Bonum Certa Men Certa

Links 17/03/2023: Update on John Deere’s Ongoing GPL Violations and PyTorch 2.0



  • GNU/Linux

    • Server

      • AmazonAmazon Linux 2023, a Cloud-Optimized Linux Distribution with Long-Term Support

        I am excited to announce the general availability of Amazon Linux 2023 (AL2023). AWS has provided you with a cloud-optimized Linux distribution since 2010. This is the third generation of our Amazon Linux distributions.

        Every generation of Amazon Linux distribution is secured, optimized for the cloud, and receives long-term AWS support. We built Amazon Linux 2023 on these principles, and we go even further. Deploying your workloads on Amazon Linux 2023 gives you three major benefits: a high-security standard, a predictable lifecycle, and a consistent update experience.

        Let’s look at security first. Amazon Linux 2023 includes preconfigured security policies that make it easy for you to implement common industry guidelines. You can configure these policies at launch time or run time.

      • LWNAmazon Linux 2023 released

        Amazon has released a new version of its vaguely Fedora-based, cloud-optimized distribution.

      • Help Net SecurityAmazon Linux 2023: Create and execute cloud-based applications with enhanced security

        Amazon Linux 2023 is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running EC2 instances and other services. This distribution includes full support for five years.

    • Kernel Space

      • LWNThe rest of the 6.3 merge window

        Linus Torvalds released 6.3-rc1 and closed the 6.3 merge window as expected on March 5. By that time, 12,717 non-merge commits (and 848 merges) had found their way into the mainline kernel; nearly 7,000 of those commits came in after the first-half merge-window summary was written. The second half of the 6.3 merge window was thus a busy time, with quite a bit of new functionality landing in the mainline.

      • LWNKernel time APIs for Rust

        While the 6.3 kernel has gained more support for the Rust language, it still remains true that there is little that can be done in Rust beyond the creation of a "hello world" module. That functionality was already available in C, of course, with a level of safety similar to what Rust can provide. Interest is growing, though, in merging actually useful modules written in Rust; that will require some more capable infrastructure than is currently present. A recent discussion on the handling of time values in Rust demonstrates the challenges — and opportunities — inherent in this effort.

        Asahi Lina, who is implementing a graphics driver for Apple hardware in Rust, has posted a number of pieces of Rust infrastructure, including a module for timekeeping functions.

    • Instructionals/Technical

      • University of TorontoNFS filehandles from Linux NFS servers can be client specific

        The ultimate cause of this is Linux's NFS export permissions model. In many NFS servers, export settings are attached to the export point, such as /w/435, and these settings include what clients have access and so on. In Linux, you have things, such as netgroups, that have a collection of export settings for a particular export point. This creates a natural model for giving different clients different sets of permissions and attributes, but it also means that all export attributes are per-client, including ones such as fsid=. And since the filesystem id is necessarily part of the NFS filehandle, NFS filehandles as a whole can be different between different clients.

      • Doug BrownUpgrading my Chumby 8 kernel part 4: reboot/poweroff

        I actually implemented it in U-Boot first, but I thought the Linux side of it would be more fun to share. If you want to see what was involved on the U-Boot side, see this commit from my fork of U-Boot.

      • OSTechNixHow To Create Installable ISO From A Linux System With Penguins-eggs

        Penguins -eggs is a console utility that allows you to remaster your Linux system and create an installable ISO from the live system. Using Penguins-eggs, you can create both live and installable version of your current Linux machine, with or without user data.

        Penguins-eggs creates a compressed filesystem from your current Linux system by removing user data and the users. You can then fully customize the resulting ISO with themes and addons to make it look like your own Linux distribution.

        To put this in layman terms, you can backup your whole install, including all of your personal data (files, documents, PDFs, music, videos…etc), that is currently running right now on your internal SSD/HDD and create an ISO. You can put the ISO in your external USB and carry a live operating system. Just plug the USB, boot the ISO and start using your portable Linux operating system anywhere. It's that simple!

      • 3 ways to install PHPUnit in Ubuntu 22.04 or 20.04 LTS

        PHPUnit is a software testing framework published under a GPL license for PHP coders. It is popular among PHP developers to write custom tests for their code to benchmark its performance.

      • ZDNetHow to share folders to your network from Linux

        If you need to share files and folders with other users on your network from your Linux desktop, we can walk you through the process.

      • What is the Tar command in Linux?

        The tar in Linux is a commonly used lightweight command line tool for creating file archives and compressing them. Not only for archiving, but users can also use it for extracting, and manipulating existing archives as well.

      • HowTo ForgeHow to Install and Use Microsoft SQL Server on Debian 11 [Ed: This is proprietary software of a company that attacks Linux and this software does not even run natively on GNU/Linux]

        MSSQL Server or Microsoft SQL Server is an RDBMS (Relational Database Management System) developed by Microsoft. This tutorial will show you how to install and use Microsoft SQL Server on Debian 11.

      • HowTo ForgeHow to install OTRS (OpenSource Trouble Ticket System) on Debian 11

        OTRS is an open-source Ticket Request System that helps organizations process customer tickets and requests. This post will explain how to install OTRS on Debian 11 server.

      • BeebomHow to Rename a Directory in Linux

        In Linux, directories (or folders) are an essential part of the file system and renaming directories can be useful when organizing your files. While it is a simple task, and there are Linux Terminal commands to make it even easier for you, things might get confusing initially if you are a beginner. Renaming a directory in Linux is a simple process that can be done using the command-line or the graphical interface. In this article, we will show you how to rename a directory in Linux using both of these methods.

      • Network WorldUsing the at command to schedule tasks on Linux

        To schedule a command or script to run at some particular time, the at command is perfect and provides many options for specifying the time you want it to run. It will set the task up to be run whenever you specify, and you can view the scheduled tasks or even change your mind and cancel one of them as you see fit.

        The at command differs from cron in that it sets up a command or script to run only once, while cron allows you to set up commands or scripts to be run on a specified schedule – whether every day, once a week, a couple times a month or even just once a year.

      • Make Use OfHow to List All User Groups on Linux

        User groups on Linux help you define a set of permissions that you can then impose on other users. Unix and Linux come with some pre-configured user groups, and as an administrator, it's easy to create additional groups to further categorize and manage users.

        But before creating a new group, you'd want to know more about the existing ones. Luckily, there are several ways to list all user groups present on Linux, and you can even view the list of groups a specific user is a part of. Let's get started.

      • It's FOSSTerminal Basics Series #5: View the File Contents in Linux

        In this chapter of the Terminal Basics series, you'll learn about viewing the contents of files in the Linux command line.

      • 2023-03-13How To Turn Your Current System To An Installable ISO (For Debian, Ubuntu, Arch Linux and Manjaro)
      • VituxHow to Install NTP Server and Client(s) on Ubuntu 22.04 LTS

        NTP or Network Time Protocol is a protocol that is used to synchronize all system clocks in a network to use the same time. When we use the term NTP, we are referring to the protocol itself and also the client and server programs running on the networked computers. NTP belongs to the traditional TCP/IP protocol suite and can easily be classified as one of its oldest parts.

        When you are initially setting up the clock to sync with NTP, it takes six exchanges within 5 to 10 minutes before the clock is set up. Once the clocks in a network are synchronized, the client(s) update their clocks with the server once every 10 minutes. This is usually done through a single exchange of messages (transaction). These transactions use port number 123 of your system.

      • Make Tech EasierHow to Create An Online Dictionary with Dico in Linux

        Dico is a modern implementation of the traditional DICT protocol. It aims to create a fully modular dictionary server software that you can host almost anywhere.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • KDEAdapting Standard Usage Scenario Scripts For KDE Applications: My Journey As A Season Of KDE Mentee
          My Journey into the KDE Community: From Season of KDE Application to Mentee

          The notification about the Season of KDE program arrived like a ray of sunshine on a dreary day, and I eagerly clicked on it to see what opportunities it held. Amidst the many exciting project ideas, the Blue Angel Certification Preparation for KDE applications stood out to me as a challenge worth pursuing. I took the first step towards realizing my goal by engaging in a conversation with the community and making some initial contributions to FEEP. On January 24th, the selected candidates were announced. My heart was pounding as I scanned the list of names, and when I saw mine, I let out a cheer! Being accepted as a mentee in the KDE community was a great start to the year 2023.

          For the project, I will be using emulation tools such as xdotool and KDE Eco Tester to finish preparation of usage scenario scripts needed to measure KDE applications such as Kate and GCompris. To help guide my work, my mentor and I created a to-do list based on my proposed timeline and we selected the KDE infrastructure to manage the checklist of tasks. This was my first exposure to the diverse range of applications and platforms provided by KDE for the community.

      • GNOME Desktop/GTK

        • GNOMEMartín Abente Lahaye: Portfolio 0.9.15

          In terms of visuals, by popular demand, the most notable change is the use of regular icons for the files browser view. It should be easier now to quickly catch what each file is about. Thanks to @AngelTomkins for the initial implementation, @Exalm for helping with the reviews, and to the GNOME design team for such lovely new icons.

          Another addition is support for system-wide style management. This is specially useful now that desktops like GNOME provide quick toggle buttons to switch between dark and light modes. Thanks to @pabloyoyoista for the initial implementation.

  • Distributions and Operating Systems

  • Free, Libre, and Open Source Software

    • DebugPointNordVPN Open Sources Key Modules for Community Collaboration

      The leading virtual private network service provider - NordVPN, has announced that it has open-sourced three products, demonstrating its commitment to transparency and community collaboration.

      As part of this move, NordVPN will release the entire NordVPN application on Linux, Libtelio - a networking library used across NordVPN apps on all operating systems, and Libdrop - a library used to share files over Meshnet. This means that anyone can examine, alter, and distribute these elements as they see fit.

    • Bleeping ComputerNordVPN open sources its Linux VPN client and libraries

      As part of this announcement, NordVPN released the source code for its Linux applications and two libraries - Libtelio and Libdrop.

      "We're making these products open source as a sign of our commitment to transparency and accountability," reads Nord's announcement.

    • LWNOpenSSH 9.3 released [LWN.net]

      OpenSSH 9.3 has been released. It includes a couple of security fixes, as well as adding an option for hash-algorithm selection to ssh-keygen and an option that allows configuration checking without actually loading any private keys.

    • It's FOSSFOSS Weekly #23.11: Ubuntu 23.04 Features, 2 New Distros, Terminal Basics and More Linux Stuff

      Two new distros have been announced this week. Apart from that, take a look at the features of the upcoming Ubuntu 23.04.

    • Open Source Software: Top Sites

      This list of open source sites includes several categories -- each of which will be of interest to open source software users.€  The “project hosting” category includes giants who provide server space for open source code and allow downloads. The “directories” category includes sites that have created lists of open source projects.

    • Unicorn MediaOSI Email Mistake Could Affect Election Results [Ed: And yet another election-related blunder or scandal at OSI. It happened a lot in recent years and it shows that it's no longer functioning. Microsoft turned OSI into its openwashing lobbyist.]

      Open Source Initiative has committed a faux pas in its currently underway board of directors election that has the potential to affect the results. This comes two years after the organization was forced to scrap the results of a board of directors election and hold a second election, after a security hole in its election software was found to have been exploited.

      In this case, such drastic measures will probably not be necessary to fix the problem, however.

      The misstep came on Thursday night, in a get-out-the-vote email sent by the organizations executive director, Stefano Maffulli, to OSI members. Voting in the election, which will decide board members for two individual seats (voting for a third affiliate seat is only open to affiliate members), began on February 10 and will officially run through February 20. In the email, however, Maffulli told members, “You can vote until Monday March 21, 1700 UTC – 9am US Pacific.” Unfortunately, Monday is March 20, meaning March 21 falls on Tuesday.

    • FSF

      • FSFFSF Events: Free Software Directory meeting on IRC: Friday, March 17, starting at 12:00 EDT (16:00 UTC)

        Join the FSF and friends on Friday, March 17, from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.

      • GNUGNU Guix: Building Toolchains with Guix

        In order to deploy embedded software using Guix we first need to teach Guix how to cross-compile it. Since Guix builds everything from source, this means we must teach Guix how to build our cross-compilation toolchain.

        The Zephyr Project uses its own fork of GCC with custom configs for the architectures supported by the project. In this article, we describe the cross-compilation toolchain we defined for Zephyr; it is implemented as a Guix channel.

        About Zephyr

        Zephyr is a real-time operating system from the Linux Foundation. It aims to provide a common environment which can target even the most resource constrained devices.

        Zephyr introduces a module system which allows third parties to share code in a uniform way. Zephyr uses CMake to perform physical component composition of these modules. It searches the filesystem and generates scripts which the toolchain will use to successfully combine those components into a firmware image.

        The fact that Zephyr provides this mechanism is one reason I chose to target it in the first place.

        This separation of modules in an embedded context is a really great thing. It brings many of the advantages that it brings to the Linux world such as code re-use, smaller binaries, more efficient cache/RAM usage, etc. It also allows us to work as independent groups and compose contributions from many teams.

        It also brings all of the complexity. Suddenly most of the problems that plague traditional deployment now apply to our embedded system. The fact that the libraries are statically linked at compile time instead of dynamically at runtime is simply an implementation detail. I say most because everything is statically linked so there is no runtime component discovery that needs to be accounted for.

    • Licensing / Legal

      • John Deere's ongoing GPL violations: What's next - Conservancy Blog - Software Freedom Conservancy

        I grew up on a farm. My parents worked hard to grow crops and manage the farm business. My parents also found additional jobs to make ends meet. As farmers have done for millennia, my family used tools to farm. Some of those tools were tractors. Farmers now, as they have for thousands of years, rely on their ability and right to fix their tools. Perhaps that's bending a hand rake back into shape. Maybe they need to weld a broken three-point hitch back together. Agriculture was humanity's first truly revolutionary technological advancement. Since its inception, each generation of farmers exercised their right to repair their tools. This has allowed agriculture to grow and improve immeasurably. We take for granted the benefits that this has given us, and the abundance of food it provides.

        The right to repair farm tools is now in serious jeopardy, not because farmers haven't fought to maintain this right, and not even because farmers haven't chosen to use tools that guarantee their right to repair their tools. In fact, most farmers are still buying tools that have a right to repair built into them, not by their intrinsic nature, but by the software that the toolmakers have chosen to include as part of the tools they sell to the farmers.

        Sadly, farm equipment manufacturers, who benefit immensely from the readily-available software that they can provide as part of the farming tools (tractors, combines, etc.) they sell to farmers, are not complying with the right to repair licenses of the software they have chosen to use in these farming tools. As a result, farmers are cut off from their livelihood if the farm equipment manufacturer does not wish to repair their farming tools when they inevitably fail, even when the farmer could easily perform the repairs on their own, or with the help of someone else they know.

      • LWNSFC: John Deere's ongoing GPL violations: What's next [LWN.net]

        The Software Freedom Conservancy calls out John Deere for failure to comply with the GPL and preventing farmers from repairing their own equipment.

    • Programming/Development

      • Python

        • DebugPointVariables in Python: Concepts with Examples & Common Errors

          In Python, a variable is a reserved memory location that stores a value.

          They are names that can be assigned a value and used to reference it throughout your code. Using a variable makes a value accessible & gives values a context/meaning concerning your code.

          This tutorial explains the concept of variables in Python, their types, and how to use them with examples in real-world scenarios.

        • 2023-03-14Next Debian/Ubuntu Releases Will Likely No Longer Allow pip install Ouside A Virtual Environment
        • PyTorch 2.0: Our next generation release that is faster, more Pythonic and Dynamic as ever

          We are excited to announce the release of PyTorch€® 2.0 which we highlighted during the PyTorch Conference on 12/2/22! PyTorch 2.0 offers the same eager-mode development and user experience, while fundamentally changing and supercharging how PyTorch operates at compiler level under the hood with faster performance and support for Dynamic Shapes and Distributed.

          This next-generation release includes a Stable version of Accelerated Transformers (formerly called Better Transformers); Beta includes torch.compile as the main API for PyTorch 2.0, the scaled_dot_product_attention function as part of torch.nn.functional, the MPS backend, functorch APIs in the torch.func module; and other Beta/Prototype improvements across various inferences, performance and training optimization features on GPUs and CPUs. For a comprehensive introduction and technical overview of torch.compile, please visit the 2.0 Get Started page.

      • Java

        • Pass by Value Meaning in Java

          In Java, when you pass a parameter to a method, a copy of the value of that parameter is passed to the method, rather than the original object itself.

        • What are Varargs in Java and How to Use Them

          In Java, varargs (variable-length arguments) are a feature that allows a method to accept an arbitrary number of arguments of the same type. The varargs feature was introduced in Java 5 and is denoted by an ellipsis ... after the parameter type in the method signature.

        • What are Java’s Access Modifiers and How to Use Them

          In Java, access modifiers are keywords that determine the accessibility of classes, methods, and variables in an object-oriented program. There are four access modifiers in Java: Access modifiers are used to control the level of encapsulation of an object-oriented program and to restrict access to sensitive or implementation-specific details of the program.

    • Standards/Consortia

      • LWNBTHome: An open standard for broadcasting sensor data

        Many wireless sensors broadcast their data using Bluetooth Low Energy (BLE). Their data is easy to receive, but decoding it can be a challenge. Each manufacturer uses its own format, often tied to its own mobile apps. Integrating all of these sensors into a home-automation system requires a lot of custom decoders, which are generally developed by reverse-engineering the protocols. The goal of the BTHome project is to change this: it offers a standardized format for sensors to broadcast their measurements using BLE. BTHome is supported by the Home Assistant home-automation software and by a few open-firmware and open-hardware projects.

        The chances are high that the manufacturer of a BLE device requires the use of a smartphone app to remotely view its data. But, technically, there's no need to use the app. The device advertises its name and some data; anyone with a BLE receiver in the neighborhood is able to pick up those BLE advertisements. What those apps do is to convert the raw data to information such as a temperature or humidity value using a protocol decoder for the proprietary data format.

  • Leftovers

    • Health/Nutrition/Agriculture

    • Security

      • Ubuntu HandbookLiferea News Reader 1.14.1 Released with A Critical Security Fix

        For users of Liferea feed reader, new version 1.14.1 and 1.12.10 were released few days ago. All users are urged to upgrade due to an important security fix. Liferea is a free open-source GTK3 feed reader that brings together all of the content from your favorite subscriptions into a simple interface.

      • Bleeping ComputerMicrosoft support 'cracks' Windows for customer after activation fails
      • Bleeping ComputerFakeCalls Android malware returns with new ways to hide on phones
      • Bleeping ComputerMicrosoft fixes Outlook zero-day used by Russian hackers since April 2022 [Ed: Fake journalism helps Microsoft portray this as a problem with Russia rather than a problem with Microsoft, which puts back doors in things; partisan politics is a low blow and misdirection, as if only Russians exploit Microsoft holes]

        Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations.

      • Bleeping ComputerMicrosoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws [Ed: How Microsoft-connected media cronies spin this; the reality is vastly worse because those things are insecure by design]
      • ForbesMicrosoft Outlook Warning: Critical New Email Exploit Triggers Automatically—Update Now [Ed: Davey Winder has been a Microsoft propagandist for over a decade already; here is he is deflecting the blame and writing face-saving Microsoft lies. Microsoft: blame nations, blame the users, blame developers, never Microsoft!]
      • LWNSecurity updates for Thursday [LWN.net]

        Security updates have been issued by Debian (firefox-esr and pcre2), Oracle (nss), Red Hat (kpatch-patch and nss), SUSE (java-11-openjdk, kernel, and python310), and Ubuntu (emacs24, ffmpeg, firefox, imagemagick, libphp-phpmailer, librecad, and openjpeg2).

      • LWNSecurity updates for Wednesday [LWN.net]

        Security updates have been issued by Debian (node-sqlite3 and qemu), Fedora (libmemcached-awesome, manifest-tool, sudo, and vim), Red Hat (gnutls, kernel, kernel-rt, lua, and openssl), Slackware (mozilla), SUSE (amanda, firefox, go1.19, go1.20, jakarta-commons-fileupload, java-1_8_0-openjdk, nodejs18, peazip, perl-Net-Server, python, python-cryptography, python-Django, python3, rubygem-rack, and xorg-x11-server), and Ubuntu (ipython, linux-ibm, linux-ibm-5.4, and linux-kvm).

      • 7NEWSLatitude Financial hacked as 300,000 customer identification documents stolen

        Financial lender, Latitude Finance, has warned customers of a major cyberattack in which more than 300,000 customer identification documents were stolen.

        A spokesperson for the company said unusual activity was detected on its systems over the last few days, and it appeared the company’s records had been hacked.

        They said hackers stole employee login details to access personal customer information held by two other service providers before the company was able to isolate the incident.

      • CISAThreat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server [Ed: US regime paying a steep price for "choosing" Microsoft]

        From November 2022 through early January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and authoring organizations identified the presence of indicators of compromise (IOCs) at a federal civilian executive branch (FCEB) agency. Analysts determined that multiple cyber threat actors, including an APT actor, were able to exploit a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik user interface (UI) for ASP.NET AJAX, located in the agency’s Microsoft Internet Information Services (IIS) web server. Successful exploitation of this vulnerability allows for remote code execution. According to Progress Software, Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit.[1]

      • The RecordNew threat group hacked EU healthcare agency and embassies, researchers say

        A new hacking group is targeting European countries and organizations in an espionage campaign that began in June 2022, according to new research.

        Cisco’s Talos cybersecurity team calls the new group “YoroTrooper” and said it has already successfully compromised accounts connected to a “critical” European Union healthcare agency and the World Intellectual Property Organization (WIPO). The researchers also found that it attacked several embassies.

        “Our assessment is that the operators of this threat actor are Russian language speakers, but not necessarily living in Russia or Russian nationals since their victimology consists mostly of countries in the CIS [Commonwealth of Independent States],” which includes countries like Azerbaijan, Kyrgyzstan and Turkmenistan, the researchers said.

      • Data BreachesJustice Department Investigation Leads to Takedown of Darknet Cryptocurrency Mixer ChipMixer

        The Justice Department announced today a coordinated international takedown of ChipMixer, a darknet cryptocurrency “mixing” service responsible for laundering more than $3 billion worth of cryptocurrency, between 2017 and the present, in furtherance of, among other activities, ransomware, darknet market, fraud, cryptocurrency heists and other hacking schemes. The operation involved U.S. federal law enforcement’s court-authorized seizure of two domains that directed users to the ChipMixer service and one Github account, as well as the German Federal Criminal Police’s (the Bundeskriminalamt) seizure of the ChipMixer back-end servers and more than $46 million in cryptocurrency.

      • Data BreachesIndependent Living Systems updates its breach disclosure; notifying more than 4.2 million patients

        In September 2022, Independent Living Systems LLC (ILS), a business associate in Florida, notified HHS and regulators of a network incident that affected 501 patients. They also provided public notice, but were unable to identify and notify all individuals who had been affected. The “501” was simply a marker to indicate “more than 500.” The HHS entry hasn’t been updated since then, and HHS hasn’t yet closed its investigation. But thanks to ILS’s notification to the Maine Attorney General’s Office, we now know that the breach affected a total of 4,226,508 people. HHS may update its entry in the near future with the number reported to them.

        This week, ILS issued a press release about the incident on behalf of its covered entity subsidiaries Florida Community Care LLC and HPMP of Florida Inc. d/b/a Florida Complete Care. ILS also issued the notification as a direct provider of services and on behalf of certain data owner clients and covered entity health plans.

      • DecryptPlaintiff Wins Case Against [Cr]ackers After Serving Court Papers via NFT

        A federal judge in Florida has ruled in favor of a plaintiff who sued anonymous hackers and issued formal notice of the legal action via NFT, according to recent court filings.

        The ruling, a default judgment from Judge Beth Bloom of the United States District Court Southern District of Florida, declares that the unidentified hackers are on the hook for the $971,291 worth of USDT (Tether) that they stole from plaintiff Rangan Bandyopadhyay’s Coinbase wallet in December 2021.

      • Data BreachesAllCare Plus Pharmacy notifies 5,971 patients of phishing incident last year

        According to their notification, on June 21, 2022, AllCare discovered that some employees had received phishing emails. Their investigation revealed that some of the employees’ accounts had been compromised, and the attacker accessed certain accounts containing patient information. The types of information in those email accounts included name, address, date of birth, Social Security number, other types of identity information, financial information, and health information such as health insurance information about prescription and treatment information.

      • Data BreachesBeaver Medical Group notifying patients whose information was accessed in phishing incident

        Beaver Medical Group (BMG) in California is part of Optum Health. On January 24, BMG discovered unusual activity in an employee’s workstation. Their investigation revealed that an unauthorized actor had launched a targeted phishing attack that gave them access to the employee’s email account.

      • CBCN.L. says Hive ransomware group was behind 2021 cyberattack on health systems [Ed: Microsoft Windows TCO]

        The Newfoundland and Labrador government says the Hive ransomware group was behind a cyberattack that paralyzed the province's health-care system a year and a half ago.

        But top government officials still won't say whether they paid a ransom.

        "We can't disclose anything about a request for a ransom, for security purposes," Justice Minister John Hogan told reporters Tuesday afternoon.

      • Data BreachesNorthStar Emergency Medical Services notifies 82,450 patients of September hacking incident

        According to a notification letter and press release by NorthStar, on September 16, 2022, NorthStar detected abnormal activity in their network. Investigation subsequently revealed that an unauthorized actor had accessed files containing protected health information. The types of information in the files included names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number, and/or health insurance information.

      • Ars TechnicaLawsuit: Cop pulled over driver for TikTok livestream—and shared driver’s ID

        A Dallas County Sheriff's Department deputy, Francisco Castillo, was briefly suspended after livestreaming a traffic stop, allegedly just to gain TikTok clout, in 2021. Now, the Texas motorist that he pulled over, Torry Osby, is suing, saying that the deputy exposed Osby to risks of identity theft and break-ins at his home by flashing Osby's driver's license and sharing his personal information to more than 100 followers tuned into Castillo's livestream.

        Osby’s lawyer, James P. Roberts, told Ars that it’s unlikely that their client was the only victim of Castillo’s alleged privacy-invading social media abuse. The complaint documents a seeming pattern of Castillo sharing videos while on duty that seemed to get more engagement than his other videos, making it appear likely to Osby's lawyers that Castillo was increasingly motivated to create videos of his police activity in hopes of boosting his likes and followers.

      • Data BreachesRomanian entities issued monetary penalties for infosecurity and data protection failures

        Regulators in Romania have issued monetary penalties to six Romanian entities for insufficient technical and organizational measures to ensure information security. Two other entities were issued fines for other GDPR violations.

      • Current Turmoil and Future Risks in Resolving Data Breach Class Actions

        Data incident lawsuits, especially class actions, have the potential to create significant business disruption, loss of marketplace credibility, civil liability or regulatory exposure. Consequently, companies that experience a data incident often want the issues resolved quickly and at minimal cost. In terms of litigation, an early settlement of civil lawsuits in a class action resolution to sweep up all potential claims may be a good strategy. Class action settlements can be structured in a variety of ways, with any number of different terms, to effectuate the desired result.

      • Dark ReadingBianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion

        The BianLian ransomware group is ramping up its operations and maturing as a business, moving more swiftly than ever to compromise systems. It's also moving away from encryption to pure data-theft extortion tactics, in cyberattacks that have so far bagged at least 116 victims, researchers have found.

        BianLian, first discovered last July, hasn't deviated much from its initial tactic: deploying a custom go-based backdoor once it infiltrates a network. The functionality of the malware essentially remains the same except for a few tweaks, researchers from Redacted said in a blog post published today.

        However, the swiftness with which the group's command-and-control server (C2) deploys the backdoor has increased, and the group notably has moved away from ransoming encrypted files to focusing more on pure data-leak extortion as a means to extract payments from victims, the researchers said.

    • Defence/Aggression

    • Environment

    • Finance

    • AstroTurf/Lobbying/Politics

      • Marcy WheelerThe New Investigation into Bannon and Boris Buried Under Bannon’s Bluster

        Buried 22 paragraphs below some flashy quotes from Steve Bannon, NYT reveals that he -- along with the subject of a profile, Boris Epsheyn -- is under legal scrutiny for the crypto currency scam they used to bilk a lot of Trump loyalists.

      • Marcy WheelerGuo Wengui Arrested

        Steve Bannon's sometime partner, Guo Wengui, was arrested this morning on a sweeping financial fraud and conspiracy indictment.

      • New York TimesTikTok Pushed by U.S. to Resolve National Security Concerns [Ed: This does not tackle the principal issue, which is mental manipulation. They pretend "privacy" is the core issue.]

        The demand hardens the White House’s stance toward the popular video app, which is owned by the Chinese internet company ByteDance.

      • Misinformation/Disinformation/Propaganda

    • Censorship/Free Speech

      • NCACNCAC Executive Director Christopher Finan to Retire

        New York, NY, March 13, 2023 – The National Coalition Against Censorship (NCAC) announced today that Executive Director Christopher M. Finan will retire this summer after 40 years of defending free expression and First Amendment rights.

      • Michael West MediaLehrmann sure of ‘millions in defamation’ from reports

        Before being charged with sexual assault, former Liberal staffer Bruce Lehrmann said he could obtain “millions in defamation” over media reports about the alleged rape of Brittany Higgins.

    • Civil Rights/Policing

      • CS MonitorFamily detentions? Why Biden is tacking right on immigration.

        President Joe Biden’s recent shift on immigration policy shows the challenge of balancing order and compassion. It may also reflect concerns about a coming surge at the border, following the rollback of a pandemic-era measure.

      • CS MonitorSan Francisco board hears 100 ideas for Black reparations

        San Francisco could become the first major city to fund reparations for slavery and systemic racism. The Board of Supervisors heard a proposal of over 100 measures including eliminating debt, selling homes for $1, and awarding $5 million to Black residents.

      • CS MonitorPakistan unrest: Supporters clash with police trying to arrest Khan

        Police attempts to arrest former Pakistan Prime Minister Imran Khan have triggered two days of street clashes with supporters. Since 1947, at least seven former prime ministers of Pakistan have been arrested in various cases and tried by courts.

    • Monopolies

      • Patents

        • Dennis Crouch/Patently-OIPRs and the APA: Review of Director’s Discretion€ to Initiate IPRs [Ed: Crouch et al, bribed by the patent litigation 'industry', still doing anything they can to scuttle any challenges to fake patents]

          Apple brought an action against the USPTO Director Vidal in district court under the Administrative Procedure Act (APA), 5 U.S.C. €§€§ 701– 706, challenging the Director’s instructions to the Board regarding exercise of discretion in IPR institution decisions. In Apple v. Vidal, 2022-1249, — F.4th — (Fed. Cir. Mar. 13, 2023), Judge Taranto (joined by Judges Lourie and Stoll) largely affirmed the district court’s dismissal, confirming that the Director’s instructions are unreviewable.€  The court did separately reverse a tertiary challenge to allow Apple to proceed on a claim related to the note-and-comments procedure of the APA.€ 

        • Dennis Crouch/Patently-OPreparing for Automated Examination [Ed: Promoting Microsoft gimmicks and lies to merely pretend patent examination is no longer necessary and a bunch of chatbots an truly understand novel ideas]

          Associates around the country today are drafting motions, patent applications, and other documents using some version of ChatGPT.€  € Of course, If I were a judge or examiner, I might also be interested in using AI to help facilitate my decision-making.€  ChatGPT is good for that as well and can provide a reasoned structure, including identifying of prior art and obviousness standards.

        • EPO discusses digitalisation at eighth eSACEPO meeting [Ed: The criminals who run the EPO and grant loads of fake parents use "digitalisation" as pretext for granting loads of fake patents on software. This is class warfare using stacked panels controlled by monopolists.]

          User representatives from Europe, China, Japan, Korea and the United States met online to exchange on digital transformation in the patent grant process and advances in online services.

      • Trademarks

        • TTAB BlogTTAB Affirms Two Refusals of "ROSE PETALS" for Supplements Not Containing Rose Petals

          The Board wasted little time in affirming the USPTO's refusals to register the proposed mark ROSE PETALS for "Dietary supplements in capsule form not containing rose petals as an ingredient." The Board found the mark to be deceptive under Section 2(a) and, alternatively, deceptively misdescriptive under Section 2(e)(1). In re Intimate Science, Serial No. 90123272 (March 13, 2023) [not precedential] (Opinion by Judge Cynthia C. Lynch).

  • Gemini* and Gopher

    • Personal

      • What is home?

        Returning home from the coast I was entranced by endless forests of ferns in the undergrowth of leafless tree swallowed by layers of thick green moss, swirling fog meeting the sky and ground. I may be a "computer person" but I never feel at home indoors. I always want to be surrounded by green and cold and damp and dark. My boyfriend often calls me a forest fairy, a dryad.

      • Lost In Translation

        ... in no way related to my continued adventures in CDDA that involved me arriving back at my base at 3AM with a deer I had accidentally run over and no headlights on account of none surviving the return trip directly through the acid ants ...

        So one cannot simply say "hold my beer" in lojban. Well, I guess you could, but that would imply you would be holding the beer, probably in your cupped hands. Gross. We have technology for this! Bottles, mugs, her teacups, the skulls of your enemies, flower pots, etc. Anyways. Beer. What you are actually holding is, usually, a container that contains the beer, a point that English kind of negligently glosses over--hold my beer. Probably because you are in a hurry to do something stupid, and if you took a long time to say it, you might think better of it, or more likely you will have forgotten by the time you got done expositing. Ent wisdom, yo.

    • Politics

      • Oxymoronist: Sy Hersh

        Seymore Hersh's recent article on substack shows what news is no longer fit to print in the mainstream press, at least in the US. Himself being a celebrity reporter, it should be hard to put the mute on his explosive pipeline story. There have been some healthy debate as to the sufficiency of relying on one unnamed source, even though many other news stories taken absolutely seriously have also relied on a single anonymous source. Then came another version of the pipeline story, much more vague, and worse, some of its more detailed claims have been debunked as implausible or impossible (e.g. in an article by Scott Ritter on Consortium News, March 14).

    • Technical

      • Warez: The Infrastructure and Aesthetics of Piracy

        I have converted Martin Paul Eve's book "Warez: The Infrastructure and Aesthetics of Piracy" into Gemtext.

      • sdf minecraft and lone wolf and cub

        Sometimes I run myself ragged until the wheels fall off and I am forced into downtime procedures. I am currently experiencing one of those instances. Too much work and giving of my time and energy has brought me here. I need to take better care of myself. I was supposed to be on a vacation now but instead, I am resting at home, not on vacation, using vacation time for sick time. The older I get, the more I encounter this. And sometimes I beat myself up a bit about it, but not this time since there is awareness of the pattern and I took contrary action.

        Since I have had some downtime, I decided to reinstall minecraft and log onto SDF's minecraft server. It has been quite some time since I was on and was happy to see that my base was still intact. There were a few people on and I tried to catch up.

      • MNT Pocket Reform

        I noticed that the MNT Pocket Reform crowdfunding has been running for a few days [1]. It already reached the funding goal but they are still open for further support.

        The device is smaller than the "full" (12.5") MNT Reform and about 50% lighter (it is said to be under 1 kg). It has 7" screen (the device is actually bigger than that because screen bezel is considerable). Anyway, it can use the same CPU cards as the big Reform and has a similar level of hackability.

      • NetBSD and SC

        It seems that the NetBSD 9.3 has a modern (7.16) version of the sc(1), the console-only spreadsheet calculator. I was used to the older (6.22) release which was traditionally available in many "classic" UNIX systems like the IRIX (as was included in many linux distros, too).

        By modern I mean the latest stable version (the 7.16 is from 2002), my favorite 6.22 is a bit older (1990s). The initial release was in 1981, by the way.

        I have no problem with modern stuff it it is not worse than the old one. Unfortunately, there 7.x line added some features which have made my work harder.

      • Lynx

        I am a bit curious who still uses the Lynx browser [1]? I don't call it a "WWW browser" because it can do also the Gopher protocol (and does it very well).

        There are more modern solutions (which can combine the Gopher and the Gemini, for example) adn also some purely Gopher browsers. I have tried some of them but I am still the Lynx user.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

Comparing U.E.F.I. to B.I.O.S. (Bloat and Insecurity to K.I.S.S.)
By Sami Tikkanen
New 'Slides' From Stallman Support (stallmansupport.org) Site
"In celebration of RMS's birthday, we've been playing a bit. We extracted some quotes from the various articles, comments, letters, writings, etc. and put them in the form of a slideshow in the home page."
Thailand: GNU/Linux Up to 6% of Desktops/Laptops, According to statCounter
Desktop Operating System Market Share Thailand
António Campinos is Still 'The Fucking President' (in His Own Words) After a Fake 'Election' in 2022 (He Bribed All the Voters to Keep His Seat)
António Campinos and the Administrative Council, whose delegates he clearly bribed with EPO budget in exchange for votes
Adrian von Bidder, homeworking & Debian unexplained deaths
Reprinted with permission from Daniel Pocock
Sainsbury’s Epic Downtime Seems to be Microsoft's Fault and Might Even Constitute a Data Breach (Legal Liability)
one of Britain's largest groceries (and beyond) chains
 
People Don't Just Kill Themselves (Same for Other Animals)
And recent reports about Boeing whistleblower John Barnett
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, March 18, 2024
IRC logs for Monday, March 18, 2024
Suicide Cluster Cover-up tactics & Debian exposed
Reprinted with permission from Daniel Pocock
Gemini Links 19/03/2024: A Society That Lost Focus and Abandoning Social Control Media
Links for the day
Matthias Kirschner, FSFE: Plagiarism & Child labour in YH4F
Reprinted with permission from Daniel Pocock
Linux Foundation Boasting About Being Connected to Bill Gates
Examples of boasting about the association
Alexandre Oliva's Article on Monstering Cults
"I'm told an earlier draft version of this post got published elsewhere. Please consider this IMHO improved version instead."
[Meme] 'Russian' Elections in Munich (Bavaria, Germany)
fake elections
Sainsbury's to Techrights: Yes, Our Web Site Broke Down, But We Cannot Say Which Part or Why
Windows TCO?
Plagiarism: Axel Beckert (ETH Zurich) & Debian Developer list hacking
Reprinted with permission from Daniel Pocock
Links 18/03/2024: Putin Cements Power
Links for the day
Flashback 2003: Debian has always had a toxic culture
Reprinted with permission from Daniel Pocock
[Meme] You Know You're Winning the Argument When...
EPO management starts cursing at everybody (which is what's happening)
Catspaw With Attitude
The posts "they" complain about merely point out the facts about this harassment and doxing
'Clown Computing' Businesses Are Waning and the Same Will Happen to 'G.A.I.' Businesses (the 'Hey Hi' Fame)
decrease in "HEY HI" (AI) hype
Free Software Needs Watchdogs, Too
Gentle lapdogs prevent self-regulation and transparency
Matthias Kirschner, FSFE analogous to identity fraud
Reprinted with permission from Daniel Pocock
Gemini Links 18/03/2024: LLM Inference and Can We Survive Technology?
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, March 17, 2024
IRC logs for Sunday, March 17, 2024
Links 17/03/2024: Microsoft Windows Shoves Ads Into Third-Party Software, More Countries Explore TikTok Ban
Links for the day
Molly Russell suicide & Debian Frans Pop, Lucy Wayland, social media deaths
Reprinted with permission from Daniel Pocock
Our Plans for Spring
Later this year we turn 18 and a few months from now our IRC community turns 16
Open Invention Network (OIN) Fails to Explain If Linux is Safe From Microsoft's Software Patent Royalties (Charges)
Keith Bergelt has not replied to queries on this very important matter
RedHat.com, Brought to You by Microsoft Staff
This is totally normal, right?
USPTO Corruption: People Who Don't Use Microsoft Will Be Penalised ~$400 for Each Patent Filing
Not joking!
The Hobbyists of Mozilla, Where the CEO is a Bigger Liability Than All Liabilities Combined
the hobbyist in chief earns much more than colleagues, to say the least; the number quadrupled in a matter of years
Jim Zemlin Says Linux Foundation Should Combat Fraud Together With the Gates Foundation. Maybe They Should Start With Jim's Wife.
There's a class action lawsuit for securities fraud
Not About Linux at All!
nobody bothers with the site anymore; it's marketing, and now even Linux
Links 17/03/2024: Abuses Against Human Rights, Tesla Settlement (and Crash)
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, March 16, 2024
IRC logs for Saturday, March 16, 2024
Under Taliban, GNU/Linux Share Nearly Doubled in Afghanistan, Windows Sank From About 90% to 68.5%
Suffice to say, we're not meaning to imply Taliban is "good"
Debian aggression: woman asked about her profession
Reprinted with permission from Daniel Pocock
Gemini Links 17/03/2024: Winter Can't Hurt Us Anymore and Playstation Plus
Links for the day