I am excited to announce the general availability of Amazon Linux 2023 (AL2023). AWS has provided you with a cloud-optimized Linux distribution since 2010. This is the third generation of our Amazon Linux distributions.
Every generation of Amazon Linux distribution is secured, optimized for the cloud, and receives long-term AWS support. We built Amazon Linux 2023 on these principles, and we go even further. Deploying your workloads on Amazon Linux 2023 gives you three major benefits: a high-security standard, a predictable lifecycle, and a consistent update experience.
Let’s look at security first. Amazon Linux 2023 includes preconfigured security policies that make it easy for you to implement common industry guidelines. You can configure these policies at launch time or run time.
Amazon has released a new version of its vaguely Fedora-based, cloud-optimized distribution.
Amazon Linux 2023 is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running EC2 instances and other services. This distribution includes full support for five years.
Linus Torvalds released 6.3-rc1 and closed the 6.3 merge window as expected on March 5. By that time, 12,717 non-merge commits (and 848 merges) had found their way into the mainline kernel; nearly 7,000 of those commits came in after the first-half merge-window summary was written. The second half of the 6.3 merge window was thus a busy time, with quite a bit of new functionality landing in the mainline.
While the 6.3 kernel has gained more support for the Rust language, it still remains true that there is little that can be done in Rust beyond the creation of a "hello world" module. That functionality was already available in C, of course, with a level of safety similar to what Rust can provide. Interest is growing, though, in merging actually useful modules written in Rust; that will require some more capable infrastructure than is currently present. A recent discussion on the handling of time values in Rust demonstrates the challenges — and opportunities — inherent in this effort.
Asahi Lina, who is implementing a graphics driver for Apple hardware in Rust, has posted a number of pieces of Rust infrastructure, including a module for timekeeping functions.
The ultimate cause of this is Linux's NFS export permissions model. In many NFS servers, export settings are attached to the export point, such as /w/435, and these settings include what clients have access and so on. In Linux, you have things, such as netgroups, that have a collection of export settings for a particular export point. This creates a natural model for giving different clients different sets of permissions and attributes, but it also means that all export attributes are per-client, including ones such as fsid=. And since the filesystem id is necessarily part of the NFS filehandle, NFS filehandles as a whole can be different between different clients.
I actually implemented it in U-Boot first, but I thought the Linux side of it would be more fun to share. If you want to see what was involved on the U-Boot side, see this commit from my fork of U-Boot.
Penguins -eggs is a console utility that allows you to remaster your Linux system and create an installable ISO from the live system. Using Penguins-eggs, you can create both live and installable version of your current Linux machine, with or without user data.
Penguins-eggs creates a compressed filesystem from your current Linux system by removing user data and the users. You can then fully customize the resulting ISO with themes and addons to make it look like your own Linux distribution.
To put this in layman terms, you can backup your whole install, including all of your personal data (files, documents, PDFs, music, videos…etc), that is currently running right now on your internal SSD/HDD and create an ISO. You can put the ISO in your external USB and carry a live operating system. Just plug the USB, boot the ISO and start using your portable Linux operating system anywhere. It's that simple!
PHPUnit is a software testing framework published under a GPL license for PHP coders. It is popular among PHP developers to write custom tests for their code to benchmark its performance.
If you need to share files and folders with other users on your network from your Linux desktop, we can walk you through the process.
The tar in Linux is a commonly used lightweight command line tool for creating file archives and compressing them. Not only for archiving, but users can also use it for extracting, and manipulating existing archives as well.
MSSQL Server or Microsoft SQL Server is an RDBMS (Relational Database Management System) developed by Microsoft. This tutorial will show you how to install and use Microsoft SQL Server on Debian 11.
OTRS is an open-source Ticket Request System that helps organizations process customer tickets and requests. This post will explain how to install OTRS on Debian 11 server.
In Linux, directories (or folders) are an essential part of the file system and renaming directories can be useful when organizing your files. While it is a simple task, and there are Linux Terminal commands to make it even easier for you, things might get confusing initially if you are a beginner. Renaming a directory in Linux is a simple process that can be done using the command-line or the graphical interface. In this article, we will show you how to rename a directory in Linux using both of these methods.
To schedule a command or script to run at some particular time, the at command is perfect and provides many options for specifying the time you want it to run. It will set the task up to be run whenever you specify, and you can view the scheduled tasks or even change your mind and cancel one of them as you see fit.
The at command differs from cron in that it sets up a command or script to run only once, while cron allows you to set up commands or scripts to be run on a specified schedule – whether every day, once a week, a couple times a month or even just once a year.
User groups on Linux help you define a set of permissions that you can then impose on other users. Unix and Linux come with some pre-configured user groups, and as an administrator, it's easy to create additional groups to further categorize and manage users.
But before creating a new group, you'd want to know more about the existing ones. Luckily, there are several ways to list all user groups present on Linux, and you can even view the list of groups a specific user is a part of. Let's get started.
In this chapter of the Terminal Basics series, you'll learn about viewing the contents of files in the Linux command line.
NTP or Network Time Protocol is a protocol that is used to synchronize all system clocks in a network to use the same time. When we use the term NTP, we are referring to the protocol itself and also the client and server programs running on the networked computers. NTP belongs to the traditional TCP/IP protocol suite and can easily be classified as one of its oldest parts.
When you are initially setting up the clock to sync with NTP, it takes six exchanges within 5 to 10 minutes before the clock is set up. Once the clocks in a network are synchronized, the client(s) update their clocks with the server once every 10 minutes. This is usually done through a single exchange of messages (transaction). These transactions use port number 123 of your system.
Dico is a modern implementation of the traditional DICT protocol. It aims to create a fully modular dictionary server software that you can host almost anywhere.
My Journey into the KDE Community: From Season of KDE Application to Mentee
The notification about the Season of KDE program arrived like a ray of sunshine on a dreary day, and I eagerly clicked on it to see what opportunities it held. Amidst the many exciting project ideas, the Blue Angel Certification Preparation for KDE applications stood out to me as a challenge worth pursuing. I took the first step towards realizing my goal by engaging in a conversation with the community and making some initial contributions to FEEP. On January 24th, the selected candidates were announced. My heart was pounding as I scanned the list of names, and when I saw mine, I let out a cheer! Being accepted as a mentee in the KDE community was a great start to the year 2023.
For the project, I will be using emulation tools such as
xdotoolandKDE Eco Testerto finish preparation of usage scenario scripts needed to measure KDE applications such as Kate and GCompris. To help guide my work, my mentor and I created a to-do list based on my proposed timeline and we selected the KDE infrastructure to manage the checklist of tasks. This was my first exposure to the diverse range of applications and platforms provided by KDE for the community.
In terms of visuals, by popular demand, the most notable change is the use of regular icons for the files browser view. It should be easier now to quickly catch what each file is about. Thanks to @AngelTomkins for the initial implementation, @Exalm for helping with the reviews, and to the GNOME design team for such lovely new icons.
Another addition is support for system-wide style management. This is specially useful now that desktops like GNOME provide quick toggle buttons to switch between dark and light modes. Thanks to @pabloyoyoista for the initial implementation.
Kali Linux, the open-source Linux distribution that specializes in ethical hacking, has released its first 2023 edition. This marks the tenth anniversary of Kali Linux and comes with a host of new features and updates. One of the most significant updates is the introduction of Kali Purple, a feature designed for defensive security.
Kali Linux has always been known for its offensive security capabilities, making it accessible to everyone without the need for expensive licenses, infrastructure, or coding knowledge. With Kali Purple, the organization hopes to do the same for defensive security.
Kali Purple is still in preview mode, and Kali Linux is keen to stress that it needs time to mature. The organization has set up a dedicated community wiki page and hopes to grow a community on Discord channels.
Way back in 2009, we looked at the presto plugin for yum, which added support for DeltaRPMs to Fedora. That package format allows just the binary differences (i.e. the delta) between an installed RPM and its update to be transmitted, which saves network bandwidth; the receiving system then creates the new RPM from those two pieces before installing it. Support for DeltaRPMs was eventually added to the distribution by default, though the feature has never really lived up to expectations—and hopes. Now, it would seem that Fedora is ready to, in the words of project leader Matthew Miller, ""give DeltaRPMs a sad, fond farewell"".
Miller raised the question of retiring DeltaRPMs in a February 21 post to the Fedora devel mailing list. He pointed to a five-year-old open bug report that described problems with retaining the .drpm files for packages due to the way the Pungi distribution composer works. Miller also noted that a thread from 2021 discussing "deltarpm usefulness?" did not come to any firm decision.
The 2023 election for the Debian project leader looks to be a relatively unexciting affair: incumbent leader Jonathan Carter is running unopposed for a fourth term. His platform lays out his hopes and plans for that term.
Most mini PCs ship with Windows, or no OS at all for barebone models, but Linux-hardware specialist System76 offers the Meerkat mini PC with either Pop!_OS 22.04 or Ubuntu 22.04 with a choice of processors from the 12th Gen Alder Lake, 11th Gen Tiger Lake, or 10th Gen Comet Lake families.
All models support up to 64GB RAM, M.2 NVMe SSD storage, and are equipped with four HDMI/DisplayPort video outputs, Ethernet, and USB ports. There’s also a Tall version of the Meerkat that adds a 2.5-inch SATA bat, and the Alder Lake models, called Meer7, specifically supports the more recent USB4 and 2.5GbE interfaces.
Ready for your first look at the new default wallpaper for Ubuntu 23.04?
Kubernetes vs OpenStack is a common dilemma that organisations face when considering the modernisation of their IT infrastructure. Both are well-established open-source technologies for building cloud infrastructure, and both bring tangible benefits, especially when used in combination. Yet, they differ significantly and need to be properly bundled to feel like a fully-integrated solution.
[...]
What is OpenStack?
OpenStack is a cloud platform. It manages distributed compute, network and storage resources, aggregates them into pools, and allows for on-demand provisioning of virtual resources through a self-service portal. If you’re familiar with Amazon Web Services (AWS) Elastic Compute Cloud (EC2), OpenStack mostly resembles its behaviour, enabling you to build fully-functional private and public clouds. OpenStack is widely used by leading telcos, service providers, financial institutions, manufacturing companies and governments.
The leading virtual private network service provider - NordVPN, has announced that it has open-sourced three products, demonstrating its commitment to transparency and community collaboration.
As part of this move, NordVPN will release the entire NordVPN application on Linux, Libtelio - a networking library used across NordVPN apps on all operating systems, and Libdrop - a library used to share files over Meshnet. This means that anyone can examine, alter, and distribute these elements as they see fit.
As part of this announcement, NordVPN released the source code for its Linux applications and two libraries - Libtelio and Libdrop.
"We're making these products open source as a sign of our commitment to transparency and accountability," reads Nord's announcement.
OpenSSH 9.3 has been released. It includes a couple of security fixes, as well as adding an option for hash-algorithm selection to ssh-keygen and an option that allows configuration checking without actually loading any private keys.
Two new distros have been announced this week. Apart from that, take a look at the features of the upcoming Ubuntu 23.04.
This list of open source sites includes several categories -- each of which will be of interest to open source software users.€ The “project hosting” category includes giants who provide server space for open source code and allow downloads. The “directories” category includes sites that have created lists of open source projects.
Open Source Initiative has committed a faux pas in its currently underway board of directors election that has the potential to affect the results. This comes two years after the organization was forced to scrap the results of a board of directors election and hold a second election, after a security hole in its election software was found to have been exploited.
In this case, such drastic measures will probably not be necessary to fix the problem, however.
The misstep came on Thursday night, in a get-out-the-vote email sent by the organizations executive director, Stefano Maffulli, to OSI members. Voting in the election, which will decide board members for two individual seats (voting for a third affiliate seat is only open to affiliate members), began on February 10 and will officially run through February 20. In the email, however, Maffulli told members, “You can vote until Monday March 21, 1700 UTC – 9am US Pacific.” Unfortunately, Monday is March 20, meaning March 21 falls on Tuesday.
Join the FSF and friends on Friday, March 17, from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.
In order to deploy embedded software using Guix we first need to teach Guix how to cross-compile it. Since Guix builds everything from source, this means we must teach Guix how to build our cross-compilation toolchain.
The Zephyr Project uses its own fork of GCC with custom configs for the architectures supported by the project. In this article, we describe the cross-compilation toolchain we defined for Zephyr; it is implemented as a Guix channel.
About Zephyr
Zephyr is a real-time operating system from the Linux Foundation. It aims to provide a common environment which can target even the most resource constrained devices.
Zephyr introduces a module system which allows third parties to share code in a uniform way. Zephyr uses CMake to perform physical component composition of these modules. It searches the filesystem and generates scripts which the toolchain will use to successfully combine those components into a firmware image.
The fact that Zephyr provides this mechanism is one reason I chose to target it in the first place.
This separation of modules in an embedded context is a really great thing. It brings many of the advantages that it brings to the Linux world such as code re-use, smaller binaries, more efficient cache/RAM usage, etc. It also allows us to work as independent groups and compose contributions from many teams.
It also brings all of the complexity. Suddenly most of the problems that plague traditional deployment now apply to our embedded system. The fact that the libraries are statically linked at compile time instead of dynamically at runtime is simply an implementation detail. I say most because everything is statically linked so there is no runtime component discovery that needs to be accounted for.
I grew up on a farm. My parents worked hard to grow crops and manage the farm business. My parents also found additional jobs to make ends meet. As farmers have done for millennia, my family used tools to farm. Some of those tools were tractors. Farmers now, as they have for thousands of years, rely on their ability and right to fix their tools. Perhaps that's bending a hand rake back into shape. Maybe they need to weld a broken three-point hitch back together. Agriculture was humanity's first truly revolutionary technological advancement. Since its inception, each generation of farmers exercised their right to repair their tools. This has allowed agriculture to grow and improve immeasurably. We take for granted the benefits that this has given us, and the abundance of food it provides.
The right to repair farm tools is now in serious jeopardy, not because farmers haven't fought to maintain this right, and not even because farmers haven't chosen to use tools that guarantee their right to repair their tools. In fact, most farmers are still buying tools that have a right to repair built into them, not by their intrinsic nature, but by the software that the toolmakers have chosen to include as part of the tools they sell to the farmers.
Sadly, farm equipment manufacturers, who benefit immensely from the readily-available software that they can provide as part of the farming tools (tractors, combines, etc.) they sell to farmers, are not complying with the right to repair licenses of the software they have chosen to use in these farming tools. As a result, farmers are cut off from their livelihood if the farm equipment manufacturer does not wish to repair their farming tools when they inevitably fail, even when the farmer could easily perform the repairs on their own, or with the help of someone else they know.
The Software Freedom Conservancy calls out John Deere for failure to comply with the GPL and preventing farmers from repairing their own equipment.
In Python, a variable is a reserved memory location that stores a value.
They are names that can be assigned a value and used to reference it throughout your code. Using a variable makes a value accessible & gives values a context/meaning concerning your code.
This tutorial explains the concept of variables in Python, their types, and how to use them with examples in real-world scenarios.
We are excited to announce the release of PyTorch€® 2.0 which we highlighted during the PyTorch Conference on 12/2/22! PyTorch 2.0 offers the same eager-mode development and user experience, while fundamentally changing and supercharging how PyTorch operates at compiler level under the hood with faster performance and support for Dynamic Shapes and Distributed.
This next-generation release includes a Stable version of Accelerated Transformers (formerly called Better Transformers); Beta includes torch.compile as the main API for PyTorch 2.0, the scaled_dot_product_attention function as part of torch.nn.functional, the MPS backend, functorch APIs in the torch.func module; and other Beta/Prototype improvements across various inferences, performance and training optimization features on GPUs and CPUs. For a comprehensive introduction and technical overview of torch.compile, please visit the 2.0 Get Started page.
In Java, when you pass a parameter to a method, a copy of the value of that parameter is passed to the method, rather than the original object itself.
In Java, varargs (variable-length arguments) are a feature that allows a method to accept an arbitrary number of arguments of the same type. The varargs feature was introduced in Java 5 and is denoted by an ellipsis ... after the parameter type in the method signature.
In Java, access modifiers are keywords that determine the accessibility of classes, methods, and variables in an object-oriented program. There are four access modifiers in Java: Access modifiers are used to control the level of encapsulation of an object-oriented program and to restrict access to sensitive or implementation-specific details of the program.
Many wireless sensors broadcast their data using Bluetooth Low Energy (BLE). Their data is easy to receive, but decoding it can be a challenge. Each manufacturer uses its own format, often tied to its own mobile apps. Integrating all of these sensors into a home-automation system requires a lot of custom decoders, which are generally developed by reverse-engineering the protocols. The goal of the BTHome project is to change this: it offers a standardized format for sensors to broadcast their measurements using BLE. BTHome is supported by the Home Assistant home-automation software and by a few open-firmware and open-hardware projects.
The chances are high that the manufacturer of a BLE device requires the use of a smartphone app to remotely view its data. But, technically, there's no need to use the app. The device advertises its name and some data; anyone with a BLE receiver in the neighborhood is able to pick up those BLE advertisements. What those apps do is to convert the raw data to information such as a temperature or humidity value using a protocol decoder for the proprietary data format.
Efforts to find four people in two cities are underway.
In 2021, deaths of pregnant women soared by 40 percent in the United States, according to new government figures. Here’s how one family coped after the virus threatened a pregnant mother.
Judge Matthew Kacsmaryk of Texas is weighing a high-stakes lawsuit from Christian conservatives aimed at overturning the Food and Drug Administration’s approval of an abortion pill.
A pregnant woman is more likely to develop serious Covid-19 and to die of it. Several factors amplify the risks.
For users of Liferea feed reader, new version 1.14.1 and 1.12.10 were released few days ago. All users are urged to upgrade due to an important security fix. Liferea is a free open-source GTK3 feed reader that brings together all of the content from your favorite subscriptions into a simple interface.
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations.
Security updates have been issued by Debian (firefox-esr and pcre2), Oracle (nss), Red Hat (kpatch-patch and nss), SUSE (java-11-openjdk, kernel, and python310), and Ubuntu (emacs24, ffmpeg, firefox, imagemagick, libphp-phpmailer, librecad, and openjpeg2).
Security updates have been issued by Debian (node-sqlite3 and qemu), Fedora (libmemcached-awesome, manifest-tool, sudo, and vim), Red Hat (gnutls, kernel, kernel-rt, lua, and openssl), Slackware (mozilla), SUSE (amanda, firefox, go1.19, go1.20, jakarta-commons-fileupload, java-1_8_0-openjdk, nodejs18, peazip, perl-Net-Server, python, python-cryptography, python-Django, python3, rubygem-rack, and xorg-x11-server), and Ubuntu (ipython, linux-ibm, linux-ibm-5.4, and linux-kvm).
Financial lender, Latitude Finance, has warned customers of a major cyberattack in which more than 300,000 customer identification documents were stolen.
A spokesperson for the company said unusual activity was detected on its systems over the last few days, and it appeared the company’s records had been hacked.
They said hackers stole employee login details to access personal customer information held by two other service providers before the company was able to isolate the incident.
From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.[1]
A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.
Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO). The researchers also found that it attacked several embassies.
“Our assessment is that the operators of this threat actor are Russian language speakers, but not necessarily living in Russia or Russian nationals since their victimology consists mostly of countries in the CIS [Commonwealth of Independent States],” which includes countries like Azerbaijan, Kyrgyzstan and Turkmenistan, the researchers said.
The Justice Department announced today a coordinated international takedown of ChipMixer, a darknet cryptocurrency “mixing” service responsible for laundering more than $3 billion worth of cryptocurrency, between 2017 and the present, in furtherance of, among other activities, ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes. The operation involved U.S. federal law enforcement’s court-authorized seizure of two domains that directed users to the ChipMixer service and one Github account, as well as the German Federal Criminal Police’s (the Bundeskriminalamt) seizure of the ChipMixer back-end servers and more than $46 million in cryptocurrency.
In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501 patients. They also provided public notice, but were unable to identify and notify all individuals who had been affected. The “501” was simply a marker to indicate “more than 500.” The HHS entry hasn’t been updated since then, and HHS hasn’t yet closed its investigation. But thanks to ILS’s notification to the Maine Attorney General’s Office, we now know that the breach affected a total of 4,226,508 people. HHS may update its entry in the near future with the number reported to them.
This week, ILS issued a press release about the incident on behalf of its covered entity subsidiaries Florida Community Care LLC and HPMP of Florida Inc. d/b/a Florida Complete Care. ILS also issued the notification as a direct provider of services and on behalf of certain data owner clients and covered entity health plans.
A federal judge in Florida has ruled in favor of a plaintiff who sued anonymous hackers and issued formal notice of the legal action via NFT, according to recent court filings.
The ruling, a default judgment from Judge Beth Bloom of the United States District Court Southern District of Florida, declares that the unidentified hackers are on the hook for the $971,291 worth of USDT (Tether) that they stole from plaintiff Rangan Bandyopadhyay’s Coinbase wallet in December 2021.
According to their notification, on June 21, 2022, AllCare discovered that some employees had received phishing emails. Their investigation revealed that some of the employees’ accounts had been compromised, and the attacker accessed certain accounts containing patient information. The types of information in those email accounts included name, address, date of birth, Social Security number, other types of identity information, financial information, and health information such as health insurance information about prescription and treatment information.
Beaver Medical Group (BMG) in California is part of Optum Health. On January 24, BMG discovered unusual activity in an employee’s workstation. Their investigation revealed that an unauthorized actor had launched a targeted phishing attack that gave them access to the employee’s email account.
The Newfoundland and Labrador government says the Hive ransomware group was behind a cyberattack that paralyzed the province's health-care system a year and a half ago.
But top government officials still won't say whether they paid a ransom.
"We can't disclose anything about a request for a ransom, for security purposes," Justice Minister John Hogan told reporters Tuesday afternoon.
According to a notification letter and press release by NorthStar, on September 16, 2022, NorthStar detected abnormal activity in their network. Investigation subsequently revealed that an unauthorized actor had accessed files containing protected health information. The types of information in the files included names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number, and/or health insurance information.
A Dallas County Sheriff's Department deputy, Francisco Castillo, was briefly suspended after livestreaming a traffic stop, allegedly just to gain TikTok clout, in 2021. Now, the Texas motorist that he pulled over, Torry Osby, is suing, saying that the deputy exposed Osby to risks of identity theft and break-ins at his home by flashing Osby's driver's license and sharing his personal information to more than 100 followers tuned into Castillo's livestream.
Osby’s lawyer, James P. Roberts, told Ars that it’s unlikely that their client was the only victim of Castillo’s alleged privacy-invading social media abuse. The complaint documents a seeming pattern of Castillo sharing videos while on duty that seemed to get more engagement than his other videos, making it appear likely to Osby's lawyers that Castillo was increasingly motivated to create videos of his police activity in hopes of boosting his likes and followers.
Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations.
Data incident lawsuits, especially class actions, have the potential to create significant business disruption, loss of marketplace credibility, civil liability or regulatory exposure. Consequently, companies that experience a data incident often want the issues resolved quickly and at minimal cost. In terms of litigation, an early settlement of civil lawsuits in a class action resolution to sweep up all potential claims may be a good strategy. Class action settlements can be structured in a variety of ways, with any number of different terms, to effectuate the desired result.
The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It's also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found.
BianLian, first discovered last July, hasn't deviated much from its initial tactic: deploying a custom go-based backdoor once it infiltrates a network. The functionality of the malware essentially remains the same except for a few tweaks, researchers from Redacted said in a blog post published today.
However, the swiftness with which the group's command-and-control server (C2) deploys the backdoor has increased, and the group notably has moved away from ransoming encrypted files to focusing more on pure data-leak extortion as a means to extract payments from victims, the researchers said.
Advocacy groups and human rights organisations have written to the Manchester Mayor, Andy Burnham, and the Chief Constable of Greater Manchester, Stephen Watson, to ask them to investigate discriminatory police practices in the wake of the conviction of ten young Black men, known as the Manchester 10.
Top-down solutions to violent conflicts often don’t last. More peace builders are now listening to local people’s indicators of what constitutes peace.
A Russian fighter jet collided with a US surveillance drone over the Black Sea. The collision was described as a rare but serious incident, leading to a US diplomatic protest and raising concerns over the possible recovery of sensitive technology by Russia.
Japan unveiled in 2022 a five-year military expansion plan as a deterrence against China.
The robbery was caught on camera, and the video has since gone viral on various social media platforms.
A majority in the Danish parliament has approved a new fund to help Ukraine defend itself against the Russian invasion.
China’s growing military relationship with Russia gives it the potential to tip the scales in Ukraine. As they weigh whether to help their northern ally, Chinese leaders are looking east – to the United States and Taiwan.
Denmark’s foreign minister has confirmed that the Russian gas company Gazprom has found an ‘object’ near the Nord Stream 2 pipeline, although he said nothing about what it might be.
How can the world be massively shifting toward renewables and boosting its overall carbon emissions at the same time? We parse the progress in a global transition that’s far from finished.
Although the government's EPG is staying where it is, there's still a small change to individual energy unit rates. We've updated our running costs for washing machines, dishwashers, fridge freezers and more
Thefts from the Dallas Zoo made headlines. But Texas is a hotbed for ownership of all kinds of rare species.
Migrant youths and Swedish seniors face different difficulties, but help each other solve them in a shared-living project, finding common ground.
A new forecast by Denmark’s central bank Nationalbanken predicts that house prices could fall by 9.4 percent this year.
The E.C.B. is the first major central bank to set monetary policy since banking worries gripped financial markets, and its decision could be a gauge on how far the reverberations are expected to spread.
Shares of Credit Suisse fell as much as 30% on Wednesday (March 15) after its largest shareholder ruled out any more investment in the bank.
With new salary range laws rolling out across the US, experts say that pay transparency is a leading tool for narrowing the gender pay gap.
Before it became infamous for the weaknesses on its balance sheet, Silicon Valley Bank (SVB) was known for the strength of its ties to the tech industry.
US consumer prices rose by 0.4% from January to February, while the year-on-year rise in prices dropped from 6.4% in January to 6% in February, according to new data from the Bureau of Labor Statistics.
The annual conference is moving from Maui to the Metaverse—an equally exotic locale! And we’re discontinuing fertility assistance, but that went without saying, right?
A plan unveiled in March aimed to allow workers to extend their working hours in busy seasons.
Municipalities criticise government bureaucracy, lawyers push for court case against party leader and Credit Suisse ripples reach Denmark. Here are the lead news stories in Denmark on Thursday morning.
Thousands of people who work in Denmark are set to receive wage increases under new collective bargaining agreements, but the flip side for private finances is a likely knock-on effect maintaining inflation.
It is a move towards ending a feud that has spanned several years between the two tech powerhouses.
Asian stocks tumbled on Thursday, and investors bought gold, bonds and the dollar as fear of a banking crisis was reignited by fresh troubles at Credit Suisse, leaving markets on edge ahead of a European Central Bank meeting later in the day.
Meta announced another round of layoffs affecting about 10,000 employees, or about 13% of its global workforce, on Tuesday (March 14). CEO Mark Zuckerberg announced the downsizing in an update to the company’s “year of efficiency” plan, a blueprint for making Meta more profitable amid a squeeze in the tech industry.
The US guarantee for Silicon Valley Bank and possible Swiss intervention for Credit Suisse raise important questions. Here's one alternative approach for large depositors.
Swiss bank Credit Suisse said Thursday it will move to shore up its finances, borrowing up to $54 billion from the central bank after its shares plunged, dragging down other major European lenders in the wake of bank failures in the United States.
The Australian share market has fallen sharply again, hitting a 10-week low after the banking crisis spread to Europe amid fears about the solvency of Swiss banking giant Credit Suisse.
The Australian dollar gold price has hit a record high as investors seek safety following the collapse of several United States banks. The precious metal reached $A2874 per ounce overnight, exceeding the previous record of $A2868 from August 2020, according to gold mining consultants Surbiton Associates.
Silicon Valley's favorite banks are dead. Why is the government stepping in to prop them up?
Blaming workplace diversity or environmentally and socially conscious investments for the firm’s downfall signals a “complete lack of understanding of how banks work,” one expert said.
In a test for President Emmanuel Macron’s political goals, lawmakers will decide on his proposal to raise the retirement age for most workers by two years, to 64.
At most banks, roughly half of all deposits are uninsured. Silicon Valley Bank was not most banks.
The Biden administration's guiding principle in protecting depositors after the failures of Silicon Valley Bank and Signature Bank came down to this, Axios has learned: Prevent bank runs beyond the initial crisis.
Why it matters: The administration's move to shield the banks' depositors — and let banks with profiles similar to SVB and Signature get pummeled by the stock market — carried significant risks.
Credit Suisse will borrow up to 50 billion Swiss francs ($53.68 billion) from the Swiss National Bank under a covered loan facility as well as a short-term liquidity facility, the company announced Wednesday.
The U.S. government is in no rush to sell Silicon Valley Bank, but prospective bidders are circling.
The big buzz centers around Apollo Global Management, which was rebuffed by the FDIC last weekend when it offered to buy SVB’s loan book.
The Federal Reserve doesn't just set monetary policy. It's also the primary regulator for many banks — including the failed Silicon Valley Bank. Now, progressives and the banking industry — unlikely bedfellows to be sure —€ are blaming the Fed for that bank's epic collapse.
Why it matters: Calls for tighter regulation typically follow any kind of big banking crisis, but details matter. With SVB's failure, one question is, was it the laws on the books that failed, or a lapse in their enforcement? The answer, in theory, helps prevent the next crisis.
Kit Knightly Last Friday saw the total failure of the Silicon Valley Bank, the 16th biggest bank in the United States. The biggest bank failure since the 2008 financial crisis By Sunday, the Silvergate Bank and Signature Bank had joined SVB in full collapse.
The banking crisis has given us a fascinating peek into the psychology and priorities of tech insiders while under pressure.
Chancellor overhauls pension tax rules to encourage older people to remain in work
From informing how the U.S. Census estimates populations to reimagining land contracts as a path to homeownership, Poverty Solutions tackled the structures of poverty through action-based research in 2022.
The internationally connected Credit Suisse bank staggered Wednesday as the collapse of two U.S. midsize banks rippled across Europe. Investors have been quick to sell stocks in other banks, concerned about more vulnerability in the system.
Buried 22 paragraphs below some flashy quotes from Steve Bannon, NYT reveals that he -- along with the subject of a profile, Boris Epsheyn -- is under legal scrutiny for the crypto currency scam they used to bilk a lot of Trump loyalists.
Steve Bannon's sometime partner, Guo Wengui, was arrested this morning on a sweeping financial fraud and conspiracy indictment.
The demand hardens the White House’s stance toward the popular video app, which is owned by the Chinese internet company ByteDance.
The Dominion lawsuit has exposed instances of pandering and duplicity, but none of it is likely to change the network’s business model.
New York, NY, March 13, 2023 – The National Coalition Against Censorship (NCAC) announced today that Executive Director Christopher M. Finan will retire this summer after 40 years of defending free expression and First Amendment rights.
Before being charged with sexual assault, former Liberal staffer Bruce Lehrmann said he could obtain “millions in defamation” over media reports about the alleged rape of Brittany Higgins.
President Joe Biden’s recent shift on immigration policy shows the challenge of balancing order and compassion. It may also reflect concerns about a coming surge at the border, following the rollback of a pandemic-era measure.
San Francisco could become the first major city to fund reparations for slavery and systemic racism. The Board of Supervisors heard a proposal of over 100 measures including eliminating debt, selling homes for $1, and awarding $5 million to Black residents.
Police attempts to arrest former Pakistan Prime Minister Imran Khan have triggered two days of street clashes with supporters. Since 1947, at least seven former prime ministers of Pakistan have been arrested in various cases and tried by courts.
Apple brought an action against the USPTO Director Vidal in district court under the Administrative Procedure Act (APA), 5 U.S.C. €§€§ 701– 706, challenging the Director’s instructions to the Board regarding exercise of discretion in IPR institution decisions. In Apple v. Vidal, 2022-1249, — F.4th — (Fed. Cir. Mar. 13, 2023), Judge Taranto (joined by Judges Lourie and Stoll) largely affirmed the district court’s dismissal, confirming that the Director’s instructions are unreviewable.€ The court did separately reverse a tertiary challenge to allow Apple to proceed on a claim related to the note-and-comments procedure of the APA.€
Associates around the country today are drafting motions, patent applications, and other documents using some version of ChatGPT.€ € Of course, If I were a judge or examiner, I might also be interested in using AI to help facilitate my decision-making.€ ChatGPT is good for that as well and can provide a reasoned structure, including identifying of prior art and obviousness standards.
User representatives from Europe, China, Japan, Korea and the United States met online to exchange on digital transformation in the patent grant process and advances in online services.
The Board wasted little time in affirming the USPTO's refusals to register the proposed mark ROSE PETALS for "Dietary supplements in capsule form not containing rose petals as an ingredient." The Board found the mark to be deceptive under Section 2(a) and, alternatively, deceptively misdescriptive under Section 2(e)(1). In re Intimate Science, Serial No. 90123272 (March 13, 2023) [not precedential] (Opinion by Judge Cynthia C. Lynch).
Returning home from the coast I was entranced by endless forests of ferns in the undergrowth of leafless tree swallowed by layers of thick green moss, swirling fog meeting the sky and ground. I may be a "computer person" but I never feel at home indoors. I always want to be surrounded by green and cold and damp and dark. My boyfriend often calls me a forest fairy, a dryad.
... in no way related to my continued adventures in CDDA that involved me arriving back at my base at 3AM with a deer I had accidentally run over and no headlights on account of none surviving the return trip directly through the acid ants ...
So one cannot simply say "hold my beer" in lojban. Well, I guess you could, but that would imply you would be holding the beer, probably in your cupped hands. Gross. We have technology for this! Bottles, mugs, her teacups, the skulls of your enemies, flower pots, etc. Anyways. Beer. What you are actually holding is, usually, a container that contains the beer, a point that English kind of negligently glosses over--hold my beer. Probably because you are in a hurry to do something stupid, and if you took a long time to say it, you might think better of it, or more likely you will have forgotten by the time you got done expositing. Ent wisdom, yo.
Seymore Hersh's recent article on substack shows what news is no longer fit to print in the mainstream press, at least in the US. Himself being a celebrity reporter, it should be hard to put the mute on his explosive pipeline story. There have been some healthy debate as to the sufficiency of relying on one unnamed source, even though many other news stories taken absolutely seriously have also relied on a single anonymous source. Then came another version of the pipeline story, much more vague, and worse, some of its more detailed claims have been debunked as implausible or impossible (e.g. in an article by Scott Ritter on Consortium News, March 14).
I have converted Martin Paul Eve's book "Warez: The Infrastructure and Aesthetics of Piracy" into Gemtext.
Sometimes I run myself ragged until the wheels fall off and I am forced into downtime procedures. I am currently experiencing one of those instances. Too much work and giving of my time and energy has brought me here. I need to take better care of myself. I was supposed to be on a vacation now but instead, I am resting at home, not on vacation, using vacation time for sick time. The older I get, the more I encounter this. And sometimes I beat myself up a bit about it, but not this time since there is awareness of the pattern and I took contrary action.
Since I have had some downtime, I decided to reinstall minecraft and log onto SDF's minecraft server. It has been quite some time since I was on and was happy to see that my base was still intact. There were a few people on and I tried to catch up.
I noticed that the MNT Pocket Reform crowdfunding has been running for a few days [1]. It already reached the funding goal but they are still open for further support.
The device is smaller than the "full" (12.5") MNT Reform and about 50% lighter (it is said to be under 1 kg). It has 7" screen (the device is actually bigger than that because screen bezel is considerable). Anyway, it can use the same CPU cards as the big Reform and has a similar level of hackability.
It seems that the NetBSD 9.3 has a modern (7.16) version of the sc(1), the console-only spreadsheet calculator. I was used to the older (6.22) release which was traditionally available in many "classic" UNIX systems like the IRIX (as was included in many linux distros, too).
By modern I mean the latest stable version (the 7.16 is from 2002), my favorite 6.22 is a bit older (1990s). The initial release was in 1981, by the way.
I have no problem with modern stuff it it is not worse than the old one. Unfortunately, there 7.x line added some features which have made my work harder.
I am a bit curious who still uses the Lynx browser [1]? I don't call it a "WWW browser" because it can do also the Gopher protocol (and does it very well).
There are more modern solutions (which can combine the Gopher and the Gemini, for example) adn also some purely Gopher browsers. I have tried some of them but I am still the Lynx user.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.