 missions will check whether regolith harbors appropriate materials:

China's space program has decided to no longer worry about hauling construction materials to the Moon and just 3D print buildings onsite instead, said state-sponsored media on Monday.

China Daily said the Chang'e 8 lunar mission would conduct onsite investigations to see if lunar materials would be appropriate for the job. Wu Weiren, a leading scientist at the China National Space Administration (CNSA), told the outlet that lunar soil would be printed into the construction units.

He added that [scientists] at Tongji University in Shanghai and Xi'an Jiaotong University in Shaanxi Province had "already begun studying the possible applications of 3D printing technology on the Moon."

It is globally understood that astronauts will work and live on the Moon and will need not only infrastructure, but also the ability to repair and construct tools and resources independently.

"If we wish to stay on the Moon for a long time, we need to set up stations by using the Moon's own materials," Wu told China Daily.

[...] China achieved its first lunar landing in 2013. Chang'e 8 is expected to launch in 2028 after Chang'e 6 and 7. China plans to place an astronaut on the lunar surface by 2030.

Original Submission

Read more of this story at SoylentNews.

17:22

Googles cloud business turns profitable for the first time on record Lifeboat News: The Blog

Google has been vying to win business from big corporations and government agencies that are deciding between major tech vendors as they move from traditional data centers to the cloud and rely on more compute-heavy applications involving artificial intelligence. Amazon Web Services, the leader in cloud infrastructure, popularized the market in the mid-2000s and has been profitable every quarter since 2014. Microsoft, the second-biggest player in the space, doesnt report profitability figures for its Azure unit.

Alphabet started disclosing cloud revenue in 2020, and the following year began providing information on the scale of its operating losses.

Last week Alphabet restated operating income for cloud and its other segments, resulting in lower cloud losses in 2021 and 2022. The restated numbers show the cloud unit had a $186 million operating loss in the fourth quarter, compared with $480 million before the change, for example.

Read more

17:00

Epidemic of 15-19 Year Olds Dropping Dead in Schools and Dorms Across USA and Canada in April 2023 Terra Forming Terra





When something serious is going down you have what i refer to as statistical outlyers that are otherwise impossible.  What is truly impossible is the actual numbers.

Yet here we are and i do notice that the propagandists are now silent. lilely do not wish to be publically stoned.

That is not a low probability either.  Once all understand the con, forgiveness will be in short supply

The BIG question, is just when does 0enter decline.  this matters.excess deaths 


Epidemic of 15-19 Year Olds Dropping Dead in Schools and Dorms Across USA and Canada in April 2023


By Dr. William Makis
Global Research, April 24, 2023




**

There truly seems to be an epidemic of sudden deaths in schools across USA and Canada recently. Here are the most recent tragic cases.

Jena, LA 15 year old Jena High School student Kameron Shelton died in class at 11am on April 18, 2023 (click here)

...

: Researchers study molecular bindings to develop better cancer treatments Terra Forming Terra





Interesting research here and may lead to ne therapeutic discoveries or at least superior resolution of what happens.

Still slo mo work but uses a novel tool.  Promising because we ar4e now close bto best resolutions.

All good.


Media Release: Researchers study molecular bindings to develop better cancer treatments

Victoria Schramm
Communications Coordinator
...

Medieval Maverick: Roger Bacon's Quest for Knowledge and Truth Terra Forming Terra


A biography we should all see early. He was an independent thinker who won patrons in spite of all that.

Yet he also a reminder of the path. In his time he largely advanced knowledge.  Yet great swathes of time would pass for another to arise.

Many call themselves philosophers, or scientists or academics.  Few truly make it.  

Medieval Maverick: Roger Bacon's Quest for Knowledge and Truth

https://www.ancient-origins.net/history-famous-people/roger-bacon-0018320?

23 APRIL, 2023 

 ROBBIE MITCHELL

In the Middle Ages, knowledge was largely limited to what could be gleaned from ancient texts and the teachings of the church. However, there were those who refused to accept the limitations of their time and pushed the boundaries of knowledge in pursuit of truth and discovery. Among these pioneers was Roger Bacon, a 13th-century scholar whose contributions to science, philosophy, theology, and linguistics challenged traditional ways of thinking and paved the way for new ideas and advancements. In this article, we will delve into the life, work, and legacy of this fascinating and influential figure, and explore the lasting impact of his ideas on the world we know today.


Roger Bacon, The Life of the Rebel Philosopher

Bacon was born in Ilchester in Somerset, England in the early 13th Century. His precise date of birth is unknown, with some earlier historians claiming he was born as early as 1210 and many modern historians opting for around 1220.

Little is known about his early life. It is believed that his family was relatively wealthy and that this allowed him to study at Oxford as a young man. It is likely that his tenure at Oxford was heavily influenced by Robert Grosseteste, another pr...

How like the kiwi we are Terra Forming Terra



What has become clear 1is that evolution is driven by consiousness likely the equal of our own vand is certainly not limited by physical brain size.  It is also clearly here that,and particularly in this item that 
 evolution will test the physical limits.

Yet recall, that multicell adaptation is remarkably finite.

So given finite choices, we see our lifeway repeated because it is handy.



How like the kiwi we are

To understand helpless human babies, our big brains and oddly involved dads, look to the evolution of birds not mammals


The North Island brown kiwi (Apteryx mantelli). Photo by GlobalP/Getty

Antone Martinho-Truswell

is an evolutionary biologist and Dean of Graduate House at St Pauls College, University of Sydney. He writes on human culture and society, evolution, and animal behaviour. His latest book is The Parrot i...

15:43

Anthony Wang Introducing the ForgeFed Protocol (Decentralised Development) Techrights

Video download link

Summary: The above LibrePlanet talk by Anthony Wang was uploaded by the FSF 8 days ago (slides here; PeerTube link); From the official page: Free software needs free tools! Were making software development collaboration and hosting websites (a.k.a forges) talk to each other using shared protocols, hopefully allowing the free software community to create a decentralized network of self-hosted forge websites powered by fully free software, and whose UX design is geared towards filling human needs rather than company profits. Well explore this vision, talk about (and see) our latest development progress, examine the challenges, and present our roadmap for realizing this dream.

Licence: CC BY SA 4.0

15:28

AI-Generated Pizza Commercial cryptogon.com

AI generated video is mostly nightmare fuel at this point. But this I laughed so hard, I nearly injured myself. Via: toms HARDWARE: In the last few months, weve seen how large language models such as ChatGPT can generate text copy, how image generators like Stable Diffusion can create pictures on demand and even how []

15:24

Microsoft outperforms Google in Q1 as AI set to take center-stage Lifeboat News: The Blog

Its partnership with OpenAI gives Microsoft a head start.

After years of playing second fiddle to Google in the search engine market, Microsoft is set to become a technology leader again as businesses and individuals worldwide look to incorporate artificial intelligence (AI) into everything they do. In the Q1 2023 earnings reported recently, the 48-year-old company has outperformed its younger rival, Alphabet.

For years, Microsoft was mainly a market leader in operating systems. Still, the changing nature of computing technologies meant it has ventured into other areas, such as cloud computing and gaming, through its Xbox platform.

Read more

15:24

Chinas NetEase launches ChatGPT rival that builds apps with text prompts Lifeboat News: The Blog

CodeWaves platform generates the code necessary to develop the app from descriptions of the users intended app functionality.

One of Chinas largest video gaming companies, NetEase, has introduced CodeWave, a low-code application development platform powered by its large language model (LLM).

This makes NetEase, the newest major Chinese tech company, to provide such artificial intelligence (AI) service, allowing users to build apps with text prompts, according to a new report by South China Morning Post (SCMP) on Wednesday.

Read more

15:23

Mark Zuckerberg says Meta wants to introduce AI agents to billions of people Lifeboat News: The Blog

I expect that these tools will be valuable for everyone from regular people to creators to businesses.

Meta sees an opportunity to introduce AI agents to billions of people in ways that will be useful and meaningful, CEO Mark Zuckerberg told investors today.

While he was vague about how exactly Meta will add generative AI to its apps, Zuckerberg gave the most detailed preview yet during the companys earnings call for the first quarter of this year, when it reported $28.6 billion in revenue and a record 2 billion daily users of the Facebook app, beating Wall Streets estimates. Metas profit for the quarter was $5.7 billion, a 24 percent decrease from the same time last year.

Get ready for ChatGPT competition in Instagram, Facebook, and WhatsApp.

Read more

15:06

Forbes 30 Under 30 Mega Fraudsters cryptogon.com

Via: New York Post: Disgraced Frank founder Charlie Javice has joined the likes of Elizabeth Holmes and Sam Bankman-Fried on a growing list of founders to be lavished with honors by the financial news outlet Forbes only to later face criminal fraud charges. Forbes has faced relentless mockery on social media with users []

15:00

Leonardo da Vincis Visualization of Gravity as a Form of Acceleration Hackaday

Although we take a lot of scientific knowledge for granted today, each of the basics whether it be about light, gravity, mass or the shape of the Earth had to be theorized and experimentally verified. In the case of gravity, as far back as around 500 BCE the Ionian Greek philosopher Heraclitus theorized on the balance created by what we came to call gravity. Later, the Greek philosopher Aristotle coined his own postulations and Greek physicist Archimedes did research that led him to discover the center of mass. Centuries later, the Roman engineer and architect Vitruvius argued for the concept of specific gravity rather than mass alone.

...

14:39

Yet Again, the Copyright Industry Demands to be Shielded From Technological Progress SoylentNews

upstart writes:

Yet again, the copyright industry demands to be shielded from technological progress and the future:

Back in October last year, Walled Culture was one of the first blogs to point out the huge impact that generative AI would have not only on copyright but also on creativity itself. Since then, the world seems to have split into two camps. One believes that generative AI will revolutionise everything, and create some kind of golden age; and the other that thinks the whole thing is a complete sham and/or will destroy civilisation.

The new AI systems certainly have massive problems, not least in the sphere of privacy, as I have written about elsewhere. But the response by the copyright world to generative AI is increasingly extreme, rather as a Walled Culture post back in February warned it might be. The latest manifestation of that tendency is a "Call for Safeguards Around Generative AI in the European AI Act" from "over 40 associations and trade unions that joined the Authors' Rights Initiative". It is a typical anti-technology, anti-progress set of demands from the copyright industry. Its signatories "demand" regulation of generative AI, and they demand it "NOW" (sic).

The document throws in just about every recent criticism of generative AI, some of them undoubtedly quite justified. But those criticisms are largely beside the point, because the letter is really about one thing: copyright, and shielding it from the latest technological advances. [...]

[...] the new document has an entire section devoted to what it calls "The EU's misguided text-and-data mining exemption". Part of it tries to address the argument (made by this blog too) that "use of copyright protected material to train generative AI should be permissible because such training would be equivalent to the (lawful) use of works to get 'inspired'":

Read more of this story at SoylentNews.

14:30

The true numbers behind deepfake fraud Help Net Security

The use of artificial intelligence can result in the production of deepfakes that are becoming more realistic and challenging to differentiate from authentic content, according to Regula. Companies view fabricated biometric artifacts such as deepfake videos or voices as genuine menaces, with about 80% expressing concern. In the United States, this apprehension appears to be the highest, with approximately 91% of organizations believing it to be an escalating danger. AI-generated deepfakes The increasing accessibility of More

The post The true numbers behind deepfake fraud appeared first on Help Net Security.

14:00

Generative AI and security: Balancing performance and risk Help Net Security

Are we moving too fast with AI? This is a central question both inside and outside the tech industry, given the recent tsunami of attention paid to ChatGPT and other generative AI tools. Nearly all tech companies are moving to incorporate AI into their offerings, and industry luminaries are weighing in. Elon Musk, who is never shy about advancing personal opinions, thrust himself into the conversation by signing an open letter suggesting that all advanced More

The post Generative AI and security: Balancing performance and risk appeared first on Help Net Security.

13:30

Why juice jacking is overhyped Help Net Security

Travelers should avoid public USB charging stations at airports, hotels, and other venues, as they may harbor malicious software. Designed for both data and power transmission, USB connections lack a solid barrier between the two. Over the years, as smartphones gained popularity, malicious individuals exploited USB connections to discreetly transfer hidden data payloads, which users might assume were simply transmitting electrical power. This process is known as juice jacking. In this Help Net Security video, More

The post Why juice jacking is overhyped appeared first on Help Net Security.

12:00

Tactile Feedback in VR, No Cumbersome Gloves Or Motors Required Hackaday

This clever research from the University of Chicagos Human Computer Integration Lab demonstrates a fascinating way to let users feel objects in VR, without anything getting in the way of using ones hands and fingers normally. Certainly, the picture here shows hands with a device attached to them, but look closely and youll see that its on the back of the hand only.

...

11:52

IBM Starts Renting Cloudy Bare Metal Linux Almost-Mainframes SoylentNews

upstart writes:

LinuxONE servers come to the Big Blue cloud:

IBM has taken a longer-than-usual stride towards making its proprietary hardware platforms cloudier, by offering bare metal LinuxONE boxes in the big blue cloud.

The LinuxONE servers use the same Telum processor IBM packs into its z16 mainframe but are designed solely to run Linux Big Blue's own z/OS is not allowed.

But IBM promotes LinuxONE as offering just about the same level of hardware resilience as mainframes. The former typewriter champion also asserts that the LinuxOne architecture teamed with Telum trounces x86 for compute density and energy consumption.

And of course Linux is far less exotic that z/OS, making it a platform more independent software vendors will happily target. IBM reckons greenfield sites might fancy LinuxONE too, as it can run Kubernetes and is therefore suggested as a fine platform for cloud-native development.

The Register submits it would be a brave buyer that ignores decades of historical case studies about the perils of lock-in to proprietary platforms and makes LinuxONE the bedrock of a new IT stack. But stranger things have happened.

[...] Analyst firm IDC rates the non-x86 server market as likely to generate $13.1 billion of revenue during 2023, compared to $109.5 billion for kit running CPUs from Intel or AMD. LinuxONE is therefore not a big player and has competition from the aforementioned cloudy Arm machines and IBM's other platforms.

Original Submission

Read more of this story at SoylentNews.

11:33

This Weeks Hype Not Even Wrong

According to this article, string theory is going to be tested using quantum computers, by doing a lattice QCD calculation:

The way string theory is tested involves lattice quantum chromodynamics: a calculation problem far beyond what digital computers can achieve. Quantum computers, he writes, may be the final step in finding the Theory of Everything.

Im not a computer person. Im a theoretical physicist, he says. But I got into quantum computers because I realised this may be the only way to quantitatively prove that string theory is correct. String theory exists in the multiverse. That is, we exist perhaps in parallel states which are bizarre, with new laws of physics, but we coexist with them. The way to prove it is with a quantum computer.

I suppose you need to buy the book to find out more.

11:15

Dragora 3.0 Beta 2 OS Released: 10+ Years In Development, FSF Backed & Using SysV Init Phoronix

Dragora remains one of the few Linux distributions endorsed by the Free Software Foundation and is a from-scratch distribution focused on providing only free software... The last stable release of the Linux distribution was Dragora 2.2 back in 2012 while out today is Dragora 3.0 Beta 2, which itself is coming three and a half years since the prior beta...

10:35

[$] LWN.net Weekly Edition for April 27, 2023 LWN.net

The LWN.net Weekly Edition for April 27, 2023 is available.

10:00

HPR3844: 2022-2023 New Years Show Episode 6 Hacker Public Radio

Episode #6 Waygu Beef https://wagyu.org/breed-info/what-is-wagyu/ Tom Selleck https://en.wikipedia.org/wiki/Tom_Selleck Mister Baseball (with Tom Selleck) https://www.imdb.com/title/tt0104926/ https://en.wikipedia.org/wiki/Mr._Baseball FOSDEM https://fosdem.org/2023/ Budweiser https://us.budweiser.com/ "Natty" Light https://www.naturallight.com/ Twisted Tea https://www.twistedtea.com/ Pisswasser https://www.urbandictionary.com/define.php?term=Pi%C3%9Fwasser Bud Light https://www.budlight.com/ Jim Koch (Sam Adams Beer) https://www.forbes.com/profile/jim-koch/?sh=6854744623d9 Arch Linux https://archlinux.org/ Samson Q2U Microphone http://www.samsontech.com/samson/products/microphones/usb-microphones/q2u/ ATR-2100 Microphone https://www.audio-technica.com/en-us/atr2100-usb Devrandom Podcast http://devrandomshow.org/ Flavordex (Fdroid App) https://f-droid.org/en/packages/com.ultramegasoft.flavordex2/ Castopod https://nlnet.nl/project/Castopod/ Lightning Network https://lightning.network/ Bitcoin https://bitcoin.org/en/ Patreon https://www.patreon.com/ Substack https://substack.com/ Dynamic Ad Insertion for Podcasts https://www.tritondigital.com/news-item/November-30-2020/podcast-dynamic-ad-insertion-101-what-radio-broadcasters-need-to-know ADJUST https://www.adjust.com/product/ CNC Machine https://craftbuds.com/what-is-a-cnc-machine/ Applovin https://www.applovin.com/ Maintainable Podcast https://www.maintainable.fm/ Ruby On Rails https://rubyonrails.org/ Thinking Elixir (podcast) https://podcast.thinkingelixir.com/

A Few More to Close It Will Never Work in Theory

It will probably be three or four weeks before we can post all of the videos from our third set of lightning talks, and we all need to catch up with our day jobs in the interim, so here are a few more papers that we hope you'll find interesting to tide you overwe'll resume posting as the videos come in.

Anastasiia Birillo, Elizaveta Artser, Yaroslav Golubev, Maria Tigina, Hieke Keuning, Nikolay Vyahhi, and Timofey Bryksin. Detecting code quality issues in pre-written templates of programming tasks in online courses. 2023, arXiv:2304.12376.

In this work, we developed an algorithm for detecting code quality issues in the templates of online programming tasks, validated it, and conducted an empirical study on the dataset of student solutions. The algorithm consists of analyzing recurring unfixed issues in solutions of different students, matching them with the code of the template, and then filtering the results. Our manual validation on a subset of tasks demonstrated a precision of 80.8% and a recall of 73.3%. We used the algorithm on 415 Java tasks from the JetBrains Academy platform and discovered that as much as 14.7% of tasks have at least one issue in their template, thus making it harder for students to learn good code quality practices. We describe our results in detail, provide several motivating examples and specific cases, and share the feedback of the developers of the platform, who fixed 51 issues based on the output of our approach.

Louis F. DeKoven, Audrey Randall, Ariana Mirian, Gautam Akiwate, Ansel Blume, Lawrence K. Saul, Aaron Schulman, Geoffrey M. Voelker, and Stefan Savage. Measuring security practices and how they impact security. In Proceedings of the Internet Measurement Conference. ACM, Oct 2019, doi:10.1145/3355369.3355571.

Security is a discipline that places significant expectations on lay users. Thus, there are a wide array of technologies and behaviors that we exhort end users to adopt and thereby reduce their security risk. However, the adoption of these best practices ranging from the use of antivirus products to actively keeping software updated is not well understood, nor is their practical impact on security risk well-established. This paper explores both of these issues via a large-scale empirical measurement study covering approximately 15,000 computers over six months. We use passive monitoring to infer and characterize the prevalence of various security practices in situ as well as a range of other potentially security-relevant behaviors. We then explore the extent to which differences in key security behaviors impact real-world outcomes (i.e., that a device shows clear evidence of having been compromised).

...

09:08

Biofriendly Transient Devices Emerge SoylentNews

upstart writes:

Biodegradable and disappearing bandages and sensors advance sustainable monitoring and healing:

Researchers at Northwestern University, Evanston, Ill., and the University of Sussex, Brighton, England, have created prototypes of new environmentally sustainable devices that can monitor blood pressure and heartbeat, or heal persistent afflictions such as diabetic ulcers.

The devices are also far more advanced than proof-of-concept stage; the Northwestern device, a transient bandage that uses electrotherapy to both monitor and heal diabetic wounds, is resorbed into the body. It may be ready for human trials within a year to 18 months, according to Guillermo Ameer, director of Northwestern's Center for Advanced Regenerative Engineering. The bandage consists of two small molybdenum electrodes connected to a battery-free power-harvesting unit and a near-field communications module that communicates with control software in a smartphone or tablet.

In a study conducted on diabetic mice published in Science Advances, Ameer and his collaborators, including resorbable electronics pioneer John Rogers, found the device led to 30 percent faster healing than a control group using ordinary bandages.

The device works by transmitting a small current from the outer ringlike electrode, which sits around the wound site, to the inner flower-shaped electrode, which is about 120 micrometers across and sits atop the wound. (The mouse study used about 1 volt of current [sic], and Ameer said that may change in upcoming studies on larger animals.) The current stimulates healthy skin regeneration, the progress of which is measured by current differential between the electrodes. As the wound heals and dries, the current differential [sic] decreases.

Perhaps the most compelling element of the device is the inner electrode. As the wound heals, the regenerated skin grows over the electrode and completely absorbs it. The outer ring electrode and the accompanying power and communications unit are detachable from the inner electrode. Results of the mouse study showed molybdenum concentrations in the body returned to those similar to the control group's within 22 weeks.

Read more of this story at SoylentNews.

09:02

Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales Graham Cluley

A boss is bitten in the bottom after being struck by one of the worst crimes in Finnish history, Stravas privacy isnt so private, and a private investigator uncovers some TikTok tall tales. All this and much much more is discussed in the latest edition of the Smashing Security podcast by computer security veterans Graham Continue reading "Smashing Security podcast #319: The CEO who also ran IT, Strava strife, and TikTok tall tales"

09:00

VCF East 2023: Adrian Black on Keeping Retro Alive Hackaday

While roaming the halls of Vintage Computer Festival East 2023, we ran into [Adrian Black], who was eager to talk about the importance of classic computing in his own life and how his experience hosting the YouTube channel Adrians Digital Basement has impacted him these last few years.

On his channel, [Adrian] spends most of his time repairing vintage systems or exploring little-known aspects of hardware from the early days of desktop computing. His exploits have brought him to the pages of Hackaday in the past, most recently just last month, when we covered his work to add an RGB interface to a mid-1990s Sony Trinitron CRT display. But in talking to him, you quickly realize hed be working on the very same projects whether the camera was rolling or not. Hes not out to game the YouTube algorithm; hes just having a good time in the basement poking around with the sort of old gear that at one time would have been completely out of reach.

...

08:11

Kontsevich on the Hodge and Tate conjectures Not Even Wrong

Yesterday afternoon there was an event at CUNY featuring a panel discussion on Chern-Simons terms. Nothing new there, although it was interesting to hear first-hand from Witten the story of how he came up with the Chern-Simons-Witten theory. One piece of news I heard from Nikita Nekrasov was that he was missing a talk that day at the Simons Center in Stony Brook by Maxim Kontsevich, who would be arguing that the Hodge and Tate conjectures were not true. The video of that talk has now appeared, see here.

Im way behind in preparing for my class for tomorrow, so havent had time to watch the full video and ask experts about it. Will try and learn more tomorrow after my class, but it does seem that if Kontsevich is right that would be a dramatic development. If you are able to evaluate Kontsevichs arguments, any comments welcome. Tomorrow Ill also try and at least find some good references to suggest for anyone who wants to learn the background of what these conjectures say.

this idea described here.

08:08

[$] A user's guide for the people API LWN.net

Longtime Pythonista Ned Batchelder gave the first of four keynotes at PyCon's 20th-anniversary edition, PyCon 2023, which was held April 19-27 in Salt Lake City, Utah. In fact, it is still being held at the time of this writing; the sprints continue for four days after the three days of main-conference talks. Batchelder presented his thoughts on communication, how it can often go awry for technical people, and how to make it work better.

07:50

China-linked Alloy Taurus APT uses a Linux variant of PingPull malware Security Affairs

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033.

Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the researchers also identified a previously undocumented backdoor used by the threat actor and tracked as Sword2033.

The Chinese APT is known to be focused on telecommunications companies operating across Asia, Europe and Africa. In recent years, the researchers observed the group expanding its operations to include financial institutions and government entities.

PingPull, was first spotted by Unit 42 in June 2022, the researchers defined the RAT as a difficult-to-detect backdoor that leverages the Internet Control Message Protocol (ICMP) for C2 communications. Experts also found PingPull variants that use HTTPS and TCP for C2 communications instead of ICMP.

Alloy Taurus APT PingPull backdoor

On March 7, 2023, the researchers found a Linux variant of the PingPull that was uploaded to VirusTotal, it had a very low detection rate (3 out of 62)

Despite a largely benign verdict, additional analysis has determined that this sample is a Linux variant of PingPull malware. This determination was made based on matching HTTP communication structure, POST parameters, AES key, and C2 commands, which are outlined...

07:43

One Of The Best Place To Wager And Play At 1xbet On Line Casino In India h+ Media

One Of The Best Place To Wager And Play At 1xbet On Line Casino In India

They use al the most recent technologies similar to SSL encryption, thus making your non-public information utterly inaccessible to dangerous third parties. Also, their privateness policy provides plenty of helpful particulars on how your personal information is used and saved. You can discover the privateness coverage in phrases and circumstances.

1xbetis an internet betting firm that has, through the years, gained name and recognition in the entire of India. It is such a giant model right now because of its ability to draw players and hold them satisfied. The 1xbet brand is so good at present as a end result of in every thing it does, it puts the purchasers first. Customer satisfaction is of utmost importance to this huge Indian brand.

It is a welcome bookmaker 4Rabet suggestion for novices. Deposit at least one hundred INR / 300 BDT to receive the ability promo. The bonus is valid for seven days from the date of activation. The most win of the obtained bonus is 20,000 INR / 25,000 BDT after the successful promo wagering. If the positioning for some reason doesnt work, then use the 4rabet mirror or copy. This is an identical useful resource the place the bookmaker provides all the same provides and games.

The 1xBet casino is real, and youre going to get it for sure if you read the trustworthy 1xBet casino review from existing gamblers. People describe their 1xBet experiences, and you must use that information for your successful gambling as nicely. Livepools portal supplies maximum winning chance because of very low competitors. This website helps Full gameplay on the website, no have to obtain the app. Your factors depends on the efficiency of your chosen gamers in real matches, and may take some time to regulate the sport format.

Virtual sports are similar to regular sports activities, besides here, youre in charge of the result somewhat than other people. The video games available within the digital sports activities part of Melbets app are Golden Race, Global Bet Games, and 12 Virtuals. The cell model of the location almost fully duplicates its primary model, which is accessible from desktop computers.

This stadium is in limelight as a result of organization of RR IPL matches as it is the home floor of Rajasthan Royals. IPL tickets Jaipur are in in style demand even earlier than the start of this IPL season. People are already on the lookout for Jaipur IPL match 2023 tickets as all of the matches of the RR IPL group are of high voltage. In this publish, our staff is offering all the major points of IPL ticket reserving Jaipur for the convenience of our guests. Slot features and bonuses are a few of the most important issues to know about if you play slots online.

The gamers in India acknowledge this, which is why they continue to hitch the 1xbet community and assist it develop increasingly yea...

07:40

Digital Advertising Agency In India h+ Media

Digital Advertising Agency In India

Arranged by Pragmatic Play, the Drops and Wins Promotion comprises many tournaments, provides prizes and bonuses with no wagering requirements. Another factor that makes 1xbet casino nice is jackpot games. It permits the members to win an unlimited sum in no time. Remember, the more you guess or play, the upper your probabilities of triumphing a jackpot. To install the 1xbet cellular app to your cell gadget, you have to comply with the 1xbet homepage through your smartphones browser. There you have to discover a part Apps on the backside of the 1xbet homepage and click on the mobile platform supported in your smartphone.

Unfortunately, similar to another on line casino offer, the 1xBet on line casino bonus comes with some strings attached. For example, you will have to wager the bonus amount 35 occasions inside 7 days. Furthermore, earlier than youve met the wagering necessities, you will be unable to put wagers larger than 5. A mixture of single bets is one other sort of wager that permits you to wager on various sports activities events. You will have the flexibility to pick the order by which you want to wager on the occasions, and just the primary wager will need a deposit.

With a give attention to sports betting, the platform additionally provides common and live casino games. CasinoThis is the principle part that comprises all games the bookie has. For instance, as a substitute of betting on whose hand might be higher in Baccarat, you guess on the Bankers hand to be eight. The bookie works with the highest software developers like NetEnt and Microgaming. Having examined 1XBet totally, it is little wonder that the net casino is massively popular in India. With a great number of games being available, all from prime software providers, the casino additionally scores highly in terms of funds, cell betting and bonuses.

BetWinner is amongst the finest options for betting destination. Dream11 presents you Rs.a hundred as the Sign Up bonus that can be utilized by you to later make your group. This on-line betting website was integrated in 2019 under Curaao licensing and regulation. Players who deposit Rs 10,000 can claim a welcome bonus of Rs 20,000. The second welcome package deal choice offers 1,500 together with one hundred fifty complimentary spins. You also can play some tv games thanks to TV guess and Live Lotto.

Main pavilions, packing containers, commentary boxes, entry gates, stands, close by roads, parking lot, and so on. are clearly mentioned on the map. This map is useful for people who want to benefit from the stay cricket match in SMS stadium and it also offers a tough thought of the Sawai Mansingh stadium seating association. Home delivery ticket choice may be checked by entering the pin code in the designated sp...

07:36

Betbhai9 App Login Demo Id 500 Coins Free Betbhai9 h+ Media

Betbhai9 App Login Demo Id 500 Coins Free Betbhai9

Given that players come from everywhere in the world, their staff will not be fully conversant in Indian documentation. The greatest that you should hope for is that the casino doesnt demand any extra verification concerning your documentation. The on line casino collects identification information when you deposit funds into your account. Once you enter a form of fee, the casino will retain your info for subsequent deposit and withdrawal methods. The platform doesnt instantly require documentation on your identification, and most withdrawals merely depend on your account being energetic and useful to deposit funds. However, the on line casino reserves the right to request any type of identification, together with a scanned photograph ID.

The platform cares about its reputation and never cheats its customers. There are totally different unknown bookmakers who fake to be 1xBet. Yes, players from India can bet without fear, play in casinos and take part in lotteries on the companys web site.

However, notice that solely the first guess that you simply place after the offer begins goes to be included. You are going to get a bonus which is equal to the stake you have lost which is up to 10. The quantity shall be credited within the form of promo code within 24 hours of settlement. The 1xBet platform supports a 128-bit model of SSL encryption.

They sponsor a couple of soccer teams in the prime European soccer leagues. [newline]With over 3,000 video games and many alternative betting markets obtainable, 1XBet is a top playing site for Indian gamers. They have a really generous casino welcome supply and a betting bonus supply for new members. So, youre certain to get pleasure from enjoying and betting at this gambling brand. During our 1xBet Casino evaluate, we compared the brand with different well-liked websites like 10CRIC or Parimatch. The other operators have limited banking options for Indian customers.

The on line casino keeps introducing new and regular bonuses to profit you. The slots come in varied themes and also with added gaming components. Poker, one of the punters most favourites and entertaining video games, has also been nicely acknowledged here. You can enjoy the glamour of the land-based casino on-line through the 1xBet live on line casino.

1xbet additionally prolonged its reach to confess gamers from other components of the world, including India. Launched in 2007, 1XBet now has over 400,000 energetic users, which includes each on line casino and sports activities betting clients. 1XBet is a big name on the planet of sports betting, with the bookmaker also having arrangements with Serie A, La Liga and a variety of other eSports events and organizers. Live supplier video games at 1XBet come from the likes of Pragmatic Play, Ezugi, Vivo Gaming, Authentic Gaming and a few different prime software suppliers. Roulette, Blackjack...

07:00

Linux 6.4 Brings Improved MSI Laptop Support, Apple GMUX Support For T2 Macs Phoronix

The x86 platform driver updates for the Linux 6.4 kernel merge window have landed. This includes numerous x86 laptop driver benefits as well as other new features for the platform-drivers-x86 subsystem...

06:43

Microsoft is Collapsing in Brazil Despite of or Because of the Chaffbot (HypeGPT) Techrights

Since Microsoft introduced its hyped-up chatbot (HypeGPT) Bings market share in Brazil fell from about 2.5% to only about 1.5% (watch out, Google! Youre doomed due to chaff and hype!)

Search in Brazil

GNU/Linux has millions of desktop/laptop users in Brazil in spite of the horrible things Microsoft did there (presentation from last month):

GNU/Linux usage in Brazil

Summary: In spite of some perils or growing pains, there are millions of GNU/Linux users in Lulas country and Microsoft faces a crisis

06:32

Flvio Lisboa on Legacy of Free Software in the Brazilian Government Techrights

Video download link

Summary: The above LibrePlanet talk was uploaded by the FSF 8 days ago (slides here; PeerTube link); From the official page: This presentation is about the use and production of free/libre software by organizations of the Brazilian federal government after some years of public policies to promote the use of free software.

Licence: CC BY SA 4.0

06:30

OTB#93: The Colour of Pomegranates Random Thoughts

I watched this and blogged about it a couple years ago.

The Colour of Pomegranates. Sergei Parajanov. 1969.

This blog post is part of the Officially The Best 2022 series.

06:23

The Intel 8086 Processor's Registers: From Chip to Transistors SoylentNews

owl writes:

https://www.righto.com/2020/07/the-intel-8086-processors-registers.html

The photo shows the silicon die of the 8086 processor under a microscope. The metal layer on top of the chip is visible, with the silicon hidden underneath. Around the outside edge, bond wires connect pads on the die to the chip's 40 external pins.

The highlighted region indicates the 8086's fifteen 16-bit registers and six bytes of instruction prefetch queue.1 Registers take up a significant portion of the die, even though they are just 36 bytes in total. Due to space limitations, early microprocessors had a relatively small number of registers; in comparison, a modern processor chip has kilobytes of registers and megabytes of cache storage.2

[...] The 8086 and other chips of that era were built from a type of transistor called NMOS. These chips consisted of a silicon substrate, which was "doped" by diffusion of arsenic or boron to form transistors. Above the silicon, polysilicon wiring created the gates of the transistors and wired components together. Finally, a metal layer on top provided more wiring. (Modern processors, in comparison, use CMOS technology, which combines NMOS and PMOS transistors, and they have many metal layers.)

Original Submission

Read more of this story at SoylentNews.

06:02

06:01

06:01

06:00

Printed Gas Can Accessories Make Refueling a Little Neater Hackaday

No matter what your position is on internal combustion engines, its pretty safe to assume everyone is on the same page regarding wasting fossil fuels: its a bad thing. And nothing is as frustrating as spilling even a drop of the precious stuff before you even get a chance to burn it.

Unfortunately, the design of gas cans, at least here in North America, seems to have been optimized for fuel spillage. Not willing to settle for that, [avishekcode] came up with a 3D-printable replacement nozzle that should make dispensing gas a bit neater. Its designed to fit one of the more popular brands of gasoline jugs available here in the States, and rather than the complicated stock nozzle, which includes a spring-operated interlock that has to be physically forced into a filler neck to open the valve, the replacement is just a slender tube with a built-in air vent. The vent keeps a vacuum from forming in the gas can and makes for a smooth, easy-to-control flow of gas and less spillage. The video below shows it in action.

The obvious issue here is chemical compatibility, since gasoline doesnt work and play well with all plastics. [avishekcode] reports that both PLA and PETG versions of the nozzle have performed well for up to two years before cracking enough to need replacement. And then, of c...

05:55

05:45

The European Commission is Playing With Fire When It Comes to Patent Policy and Why the European Union Will Suffer Techrights

Video download link | md5sum 3064c77ff4e97b5be8190db0941126d5
EU Replacing EPO?
Creative Commons Attribution-No Derivative Works 4.0

Summary: The European Union Intellectual [sic] Property [sic] Office (EUIPO) is intervening in patent policy, despite it having no authority in this domain; Standard Essential Patents (SEPs) and FRAND (misnomer; every letters expansion would be a lie!) policy is being shaped to basically exclude Free software and the same is being done in the area of cyber-security (both in the EU and the US); in other words, the lobbyists try to bypass the market and just legislate software freedom out of existence/potency/shortlisting potential

FOR a number of weeks weve been chatting internally (E-mail, SSH, IRC) about a baffling new development, based on a leak of some proposal thats due today. Some Microsoft lobbyists (e.g. Florian Mller) and Nokia kept mentioning this. So what on Earth is going on and who pulls the strings here?

This is an attack on Free software and open standards, yet the FSF, EFF, OSI and others kept quiet about it (theyve had a month to catch up).The short story is, the EUIPO (EU) seems to be getting involved in patent policy, having already infected the EPO (Antnio Campinos and his friends from EUIPO). Will the corruption of Benot Battistelli be surpassed by Campinos? Is the EU covertly taking over the EPO? Its hard to tell what exactly goes on here because a lot of things dont make sense at all and th...

05:02

Movie & TV Giants Want Australia to Introduce DNS Blocking to Prevent Piracy TorrentFreak

australiaThe Australian governments review of copyright enforcement measures aims to ensure that responses to infringement are appropriate, effective and proportionate.

The Attorney-Generals Department released an issues paper for public consultation late 2022, presenting a golden opportunity for rightsholders to explain why measures they fought so hard for are no longer fit for purpose. Or at least thats how things usually play out.

Leading With The Positives

A wide range of stakeholders filed submissions during the public consultation but since movie and TV show companies feature most prominently in online enforcement actions, their framing of the current piracy situation is of particular interest.

The Australian Film/TV Bodies submission is the work of mostly American companies including Disney, Netflix, Paramount, Sony, Universal, Warner, plus local studio Village Roadshow, cinema groups and distributors. No other rightsholders have more experience of blocking injunctions.

The overarching positive tone in the studio-led submission comes as no surprise. It carefully highlights how good industry advice and wise decisions by the Australian government led to positive reforms, not least the highly effective no-fault site blocking regime introduced in 2015. Coupled with the market making content readily available online for reasonable prices the Australian copyright system supported the market and a potential free-for-all was avoided.

The clear message in the submission is that the studios requested the right measures and since the governments judgement was solid, everything went according to plan. Changes requested as part of the current consultation arent to fix any past shortcomings, the submission suggests, theyre about meeting future challenges using a tried-and-tested approach.

Good News / Good Cop

The companies behind the Australian Film/TV Bodies submission say their use of Australias site-blocking provisions has resulted in the blocking of over 2,000 infringing domains since 2015. Citing government research demonstrating the efficacy of these interventions, successes are clear.

In 2015 lawful online consumption of TV was the lowest of all entertainment categories tracked at 51%, growing to 74% in 2022. Online TV consumption increased from 67% to 78% over the same period. Unlawful consumption of Film, meanwhile, went down from 49% in 2015 to 26% today, and TV went down from 33% to 22%, the companies note.

...

04:58

Pretending to be American Company When All the Staff is in the United Kingdom schestowitz.com

Video download link | md5sum 123a41526a6d53bb9f2378df84318c7c
Envisioning Bankruptcy
Creative Commons Attribution-No Derivative Works 4.0

Summary: The story of last summer at Sirius (it started in late spring) is told now in retrospect, based on about 5 hours of recordings (3 meetings); it didnt work out as the managers had hoped/planned and instead the companys last chief is now doing double-shifts (16 hours in a row!), basically trying to make up for extreme understaffing amidst a clients exodus; the CEO left last month as well, so he seems to have become unemployed after sinking the ship he rode on

MY final year at Sirius Open Source was last year and it was already getting pretty awful. There was lying, deceit, and cover-up. Managers were pretty much predicting doom (without saying it out loud) and they had already silently robbed past staff.

The video above has a period of long silence in it because, for the first time, I forgot to unmute myself after playing back what a manager said last summer (90 minutes after the start of this recording). People can hear right from the horses mouth that things were getting really bad, no matter how much lipstick was put on the pig. The silent bit hopefully didnt cover anything too critical (which wasnt repeated later, but itll serve as a lesson for future videos regardless).

Fantasies of Sirius became more commonplace, and this wasnt limited to just discussing re-infrastructuring and other big words. After taking notes or listening to suggestions from staff they eventually did what they planned all along. In other words, nothing has been implemented since then that wasnt premeditated. Previous suggestions were rejected despite never-ending options put forth by staff.

Its regretful that I lost part of what I said due to the muting lasting too long; this is probably the first time I lost audio since last summer when we recorded abou...

04:53

The Sirius Open Source Fantasy Part IV Crushing the Workforce Means Crushing the Company Techrights

Series parts:

  1. The Sirius Open Source Fantasy Part I In 2022 the Company Was Already Too Deep in Debt
  2. The Sirius Open Source Fantasy Part II Briefings About the Company
  3. The Sirius Open Source Fantasy Part III Staff Input (From Technical Workers) Not Accepted
  4. YOU ARE HERE Crushing the Workforce Means Crushing the Company

Video download link | md5sum 123a41526a6d53bb9f2378df84318c7c
Envisioning Bankruptcy
Creative Commons Attribution-No Derivative Works 4.0

Summary: The story of last summer at Sirius (it started in late spring) is told now in retrospect, based on about 5 hours of recordings (3 meetings); it didnt work out as the managers had hoped/planned and instead the companys last chief is now doing double-shifts (16 hours in a row!), basically trying to make up for extreme understaffing amidst a clients exodus; the CEO left last month as well, so he seems to have become unemployed after sinking the ship he rode on

MY final year at Sirius Open Source was last year and it was already getting pretty awful. There was lying, deceit, and cover-up. Managers were pretty much predicting doom (without saying it out loud) and they had already silently robbed past staff.

People can hear right from the horses mouth that things were getting really bad, no matter how much lipstick was put on the pig.T...

04:32

After Fox Fires Tucker Carlson, Vegas Plays Whos Next FOSS Force

What does Tucker Carlson have in common with open-source software? As far as we know, absolutely nothing. When we asked Christine about this, she said, "There's more to life than software."

The post After Fox Fires Tucker Carlson, Vegas Plays Whos Next appeared first on FOSS Force.

04:00

Recognize Those Who Inspire Others to Uphold Ethical Principles IEEE Spectrum



Do you know someone who has risen above others in demonstrating high standards of ethics and integrity? Or do you belong to an organization that has inspired others to share a vision of extraordinary ethical principles and practices? If so, IEEE wants to honor and celebrate their contributions.

The IEEE Ethics and Member Conduct Committee is now accepting nominations for this years IEEE Award for Distinguished Ethical Practices. The annual award recognizes an IEEE member, or an organization employing IEEE members, for exemplary ethical behavior or persuasive advocacy of ethical practices.

Nominators will be asked to explain:

  • What situation was happening (or not happening) that caused the nominee to believe it was unethical?
  • In what ways did the nominee demonstrate ethical leadership, courage, innovation, or honor to make the situation better?
  • What was the overall impact of the nominees actions?

The deadline for nominations is 31 May. The recipient will be announced in November.

For more information, including eligibility requirements, and to access the nomination form, visit the EMCC-Award web page or write to ethics@ieee.org.

03:58

OTB#93: Eternal Sunshine of the Spotless Mind Random Thoughts

I watched this movie some years ago.

Im a bit surprised at how many recent films there are on the list. That is, in 2012, there was a whole bunch of movies from the 70s, which I assumed reflected the age of the directors. So I was expecting this list to have a whole bunch of 80s directors like, Jim Jarmusch, Aki Kaurismki, Peter Greenaway and that whole generation but instead were basically jumping ahead 20 years and going for late 90s/early noughties directors instead.

Its like the 80s is the lost decade in film history.

Eternal Sunshine of the Spotless Mind. Michel Gondry. 2004.

This blog post is part of the Officially The Best 2022 series.

03:39

Balloon-borne Telescope Returns First Photos in Search for Dark Matter SoylentNews

upstart writes:

Helium is way cheaper than rocket fuel, and the pictures are just as good if you get high enough:

The world's first wide-field, balloon-borne telescope has begun returning images to Earth, with scientists keen to begin months of imagery to help investigate the existence of dark matter.

The Super Pressure Balloon-Borne Imaging Telescope, or SuperBIT, has returned two publicly-shared images so far: The one of the Tarantula Nebula in the header of this article, and a second of a pair of colliding galaxies known as "the Antennae."

SuperBIT's main scientific objective is to measure the properties of dark matter, a term given to the invisible-yet-mathematically-required quarter of the matter in the universe that we're unable to see or detect in any way other than its interactions with gravity.

The telescope, a collaboration between the University of Toronto, Princeton University, Durham University and NASA, lifted off from New Zealand on April 16, and was carried to an altitude of 33.5 kilometers (20.8 miles) by one of NASA's stadium-sized super pressure balloons. At that altitude, SuperBIT is floating above all but the last half-percent of the Earth's atmosphere, giving it a level of visibility that ground-based telescopes can't match.

Because it sits outside of most of the atmosphere, SuperBIT isn't limited by anything but the laws of optics, and is able to take images with resolutions as high as the Hubble Space Telescope. It's also the first balloon-borne telescope to be able to capture wide-field images.

"SuperBIT will test whether dark-matter particles can bounce off each other, by mapping the dark matter around clusters of galaxies that are colliding with neighbouring galaxy clusters," said the University of Toronto.

Read more of this story at SoylentNews.

03:28

A component in Huawei network appliances could be used to take down Germanys telecoms networks Security Affairs

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. 

In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and ZTE. 

German lawmakers were briefed on the probe by the German Interior Ministry, the federal intelligence service, and the German cybersecurity agency in a classified hearing at the Bundestags digital committee in early April.

The security officials told lawmakers that the ministrys investigation has been triggered by an energy management component from Huawei, two lawmakers present at the briefing who spoke under the condition of anonymity told POLITICO.

The German authorities investigated the possibility that the component could be used to disrupt telecoms operations or and to bring down a network.

The announcement of the review in March marked a shift in Germanys approach to Chinese telecoms equipment. reported POLITICO. Berlin has previously been criticized over its stance by U.S. government officials as well as European security authorities, which have warned of the risks associated with Chinese telecoms equipment.

The interior ministry will not comment on the case because it is related to classified information.

Over the last few years, multiple Western governments warned about the risks of cyber espionage conducted by the Chinese government on networks using Huawei and ZTE network appliance.

We have not been informed about a risk related to an energy management component by any authority, Patrick Berger, Huaweis head of media affairs told POLITICO. Cybersecurity and privacy protection are Huaweis highest priority.

The German interior ministry is making a census of components manufactured by Chinese suppliers that are used by national network operators. The activity will be completed in the coming months.

The government could order operators to rip and replace the risky components provided by Chinese suppliers.

In September 2020, the British government announced the ban on the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. In January 2020,

In January, the EUs executive Commission...

03:08

OTB#93: Yi Yi Random Thoughts

I havent seen any movies by Andrew Yang before The Sight & Sound poll has been criticised before for only including American, European, Japanese and Hong Kong movies before, so here they take a wild step into the unknown: Taiwan!

It looks like were solidly in the mainstream of the best of genre, though: Its a slow moving family drama.

...

03:01

02:30

Cybersecurity leaders introduced open-source information sharing to help OT community Help Net Security

A group of OT cybersecurity leaders and critical infrastructure defenders introduced their plans for ETHOS (Emerging THreat Open Sharing), an open-source, vendor-agnostic technology platform for sharing anonymous early warning threat information across industries with peers and governments. Founding ETHOS community members include 1898 & Co., ABS Group, Claroty, Dragos, Forescout, NetRise, Network Perception, Nozomi Networks, Schneider Electric, Tenable, and Waterfall Security Solutions. ETHOS will give critical industries a vendor-neutral option for information sharing to combat More

The post Cybersecurity leaders introduced open-source information sharing to help OT community appeared first on Help Net Security.

02:00

GNOME 44.1 Released With Many Fixes Phoronix

It's been one month already since the debut of GNOME 44 and out today is the first point release...

02:00

Graylog 5.1 optimizes threat detection and response Help Net Security

Graylog announced at the RSA Conference 2023 Graylog 5.1 with new incident investigation and enhancements to its cybersecurity Security and the Graylog Platform will be GA in May 2023. With the new incident investigation capability, Graylog Security customers can easily collect and organize datasets, reports, and other contexts while investigating a potential incident or issue. The innovative workspace tracks the status and progress of any new More

The post Graylog 5.1 optimizes threat detection and response appeared first on Help Net Security.

01:31

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks The Hacker News

The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal. Alloy Taurus is the constellation-themed moniker assigned to a

01:30

Nuke Your Own Uranium Glass Castings in the Microwave Hackaday

Fair warning: if youre going to try to mold uranium glass in a microwave kiln, you might want to not later use the oven for preparing food. Just a thought.

...

01:30

Forcepoint Data Security Everywhere simplifies DLP management Help Net Security

At RSA Conference 2023, Forcepoint extended the depth and breadth of its Data-first SASE (Secure Access Service Edge) offering with the launch of Forcepoint Data Security Everywhere. Forcepoint is simplifying enterprise DLP management across cloud, web and private apps and streamlining compliance wherever hybrid workers store, access and use confidential information. The company is also bringing to market Forcepoint ONE Insights that enables users to quickly visualize and quantify the financial value of security efficacy More

The post Forcepoint Data Security Everywhere simplifies DLP management appeared first on Help Net Security.

01:24

Vast Potential Researchers Create a New Type of Laser Lifeboat News: The Blog

Researchers from EPFL and IBM have created a novel laser that could revolutionize optical ranging technology. This laser is constructed from lithium niobate, a material frequently utilized in optical modulators to regulate the frequency or intensity of light transmitted through a device.

Lithium niobate is highly valued for its ability to manage large amounts of optical power and its high Pockels coefficient. This allows the material to alter its optical properties when an electric field is applied to it.

The researchers achieved their breakthrough by combining lithium niobate with silicon nitride, which allowed them to produce a new type of hybrid integrated tunable laser. To do this, the team manufactured integrated circuits for light (photonic integrated circuits) based on silicon nitride at EPFL, and then bonded them with lithium niobate wafers at IBM.

Read more

01:23

Tesla receives massive fleet order from the UAE Lifeboat News: The Blog

Tesla received a large order for Model 3s from an Emirati taxi company, Arabia Taxi Dubai, helping the company to cut its carbon footprint.

Teslas retail consumer pressure is undeniably large. Still, the automaker has also grown in popularity in the commercial space, especially from customers looking to cut operating costs while reducing their carbon footprints. Predominantly, these orders have been coming from ride-hailing companies and car rental services. Now, a Dubai-based taxi company is also looking to capitalize on the cut-cutting opportunity.

According to the announcement from Arabia Taxi Dubai, it will buy 269 Tesla Model 3s to become part of its taxi fleet in the United Arab Emirates. Currently, Arabia Taxi advertises itself as the largest taxi fleet in Dubai and one of the largest in the country. With this new purchase, it looks to double down on that lead.

Read more

01:23

Unraveling the Genetic Mechanisms Behind Long-Lasting Memories in the Brain Lifeboat News: The Blog

Summary: Researchers shed new light on the molecular and genetic basis of long-term memory formation in the brain. A new study reveals a single stimulation to the synapses of hippocampal neurons triggered numerous cycles where the memory-coding Arc gene produced mRNA molecules that were then translated into synapse-strengthening Arc proteins. From the findings, researchers determined a novel feedback loop that helps explain how short-lived mRNA and proteins create long-term memories in the brain.

Source: albert einstein college of medicine.

Helping your mother make pancakes when you were threeriding your bike without training wheelsyour first romantic kiss: How do we retain vivid memories of long-ago events?

Read more

01:23

Genetic Driver of Anxiety Discovered Lifeboat News: The Blog

Summary: An international team of scientists has identified a gene in the brain responsible for anxiety symptoms and found that modifying the gene can reduce anxiety levels, offering a novel drug target for anxiety disorders. The discovery highlights a new amygdala miR483-5p/Pgap2 pathway that regulates the brains response to stress and provides a potential therapeutic approach for anxiety disorders.

Source: University of Bristol.

A gene in the brain driving anxiety symptoms has been identified by an international team of scientists. Critically, modification of the gene is shown to reduce anxiety levels, offering an exciting novel drug target for anxiety disorders.

Read more

01:23

Scientists Use Electricity to Make Wounds Heal 3x Faster Lifeboat News: The Blog

Scientists have developed a specially engineered biochip that uses electricity to heal wounds up to three times faster than normal.

Its well known that electric fields can guide the movements of skin cells, nudging them towards the site of an injury for instance. In fact, the human body generates an electric field that does this naturally. So researchers from the University of Freiburg in Germany set out to amplify the effect.

While it might not heal severe injuries with the speed of a Marvel superhero, it could radically reduce the time it takes for small tears and lacerations to recover.

Read more

01:22

Researchers Took The First Pics Of DEATH It Is Actually PALE BLUE And Looks Nice Lifeboat News: The Blog

In todays well-researched world, death is one of those unknown barriers. It was pursued by British scientists The color of death is a faint blue.

British scientists got a firsthand look at what its like to die. They took a close look at the worm in the experiment. During this stage of passage, cells will perish. It starts a chain reaction that leads to the creatures extinction and destroys cell connections.

Gloomy radiation is induced by necrosis, which destroys calcium in your system, according to a research published in the journal PLoS Biology. Professor David Gems of University College London oversaw the study.

Read more

01:22

Winning the War on Cancer Lifeboat News: The Blog

Learn How to Prevent and Heal Cancer Using Natural, Holistic and Integrative Methods from World Leading Doctors and Cancer-Conquerors.

Read more

01:16

Windows 11 WSL2 Performance vs. Ubuntu Linux With The AMD Ryzen 7 7800X3D Phoronix

When carrying out the recent Windows 11 vs. Ubuntu 23.04 benchmarks with the AMD Ryzen 7 7800X3D Zen 4 3D V-Cache desktop processor, I also took the opportunity with the Windows 11 install around to check in on the Windows 11 WSL2 performance. Here is a fresh look at Ubuntu with Windows Subsystem for Linux (WSL2 on Windows 11) compared to the bare metal performance of Ubuntu 22.04 LTS on the same hardware as well as the new Ubuntu 23.04.

01:16

Jacinda Ardern Accepts Fellowships at Harvard University cryptogon.com

Via: Reuters: Former New Zealand Prime Minister Jacinda Ardern said on Wednesday that she was taking up three fellowships at Harvard University later in 2023. Harvard University said in a statement she had been appointed to dual fellowships at Harvard Kennedy School and to a concurrent fellowship at the Berkman Klein Center. I am []

01:00

The Flipper Zero: A Hackers Delight IEEE Spectrum



Readers of this Hands On are likely to fall into one of two camps: those wholl view the Flipper Zero with fascination, and those wholl view it with loathing. Among the former are security researchers and hardware developers trying to debug a wireless setup. Among the latter are IT folks charged with defending their realm from physical or network attacks. But whatever camp you fall into, the Flipper is something youll need to know about.

The Flipper is an open-source hacking tool of exceptional polish and functionality. Its official price is US $169, but it sells out as fast as it can be manufactured and so can often only be found at a hefty markupI paid $250 from one reseller.

Hacking software and hardware tends to adopt, either consciously or unconsciously, design aesthetics that wouldnt be out of place in a William Gibson cyberpunk novel. Hardware is utilitarian, with boxy enclosures painted or printed black. Software often relies on opaque commands. They are serious tools for serious people. The Flipper stands this schema on its head. Its line of aesthetic descent is more Tamagotchi than tech dystopia, with a brightly colored white-and-orange case molded to fit your palm. An onscreen animated anthropomorphic dolphin pops up to guide you through setup menus. It looks and feels like a childs toy. It isnt.

Four circuit boards shaped to fit the outline of the Flipper case. An open-source design, the Flipper is composed of a main board with an ARM-based CPU and transceiver chip, a board for NFC and RFID communications, a PCB antenna, and an extra board to handle IR and iButton interfacing.James Provost

The Flipper is powered by a 32-bit Arm processor core with a top sp...

00:59

RFK Jr. Explains How Democratic Party Is Already Rigging 2024 Race cryptogon.com

even if RFK Jr. had widespread supporthe doesntthe Democratic Party would simply screw him over. Robert F. Kennedy Jr. Wants a Law to Punish Global Warming Skeptics Via: Summit News: Alternative Democratic presidential candidate Robert F. Kennedy Jr. has accused the Democratic Party of rigging the primary system to ensure Joe Biden stands a better []

00:42

Fox Fired Tucker Carlson cryptogon.com

Via: Paul Watson: Related: Tucker Carlsons Exit Wipes Out $700 Million In Market Value For Fox

00:38

Wayland's Weston 12 Alpha Brings Multi-GPU Support, PipeWire Backend, Tearing Control Phoronix

Released today was the first alpha release of the upcoming Weston 12.0 release, which continues to serve as the reference compositor for Wayland...

00:30

Eclypsium launches Supply Chain Security Platform with SBOM capability Help Net Security

Eclypsium released Supply Chain Security Platform, enabling an organizations IT security and operations teams to continuously identify and monitor the bill of materials, integrity and vulnerability of components and system code in each device, providing insight into the overall supply chain risk to the organization. One unique capability in the platform is the SBOM (Software Bill of Materials) generated for each component and system code in enterprise devices which provides an industry-standard format for visibility More

The post Eclypsium launches Supply Chain Security Platform with SBOM capability appeared first on Help Net Security.

00:24

AI-powered dance animator applies generative AI to choreography Lifeboat News: The Blog

Stanford University researchers have developed a generative AI model that can choreograph human dance animation to match any piece of music. Its called Editable Dance GEneration (EDGE).

EDGE shows that AI-enabled characters can bring a level of musicality and artistry to animation that was not possible before, says Karen Liu, a professor of computer science who led a team that included two student collaborators, Jonathan Tseng and Rodrigo Castellon, in her lab.

The researchers believe that the tool will help choreographers design sequences and communicate their ideas to live dancers by visualizing 3D dance sequences. Key to the programs advanced capabilities is editability. Liu imagines that EDGE could be used to create computer-animated dance sequences by allowing animators to intuitively edit any parts of dance motion.

Read more

00:14

Photos: RSA Conference 2023, part 2 Help Net Security

RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here. Here are a few photos from the event, featured vendors include: Threatlocker, Deloitte, CIS, Ionix, Forescout, Thales, BlackBerry, AT&T Cybersecurity, KnowBe4, Synopsys, Armis, Uptycs, Fortinet, Mandiant, Google, Mend, Resecurity, Zscaler.

The post Photos: RSA Conference 2023, part 2 appeared first on Help Net Security.

00:00

Uptycs unveils cloud security early warning system Help Net Security

At RSA Conference 2023, Uptycs unveiled the ability to collect and analyze GitHub audit logs and user identity information from Okta and Azure AD to reveal suspicious behavior as the developer moves code in and out of repositories and into production. The result is an early warning system that allows security teams to identify and stop threat actors before they can access data and services in the cloud. Uptycs customers can track and analyze malicious More

The post Uptycs unveils cloud security early warning system appeared first on Help Net Security.

00:00

Parametric Design with Tinkercad Hackaday

Tinkercad is like the hamburger helper of 3D design. You hate to admit you use it, and you know you should put in more effort, but darn it its easy, and it tastes pretty good. While I use a number of CAD programs for serious work, sometimes, when I just want a little widget like a flange for my laser cutters exhaust, it is just easier to do it in a few minutes with Tinkercad. However, I heard someone complaining the other day that it wasnt of any use anymore because they took away custom shape generators. That statement is only partially true. Codeblocks allow you to easily create custom parametric items for use in Tinkercad.

...

00:00

Seven stable kernels LWN.net

The 6.2.13, 6.1.26, 5.15.109, 5.10.179, 5.4.242, 4.19.282, and 4.14.314 stable kernels have all been released; each contains another set of important fixes and updates.

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

Wednesday, 26 April

23:54

GCC 13.1 released LWN.net

Version 13.1 of the GCC compiler suite has been released.

This release integrates a frontend for the Modula-2 language which was previously available separately and lays foundation for a frontend for the Rust language which will be available in a future release.

Other changes include the removal of support for the STABS debugging-information format, addition of a number of C++23 features, a number of static-analyzer improvements, support for a number of recent CPU features, and more. See this page for details.

23:53

Ultrasound Reveals Trees Drought-survival Secrets SoylentNews

upstart writes:

Scientists turned a forest into a lab to figure how some species cope with repeated dry spells:

The tissues of living trees may hold the secrets of why some can recover after drought and others die. But those tissues are challenging to assess in mature forests. After all, 90-year-old trees can't travel to the lab to get an imaging scan. So most studies of the impacts of drought on plants are done in the lab and on younger trees or by gouging cores out of mature trees.

[...] In the Kranzberg Forest outside Munich, the team outfitted stands of mature spruce and beech trees with rugged, waterproof ultrasound sensors. Some of the stands had been covered by roofs to block the summer rain, creating artificial drought conditions.

Five years of monitoring revealed that beeches (Fagus sylvatica) are more drought-resilient than spruces (Picea abies), the team reported in the December Plant Biology. Delving into the underlying mechanisms explained this difference.

Drought-stressed trees produced more ultrasound signals than trees exposed to summer rains. Those faint acoustic waves were bouncing off air bubbles called embolisms deep within the trees' vasculature. Surface tension keeps water moving through a tree's thousands of tiny vessels evaporation from pores in leaves drives water up the trunk (SN: 9/6/22). But if there's insufficient water in the soil, this upward pull can generate embolisms that clog vessels. In the experiments, spruces pinged much more than beeches, suggesting they had far more embolisms.

That's despite the fact that beeches appear to be less conservative with their water management, at least above ground. Trees can prevent embolisms by closing the pores on their leaves, but there's a trade-off. Doing so cuts off the supply of the carbon dioxide that drives photosynthesis, which makes the carbohydrates and sugars that trees need to live and grow. In dry conditions, trees face an impossible choice "between starving and dying of thirst," Beikircher says.

Read more of this story at SoylentNews.

23:51

Common insecure configuration opens Apache Superset servers to compromise Help Net Security

An insecure default configuration issue (CVE-2023-27524) makes most internet-facing Apache Superset servers vulnerable to attackers, Horizon3.ai researchers have discovered. Administrators in charge of Apache Superset instances should check whether they are among that lot, upgrade them to a fixed version, and check whether attackers might have exploited the weakness to breach them. Apache Superset and the widespread exploitable weakness Apache Superset is a data exploration and visualization platform thats usually integrated with a variety of More

The post Common insecure configuration opens Apache Superset servers to compromise appeared first on Help Net Security.

23:51

Security updates for Wednesday LWN.net

Security updates have been issued by Fedora (chromium, lilypond, and lilypond-doc), Oracle (java-1.8.0-openjdk), Red Hat (emacs, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, kernel, kernel-rt, pesign, and virt:rhel, virt-devel:rhel), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), Slackware (git), SUSE (fwupd, git, helm, and runc), and Ubuntu (firefox, golang-1.18, linux-hwe-5.15, and openssl, openssl1.0).

23:40

Distribution Release: Peropesis 2.1 DistroWatch.com: News

Peropesis (personal operating system) is a small-scale, minimalist, command-line-based Linux operating system. The project's latest release, Peropesis 2.1, introduces a number of new software development tools (including automake and autoconf), the Perl interpreted scripting language, and two new compression utilities. "Peropesis 2.1 Linux OS is released. In the....

23:34

Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks Security Affairs

Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution.

Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote code execution.

The issue was discovered by Horizon3 researchers who reported that there are more than 3000 instances of the platform exposed to the Internet. Horizon3 found that at least 2000 servers are running with a dangerous default configuration. 

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. reads the advisory. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

The CVE-2023-27524 flaw impacts versions up to and including 2.0.1.

Vulnerable versions are using the following default value for the SECRET_KEY:

\x02\x01thisismyscretkey\x01\x02\\e\\y\\y\\h

Any attacker can log in to these servers with administrative privileges, access and modify data connected to these servers, harvest credentials, and execute remote code. reported Horizon3.

The web application signs the cookie with a SECRET_KEY, a value that is supposed to be randomly generated and typically stored in a local configuration file. With every web request, the browser sends the signed session cookie back to the application. The application then validates the signature on the cookie to re-authenticate the user prior to processing the request. The security of the web application depends critically on ensuring the SECRET_KEY is actually secret. If the SECRET_KEY is exposed, an attacker with no prior privileges could generate and sign their own cookies and access the application, masquerading as a legitimate user.

Horizon3 researchers reported the issue to the Superset team in Oct. 2021, but when in February 2023 they checked the fix they discovered that in January 2022 the default SECRET_KEY value was changed to CHANGE_ME_TO_A_COMPLEX_RANDOM_SECRET, and a warning...

23:30

Cynet announces platform updates to help organizations protect their systems and infrastructure Help Net Security

Cynet announced its presence at RSA Conference 2023 with new updates to its cybersecurity solution. The company is on track to domain filtering capabilities, enhanced Playbook Summary Reports, improvements to the user interface, endpoint detection and prevention services, platform performance and more. In addition to product updates, Cynet is launching Cynet 360 Mobile capabilities as well as Lighthouse Credential Theft Monitoring, a More

The post Cynet announces platform updates to help organizations protect their systems and infrastructure appeared first on Help Net Security.

23:27

Officially the Best Reloaded Random Thoughts

A couple years back, I watched all the top 100 movies on the 2012 Sight & Sound Directors Poll, and that was a lot of fun. Last year, a decade had passed and Sight & Sound did a new poll. And as usual in these polls, there was a whole lot of new movies in the top 100, so I thought itd be fun to watch them.

Theres about thirty new movies on the list, and virtually all of them are in the bottom 60. Which isnt surprising the bottom half of the list is very unstable, while the top 20 doesnt really see that many changes. In addition to the new movies, Im also going to re-watch a handful of films on the old list (where Ive gotten new, restored editions of the films).

Oh, and Im skipping some of the new movies that Ive already seen (and blogged about).

Confused? No?

So here we go!

23:23

The Hybrid Innovation Model: Merging Corporate Strength And Startup Agility Lifeboat News: The Blog

Ensuring proper funding level and visibility was another challenge. To provide the necessary resources, we included executive sponsors on the boards of satellite organizations, which offered better visibility and support for innovation projects. Finally, we faced the challenge of process alignment to maintain agility while ensuring safety. As a result, we defined the minimum required processes to guarantee safety as a top priority during developments, allowing satellite organizations to remain agile without compromising safety standards.

By addressing these and other challenges, we were able to determine the appropriate balance between autonomy and oversight for our organization. Our successful model involves a mix of internal and external talent, strong alignment between corporate and satellite strategies, and ongoing investment in innovative projects. We measure success using specific metrics such as project completion rates, knowledge and employee transfer efficiency, and the value of innovations returned to the parent corporation.

The hybrid innovation model represents a groundbreaking approach for corporations looking to harness the benefits of both the corporate and startup worlds. Corporations can foster an agile and dynamic environment that attracts top talent and facilitates rapid development and testing of new ideas. Although there are challenges to implementing this model, the potential benefits make it an attractive option for corporations seeking to drive innovation and growth in todays fast-paced business environment.

Read more

23:22

23:16

Charming Kitten's New BellaCiao Malware Discovered in Multi-Country Attacks The Hacker News

The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools. Discovered by Bitdefender Labs, BellaCiao is a "personalized dropper" that's capable of delivering other malware payloads onto a victim machine based on

23:00

100+ More ASUS Motherboards Enabled For Sensor Monitoring With Linux 6.4 Phoronix

The hardware monitoring "HWMON" subsystem updates have been pulled into the in-development Linux 6.4 kernel with ASUS Intel/AMD desktop motherboards being the big winners with these driver updates...

23:00

Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling Help Net Security

Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives. Traceables Zero Trust API Access actively reduces attack surface by minimizing or eliminating implied and persistent trust for APIs. You cannot have true zero trust without API security, said Sanjay Nagaraj, CTO of Traceable. Traceables Zero Trust API Access provides a guiding principle for API security architectures More

The post Traceable AI Zero Trust API Access detects and classifies the data that APIs are handling appeared first on Help Net Security.

23:00

Linux Kernel Drama: AMD's Spectral Chicken Phoronix

There's a bit of Linux kernel code for AMD Zen 2 processors called the "spectral chicken" and a call for cleaning up that code, which was originally written by an Intel Linux engineer, has been rejected...

22:33

Chinese Hackers Using MgBot Malware to Target International NGOs in Mainland China The Hacker News

The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ. The attack chains are designed to distribute a Windows installer for MgBot malware, ESET security researcher Facundo Muoz said in a new

22:30

Code42 adds real-time blocking capabilities to the Incydr IRM solution Help Net Security

At RSA Conference 2023, Code42 announced that it has added real-time blocking capabilities to the Incydr IRM solution. The enhancement allows security teams to prevent unacceptable data exfiltration without the management burden, inaccuracy, and endpoint impact of content-based policies. Insider Risk is emerging as the most difficult threat to detect in todays environments. Despite 72% of organizations having a program dedicated to Insider Risk, over four in five CISOs admit data loss from insiders is More

The post Code42 adds real-time blocking capabilities to the Incydr IRM solution appeared first on Help Net Security.

22:30

Intel Sierra Forest EDAC Lands In Linux 6.4, AMD's EDAC Driver Aims For GPUs Phoronix

The Error Detection And Correction (EDAC) device driver updates have been submitted for the Linux 6.4 merge window...

21:46

Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks The Hacker News

The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks.  In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals and

21:02

Bad Medical News Causes Patients to Choose Brand Name Drugs Over Generics, Costing Billions SoylentNews

hubie writes:

Researchers from Johns Hopkins University published a new Journal of Marketing article that examines how receiving negative medical results might affect how people choose between generic and brand name drugs:

At the height of the COVID-19 pandemic, Manuel Hermosilla received a call from a family friend in Chile who had been recently diagnosed with cancer. The friend needed help tracking down Hydroxychloroquine to treat her rheumatoid arthritisa drug in short supply given its supposed therapeutic powers to combat COVID-19.

Hermosilla found two alternatives for Hydroxychloroquine: a hefty $330. The family friend didn't want the generic version, Hermosilla says. "Given her cancer diagnosis, she felt the generic wasn't 'safe' enoughwhich got me to thinking: could medical-related insecurities impact patients' brand/generic choices?"

Getting bad medical news can be alarming. It might influence us to embark on a healthier lifestyle, perhaps by exercising more or eating healthier food. Given that brand name drugs are perceived to be more effective and perhaps even safer than generics (despite many experts viewing generics as molecular replicas of brand name drugs), bad news might also affect how we choose between drugs.

This new research points to estimates suggesting substantial savings for the U.S. healthcare system about 10% of drug expenditures, or $36 billion a yearif patients always chose a generic option when available. The researchers suggest that a broader use of generics could significantly lower expenditures without sacrificing the quality of patient care.

Journal Reference:
Hermosilla, M., & Ching, A. T. (2023). EXPRESS: Does Bad Medical News Reduce Preferences for Generic Drugs? Journal of Marketing, 2023. https://doi.org/10.1177/00222429231158360

Original Submission

Read more of this story at SoylentNews.

21:00

21:00

The Goalie Mask, Reenvisioned Hackaday

The goalie mask, at least the retro-styled fiberglass types from the 60s and 70s, hasnt been used in hockey for about 50 years   its instead made many more appearances in horror movies than on ice rinks. Since then, though, theres been very little innovation surrounding the goalie mask even though theres much more modern technology that could theoretically give them even greater visibility. [Surjan Singh] is hoping to use his engineering and hockey backgrounds to finally drive some improvements.

The uncage is based on Dyneema thread, a polyethylene fiber known for its strength and durability. Its often used in applications that demand high strength with minimal weight, such as for sails or backpacking equipment. Using strands of Dyneema woven through a metal support structure is what gives this mask its high strength while also improving the visibility through it dramatically. [Surjan] has been prototyping this design extensively, as there were some issues with the fibers chafing on attachment points on the metal frame, but most of these issues have been ironed out or are being worked on currently.

In the meantime, [Surjan] has been looking for a professional-level goalie to help refine his design further and d...

21:00

We've added 10 new text tools catonmat.net

Team Browserling keeps shipping!

Four weeks ago we added 50 new text tool.

Three weeks ago we added 20 more tools.

Two weeks ago we added 15 more text tools.

Last week we added another 15 text tools.

And today we just added another 10 tools to our Online Text Tools collection.

Here are the new text tools.

Next week we'll add even more tools. See you then!

20:29

Kevin Shockeys Presentation on Puerto Rico and FSF Techrights

A Presentation From a Puerto Rican Perspective:

Puerto Rico and FSF

Seems like Puerto Rico quickly adopted GNU/Linux this past year

Desktop Operating System Market Share Puerto Rico: Jan 2022 - Mar 2023

Summary: The above LibrePlanet slide from Kevin Shockey was the last of a deck of slides; the presentation seems to have covered patents, preservation, and many other aspects; sadly the talk cannot be found, at least not yet, in PeerTube or in MediaGoblin and it seems to be covering important points from the perspective of colonies or natural disaster-prone places

Licence: GFDL 1.3

20:23

GCC 13.1 Released With Modula-2 Language Support, More C23/C++23 Features Phoronix

as this annual feature release to the GNU Compiler Collection...

20:05

xf86-video-ati 22.0 Released For Older ATI/AMD GPUs Phoronix

The xf86-video-ati 22.0 driver has been released as a rare update to this X.Org DDX driver used by older pre-GCN ATI/AMD Radeon graphics cards...

19:56

Warpinator: Remote file deletion vulnerability (CVE-2023-29380) Open Source Security

Posted by Matthias Gerstner on Apr 26

Hi list,

this report is about a remote file deletion vulnerability in Warpinator
[1].

Introduction
============

I already reviewed and found issues in Warpinator a while ago [2]. The
openSUSE packager for Warpinator asked me for a follow-up review after
updating to upstream release 1.4.3 which contained the fixes for
CVE-2022-42725.

In the course of the review I found another vulnerability which is
described in detail in the next section....

19:29

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks The Hacker News

The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and access

19:20

Tenancy Software Course Of Ask Metro Nz Property Managers h+ Media

Tenancy Software Course Of Ask Metro Nz Property Managers

Auto fee type signed and at last, tenant get the important thing. After this, the operator is going to double your first deposit up to maximum of a hundred and ten $ or perhaps approximate equivalent . If you are confident on a variety and elect to anchor it in your Boxed Multi then all your Any bets will comprise this choice. Youll be unable to add a related consequence to your Multi wager, however youre still capable of take these bets individually.

1xBet web site incorporates thorough laws and directions, as properly as dependable data and safe and easy cost choices. Moreover, the betting community is also accessible in a quantity of areas and languages. 1xBet additionally try hard to ensure that newbies get a good number of treats.

The bet must either be in LOCATED mode, or the sport have to take place within the next forty eight lots of time. It is obvious on the website when the supply is unquestionably activated. If there are nearly any issues with the code account activation, the players can contact that help. 1xbet is on the market with all of the various sorts of casinos. If you may be cautious of downloading software, which you can do effortlessly, all video games right here are available for fast play.

  • From commuter ebikes, to folding e-bikes to electrical mountain bikes, we now have a motorbike to fit your finances and use.
  • Furthermore, gamers additionally get entry to a 24/7 gaming platform and timely payment choices.
  • It takes just a few simple steps to finish the registration process.
  • 1xBet is amongst the best sportsbooks that provide in-play betting.
  • Make a primary deposit on the platform by way of the a number of enter strategies provided by the operator.
  • At the time of writing, they offer over 100 cost choices.

The LoveCoupons.co.nz group save our guests 1000s of dollars every month, lots of which by no means knew 1xBet discount codes had been out there till visiting our website. Now that you know how easy its to save at 1xBet with our promo and coupon codes, bookmark LoveCoupons.co.nz and always check us out earlier than you checkout. The huge choice of bets provided on their web site offers every buyer the chance to test their boldest predictions. There is a downloadable mobile app that can work on different gadgets similar to, iPads, iPhones, Windows telephones, android phones, and all brands of tablets. Live Chat service is out there across the clock to make sure players get assist when they need it. This means New Zealand gamers get instant answers to pressing issues and rising queries.

Customer support has at all times been on the forefront of their enterprise. It is the one actual way to make great revenue by catering to what the shoppers need. If you be a part of the new loyalty program, the on line casino offers a token of gratitude in the type...

19:19

Try 1xbet Mobile Casino Evaluate 2023 Claim Your 1500 Today! h+ Media

Try 1xbet Mobile Casino Evaluate 2023 Claim Your 1500 Today!

Re part of the group already, just sign up and choose your favorite market to guess on. There are presently varied versions of the most effective bet application from 1xbet for all present platforms, including Android, iOS, and even older units with JAVA help. To get one of the best betting app for Android, you have to go to the corresponding part of the location following the link in your smartphone?

Alternatively, you can enter the whole quantity you want to spend in the Total Stake area and well automatically calculate the stake per combo for you. Percentage betting is often a extra reasonably priced way to improve your probability of successful massive. A Multi guess lets you mix many Fixed Odds alternatives into one wager, from a minimal of two, as much as a most of 25. 1XBET has sadly turn out to be one of those manufacturers that isnt trustworthy. If you win more than you lose, youve trouble getting paid.

You can gather Loyalty Points by enjoying your favorite video games then redeem them for distinctive gifts. There are additionally several common promotional offerings, like a 2x/Double Up Promotion on Wednesdays and common Roulette tournaments. Find a detailed listing of the obtainable promotions and special supply bonuses on the casinos promos page. The on line casino is considered a powerhouse for being one of many veterans in theonline casino scene. It offers sports activities betting, lottery, and various popular andnew casinogames.

Check out CasinoRank to find extremely recommended MasterCard casinos that emphasize player safety and security. 1xBet has an infinite number of games, promotions, and occasions. They additionally supply straightforward deposit and withdrawal options that users find handy. The various modes of fee along with nice customer service assist additionally make issues smoother for players. 1xBet is a global casino and betting web site that offers quite so much of casino games, sports betting, and live on line casino video games. To get began, you want to first register yourself on the platform.

In this case, you wont be disenchanted as they offer a safe platform to gamble. We have already discussed the welcome bonus offered by the site. This bonus is reserved just for new gamers, whore signing up for the first time. You can declare your welcome bonus quantity solely after registering yourself on the site.

They have a broad vary of game choices, with variousbonusesand jackpots, that thrill all the punters that come to verify out the site. With a special level of wagers, there is something for those with a finances and there are stakes that will thrill the best rollers. This is doubtless considered one of the most entertaining places to examine if lady luck is at anyones facet. It is one of many quickest ways to register an account after the player downloads 1xbet app....

19:18

Search Tag 1xbet App Android Opentop883com$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$vm h+ Media

Search Tag 1xbet App Android Opentop883com$limitadong Regalo!mag Register Para Makakuha Ng P50 Could 50% Cashback Sayong Unang Deposit!$vm

They settle for only up to date and notarised documents wherever applicable. Coming to the 1xBet website, contains a very straightforward construction, which makes it easier to navigate. The site also offers search filters that permit customers to search out video games primarily based on software program providers. On this web site, you will discover video games from all the highest software program builders in the industry.

Curacao is probably considered one of the most accessible jurisdictions for licensing. Not simply that, but additionally they have the shortest processing time. They provide a one-size-fits-all license, regardless of the recreation sort.

The management behind 1xBet Casino understands that it is normal for folks to seek out these things. So the internet site developers ensure there are numerous bonuses, promotions, and offers to keep their shoppers happy. There are quite a few video games on this section supplied by the 1xBet Casino. The slots part is fascinating with completely different themes that gamers can select to deal with their present mood. This on line casino has an in depth assortment of slot video games. They offer basic slots, function slots, progressing slots, bonus slots, and rather more.

These points accumulate on the premise of the deposits that you make at the casino. You can use them later to redeem them within the form of free bets and free rounds of gaming. At instances, the on line casino also randomly rewards you withfree spins. For particular person sports activities like golf, biking, etc, they provide head-to-heads on two well-liked athletes, so friends can enterprise and guess how theyll fare against one another. Different forms of bets like single, accumulators, chain bets, and more are there. There is a match of the day, with one of the best daily provides.

All transaction has uniq id on the etherscan , which anyone even Putin cant alter afterwards. The least you are capable of do is permit me to withdraw my deposit.

  • The gamblers can choose to put a guess utilizing Qiwi or Webmoney companies.
  • 1xBet provides an exclusive welcome bonus offer to new gamers.
  • This could be problematic for lots of property managers and landlords who have yet to satisfy all the requirements of the Healthy Homes Standards.
  • The deposit and withdrawal steps might differ from one on-line on line casino to another.
  • The program will ship an sms right into a bettor s phone number.

Sign as a lot as LoveCoupons.co.nz newsletter for our newest weekly offers for brands like 1xBet and lots of extra. Recently, there was an influx of complaints towards the site because of extraordinarily delayed payouts. Players are additionally unhappy concerning the unskill...

19:17

Chesapeake Bay And Its Management Nzes h+ Media

Chesapeake Bay And Its Management Nzes

Besides the official web site, 1xBet also has its cell app. You can entry the mobile providers of this on line casino either by utilizing the app or through the cellular site. Android users can easily obtain and set up the 1xbet app on their cellular gadgets. 1xBet also offers a user-friendly platform that may be accessed from each pc and mobile gadgets. Not simply that, however in addition they offer a 1xBet official app thats compatible with each iOS and Android platforms.

In-play betting significantly increases the possibilities of winning and generates huge curiosity in sporting contests. There is a 24-hour stay chat function thats available each single day of the week. The players can have interaction these features by pressing a button on the primary touchdown web page. Players can relaxation easy knowing that there is always somebody there who will readily help with key considerations at any time. Unlike different websites, the wagering requirements so as to claim the bonus at 1xBet is comparatively lower.

For instance, when looking at a handicap market, they do not all the time arrange the bets symmetrically, so youll have the ability to see each side of the identical handicap. Really, the record is merely too long to deal with the person strategies. It is much less complicated to just say that they probably provide a way that will be of curiosity for you. 1XBet even offers payments through several cryptocurrencies aside from bitcoin. Just like depositing, the withdrawal procedure is pretty easy.

They have been on this business for method too long and know tips on how to satisfy players. Starting from a large collection of video games to excellent customer assist, gamers can get pleasure from all of it on this platform. 1xBet is amongst the hottest sports activities betting websites in the CIS.

Alternatively, you can enter the entire quantity you wish to spend in the Total Stake subject and well mechanically calculate the stake per combo for you. Percentage betting can be a extra affordable approach to improve your chance of winning huge. A Multi guess lets you combine many Fixed Odds selections into one wager, from a minimum of two, as a lot as a maximum of 25. 1XBET has unfortunately turn into a kind of brands that is not reliable. If you win more than you lose, you have hassle getting paid.

Re a half of the neighborhood already, simply check in and choose your favorite market to wager on. There are currently varied variations of one of the best bet application from 1xbet for all present platforms, together with Android, iOS, and even older devices with JAVA support. To get the most effective betting app for Android, you need to go to the corresponding section of the site following the hyperlink in your smartphone?

Bettors from unregulated international locations arent permitted to entry the sports betting plat...

19:16

Try 1xbet Cell Casino Evaluate 2023 Claim Your 1500 Today! h+ Media

Try 1xbet Cell Casino Evaluate 2023 Claim Your 1500 Today!

Curacao is among the most accessible jurisdictions for licensing. Not simply that, however additionally they have the shortest processing time. They provide a one-size-fits-all license, whatever the sport type.

You might be in for an exceptional experience at this on line casino. You can earn actual money and develop your bank by merely engaging in their fun play to top it all off. To find prime MasterCard on-line casinos, you must consider a number of factors. They embrace status, licensing and regulation, recreation selection, supported fee methods, bonuses and promotions, and buyer assist.

So the developers have brought to this platform a formidable collection of on line casino games together with fascinating bonuses, a loyalty program, and much more. 1xBet Mobile Casino has a wide selection of games in relation to casino gaming. You will discover sports like football, ice hockey, boxing, biking, among others, and traditional on line casino video games to wager on.

It dissolves negativity and prevents negative energies from entering the aura, restoring peace and concord to the physique. Hematite helps you to come to phrases with errors and to merely accept them as learning experiences rather than disasters. It is a molted Lava that cooled so rapidly it had no time to crystallise. Obsidian is a stone without boundaries or limitations. Its truth enhancing, reflective qualities are cruel in exposing flaws, weaknesses, and blockages. Obsidian impels us to develop and lends stable assist whereas we do so.

They additionally use group logos of their featured events area and on the guess slip, which is a nice contact. While the desktop expertise is not our favourite, their mobile experience is a lot better. The withdrawals are processed within 24 hours, so you dont have to attend a lot.

This may be annoying if you go to click on on something that then all of a sudden moves to make room for a new component. Our new payment gateway makes use of the most recent in 3D secure technology to help prevent fraudulent transactions. During checkout, you might be asked to enter a one-time passcode by way of SMS despatched by your financial institution to approve the transaction.

The concept doesn t matter in case you open an account from a great mobile application or out of an office web site. Players can also activate another bonus provides from 1xBet obtainable on the internet web page. 1XBet seems to be as aggressive as potential with their odds for the most popular leagues. For top soccer leagues, you may find margins in the 2% vary for the primary markets.

From a cellular perspective, 1XBet is healthier to make use of than from ones desktop. The hover aspect is in fact not relevant from your cell and with much less screen space, 1XBet has been smarter with organization of the on-screen elements. So when you count on to bet on-t...

19:15

Search Betway Re Www J9079in 1xbet Iphone App Wwwj9079in 37814572 h+ Media

Search Betway Re Www J9079in 1xbet Iphone App Wwwj9079in 37814572

The different well-liked choices embody casino slots, table video games, lottery, E-Sports, and poker. The newest bettors who understand 1xbet app obtain have a chance to get a welcome bonus. Before it, the participant has to undergo most stages of the registration methodology. When the ultimate stage happens and the player places a deposit, he will get a unique promo code. The circumstances of getting a cell bonus change from time to time. The clients might get a set sum of money because the accolade.

Furthermore, players also get entry to a 24/7 gaming platform and well timed fee options. All on line casino titles obtainable on the desktop web site are additionally current within the 1xBet casino mobile versions. The bookmaker stands out from the the rest of the pack in offering numerous sports betting opportunities with excessive odds. There are an enormous variety of high-quality casino games to choose from. The IxBet cell app is an ideal fit for players with smartphones and tablets.

You have to take a look at options corresponding to bonuses, video games, bonus phrases, security, and extra. Fortunately, Ive already carried out the legwork so that you can put together this list with the most effective Bitcoin cellular gambling apps of 2020. If you are looking for a reliable, secure, and exciting playing web site, 1xbets Casino ought to be on the top of your list.

Arlekin is licensed and controlled under the legal guidelines of the Government of Curacao. Although Arlekin might be a new platform, its undoubtedly backed by trustable and skilled software program developers. It is licensed via Curacao and holds a grasp gaming license. They have constructed a superb status that covers all facets of online casino gambling. They have managed to keep up with the calls for of those that demand a flawless on-line on line casino expertise. HellSpin Casino is a model new on-line playing platform launched in 2022.

Each accumulator wager must comprise three or more events. Now comes the part the place you make your first deposit in your account. Once your account will get verified, you are officially a member of the 1xbet web site. This means now you can proceed to make your first deposit.

Over the previous 14 years, it has turn out to be one of the most recognizable bookmakers worldwide. Now, it is an international firm with alternative to put bets using your cellphone and quick withdrawals. The on-line betting apps are extremely popular among African customers and have many common customers.

Besides the official website, 1xBet also has its mobile app. You can entry the mobile providers of this on line casino either by using the app or through the mobile site. Android users can easily download and install the 1xbet app on their mobile gadgets. 1xBet additionally provides a user-friendly platform that may be accessed from both com...

18:49

Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline Security Affairs

Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert.

A Canadian gas pipeline suffered a cyber security incident, Canadas top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion.

Pro-Russia hacktivist groups call to action for targeting organizations in the critical infrastructure sector, said Canadas top cyber official.

The New York Times reported that the cybersecurity incident was revealed in leaked U.S. intelligence documents. One of the leaked top secret files included an alleged intercepted conversation between the hacking group Zarya and an officer at Russias Federal Security Service (FSB), a circumstance that suggests that some groups are operating directly under Russian intelligence.

The F.S.B. officers anticipated a successful operation would cause an explosion at the gas distribution station, and were monitoring Canadian news reports for indications of an explosion, the leaked report said.

The authenticity of the document was not confirmed, however, this is the first time that a pro-Russia-hacking group execute a disruptive attack against Western critical infrastructure.

According to the Pentagons assessment, on Feb. 15, Zarya shared screenshots with the Federal Security Service the main successor agency to the K.G.B., known by its Russian initials, F.S.B. that purportedly showed that the attacker had the capability to increase valve pressure, disable alarms and make emergency shutdowns of an unspecified gas distribution station in Canada. reported the NYT.

Canadas prime minister Justin Trudeau confirmed the cyber attack against the gas pipeline but pointed out that there was no physical damage to any Canadian energy infrastructure.

In regards to the reports of cyberattacks against Canadian energy infrastructure, I can confirm that there was no physical damage to any Canadian energy infrastructure following cyberattacks, Trudeau said.

The Canadian intelligence agency has yet to provide a comment on the cyber security incident,

The cyber attack against the unnamed Canadian gas pipeline took place on February 25, it caused sufficient damage with a severe impact on the companys profits. The leaked document states that the attack was not aimed at causing loss of life but economic d...

18:16

AMD Ryzen 7000 Burning Out: Root Cause Identified, EXPO and SoC Voltages to Blame SoylentNews

upstart writes:

We reported this problem a couple of days ago, here:

Impacts all motherboard makers and all Ryzen 7000 chips:

Multiple reports of Ryzen processors burning out have burst onto the internet over the last few days. The damaged chips have not only bulged out and overheated to the point they have become desoldered, but they have also done significant damage to the motherboards they are installed in. We reached out to our industry contacts and learned some new information about the nature of the problem and the scope of AMD's planned fix. Our information comes from multiple sources that wish to remain anonymous, but the info from our sources aligns on all key technical details. As with all unofficial information, we should take the finer details with a grain of salt until AMD issues an official statement.

First, we're told this condition can occur with both standard Ryzen 7000 models and the new Ryzen 7000X3D chips, though the latter is far more sensitive to the condition, and the root cause could be different between the two types of chips. AMD will issue a fix soon, but the timeline is unknown. We're told that failures have occurred with all motherboard brands, including Biostar, ASUS, MSI, Gigabyte, and ASRock.

According to our sources and seconded by an ASUS statement to Der8auer, the problem stems from SoC voltages being altered to unsafe higher levels. This can be imposed from either the pre-programmed voltages used in EXPO memory overclocking profiles or when a user manually adjusts the SoC voltages (a common practice to eke out a bit more memory overclocking headroom).

Our sources also added further details about the nature of the chip failures in some cases, excessive SoC voltages destroy the chips' thermal sensors and thermal protection mechanisms, completely disabling its only means of detecting and protecting itself from overheating. As a result, the chip continues to operate without knowing its temperature or tripping the thermal protections.

AMD's modern chips often run at their thermal limits to squeeze out every last drop of performance within their safe thermal range it isn't uncommon for them to run at 95C during normal operation so they will automatically continue to draw more power until it dials back to remain within a safe temperature. In this case, the lack of temperature sensors and protection mechanisms allows the chip to receive more power beyond the recommended safe limits. This excessive power draw leads to overheating that eventually causes physical damage to the chip, like the bowing we've seen on the outside of...

18:14

Anti-Piracy Group Recruits Teens to Keep Up with Social Media Piracy Trends TorrentFreak

teensPiracy is by no means exclusive to any particular generation but among the general public, its often associated with younger people.

This notion may very well change over time as the Internet-native generation gets older. That said, younger people tend to be more open to change, also when it comes to piracy habits.

Over the past two decades, new online piracy sites, apps and other consumption methods have emerged. This can pose quite a challenge for anti-piracy outfits, whose main goal is to spot new piracy trends and nip them in the bud.

Social Media Piracy Panel

To help with this ongoing process, Danish anti-piracy group Rights Alliance plans to involve youth directly. This week, a job listing appeared online offering teens an hourly wage of 150 Danish kroner (~US$22) to join a piracy discussion panel.

We want to know more about young peoples ways of being and behaving on social media and online in general. With your help, we will become much wiser about young peoples behavior and will be able to reach new heights in our work.

Rights Alliance is specifically looking for young people between the ages of 15 and 17. These teens will join a panel of eight peers who, together with an employee from the anti-piracy group, will discuss piracy-related Internet and social media developments.

Friends and Family are Safe

Theres no need for prospective candidates to be deeply involved in illegal activities or to expose pirating friends. The main goal is to learn how young people are exposed to pirated media during their online activities, which can help to spot emerging threats.

It is important for us to emphasize that you should not disclose yourself, your friends or others in your social circle. The sole purpose is to help us learn more about current trends, Rights Alliance clarifies.

According to the job listing, each panel meeting will last for roughly two hours with three tentatively scheduled for the coming year. The meetings will take place in Copenhagen and travel expenses will be covered.

While its unusual for anti-piracy organizations to recruit teenagers, it makes a lot of sense. Piracy preferences change rapidly and obtaining direct input from younger people is a relatively effective way to keep an eye on new developments.

Preventing Bad Habits

Speaking with TorrentFreak, Rights All...

18:00

Vectrex Light Pen Works Without a Raster Hackaday

Sometimes the simplest of projects end up revealing the most interesting of things, as for example is the case with [Ryo Mukai]s light pen for the Vectrex console. Its an extremely simple device using an integrated light sensor with built-in Schmitt trigger, but for us the magic isnt in the pen itself but in discovering how it worked with the Vectrexs vector graphics.

Light pens were a popular accessory in the 8-bit computing days, offering a relatively inexpensive pointing device that gave your micro an even more futuristic feel. On most computers that used a raster-scanning TV display they simply picked up the flying dot on the screen as it passed the end of the pen, but the Vectrex with its display not scanning all of the screen at once needed a different approach.

This piqued our interest, and the answer to how it was done came from PlayVectrex. There was a target X on the screen which could be picked up with the pen, and when picked up it would surround itself with a circle. Crossing the dot as it flew round the circle would tell the console where the pen was, and the position would move to fit. For those of us who only saw a Vectrex in a shop window back...

17:14

17:05

VMware Releases Critical Patches for Workstation and Fusion Software The Hacker News

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

17:00

RNA-Based Vaccine Technology: The Trojan Horse Did Not Contain mRNA Terra Forming Terra




Turns out that we cannot use natural mRNA at all.  so whatever is used must be genetically modified and will be alien to our human biology.

The whole scheme is turning into a scientific nightmare orchestrated by folks whose scientific credentials are surely rubbished and should as a matter of course, be rubbished.

All this is unimaginable to someone who has always trespected scince and how it was implimented.  What happened???



RNA-Based Vaccine Technology: The Trojan Horse Did Not Contain mRNA

It Contains modRNA That Genetically Manipulates Healthy Cells


Klaus Steger, Ph.D.
Apr 21 2023

https://www.theepochtimes.com/health/rna-based-vaccine-technology-the-trojan-horse-did-not-contain-mrna_5195804.html?

A few years ago, the term mRNA was primarily confined to scientific circles and research papers. Then, the use of messenger RNA seemed promising: It would teach cells to create a protein that would initiate an immune response against a specific pathogen.

Today, many more of us have heard of mRNA, as both the Pfizer-BioNTech and Moderna COVID-19 vaccines use messenger ribonucleic acid, or mRNA, as the active ingredient....

Colorado chili pepper fossil discovery may upend evolutionary timeline Terra Forming Terra





That at least puts an end to the idea that the plant family was limited to south America at all. It is clearly a plant of the western hemisphere and this may turn out to be true for most. what is certain is that bird carried seeds are easily moved north and south from the equatorial Amazon.

Of course recent traffic in domesticates has turned everything on it head and we are still adjusting to all of that and truly with much more to come.  Recent covers the past five thousand years as much was also moved dxuring the bronze Age including dairy Red Deer.

At least we are quite adventurous hwen it comes to trying out new plants and so we should.  After all we have been peddling toxicity regarding anything never mastered and tnhis has turned o.ut wrong headed often.  think potatoes and btomatoes..

.

Colorado chili pepper fossil discovery may upend evolutionary timeline

By Paul McClure
April 23, 2023

https://newatlas.com/biology/chili-pepper-fossil-upends-evolutionary-timeline/?

Researchers identified this fossil as a chili pepper due to its unique 'hat'. The discovery has caused scientists to rethink the plant's evolutionary timeline


Fossilized plants can provide much information about plant diversification and the planets geography and evolution. Researchers have discovered an ancient chili pepper from Colorado that may upend our understanding of when and where the plant originated.


The nightshade family of plants, Solanaceae, is large, with more than 2,000 species that include tomatoes, potatoes, bell peppers (capsicum), and...

Spanish Bishop: Behind Agenda 2030 lies an attempt to change civilisation, Terra Forming Terra


It is obvious that the globe is been confronted with literally a standard Communist Conspiracy whose AIM is obvious and has always been obvious, but whose methods have always been obscured.  Their arrogence is such that they will even brag about it all.

Understand something awfully basic.  In power, they have always chosen to slaughter the so called middle class.  Communism has been the single largest source of genocide on this planet.  Today the one child policy will collapse the Chinese population to under 500,000,000.  The COVID scheme promises at least to slaughter another 4.000.000.000 people.

Truth is none of you have ever chosen to support those aims and simply do not believe it is even possible.  The jury remains out on COVID.


Spanish Bishop: Behind Agenda 2030 lies an attempt to change civilisation, a new world order that will change peoples beliefs

BY RHODA WILSON 
ON APRIL 22, 2023 


https://expose-news.com/2023/04/22/agenda-2030-is-a-new-world-order-to-change-beliefs/

In an op-ed published by El diario Montas on 15 April, Bishop Manuel Snchez Monge of Santander, Spain, criticised sustainable development and its aims as codified by the United Nations Sustainable Development Goals (SDGs).

Behind Agenda 2030 lies an attempt to change civilisation, a new world order that will change the beliefs of individuals. It is a globalist system [ ] aimed at establishing an unelected and undemocratic world government, he wrote.

The following is Bishop Snchez Monges op-ed as translated by LifeSiteNews.


The 2030 Agenda and the New World Order
...

Lung storage technique offers 'paradigm shift' for transplants Terra Forming Terra




This has to apply to all other tissues as well and just why is that this is not understood back in the day when the work was done.  It strikes me that fine temperature control has been available for a long time.  Even with brine.

Likely a matter of some convenience.

As said, the real surpise here is that this is new at all


Lung storage technique offers 'paradigm shift' for transplants

By Michael Franco

April 21, 2023

https://newatlas.com/medical/lung-transplant-storage/

The new storage technique should mean that many more people who need lung transplants will be able to get them


The gold standard for storing lungs for transplant procedures has been to pack them in ice in coolers, which keeps them at roughly 4 C (39 F). But a look back at lung transplant research has revealed that there's an even better temperature at which to store donor lungs, which will dramatically improve the time during which they remain viable.


The first lung transplant was conducted in 1963. Since that time, when lungs are removed from patients, they are packed in a cooler with ice and rushed to the location of the recipient. Generally, this method can keep the lungs viable for roughly six to eight hours. Wondering if they could improve on this time, researchers led by a team of scientists from the University Health Network in Toronto looked back at experimental data from decades ago.

"Our approach to solving this problem was finding an optimal lung storage temperature (by) looking at data from experiments performed over 30 years ago, where lung transplant pioneers looked...

15:54

15:47

Wikimedia Foundation at LibrePlanet 2023 Techrights

Video download link

Summary: The above LibrePlanet talk was was uploaded by the FSF a week ago (PeerTube link; talks slides); From the official page: This talk will begin by shining some light on the vastness of Wikipedias technology landscape and the technical community behind it, supporting the development of projects in many different areas to set the room for understanding the need and role of developer advocacy for such a large community. It will then focus on the developer advocacys role in engaging the technical community behind Wikipedia and its sister projects, for example, through dedicated FOSS outreach, mentoring programs and events, awards and ceremonies for developer recognition, grants and partnerships, community metrics and health, platforms and services, developer portal, and more. Through this talk, the audience will gain insights into what a good return on investment means for such initiatives in nonprofit organizations and gather new ideas for building stronger developer communities.

Licence: CC BY SA 4.0

15:47

Roger Spitz joins our Futurists Board. Lifeboat News

Roger Spitz joins our Futurists Board. Roger is an international bestselling author, President of Techistential (Climate & Foresight Strategy), and Chair of the Disruptive Futures Institute.

15:32

The FDA Would Like to Remind You Not to Put Amniotic Fluid in Your Eyes SoylentNews

NotSanguine writes:

This report from Ars Technica details an important warning from the U.S. Food and Drug Administration

from the article:

For a sinister Shakespearian brew to conjure spirits, you're going to need to gather a variety of mystical herbs, like the scale of a dragon and the cool blood of a baboon (or maybe a spotted gecko). For eternal life, harvest a dead man's toe and a newt's saliva.

But if dry eye relief is all you seek, then the urine of a human fetus is what you'll needjust don't mention it to the Food and Drug Administration.

The regulatory agency posted a public safety notification warning people not to use eye drops with such ingredientsproducts more akin to hocus-pocus than modern medicine.

The eye drops are thought to contain amniotic fluid, the clear liquid that surrounds and cushions a human fetus as it incubates in a womb. Generally, amniotic fluid contains a variety of maternal and fetal excretions and secretions, but after the 10th week of gestation, it is largely fetal urine, with fetal lung secretions being another significant component.

Read more of this story at SoylentNews.

15:00

Bass Reactive LEDs For Your Car Hackaday

A view of the inside of a car, with drivers wheel on the left and control panel in the middle, with red LED light displayed in the floor area under the drivers wheel and passenger side.

[Stephen Carey] wanted to spruce up his car with sound reactive LEDs but couldnt quite find the right project online. Instead, he wound up assembling a custom bass reactive LED display using an ESP32.

...

12:45

This NASA Telescope Has Discovered 329 New Exoplanets in Just Five Years SoylentNews

upstart writes:

This NASA Telescope Has Discovered 329 New Exoplanets In Just Five Years - SlashGear:

One of the biggest areas of research in astronomy right now is the discovery of exoplanets, or planets outside our solar system. With over 5,000 exoplanets known and more being discovered every month, you might think that this field is well-established but in fact, it's rather recent, with the study of exoplanets only really taking off in the last decade or so. A big part of the explosion of exoplanet studies has been new tools that allow scientists to discover these far-off worlds more readily than ever before.

The new generation of exoplanet-hunting tools arguably began with the launch of the (now retired) Kepler Space Telescope in 2009, which ceased operations in 2018. But the baton was picked up by subsequent instruments, like NASA's Transiting Exoplanet Survey Satellite, also known as TESS. Launched in 2018, NASA recently released some figures for TESS's achievements from its first five years in space. In this time, TESS has discovered an impressive 329 new exoplanets, as well as discovering thousands more candidate exoplanets.

[...] TESS uses an exoplanet detection method called the transit method. This is where you look at the brightness of a given star over time. If there is a planet orbiting that star when it passes between us and the star (called a transit), the star's brightness will dip very slightly. If you observe that dip in brightness at regular intervals, you can work out whether there is a planet there and how quickly it orbits that star. The amount by which the brightness dips can also help give information on things like the planet's size or orbit too.

Read more of this story at SoylentNews.

12:00

Reading Ptolemys Treatise on the Meteoroscope On Palimpsests After Centuries of Recovery Attempts Hackaday

Ambrosianus L 99 sup., p. 190, ll. 1423, UV fluorescence image by Lumire Technology. Upside-down Latin overtext in dark brown and Greek undertext in light brown.

During the Middle Ages much of Ancient Greek and Roman scientific, legal and similarly significant texts written on parchment were commonly erased, mostly because of the high cost of new parchment and the little regard given to these secular texts. Although recovery attempts of the remaining faint outlines of the old text has been attempted since at least the 19th century, these often involved aggressive chemical means. Now researchers have managed to recover the text written by Ptolemy on a parchment that suffered such a pre...

10:28

NEW 'Off The Wall' ONLINE 2600 - 2600: The Hacker Quarterly

NEW 'Off The Wall' ONLINE

Posted 26 Apr, 2023 0:28:29 UTC

The new edition of Off The Wall from 04/25/2023 has been archived and is now available online.

"Off The Wall" - 04/25/2023
Download the torrent here

10:02

No Need to Recycle, These Disposable Coffee Cups are Made of Dirt SoylentNews

upstart writes:

You can smash these 3D-printed cups from GaeaStar on the ground and walk away:

Imagine the horrified looks you'd get if you dropped your paper coffee cup on the ground, stepped on it and walked away. A startup based in San Francisco and Germany says you can do exactly that with its cups, guilt-free.

GaeaStar is getting ready to introduce its 3D-printed, disposable clay cups to the US, after a successful trial period at coffee shops and ice cream parlors in Berlin. Watch the video above to learn more.

The cups are made from just three ingredients: dirt, salt and a small amount of water. Founder and CEO Sanjeev Mankotia told CNET he had the idea when he was visiting family in India and his cousin was drinking chai from a terracotta cup she bought from a street vendor. "She drank the cup, and then smashed it on the ground. And I was like, 'You're throwing something away that's creating litter.' And her reaction was, "It's made out of dirt, why is this an issue?"

Those terracotta cups, or "Kuhlars" have been used in South Asia for 5,000 years. They are typically never reused.

[...] According to GaeaStar, it can print a ceramic cup using about 60% less energy than it takes to create a plastic or paper cup, for about the same price. "When you scale it up, we feel that this could be priced in parallel or comparable to the incumbent cups in the market, if not cheaper."

[...] GaeaStar's long-term goal is to put its patent-pending 3D-printers in shops around the US, where cups could be printed on-demand in about 10 seconds. Mankotia says dirt can be sourced locally to save energy. In the meantime, you'll be able to find them in select Verve Coffee shops around California this year.

Original Submission

Read more of this story at SoylentNews.

10:00

HPR3843: LinuxLUGCast pre-show ramblings Hacker Public Radio

I first want to apologize for my crappy show notes. That out of the way. Welcome to LinuxLUGCast episode 217 the pre-show. Normally this gets tacked on to the end of the regular podcast, but Ken put out a call for shows and we figured this was the easiest way to get a show out. I was going to try to meet up with these same people on Mumble and talk about something technical for HPR, but let's be honest the conversation would probably still have turned into TV and movies, and we were already together and recording. Plus hopefully I can use this to convince other people to come and join the Lugcast. We record every first and third Friday of the month using mumble. Check out linuxlugcast.com for all the details.

A Dozen in One It Will Never Work in Theory

I've fallen behind on reviewing while prepping for this week's talks, so here are a dozen papers you might enjoy.

Brittany Johnson, Christian Bird, Denae Ford, Nicole Forsgren, and Tom Zimmermann. Make your tools sparkle with trust: the PICSE framework for trust in software tools. In ICSE SEIP. May 2023, https://www.microsoft.com/en-us/research/publication/the-picse-framework-for-trust-in-software-tools/.

The day to day of a software engineer involves a variety of tasks. While many of these tasks are collaborative and completed as such, it is not always possible or feasible to engage with other engineers for task completion. Software tools, such as code generators and static analysis tools, aim to fill this gap by providing additional support for developers to effectively complete their tasks. With a steady stream of new tools that emerging to support software engineers, including a new breed of tools that rely on artificial intelligence, there are important questions we should aim to answer regarding the trust engineers can, and should, put into their software tools and what it means to build a trustworthy tool. In this paper, we present findings from an industry interview study conducted with 18 engineers across and external to the Microsoft organization. Based on these interviews, we introduce the PICSE (pronounced "pixie") framework for trust in software tools to provide preliminary insights into factors that influence engineer trust in their software tools. We also discuss how the PICSE framework can be considered and applied in practice for designing and developing trustworthy software tools.

Arut Prakash Kaleeswaran, Arne Nordmann, Thomas Vogel, and Lars Grunske. A user study for evaluation of formal verification results and their explanation at bosch. 2023. arXiv:2304.08950.

Context: Ensuring safety for any sophisticated system is getting more complex due to the rising number of features and functionalities. This calls for formal methods to entrust confidence in such systems. Nevertheless, using formal methods in industry is demanding because of their lack of usability and the difficulty of understanding verification results. Objective: We evaluate the acceptance of formal methods by Bosch automotive engineers, particularly whether the difficulty of understanding verification results can be reduced. Method: We perform two different exploratory studies. First, we conduct a user survey to explore challenges in identifying inconsistent specifications and using formal methods by Bosch automotive engineers. Second, we perform a one-group pretest-posttest experiment to collect impressions from Bosch engineers familiar with formal methods to evaluate whether unde...

And That's a Wrap It Will Never Work in Theory

We just wrapped up our third set of lightning talksmany thanks to the presenters and to everyone who participated and asked questions. We raised over $4000 for Books for Africa, and we will post slides and recordings (including transcripts in English and Spanish) in the coming weeks.

Session 1

Rashina Hoda:
You asked for it: making sense of user feedback.
Prem Devanbu:
Leveraging the bimodality of software.
Raula Kula:
What do we know about libraries and their dependencies?
Sherlock Licorish:
Can genetic improvement enhance online code snippets?
Alexander Serebrenik:
Getting old: employability and experiences of veteran software developers.
Elvan Kula:
Understanding and predicting delays in large-scale software development.
Marcel Bhme:
On the surprising efficiency and exponential cost of fuzzing.
Ethel Tshukudu:
Understanding conceptual transfer in students learning new programming languages.
Gustavo Pinto:
Cognitive-driven development helps software teams to keep code units under the limit.
Kai Presler-Marshall:
Teaching c...

A Dozen in One It Will Never Work in Theory

I've fallen behind on reviewing while prepping for this week's talks, so here are a dozen papers you might enjoy.

Brittany Johnson, Christian Bird, Denae Ford, Nicole Forsgren, and Tom Zimmermann. Make your tools sparkle with trust: the PICSE framework for trust in software tools. In ICSE SEIP. May 2023, https://www.microsoft.com/en-us/research/publication/the-picse-framework-for-trust-in-software-tools/.

The day to day of a software engineer involves a variety of tasks. While many of these tasks are collaborative and completed as such, it is not always possible or feasible to engage with other engineers for task completion. Software tools, such as code generators and static analysis tools, aim to fill this gap by providing additional support for developers to effectively complete their tasks. With a steady stream of new tools that emerging to support software engineers, including a new breed of tools that rely on artificial intelligence, there are important questions we should aim to answer regarding the trust engineers can, and should, put into their software tools and what it means to build a trustworthy tool. In this paper, we present findings from an industry interview study conducted with 18 engineers across and external to the Microsoft organization. Based on these interviews, we introduce the PICSE (pronounced "pixie") framework for trust in software tools to provide preliminary insights into factors that influence engineer trust in their software tools. We also discuss how the PICSE framework can be considered and applied in practice for designing and developing trustworthy software tools.

Arut Prakash Kaleeswaran, Arne Nordmann, Thomas Vogel, and Lars Grunske. A user study for evaluation of formal verification results and their explanation at bosch. 2023. arXiv:2304.08950.

Context: Ensuring safety for any sophisticated system is getting more complex due to the rising number of features and functionalities. This calls for formal methods to entrust confidence in such systems. Nevertheless, using formal methods in industry is demanding because of their lack of usability and the difficulty of understanding verification results. Objective: We evaluate the acceptance of formal methods by Bosch automotive engineers, particularly whether the difficulty of understanding verification results can be reduced. Method: We perform two different exploratory studies. First, we conduct a user survey to explore challenges in identifying inconsistent specifications and using formal methods by Bosch automotive engineers. Second, we perform a one-group pretest-posttest experiment to collect impressions from Bosch engineers familiar with formal methods to evaluate...

09:48

F2FS & Btrfs Enjoy Some Nice Improvements With Linux 6.4 Phoronix

In addition to EXT4 seeing some performance optimizations and File-System (F2FS) drivers are also seeing some nice enhancements with this next Linux kernel version...

09:00

Insulin Pump Teardown Shows One Motor Does Many Jobs Hackaday

Modern insulin pumps are self-contained devices that attach to a users skin via an adhesive patch, and are responsible for administering insulin as needed. Curious as to what was inside, [Ido Roseman] tore down an Omnipod Dash and took some pictures showing what was inside.

...

08:15

[$] Nikola: static-site generation in Python LWN.net

Static-site generators are tools that generate HTML pages from source files, often written in Markdown or another markup language. They have built-in templates and themes, which allows developers to create lightweight and secure of these tools is Nikola, written in Python.

08:09

Corrupt Administration at the European Patent Office is Causing a Mental Health Crisis Techrights

Distress among DG1 examiners

Summary: Distress among DG1 examiners at the EPO is reported; after the notorious suicide wave under Benot Battistelli it seems like Antnio Campinos and his corrupt regime (he surrounded himself by unqualified friends of his, who barely understand patents but are eager to burn constitutions, laws, conventions etc. for a living) endanger the lives of examiners

THE push by the EPO for an illegal UPC (promoted by Mafia-esque elements, eager to blackmail their critics and exposers) was noted here many times before in effect a kangaroo court that would authorise illegal EPO policies and even European software patents a controversial practice of granting being the subject of recent leaks.

If the EU (or EC) fails to stop this, it too will suffer profoundly.Nothing substantial has improved at the EPO and immaterial progress isnt being made; theyre just flinging lots of crappy patents at the wall and hope some will stick (maybe with help from the impending but illegally-promoted kangaroo court).

The Central Staff Committee now warns that Search & Examination Practice[s] lead to Distress among DG1 examiners.

In this [already-sent] open letter, theyve told colleagues, they said to Steve Rowan [that] we note a worrying trend of distress among DG1 examiners currently confronted with radical changes in search and examination practice in their technical fields due to directives from their superiors, in several directorates. The work of these examiners has been supported and even praised by the Office for many years and their decisions have been generally upheld by the Boards of Appeals. They do not understand the sud...

08:00

Tuning glibc malloc on ARM: A Case Study Linux.com

Excessive Page faults can negatively imp

Click to Read More at Oracle Linux Kernel Development

The post Tuning glibc malloc on ARM: A Case Study appeared first on Linux.com.

07:36

07:15

SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times Security Affairs

A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks.

A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to conduct powerful volumetric DDoS attacks.

The Service Location Protocol (SLP) is a legacy service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. 

Researchers from Bitsight and Curesec reported that attackers exploiting this flaw can leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks. The experts pointed out that the flaw can allow achieving an amplification factor as high as 2200 times, which is one of the largest amplification attacks ever reported. 

The vulnerability impacts more than 2,000 organizations worldwide and over 54,000 SLP instances that are publicly exposed to the Internet, including VMWare ESXi Hypervisor, Konica Minolta printers, Planex Routers, IBM Integrated Management Module (IMM), SMC IPMI, and 665 other product types.

SLP

Bitsight reported the flaw to the U.S. Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) and impacted organizations.

In a reflective DoS amplification attack, the attacker sends small requests to a server with the spoofed source IP address of the victim. In turn, the server replies to the victims IP address, sending much larger responses than the requests, generating large amounts of traffic to the victims system.

Reflection coupled with service registration significantly amplifies the amount of traffic sent to the victim. The typical reply packet size from an SLP server is between 48 and 350 bytes. Assuming a 29 byte request, the amplification factor or the ratio of reply to request magnitudes is rou...

07:13

Linux Foundation Launches New Organization to Maintain TLA+ SoylentNews

upstart writes:

Linux Foundation launches new organization to maintain TLA+:

The LinuxFoundation, the nonprofit tech consortium that manages various open source efforts, today announced the launch of the TLA+ Foundation to promote the adoption and development of the TLA+ programming language. AWS, Oracle and Microsoft are among the inaugural members.

What is the TLA+ programming language, you ask? It's a formal "spec" language developed by computer scientist and mathematician Leslie Lamport. Best known for his seminal work in distributed systems, Lamport now a scientist at Microsoft Research created TLA+ to design, model, document and verify software programs particularly those of the concurrent and distributed variety.

[...] "TLA+ is unique in that it's intended for specifying a system, rather than for implementing software," a Linux Foundation spokesperson told TechCrunch via email. "Based on mathematical concepts, notably set theory and temporal logic, TLA+ allows for the expression of a system's desired correctness properties in a formal and rigorous manner."

TLA+ includes a model checker and theorem prover to verify if a system's specification satisfies its desired properties. The goal is to assist developers with reasoning about systems above the code level, uncovering and preventing design flaws (hopefully) before they evolve into bugs during the later stages of software engineering.

Read more of this story at SoylentNews.

06:03

Software Freedom Conservancy is Selling Verbal Thank-Yous So That Its Chief Can Earn a Quarter Million Dollars Per Year, Tax-Free Techrights

The people who give talks (i.e. actually work) do not get paid

SFC sponsors

SFC sells thank-yous

Summary: Just advertised by the greedy SFC is an upcoming event; the business model is rather telling (basically mimicking the Linux Foundation, where even the thanks are just sponsored words coming from someones mouth)

05:49

VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023 Security Affairs

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors.

VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors.

The STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF to hack the VMWare Workstation virtualization software. They earned $80,000 and 8 Master of Pwn points. 

The vulnerability CVE-2023-20869 is a stack-based buffer-overflow issue that resides in Bluetooth device-sharing functionality. A local attacker can exploit the flaw to execute code as the virtual machines VMX process running on the host.

The flaw CVE-2023-20870 is an information disclosure issue in the functionality for sharing host Bluetooth devices with the VM. An attacker can exploit the vulnerability to read privileged information contained in hypervisor memory from a VM.

The virtualization giant recommends as a workaround for both CVE-2023-20869 and CVE-2023-20870 to turn off the Bluetooth support on the virtual machine.

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 VOTE FOR YOUR WINNERS
Vote for me in the sections:

  • The Teacher Most Educational Blog
  • The Entertainer Most Entertaining Blog
  • The Tech Whizz Best Technical Blog
  • Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(...

05:45

System76-Scheduler 2.0 Released With PipeWire Integration, Performance Optimizations Phoronix

Last year the Pop!_OS software developers at System76 introduced system76-scheduler as a Rust-written user-space daemon intended to auto-configure CFS and dynamically manage process priorities. They've added various features to improve the Linux desktop responsiveness and performance while today they rolled out system76-scheduler v2.0 as the latest iteration of this process scheduler...

05:16

05:13

Deploy an application in Red Hat OpenShift on your laptop Linux.com

Now that your environment has been set up, deploy a sample application on an OpenShift Local cluster.

Read More at Enable Sysadmin

The post Deploy an application in Red Hat OpenShift on your laptop appeared first on Linux.com.

04:54

LibrePlanet Talk: Rayner Lucas and Tristan Miller on USENET and How Its Moderated Techrights

Video download link

Summary: The above LibrePlanet talk by Rayner Lucas and Tristan Miller is a remote (not physical presence) talk and it was uploaded by the FSF a week ago (slides here; PeerTube link); From the official page: Todays social media users are locked into proprietary platforms, under the control of a few large corporations. Users are not customers, but a product to be sold to advertisers. These companies have little reason to care about fostering healthy discussion, only to keep advertisers happy. But there is another model for social media. Federated social networks began with Usenet, a distributed system of discussion forums invented a decade before the World Wide Web. Since then, projects such as Mastodon and Diaspora have used open standards and common communication protocols to give users power to choose their own social media experience. What lessons can we learn from Usenet? What does it get right, and what could it do better? And does Usenet still have a place on the modern Internet?

Licence: GFDL 1.3

04:31

Simulating a Secure Future SoylentNews

hubie writes:

Next-generation silicon chips based on spintronics could improve global cybersecurity:

Imagine a movie about a rogue employee who breaches security in a company that implants chips inside half of the world's computers. They embed a Trojan in systems around the globe and hold the world to ransom.

This is not unimaginable, says Rajat Kumar, a Ph.D. student in Yehia Massoud's lab at KAUST. "A single company currently supplies more than half of the world's chips, and nearly all of the most advanced chips," he confirms.

Massoud's group researches emerging technology that could make chips more secure. A recent project reports multifunctional logic gates that offer users a range of hardware security advantages. These include better control over their devices, tamper protection, watermarking and fingerprinting, and layout camouflage.

"Even if a semiconductor foundry is highly trustworthy, an untrusted entity in the supply chain could tamper with chips," Massoud says.

[...] As a secure alternative, Kumar and colleagues explored polymorphic gates made from nanoscale structures consisting of an oxide layer sandwiched between two ferromagnetic layers. These structures, known as a magnetic tunnel junctions (MTJ), are easily switchable by reversing the relative orientation of magnetic spins of the ferromagnetic layers. This spin-based control makes MTJs examples of spintronic devices.

Kumar and colleagues thought the switchable properties of MTJs meant that they could be used to create polymorphic gates, whose configuration users could check and reconfigure, overwriting any nefarious settings. They showed that MTJs function as polymorphic gates in a way that prevents tampering and intellectual property piracy due to their symmetry at both circuit and layout level symmetry, obscuring their layout and making them hard to reverse engineer.

Journal Reference:
Kumar, R., Divyanshu, D,. Khan, et al., Y. Polymorphic hybrid CMOS-MTJ logic gates for hardware security applications. Electronics, 12, 902 (2023). DOI: https://doi.org/10.3390/electronics12040902

Original Submission

Read more of this story at SoylentNews.

04:25

Fedora 39 Wants To Ensure Your ESP Is Big Enough Phoronix

The latest feature planning around Fedora 39 for releasing later this year is around ensuring your EFI System Partition (ESP) is large enough for new functionality moving forward...

04:05

03:56

Git 2.40.1 & Other Updates Due To Three New Security Vulnerabilities Phoronix

Git 2.40.1 is out today due to three new security vulnerabilities being disclosed. Due to those security fixes there are also Git updates for prior stable series with v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9...

03:27

Links 25/04/2023: More Downtimes and Financial Woes at Microsoft Techrights

  • GNU/Linux

    • Kernel Space

      • GamingOnLinux Linux kernel 6.3 is out now heres some quick highlights

        Linus Torvalds announced the full release of Linux kernel 6.3, and with it plenty of the usual improvements everywhere.

      • MaskRay Linker notes on AArch32

        This article describes target-specific details about AArch32 in ELF linkers. I described AArch64 in a previous article.

      • Matt Rickard The ptrace syscall

        ptrace (process trace) is a system call in Unix and Unix-like operating systems that intercepts system calls. Its a powerful tool that enables tools like debuggers (e.g., gdb), reverse engineering tools, tracing, code injection, and even simple sandboxing. (see proot for an example of a ptrace sandbox). The most interesting part...

03:19

Git 2.40.1 (and several others) released LWN.net

There is a new stable Git release containing fixes for three separate security vulnerabilities. The fixes have also been backported to the older v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8, v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9 releases. Sites using Git in untrusted environments or with untrusted input should probably upgrade soon.

03:10

[ANNOUNCE] Git v2.40.1 and friends Open Source Security

Posted by Junio C Hamano on Apr 25

A maintenance release Git v2.40.1, together with releases for older
maintenance tracks v2.39.3, v2.38.5, v2.37.7, v2.36.6, v2.35.8,
v2.34.8, v2.33.8, v2.32.7, v2.31.8, and v2.30.9, are now available
at the usual places.

These maintenance releases are to address security issues identified
as CVE-2023-25652, CVE-2023-25815, and CVE-2023-29007. They affect
ranges of existing versions and users are encouraged to upgrade.

The tarballs are found at:...

03:04

03:02

Miscarriage and Stillbirths cryptogon.com

Via: Dr. John Campbell:

02:58

02:53

Japans ispace Seeks to Land First Private Spacecraft on the Moon cryptogon.com

Update: Lost Communications, Landing Probably Failed Live: Via: EL PAS: The Japanese probe Hakuto-R which is about the size of a large refrigerator will try to land in Atlas, an impact crater in the far north of the Moon, within the unexplored Mare Frigoris, or Sea of Cold. If it succeeds, it []

02:20

Robert F. Kennedy Jr. Wants a Law to Punish Global Warming Skeptics cryptogon.com

The article below is from 2015, but it doesnt matter, because, even if RFK Jr. had widespread supporthe doesntthe Democratic Party would simply screw him over. I dont know if I have the energy to do this again, but, as per the quadrennial routine in the U.S., heres whats going to happen: After more than []

02:18

Microsoft, Based in Redmond, is Exiting Redmond Amid Layoffs and Other Troubles (Updatedx2) Techrights

Recent: In One City Alone Microsoft Fired Almost 3,000 Workers This Year (Were Still in March)

Published 48 minutes ago

Microsoft (MSFT) to Downsize Office Space With Redmond Exit

Summary: Amid more layoffs this week (Azure is in trouble) and now that mainstream media is consistently predicting bad results for Microsoft (they will distract with AI smokescreen/vapourware*) its worth taking note of the new report (above)
______
* The pro-Microsoft AI trolls have infested our IRC network this week.

Update: The key part:

Microsoft currently occupies most of the space in Millennium Corporate Park. CBRE is marketing 497,193 square feet out of the 537,000 square-foot campus. This plan was followed by Microsofts earlier plans to reduce office space by 1.7 million square feet by not renewing leases in Bellevue and Issaquah. Microsoft has also put the development of campus expansion project on hold.

497,193 square feet out of the 537,000 square-foot campus is about 93%. So it sounds like theyre almost shutting it all down.

Update #2: Preview again and it is negative with blame-shifting. Notice how they blame other companies for this deceleration. So now instead of insisting that clown computing was all along the future its just this nebulous thing they call AI (they mean chatbots).

...

01:54

Decoding JUICE Daniel Estvez

JUICE, the Jupiter Icy Moons Explorer, is ESAs first mission to Jupiter. It will arrive to Jupiter in 2031, and study Ganymede, Callisto and Europa until 2035. The spacecraft was launched on an Ariane 5 from Kourou on April 14. On April 15, between 05:30 and 08:30 UTC, I recorded JUICEs X-band telemetry signal at 8436 MHz using two of the 6.1 m dishes from the Allen Telescope Array. The spacecraft was at a distance between 227000 and 261000 km.

The recording I made used 16-bit IQ at 6.144 Msps. Since there are 4 channels (2 antennas and 2 linear polarizations), the total data size is huge (966 GiB). To publish the data to Zenodo, I have combined the two linear polarizations of each antenna to form the spacecrafts circular polarization, and downsampled to 8-bit IQ at 2.048 Msps. This reduces the data for each antenna to 41 GiB. The sample rate is still enough to contain the main lobes of the telemetry modulation. As we will see below, some ranging signals are too wide for this sample rate, so perhaps Ill also publish some shorter excerpts at the higher sample rate.

The downsampled IQ recordings are in the following Zenodo datasets:

In this post I will look at the signal modulation and coding, and some of its radiometric properties. Ill show how to decode the telemetry frames with GNU Radio. The analysis of the decoded telemetry frames will be done in a future post.

Waterfall analysis

First I have computed a waterfall from the IQ recordings and analysed it using the same techniques as for Artemis 1. ATA antennas 1a and 5c were used to record. They have linear polarization feeds. Here I will show the data for antenna 1a. The plots for antenna 5c looks similar and can be seen in the Jupyter notebook.

This plot shows the power spectral density in each of the X and Y linear polarizations, and in the cross-correlation between X and Y. The signal is nominally circularly polarized (there seems to be some confusion as to whether it is RHCP or LHCP, and I cannot confirm this because I didnt calibrate the phase...

01:47

A Vegan Leather Made of Dormant Fungi Can Repair Itself SoylentNews

upstart writes:

The fungi can regrow, potentially fixing tears in items one day made from the alternative leather:

Imagine if a ripped leather jacket could repair itself instead of needing to be replaced.

This could one day be a reality, if the jacket is fashioned from fungus, researchers report April 11 in Advanced Functional Materials. The team made a self-healing leather from mushrooms' threadlike structures called mycelium, building on past iterations of the material to allow it to fix itself.

Mycelium leather is already an emerging product, but it's produced in a way that extinguishes fungal growth. Elise Elsacker and colleagues speculated that if the production conditions were tweaked, the mycelium could retain its ability to regrow if damaged.

That novel approach could offer inspiration to other researchers trying to get into the mycelium leather market, says Valeria La Saponara, a mechanical and aerospace engineer at the University of California, Davis.

Elsacker, a bioengineer now at the Vrije Universiteit Brussel, and her colleagues first grew mycelium in a soup rich in proteins, carbohydrates and other nutrients. A skin formed on the surface of the liquid, which the scientists scooped off, cleaned and dried to make a thin, somewhat fragile leather material. They used temperatures and chemicals mild enough to form the leather but leave parts of the fungus functional. Left dormant were chlamydospores, little nodules on the mycelium that can spring back to life and grow more mycelium when conditions are prime.

After punching holes in the leather, the researchers doused the area in the same broth used to grow it to revive the chlamydospores. The mycelium eventually regrew over the punctures. Once healed, the hole-punched areas were just as strong as undamaged areas however, the repairs were visible from one side of the leather.

Journal Reference:
DOI: https://onlinelibrary.wiley.com/doi/10.1002/adfm.202301875

Original Submission

Read more of this story at SoylentNews.

01:33

Bulgaria Approves Draft Law That Turns Pirate Site Operators Into Criminals TorrentFreak

pirate flagWhen countries are placed on the USTRs Watch List for failing to combat piracy, most can expect years of pressure punctuated by annual Special 301 Reports declaring more needs to be done.

Bulgaria was on the Watch List in 2015 when the USTR reported incremental progress in the countrys ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2013, Bulgarias Ministry of Culture had carried out 743 checks related to online copyright infringement but a year later, it conducted just 13 (pdf).

Still, the United States reported that Bulgaria was continuing its efforts to draft a new Criminal Code with the goal of significantly reducing piracy. That would eventually arrive, but not for quite some time.

Bulgaria Promises to Deliver

In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver. In the wake of that reprieve in 2020, local prosecutors filed just one copyright indictment. In the following year, not a single person was charged with a copyright infringement offense.

That led to a warning in the 2022 Special 301 Report that the USTR would conduct an Out-of-Cycle Review to assess if any material progress had been made.

In September 2022, Bulgaria was further criticized in a trade barriers report for poor IP protection and as recently as this month, the U.S. Intellectual Property Enforcement Coordinator reported (pdf) that these issues are just part of Bulgarias larger rule of law problems.

To this background, Bulgaria might ordinarily have found itself edging toward the Watch List once again, but last week it took a significant step that will be welcomed in the United States.

Draft Criminal Code Amendments

Just eight short years after the United States reported Bulgarias work on legal amendments, things appear to be coming together. Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue.

Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also consideri...

01:33

Intel Submits Long-Awaited Shadow Stack Support For Linux 6.4 Phoronix

While Intel Shadow Stack support has been around since Tiger Lake CPUs as part of Intel's Control-flow Enforcement Technology (CET), finally for the Linux 6.4 kernel is this security feature being enabled with the mainline Linux kernel...

00:55

A new Mirai botnet variant targets TP-Link Archer A21 Security Affairs

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks.

Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers.

The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability that resides in the locale API of the web management interface of the TP-Link Archer AX21 router. The root cause of the problem is the lack of input sanitization in the locale API that manages the routers language settings. A remote attacker can trigger the issue to inject commands that should be executed on the device.

The vulnerability was first reported to ZDI during the Pwn2Own Toronto 2022 event. Working exploits for LAN and WAN interface accesses were respectively reported by Team Viettel and Qrious Security. 

In March, TP-Link released a firmware update to address multiple issues, including this vulnerability.

ZDI reported that threat actors started exploiting the flaw after the public release of the fix, the attacks initially focused on Eastern Europe.

Threat actors are exploiting the flaw by sending a specially crafted request to the router that contains a command payload as part of the country parameter. The attackers send a second request that triggers the execution of the command.

Starting on April 11th, we began seeing notifications from our telemetry system that a threat actor had started to publicly exploit this vulnerability. reads the report published by ZDI. Most of the initial activity was seen attacking devices in Eastern Europe, but we are now observing detections in other locations around the globe.

...

Tuesday, 25 April

02:23

Fortunate Jet 22bet On Line Casino Play Lucky Jet For Real Money h+ Media

Fortunate Jet 22bet On Line Casino Play Lucky Jet For Real Money

Moreover, in 2020, 22Bet and Paris Saint-Germain, French League 1 football membership, signed a two-year deal. Advanced avid gamers spotlight six advantages that each individual may enjoy on 22Bet. 22Bet additionally has a horse racing book where you can see a good collection of horse and greyhound racing. These racing books comprise many competitions and tournaments from around the globe. The cell website allows you to filter the horse racing markets by completely different modes similar to 1v2, double probability, handicaps, and totals. At first glance, youll notice that the cell model is very comparable to the main PC web site.

Here, youll have the ability to see key leagues and matches from the left, all out there events in the primary part, and prime matches for quick bets on the best. The construction is similar in all obtainable apps, together with the 22bet PC app. Closer to the header, there may be a couple of filters that permit you to swap between varied odd sorts (Decimal, Hong Kong, UK, etc.). Here, you might also choose sports you have an interest in, examine your statistics, see outcomes, and so on.

All in all, over 200 cost strategies are supplied for purchasers of 22bet apk. You must have a registered account to access a spread of 22bet providers, together with sports betting, online casinos, digital sports activities and different merchandise. Please note that solely newbies from India whore of legal age can sign up and conduct monetary actions on 22bet. Numerous of the options listed under help customers in making probably the most of their experiences with sports activities betting and on line casino games at 22Bet. For further information on each function, see the record with particulars below.

Playing for free is a genuine option for Indian on-line casino gamers in all states, even Maharashtra. Its an effective way to test drive your casino with out having to make any kind of dedication or take on any kind of threat. The Indian-friendly on-line on line casino sites listed right here all supply free betting.

For example, you can guess on the outcome of the subsequent point in tennis or volleyball. In phrases of the desk video games on provide, these are additionally sturdy while additionally being very simple and simple to navigate round. Even those who are model new and signing up with their first on line casino website may have no downside discovering what they want. Over on the casino section you can see a variety of games together with popular Indian desk video games such asTeen Patti, Roulette and Andar Bahar amongst others.

Its rapid growth is substantiated by its wide range of handy deposit and withdrawal strategies which helps them rating the belief of its customer base. 22Bet supplies some exciting deals which are then positioned in a pool with genuine gamers, and the winnings ar...

01:01

1xbet Entry Is Denied How To Enter Utilizing Vpn Client 1xbet: The Best Betting App For Cell Sport-specific Coaching h+ Media

1xbet Entry Is Denied How To Enter Utilizing Vpn Client 1xbet: The Best Betting App For Cell Sport-specific Coaching

Roll-over the bonus amount you receive a minimum of 5 occasions on Accumulator bets of no less than three selections of min. odds 1.four (2/5) odds each. Place your wager near the minimal odds for a greater chance of receiving potential gains. Use your bonus throughout the 30-day restrict, and settle your bonus quantity during this time window to have the power to withdraw your bonus winnings.

To do that, please fill within the prolonged knowledge persona which includes passport knowledge. Upon initial withdrawal must submit delivery location scanned paperwork confirming identification. You can 1xBet registration on the webpage of 1xBet Ghana registration betting firm only after reaching the age of 18 years. If you wish to register for the 1xBet affiliate program you can do that when you go to partners1xbet.com and click on on Registration. It goes with out saying that you should fill all of the fields and once youre accomplished just wait for the affirmation email.

Youll have access to an incredible vary of decisions including Caribbean Stud, Bingo, Texas Holdem, Punto Banco, Pai Gow, and countless others. The casino has top games from the leading software providers, corresponding to Novomatic, Future Gaming Solutions, Playtech, Betsoft, Topgame. So, it doesnt matter what type of games youre on the lookout for, youll discover them simply and shortly at 1xBet. You can manually copy and try all 1 out there promotional codes to seek out the best discount, plus you possibly can accumulate the discount coupons with our choice of promotions and presents.

In most circumstances, gamers choose to 1xBet Ghana logon button fully, as a end result of the data is essential when filling in varieties, in order that there shall be no difficulty in withdrawing cash in the future. Lets face it; Out of the lots of, if not 1000s of top online casinos out there, for the unused eye all of them can appear considerably alike, and it can be hard to differentiate between them. So if you want to get pleasure from some many games 1xBet Casino has to offer you should download their mobile app. An 1xBet discount code is an alphanumeric code which, like coupons or paper low cost vouchers, allows you to obtain a onerous and fast discount or a share discount in your buy. So, along with the affordable costs and offers already out there on 1xBet, you can get an extra low cost on the whole of your cart or on transport. To use a 1xBet coupon, copy the related promo code to your clipboard and apply it whereas testing.

A digital first enterprise, 1xBet accepts greater than 250 payment options from everywhere in the world and provides around the clock customer assist in 30 languages. Just below, we are going to see the lists of the deposit strategies and withdrawal strategi...

IndyWatch Science and Technology News Feed Archiver

Go Back:30 Days | 7 Days | 2 Days | 1 Day

IndyWatch Science and Technology News Feed Today.

Go Forward:1 Day | 2 Days | 7 Days | 30 Days

IndyWatch Science and Technology News Feed was generated at World News IndyWatch.

Resource generated at IndyWatch using aliasfeed and rawdog