Bonum Certa Men Certa

Links 08/01/2023: SparkFun Turns 20



  • GNU/Linux

    • Audiocasts/Shows

      • VideoNew York Slaughters to Right to Repair Bill - Invidious

        This week in the Business News, LG is working on a paper-thin speaker while Android works on satellite-based SMS. Also, Apple tries to destroy the voice actors business and New York governor Hochul slaughtered the bill at the behest of Apple and Microsoft.

      • Open Source Startup PodcastE69: Train, Deploy, and Ship AI Products with Lightning AI by Open Source Startup Podcast

        Will Falcon is CEO of Lightning AI, the platform to build ML models and create Lightning Apps that “glue” together many leading ML lifecycle tools. The company's project, also called lightning, has over 21K stars on GitHub. Lightning AI has raised almost $60M from investors including Index Ventures, Coatue, and Bain. In this episode, we discuss the difference between open source traction and company potential, how to hire - especially early on, the importance of learning speed, Will's personal journey as a CEO, and more!

      • VideoTalking XeroG (XeroLinux GNOME) With DarkXero - Invidious

        Today, I am going to chat with DarkXero, the maintainer of XeroLinux. In this video, we discuss the newly created XeroG, which is XeroLinux with GNOME. What makes the creation of XeroG interesting is that XeroLinux has long been a KDE distro. So why the new GNOME flavor?

      • VideoNitrux OS – The Future Of Linux | Solid, Stable - Unbreakable - Invidious

        A video covering the newest release of Nitrux OS. Nitrux brings with it several changes that make it one of the most reliable, stable and solid distros out there.

    • Applications

      • Linux Links34 Best Free Linux Backup Software (Updated 2023)

        Backup software is used to perform a complete back up of a file, data, database, system or server. It enables users to make a duplicate of everything contained on the original source. This type of software is also used to perform a recovery of the data or system in the event of a disaster.

        Making file backups is an essential activity for all users, yet many users do not take adequate steps to protect their data. Whether a computer is being used in a corporate environment, or for private use, the machine’s hard disk may fail without any warning signs. Alternatively, some data loss occurs as a result of human error. Without regular backups being made, data will inevitably be lost even if the services of a specialist recovery organisation are used.

        While it has always been possible to use command line tools to backup files in Linux, this can be a daunting task for beginners and end-users. This article explores how making regular backups can be a painless task. We explore backup software with intuitive graphical interfaces, applications that backup systems with snapshots, whilst not forgetting the powerful command-line tools that exist.

    • Instructionals/Technical

      • University of TorontoSome thoughts on Prometheus Alertmanager's alert reminders

        Translated, this is how often you get a reminder about an alert (or a group of them) that is still active (and otherwise unchanged; if something changes in the group of alerts, that's a different configuration setting).

        We set our repeat_interval to 24 hours, and we recently came back from a holiday break where an alert triggered on December 28th and stayed on until we returned and fixed it, resulting in reminder email on the 29th, the 30th, and so on, none of which we were dealing with over the break. This has given me an opportunity to think about our setting and about alert reminders in general.

        The first question to ask yourself is whether an alert reminder is ever going to be useful. In some places the answer is probably 'no', for example if you have a dashboard of active alerts that people look at all the time. Otherwise, if an alert reminder is useful, you want to ask questions like what is it useful for, to who, and when. The answers for a 24/7 operations team with shift changes every six hours might be quite different than for a small group of university system administrators who only work regular office hours.

      • EarthlyAn Introduction to Linux Capabilities - Earthly Blog

        In Linux, capabilities are a way to assign specific privileges to a running process. They allow us to have more fine-grained control over the privileges that processes have on a Linux system.

        In this article, you’ll learn about capabilities in Linux. You’ll also learn how you can use capabilities in the context of Docker containers and Kubernetes.

      • Make Use OfHow Do You Use Ubuntu Core on a Raspberry Pi?

        Ubuntu is a popular Linux distro that offers stability, multiple flavors with graphical interfaces, and a community of enthusiasts to help support each other. If you strip away the bells and whistles from Ubuntu, what remains is Ubuntu Core.

        This is an OS that even the Raspberry Pi 2 is capable of running, not to mention later models such as the Pi 3 and 4. Pairing these two household names together will provide you with an outcome that is stable, frequently maintained, and well-supported for years to come.

        Let's dive into the possibilities that Ubuntu Core and Raspberry Pi are capable of together.

      • Linux HintHow to Use SCP from Windows to Linux

        In the Linux Operating system, we use the SCP command to copy the files or directories from our local machine to a remote server or from a remote server to our local machine. It can also be used to transfer the files between two remote servers using your local machine. It is a very useful command line utility and comes in handy when we need to transfer our files securely. SCP is the short form of Secure Copy Protocol. This command uses SSH keys or Secure Shell keys for the secure transfer of data.

      • Linux HintHow to Schedule a Crontab Job for Every Hour

        Sometimes, performing the same task again and again may become tedious. To automate this task instead of involving the assistance of humans, cronjobs are scheduled. Often, in Linux, the user has to run various scripts at the same time which becomes difficult to manage to reduce the workload of the user for executing the same task repeatedly. Cron is a utility that enables us to schedule the tasks according to our needs. Cron is a built-in utility which is provided by Linux. We don’t have to install it; we just simply schedule the tasks using some commands and files. Cronjob saves the time of the user by allowing them to manage their important task instead of repeating the same task again and again.

        If we want to send the emails to our clients or customers every week instead of performing it manually, we can automate this task by creating a cronjob. It is a type of utility that works silently on the backend but does not involve any human interaction with it. It is a simple text file that includes the commands that have to be executed and the time at which it is to be executed.

      • Linux HintHow to Use the Cat Command in Bash

        Practical guide on how to schedule a crontab job for every hour to run various scripts at the same time by scheduling the tasks using some commands and files.

      • Linux HintHow to Extract and Open a .GZ File in Linux Command Line

        The GZ file extension is a zipped archive that follows the gzip compression method (GNU zip). The “.gz” format is designed to substitute the compressed formats on Unix-like operating systems. GZ compression is used to compress the webpages to reduce the page load time. GZ files can be opened and extracted using both built-in and third-party applications on any system. Here, we use the methods of extracting the “.gz” file on the Linux terminal. The prerequisite that is required to unzip the .gz files is that we just need the command line interface which is the Linux terminal and the graphical user interface access, as well as access to the “.gz” file itself.

      • DebugPointWriting Macro in LibreOffice Impress: Getting Started

        This simple tutorial will show how to create your first Impress presentation macro in LibreOffice.

        Macro is used to automate various tasks from simple to complex. Like other macro tutorials for Calc spreadsheets, it is possible to automate Impress using Basic in LibreOffice.

      • UbuntubuzzLibreOffice Calc: How To Convert Numbers to Text

        This tutorial will show you an example of converting numbers to words with a function in LibreOffice Calc. It works by translating number, say 1234, into English words one thousand two hundred thirty four. The function in question is NUMBERTEXT, that spells numbers, and MONEYTEXT, that spells money currencies, all with translations to multiple languages including Chinese, German, Japanese, Korean, and Indonesian.

      • Make Use OfHow to Use the lsblk Command to List Block Devices on Linux

        lsblk is a command-line utility used for listing block devices on a Linux system. Block devices consist of storage devices that hold data in the form of blocks, which are, typically, hard disk drives (HDDs) or solid-state drives (SSDs).

      • LinuxStansThe Linux sleep Command - Tutorial and Examples

        The sleep command is used to delay the execution of scripts or commands in Linux (and other Unix systems). In this beginner-friendly tutorial, we’ll show you how to use the sleep command on Linux and what it does, and we’ll include helpful examples.

        You can use the sleep command on any Linux distro, including Debian, Ubuntu, Linux Mint, CentOS, and more. You can even use it on a Mac or other Unix-like systems. The command is available on all Linux distros, you don’t need to install it.

        In this tutorial, we’ll show you how to use the sleep command in the Terminal/shell/ssh and bash scripts. So you’ll need Terminal access to a Linux distro or SSH access to a Linux server.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • Debian: Coming soon! MycroftAI! KDE snaps update. - Scarlett Gately Moore

          I am excited to announce that I have joined the MycroftAI team in Salsa and working hard to get this packaged up and released in Debian. You can track our progress here:

          https://salsa.debian.org/mycroftai-team

          Snaps are on temporary hold while we get everything switched over to core22. This includes the neon-extension, that requires merges and store requests to be honored. Hopefully folks are returning from holidays and things will start moving again. Thank you for your patience!

  • Distributions and Operating Systems

    • Canonical/Ubuntu Family

      • 10 Best Linux Mint Themes of 2023 (Download Links) - DekiSoft

        One of the best ways to refresh your experience of Linux desktop is Theming, agree?. These are used to add a new experience, be it an icon or a full-fledged theme. A number of layouts are available for almost all the distros that provide versatility and style to the system. At the end of this article, you will have chosen one of the best Linux Mint themes and learned how to install them via the terminal.

        Before we move ahead keep in mind that in two ways you can customize your system; with suitable wallpapers and modifying the look of the system.

    • Open Hardware/Modding

      • SparkFun ElectronicsCellular Function for MicroMod - News - SparkFun Electronics

        Hello, friends! Welcome to 2023 and the First Friday Product post of the new year! This week, we are happy to bring up three new additions to the MicroMod ecosystem, all starting with the Blues Wireless Cellular Function Board! This board brings the NOTE-NBGL-500 Notecarrier and a 10-year subscription of data to your next MicroMod project. Following that, we have two new Main Boards for MicroMod, that you will need to start using the Function Board we just spoke of, with heavy feature changes to each of them that vastly improve on their functionality. We wrap the day with a new Arducam 64MP Camera Module that provides a new imaging sensor option for users.

      • SparkFun ElectronicsTop 20 for 20 Years

        It's hard to believe, but SparkFun has reached the impressive milestone of 20 years old! To celebrate this achievement, we've decided to make it a year-long celebration by offering special content and promotions throughout the year.

        [...]

        Make sure to head over and check out what our Founder had to say about our milestone!

      • SparkFun ElectronicsSparkFun Turns 20

        I guess I never really realized it, but as I look back at the history of SparkFun, it’s puzzles all the way down. SparkFun turns 20 years old this week, and next year I’ll have worked at SparkFun half of my life. Since SparkFun opened its doors, there was always work to do. The challenge of getting a little faster to market, writing a little cleaner code, open sourcing more technologies, and increasing the production yield rate a few fractions of a percentage more was, and continues to be, thrilling. I get to puzzle for work, and I’ve got a whole team of like minded folks that makes another twenty years of SparkFun sound absolutely delightful.

        [...]

        We're going to be celebrating SparkFun's 20th this whole year, stay tuned for more updates and looks back at our history.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Programming/Development

      • TecAdminGit Change Remote URL in Local Repository - TecAdmin

        Git is a distributed version control system that is widely used for tracking changes in source code during software development. It allows developers to collaborate on projects and keep track of their changes without the need for a central repository.

        Sometimes, it may be necessary to change the URL of a remote repository in a local Git repository. This can happen if the remote repository has been moved to a new location, if you want to use a different remote repository for your local project or if you want to change authentication methods like HTTPS to Git or vice versa.

      • Jumping RiversEnd-to-end testing with shinytest2: Part 1

        Automated testing is an essential part of any production-quality software project. Much of the focus in the R world, is on testing the individual components of a project (the functions, classes etc), but for those working with {shiny} applications there are great tools that can test your application as if a user was interacting with it. In this blog series, we focus on {shinytest2}, with which we can write tests from a user’s perspective.

      • Matt RickardWhat's Next After NextJS

        NextJS is the Ruby on Rails of modern development – fast, easy, and just enough framework to get a full web application up and running without getting in your way too much. The company behind the open-source project, Vercel, has successfully built a managed platform around the library that combines a CDN and edge functions to provide a fast, cheap, and scale-to-zero website that serves dynamic and static content.

      • Parallelizing and running distributed builds with distcc

        Parallelizing the compilation of a large codebase is a breeze with distcc, which allows you to spread the load across multiple nodes and speed up the compilation time.

      • Andre Alves GarziaTesting new micropub implementation ● AndreGarzia.com

        My original Micropub implementation was created with Racket and it served me well for a long time. Recently, I implemented MetaWeblog API using NodeJS and decided that keeping two very similar servers using different languages was not ideal. Instead of moving the MetaWeblog server to Racket, I decided to reimplement Micropub with NodeJS.

      • Henrik WarneThere Is No Software Maintenance | Henrik Warne’s blog

        Every time I hear about software maintenance as a distinct activity, I cringe. That’s because it is based on the outdated notion that first software is developed, then it is maintained. But that is not how software development works today. Software development does not have the two phases development and maintenance – it is a continuous process. Software maintenance is simply software development.

        [...]

        In the project model, you set out to develop a system. So you create a project, gather requirements, develop the software, and deliver the result. Any changes after this delivery are considered maintenance, be it changes to functionality or bug fixes. This is how I was taught software development works when I went to university a long time ago.

        There are two big problems with the project view of software development. The first is that it is almost impossible to decide how the system should work before you try it. As soon as you start using the system, you learn more about how it should work. This inevitably leads to changed requirements. Secondly, once the system works, you start to think of additional uses for it. In other words, the problem you are solving is open-ended (expanding uses), rather than clearly defined. In a sense, you are never finished, because what you want the system to do keeps expanding. This may seem counterintuitive, but for all systems I have worked on, I have been surprised at how we never ran out of features to add. The expansion is also fractal – you add new big features, but you also keep tweaking and expanding the behavior of existing features.

      • Linux HintWhile Loop Sum of Numbers in C++

        Today, we are going to get the sum of numbers in C++ programming language. If we want to add two numbers, we can easily add these numbers but what if we want to add 10 numbers or “n” numbers what can we do? The first method is that we can add numbers one by one and get the desired answer but it is time-consuming work in C++ programing language. To solve this problem, there are loops in C++ programming language that we can get the sum of numbers quickly by writing a few lines of code. We are using one of the loop types which is a while loop to get the sum of numbers in C++ programming language.

  • Leftovers

    • AntipopeNew guest blogger: qntm - Charlie's Diary

      My first new year's resolution for 2023 is to start inviting guest bloggers to post on my blog again—I slackened off after 2018—so here we are!

    • AntipopeMake Up a Guy - Charlie's Diary

      Or imagine that you were a witch and you could flick your wrist and curse any innocent passing toad with sudden humanity — a human body, a mouth, a name, free will, dreams. For the sake of argument let's say that they would be an adult, with an intellect appropriate for an adult. Maybe with a language or two; maybe amnesiac, but maybe with a cushion of forged past experiences to draw from. Other than that, what you would get is mostly random. (No, I'm not going to try to define a random variable on the set of all possible humans.)

      [...]

      Without having more information, I'm guessing, probably you would not do it. Because a brand new human being is a big deal. A whole pile of responsibilities, both on your part and on their part, a burden. Maybe technically they're an adult, but surely you're on the hook to look after them, at least for a short while. They're going to need help at first. Somewhere to stay, something to wear, something to eat. A job, a phone, glasses, vaccinations. All of this represents a fairly significant amount of effort on your part: a cost.

      And what's the benefit? Well, you get to watch the new person go out into the world and do their funny trait. Or traits. It seems to me as if most people show up with more than one. You don't have control over what those traits are, they're random, as I said, but it still seems like it would be a potentially rewarding overall transaction.

      This seems like something that a typical witch, having this power in their hand, would maybe never do, or maybe do a few times. But there would be a limit. Assuming that you had unlimited toads to hand, and the toads were totally up for it, would you create a thousand new people, all at once? Given how difficult — how expensive — it is to house, feed and clothe a thousand people, even briefly? Probably not.

    • Matt RickardCounterfactuals

      Counterfactuals, or statements that describe an alternative reality or outcome that did not occur in the past, are a fundamental part of human cognition. We use counterfactuals in many aspects of our lives, from evaluating the consequences of our actions to making decisions about the future. Counterfactual thinking can be an interesting tool, and even more interesting when we have actual data to contrast.

    • Andre Alves GarziaThe Goblin Den ● AndreGarzia.com

      Zix got the quest from a notice board in the tavern. Goblins were plaguing the city and of course the city watch didn’t care. It was up to the city watch rejects to go clear that mess.

    • Science

      • Idle WordsWhy Not Mars (Idle Words)

        The goal of this essay is to persuade you that we shouldn’t send human beings to Mars, at least not anytime soon. Landing on Mars with existing technology would be a destructive, wasteful stunt whose only legacy would be to ruin the greatest natural history experiment in the Solar System. It would no more open a new era of spaceflight than a Phoenician sailor crossing the Atlantic in 500 B.C. would have opened up the New World. And it wouldn’t even be that much fun.

        The buildup to Mars would not look like Apollo, but a long series of ISS-like flights to nowhere. If your main complaint about the International Space Station is that it’s too exciting and has a distracting view of Earth out the window, then you’ll love watching ISS Jr. drift around doing bone studies in deep space. But if you think rockets, adventure, exploration, and discovery are more fun than counting tumors in mice, then the slow and timorous Mars program will only break your heart.

        [...]

        Mars is also not the planet we took it for. The first photos Mariner 4 sent back in 1965 were shocking; instead of bucolic canals they showed a waterless, cratered wasteland not much different from the Moon. Ten years later, the Viking landers confirmed that Mars was a frozen, desiccated world bathed in sterilizing radiation, where any Earth creature that arrived unprotected would be dead before it hit the ground.

      • John GruberStudy Suggests That Hardware Buttons in Cars Are Safer and Quicker to Use Than Touchscreens

        We’re not going back to hardware buttons for everything, but we have a long way to go until touchscreens surpass the usability of familiar hardware buttons.

      • IEEEBig Trouble in Little Interconnects - IEEE Spectrum

        At the outer edges of Moore’s Law, connecting components is increasingly the game

      • Particles of Light May Create Fluid Flow, Data-Theory Comparison Suggests | BNL Newsroom

        A new computational analysis by theorists at the U.S. Department of Energy’s Brookhaven National Laboratory and Wayne State University supports the idea that photons (a.k.a. particles of light) colliding with heavy ions can create a fluid of “strongly interacting” particles. In a paper just published in Physical Review Letters, they show that calculations describing such a system match up with data collected by the ATLAS detector at Europe’s Large Hadron Collider (LHC).

        As the paper explains, the calculations are based on the hydrodynamic particle flow seen in head-on collisions of various types of ions at both the LHC and the Relativistic Heavy Ion Collider (RHIC), a DOE Office of Science user facility for nuclear physics research at Brookhaven Lab. With only modest changes, these calculations also describe flow patterns seen in near-miss collisions, where photons that form a cloud around the speeding ions collide with the ions in the opposite beam.

      • InfoQGoogle Publishes Technique for AI Language Model Self-Improvement

        Researchers at Google and University of Illinois at Urbana-Champaign (UIUC) have published a technique called Language Model Self-Improved (LMSI), which fine-tunes a large language model (LLM) on a dataset generated by that same model. Using LMSI, the researchers improved the performance of the LLM on six benchmarks and set new state-of-the-art accuracy records on four of them.

        The team began with a pre-trained 540B parameter PaLM model. The model was given as input questions from an unlabeled training dataset, along with chain-of-thought prompts. The model generated answers for these questions, which were then used along with the inputs as a fine-tuning training dataset. The fine-tuned model was then evaluated on a suite of benchmark datasets for three different natural language processing (NLP) tasks: arithmetic reasoning, commonsense reasoning, and natural language inference. On four of the benchmarks---ARC-c, OpenBookQA, ANLI-A2 and ANLI-A3---the model outperformed previous records.

      • The Physics of Us | Omnia

        Physicists are studying how living matter works, and find that it breaks the standard rules and produces fascinating new phenomena.

        The James Webb telescope is showing us our universe in vibrant new detail. Some physicists, though, are looking in another direction: at us and other living matter here on Earth, from the cilia in lungs to the vasculature in leaves to the neurons in brains. What they’re finding is equally marvelous, and it’s challenging some of the current understanding of physics.

        Ultimately, they’re working to discover the rules that govern how matter lives and evolves, and their research may lead to better medicine, robotics based on biology, and an expanded understanding of the physical and biological world.

      • ACMComputing Divided: How Wide the Chasm?
      • uni MITA simpler path to better computer vision

        New research reveals a scalable technique that uses synthetic data to improve the accuracy of AI models that recognize images.

      • ACMComputers Aid Dentistry

        Americans get fitted with 2.3 million dental crowns a year, according to the American College of Prosthodontists. Anyone who has had one knows the fitting of a dental crown is usually a lengthy, multistep procedure.

        The standard process (once the tooth is prepared) starts with the dentist taking an impression of the tooth using a horseshoe-shaped tray filled with a putty-like substance. The impression is sent off to a laboratory that makes a model of the tooth from the mold, scans the model, and manufactures a crown to fit. It can take two to three weeks for the permanent crown to come back from the lab, and during that time the patient has to wear a temporary version, usually a cruder tooth-sized "cap." Finally, the patient returns to the office to have the permanent crown placed and reshaped as necessary.

      • Novel 3D Printing Method to Fabricate Complex Metal–Plastic Composite Structures - Waseda University

        Researchers from Japan and Singapore have developed a new 3D printing technique to create precise patterns on the external and internal surfaces of 3D plastic structures

        In recent years, research interest in the 3D printing of metal patterns on plastic parts has grown exponentially, due to its high potential in the manufacturing of next-generation electronics. But fabricating such complex parts through conventional means is not easy. Now, researchers from Japan and Singapore have developed a new 3D printing process for the fabrication of 3D metal–plastic composite structures with complex shapes.

      • uni MITBusy GPUs: Sampling and pipelining method speeds up deep learning on large graphs

        New technique significantly reduces training and inference time on extensive datasets to keep pace with fast-moving data in finance, social networks, and fraud detection in cryptocurrency.

      • Scientific AmericanEinstein's Greatest Theory Just Passed Its Most Rigorous Test Yet - Scientific American

        Scientists have demonstrated that Einstein's theory of general relativity is correct to a remarkable degree of accuracy, despite having been around for more than a century.

        The team behind the research wanted to test a component of Einstein's theory of general relativity called the weak equivalence principle, which states that all objects, regardless of their mass or composition, should free-fall the same way in a particular gravitational field when interference from factors like air pressure is eliminated. To do so, the scientists measured the acceleration of free-falling objects in a French satellite called MICROSCOPE, which launched in 2016.

      • Ars TechnicaStoke Space aims to build rapidly reusable rocket with a completely novel design

        Andy Lapsa went to the best aerospace engineering schools. He then worked very hard to help advance the development of some of the most advanced rocket engines in the world at Blue Origin. But in 2019, after a decade in the industry, he felt like the spaceflight future he was striving toward—rapidly reusable rockets—had not gotten much closer.

    • Health/Nutrition/Agriculture

      • Steerable soft robots could enhance medical applications - EPFL

        Over the past decades, catheter-based surgery has transformed medicine, giving doctors a minimally invasive way to do anything from placing stents and targeting tumors to extracting tissue samples and delivering contrast agents for medical imaging. While today’s catheters are highly engineered robotic devices, in most cases, the task of pushing them through the body to the site of intervention continues to be a manual and time-consuming procedure.

        Combining advances in the development of functional fibers with developments in smart robotics, researchers from the Laboratory of Photonic Materials and Fiber Devices in EPFL’s School of Engineering have created multifunctional catheter-shaped soft robots that, when used as catheters, could be remotely guided to their destination or possibly even find their own way through semi-autonomous control. “This is the first time that we can generate soft catheter-like structures at such scalability that can integrate complex functionalities and be steered, potentially, inside the body,” says Fabien Sorin, the study’s principal investigator. Their work was published in the journal Advanced Science.

    • Proprietary

      • Barry HessWhy Does My Apple TV Suck? :: Barry Hess :: bjhess.com

        It has been almost fifteen years since I moved from the Microsoft world to the Mac world. At this point basically all my computing products are Apple. While I would argue that I’m no fanboy, I’m sure I still have friends who would say otherwise.

    • Security

      • MandiantEven the Battlefield: Know More About Your Attack Surface Than the Adversary [Ed: Don't use Microsoft products. Use a stack you know and can control.]

        Adversaries have a giant attack surface to discover when they target and attack your organization. To defend against these increasingly sophisticated threat actors, organizations must understand their digital footprint better than the adversary. This is easier said than done. It is a big challenge for defenders to know everything going on within the networks they’re charged with defending. Attackers know this and will seek out areas that commonly introduce risk, finding weaknesses to exploit that lead to compromise.

        [...]

        Assessing risk from third-party software includes taking inventory of the technologies leveraged around the organization and evaluating how the software is deployed. Suppose you are following the traditional software deployment model on your own systems. In that case, you need to have a complete understanding of the full number of additional packages and libraries necessary for that software to run. Information technology infrastructure operations (ITIO) often install library dependencies as part of their deployment methodology for the software. However, if your team is actively writing public-facing applications, you now must deal with the Open Source and other third-party libraries introduced as part of said application. This includes database middleware, application plugins, and microservices, web content distribution services, and other items included in the DevOps process. You also need to consider all the network devices themselves sitting out in front of the services you provide. So, you’ll need an accurate understanding of every domain, IP address, and software version exposed to the internet when you think about how an adversary will perform reconnaissance against you.

      • MandiantTurla: A Galaxy of Opportunity | Mandiant [Ed: This is about the mess that Microsoft Windows is]

        In September 2022, Mandiant discovered a suspected Turla Team operation, currently tracked as UNC4210, distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. Mandiant discovered that UNC4210 re-registered at least three expired ANDROMEDA command and control (C2) domains and began profiling victims to selectively deploy KOPILUWAK and QUIETCANARY in September 2022.

        ANDROMEDA was a common commodity malware that was widespread in the early 2010’s. The particular version whose C2 was hijacked by UNC4210 was first uploaded to VirusTotal in 2013 and spreads from infected USB keys. Mandiant Managed Defense continues to observe ANDROMEDA malware infections across a wide variety of industries, however, Mandiant has only observed suspected Turla payloads delivered in Ukraine.

        [...]

        The version of ANDROMEDA that was installed to C:\Temp\TrustedInstaller.exe (MD5: bc76bd7b332aa8f6aedbb8e11b7ba9b6), was first uploaded on 2013-03-19 to VirusTotal and several of the C2 domains had either expired or been sinkholed by researchers. When executed, the ANDROMEDA binary established persistence by dropping another ANDROMEDA sample to C:\ProgramData\Local Settings\Temp\mskmde.com (MD5: b3657bcfe8240bc0985093a0f8682703) and adding a Run Registry Key to execute it every time the system user logged on. One of its C2 domains, “suckmycocklameavindustry[.]in,” which had expired, was found to be newly re-registered on 2022-01-19 by a privacy protected registrant using Dynadot as the registrar. UNC4210 used this C2 to profile victims before sending the first stage KOPILUWAK dropper if the victim was deemed interesting.

      • SlashdotNew Linux Malware Downloader for Compromised Servers Spotted in the Wild [Ed: Slashdot editors continue to stigmatise Linux as not secure... citing Microsoft sites as "sources"]

        "A new Linux malware downloader created using SHC (Shell Script Compiler) has been spotted in the wild," reports the site Bleeping Computer, "infecting systems with Monero cryptocurrency miners and DDoS IRC bots...

      • Privacy/Surveillance

        • Terence EdenPoorly folded letters lead to exposure of medical data

          As it happens, I'm not particularly concerned about who knows I had a fairly normal medical procedure. I've blogged a bit about it and Tweeted about the experience in an attempt to de-stigmatise it.

          [...]

          Thankfully, the letter told me that I didn't need an additional screening. Which was something of a relief.

          Now, if you'll excuse me, I need to find the Data Protection Officer and become a pain in their arse!

    • Defence/Aggression

      • The Wall Street JournalUkraine Has Digitized Its Fighting Forces on a Shoestring

        Ukraine has achieved a cut-price version of what the Pentagon has spent decades and billions of dollars striving to accomplish: digitally networked fighters, intelligence and weapons.

      • CNNThe Christmas bombings: A US airman recalls the Vietnam War's Operation Linebacker II, 50 years on | CNN

        It was one of the heaviest bombardments in history. A shock-and-awe campaign of overwhelming air power aimed at bombing into submission a determined opponent that, despite being vastly outgunned, had withstood everything the world’s most formidable war machine could throw at it.

        Operation Linebacker II saw more than 200 American B-52 bombers fly 730 sorties and drop over 20,000 tons of bombs on North Vietnam over a period of 12 days in December 1972, in a brutal assault aimed at shaking the Vietnamese “to their core,” in the words of then US national security adviser Henry Kissinger.

        “They’re going to be so god damned surprised,” US President Richard Nixon replied to Kissinger on December 17, the eve of the mission.

      • PC MagDell to Stop Using Chips Made in China Before the End of 2024 [Ed: Stupid nationalism. As if chips made in the US are secure. It's a matter of whose back doors and the US government's spying arguably poses greater risk.]

        As Nikkei Asia reports(Opens in a new window), according to three people with direct knowledge of the matter, the decision is in response to ongoing tensions between the US and China. On top of that, US sanctions limit China's access to the latest semiconductor manufacturing hardware and create an uncertain future for the technology sector in the country.

        Dell's aim to no longer source chips from within China extends to its suppliers, who the company is urging to "significantly reduce" the components they source from China, too. If they don't, they could lose orders from Dell.

    • Environment

      • Energy/Transportation

        • David RosenthalMatt Levine's "The Crypto Story": Postscript

          Sam Bankman-Fried's implausible PR strategy since his companies collapsed has been to claim that he "f**ked up", that it was simply a mistake and no-one had evil intent. Matt Levine has a post-FTX postscript to The Crypto Story entitled How Not to Play the Game providing a somewhat less implausible explanation. Below the fold I explain why Levine is still too generous to SBF.

          [...]

          All of these were published on 22nd December, and they all show that the fraud started in 2019. The cryptocurrency markets peaked in November 2021, so Levine's idea that SBF and others only started cheating after the market moved against them is wrong.

          Given that unregulated exchanges inevitably exploit their home-field advantage to capture profits that should rightfully accrue to their customers, it appears that the reason SBF set up the FTX exchange was that Alameda was missing out on profits by trading on exchanges such as Binance. By establishing their own exchange and, as the guilty pleas of Ellison and Wang admit, exploiting FTX's home-field advantage by enabling Alameda to front-run trades, avoid liquidations, and borrow unlimited funds, Alameda could rip off others the way they believed they had previously been being ripped off. The fraud at FTX wasn't a response to Alameda no longer winning at the game it was playing, it was the whole point of FTX right from the start.

      • Wildlife/Nature

        • AAASAre these bumble bees playing with toys? | Science | AAAS

          First example of insects seemingly having fun with objects adds to evidence for emotions

          Playtime isn’t just for children. Lab-kept bumble bees roll small wooden balls around for no apparent purpose other than fun, a new study reveals. The finding supports evidence that bees experience pleasure, researchers say, highlighting the importance of protecting them in the wild and treating them well when they’re kept in hives.

    • Finance

      • Kids Don’t Want Cash Anymore–They Want ‘Robux’

        Like many parents, Greg and Selena Robleto offered to pay their kids for doing household chores. The couple quickly learned their money was no good.

      • CNBCCompanies can ‘hire’ a virtual person for about $14k a year in China

        Tech company Baidu said the number of virtual people projects it's worked on for clients has doubled since 2021, with a wide price range of as little as $2,800 to a whopping $14,300 per year.

        [...]

        As the tech improves, costs have dropped by about 80% since last year, he said. It costs about 100,000 yuan ($14,300) a year for a three-dimensional virtual person, and 20,000 yuan for a two-dimensional one.

    • Civil Rights/Policing

      • ACMCyberlaw: Where We Are and What's On the Horizon

        Cyberlaw deals with the legalities of our interactions with technologies and one another in cyberspace. It is an umbrella term that encompasses matters as diverse as cybersecurity, data privacy, social media, artificial intelligence, autonomous weapons, and cryptocurrency.

        New products, platforms, capabilities, and threats are constantly emerging. It is the job of lawmakers to determine how they fit into existing legal frameworks, and to create new legislation when they do n0t. However, establishing agreements has proven challenging at the country level and internationally alike, and it is an area of law that is increasingly impacted by geopolitics.

        Here, we look at some existing and upcoming cyber legislation and lay out what remains up for discussion and debate.

      • Teaching Aleksandr Solzhenitsyn’s The Gulag Archipelago in Prison

        There are many disturbing similarities between the brutality imposed on Stalin’s victims and the injustices endured by the incarcerated in federal and state prisons.

    • Monopolies

      • Copyrights

        • AdafruitWelcoming 1927 to the Public Domain

          Come early January, I’m full on itching to wet-dog shake the piles of last year’s top ten lists from my oversaturated brain. I don’t want to know what was great from last year that I missed! Last year is so over! You know what’s in? And free in the public domain? Boatloads of gems made in 1927. Personally, I will be swan diving into the periodicals section.

  • Gemini* and Gopher

    • Personal

      • Unsettled, work to do

        Ho ve, I feel like I have a lot of stuff to do. I probably don't actually have that much stuff to do, but whatever — just gotta divide & impera.

      • ulises and gi joe

        the following post is in english

        when I was 6 years old I met my best friend for a while (at least until 5th grade). I don't like complaining, but I think I did not socialize much with other kids because of my parents' rules on going out. ulises lived in front of the elementary school (the second one I attended) and lived with his mother and two younger siblings. his dad was in an unspecified place in america (I don't know what kind of job he had). this is very common in guanajuato, but of course at the time I had no idea.

      • A mini-setting to start your Halberts campaign

        Halberts is the English translation of Helmbarten, a Fantasy Traveller role-playing game. “Fantasy” means it has magic and no guns, “Traveller” means it uses 2d6, random character creation, and no gaining of levels once play begins. Your attributes and skills are as good as they are ever going to be.

      • 🔤SpellBinding: ADEGRTX Wordo: OUTER
      • Today's date happens more frequently on Sunday than any other day of the week

        Five years ago [1], I posted that January 8^th is less like to occur on Monday. At the time, I just accepted it, but when I recently came across that post a few days ago, I figured I should actually see if that's true.

      • New Years Goals

        I haven't run a 5k (or 10k) race since before the pandemic. Then the world seemed to end! In 2022 the 5k's, 10k's etc came back in my area, but I didn't run in them.

        I've been heading to the gym a lot lately, to get my endurance and speed back up. By the time the races are going again, in May/June, I hope to be in good enough shape to run a decent race!

      • Daniel MiesslerMy Answer to the “ChatGPT Isn’t Really Creative” Argument

        Human brains are just as much of a black box as GPT.

    • Technical

      • Games

        I mentioned here several games and board games important to me. I am playing them occasionally, so I'm a casual player in today's nomenclature. I don't have any game console unpacked and set up in a living room or something like that.

        There is also always difficult to find a proper environment to play. For example, Dwarf Fortress has high hardware requirements, especially in the later stages of the game. TTD is the most accessible thanks to its open port.

      • Games
      • Internet/Gemini

        • Getting rid of google: the easy stuff

          Needless to say, Google is the biggest search engine in the world, that's what it's known for and what it started as anyways.

        • Changing DNS server

          Happy New Year, Geminauts! Some time in the coming week I am going to move the DNS records for the circumlunar.space domain to a new nameserver. The gemini.circumlunar.space server itself will remain up the whole time and none of its IP addresses are going to change, so in theory nobody should notice this happen, even if it takes some time for the changes to propagate to your ISP's DNS server. But just in case something unexpected happens and you are not able to access gemini.circumlunar.space, don't panic! It's definitely an accident, I am almost certainly aware of it or will be shortly, and it'll be fixed ASAP.

        • Reading list added

          It was a fun experience to piece this list back together from a combination of memory, notes I'd left in the BOOKS section of the Circumlunar BBS, email receipts from online bookstores, and so on. Surprising, too! Ever since roughly two years ago I gave myself permission to start accumulating physical paper books again, reading has *felt* like it loomed larger in my life than it did before. I could have sworn I was reading a lot more. And I guess I am a bit, and certainly more non-fiction, but honestly, nowhere near as much more as I thought.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

BetaNews is Run and Written by Bots That Make Clickbait
At least one author is doing this
Technology: rights or responsibilities? - Part VIII
By Dr. Andy Farnell
GNU/Linux Reaches All-Time High in Europe (at 6%)
many in Europe chose to explore something else, something freedom-respecting
Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
 
[Meme] Microsoft: Our "Hey Hi" Hype is Going So Well That We Have MASS Layoffs Every Month. Makes Sense?
Contradiction
Latest Mass Layoffs at Microsoft Are Confirmed, Bing and Vista 11 Losing Market Share
They tried to hide this. They misuse NDAs.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 24, 2024
IRC logs for Sunday, November 24, 2024
Gemini Links 25/11/2024: Purity and Cory Doctorow's Ulysses Pact, Smolnet Portal and SGI
Links for the day
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day