Bonum Certa Men Certa

Leftover Links 05/08/2023: Rust Holes and More Layoffs



  • Leftovers

    • Education

      • Parents accuse Bellevue School District of favoring rich kids in school closures

        When the Bellevue School District (BSD) opened its newest, state of the art elementary school on pristine wetlands and powered by geothermal energy in 2018, at a cost of $49 million, its principal did a welcoming dance in a video to show off the school.

        As she led the camera through the Microsoft Showcase school, showing classrooms that could be converted to learning pods for smaller or larger groups, she also pointed to teachers in a large group, waiting to teach kids.

        Today, however, issues of equity are dampening the shining reputation of the school—and raising questions about the district’s commitment to fairness.

    • Hardware

    • Proprietary/Artificial Intelligence (AI)

      • Bruce SchneierPolitical Milestones for AI

        ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance.

        But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of campaigns that attack opponents with fake images (or fake audio or video) because we already have decades of experience dealing with doctored images.

    • Security

      • InfoSecurity MagazineThreat Actors Use AWS SSM Agent as a Remote Access Trojan

        Threat actors have been observed using Amazon Web Services ( AWS ) 's System Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines.

      • Rust BlogThe Rust Programming Language Blog: Security advisory for Cargo (CVE-2023-38497)

        This is a cross-post of the official security advisory. The official advisory contains a signed version with our PGP key, as well.

        The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

      • SUSE's Corporate BlogSUSE and IBM: Enhancing Data Security (a Technical Reference Documentation Getting Started guide) [Ed: "confidential computing" is a sham that encourages companies and governments to outsource their operations and data based on false premises of confidentiality]

        The Essence of Confidential Computing At its core, confidential computing addresses the vital need of safeguarding data while it is in use. SUSE and IBM work together to deliver advanced technical capabilities, like confidential computing. IBM Z€® and LinuxONE systems provide key hardware capabilities for the trusted execution environment.

      • Bleeping ComputerHackers can abuse Microsoft Office executables to download malware

        The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes...

      • SANSFrom small LNK to large malicious BAT file with zero VT score, (Thu, Aug 3rd)

        Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.

      • IT WireTenable chief says no way to verify Microsoft claims about fixing Azure flaw

        Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.

      • SANSAre Leaked Credentials Dumps Used by Attackers, (Fri, Aug 4th)

        This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).

      • Security WeekExploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

        Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.

      • Security WeekFive Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

        Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

      • Security Week670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

        CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.

      • LWNSecurity updates for Friday

        Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

      • USDOJNigerian National Pleads Guilty to $1.25 Million Business Email Compromise Scam Impacting U.S. Company

        Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.

        Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.

      • Gray Media GroupMassive data breach could impact many who attended or worked for public schools in Colorado

        A news release issued by the Colorado Department of Higher Education is notifying the public of a “data incident.”

        KKTV 11 News is working to learn more about the situation, but the release reads as follows:

        The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.

    • Defence/Aggression

      • JURISTSingapore executes second prisoner in one week despite international outcry

        Singaporean authorities executed Mohamed Shalleh Bin Abdul Latiff, a 39-year-old former delivery driver, Thursday for trafficking 54.04 grams of diamorphine, a controlled drug, which is four times the amount required to trigger the mandatory death penalty under Singapore’s Misuse of Drugs Act. Shalleh is the second person executed by the country in the last week.

      • Federal News NetworkUS military may put armed troops on commercial ships in Strait of Hormuz to stop Iran seizures

        The U.S. military is considering putting armed personnel on commercial ships traveling through the Strait of Hormuz, in what would be an unheard of action aimed at stopping Iran from seizing and harassing civilian vessels. That's what five American officials told The Associated Press on Thursday. If implemented, it would be an extraordinary step by the Pentagon as it grapples with a renewed effort by Iran to harass and seize ships traveling in the strait, through which 20% of all the world’s crude oil passes. Iran’s mission to the United Nations did not immediately respond to a request for comment from the AP about the U.S. proposal.

      • War in Ukraine

    • Environment

    • Finance

      • AxiosHackerOne lays off 12% of workforce

        Popular bug bounty program HackerOne is laying off 12% of its workforce, CEO MÃ¥rten Mickos told employees earlier this week.

      • Daniel PocockDaniel Pocock: Conflicts of Interest: Extinction Rebellion & Rishi Sunak, Greenpeace & Donald Trump

        There have been many rumors about conflicts of interest in the Debian Google Summer of Code and Outreachy internships. The only case where evidence has appeared is the former leader himself, the very person who started rumors about other mentors and I included.

        Yet conflicts of interest can come in many forms. One of the most bizarre cases I've seen was a pensions industry meeting in the UK.

        Representatives of pension administrators and government officials gathered in the town of Swindon. Rishi Sunak, who has recently become Prime Minister, attended the meeting in his former role as local authorities minister.

      • AxiosThe lesson for the Fed in "early hiker" monetary policy

        One reason to be optimistic that U.S. inflation can fall without a recession: Many smaller nations that did move earlier than the Federal Reserve to hike interest rates have done exactly that.

        Why it matters: The unusual dynamics of a post-pandemic global economy appear to be making a so-called "immaculate disinflation" — one with minimal pain — more plausible than it once seemed based on the historical record.


        What they're saying: "There are other economies we can also look to to get some sense of what's likely to happen in the U.S. — other economies that were actually a lot faster in tightening monetary policy," Jan Hatzius, chief economist at Goldman Sachs, said on a call with reporters last month.

      • BloombergTech Giants Slash Marketing Budgets, Bruising Major Ad Firms

        After massive layoffs earlier this year, technology giants have found one more item to slash: marketing budgets.

        Several large advertising companies reported a sharp cutback in spending from US tech and telecom companies, which had recently become some of the largest marketers in the world.

      • Telus slashing 6,000 jobs in order to remain competitive

        According to news outlets, including CBC News, the company plans to cut approximately 6,000 jobs. 4,000 roles will be eliminated at Telus’ main business, with the remaining 2,000 affecting Telus International.

        President and CEO Darren Entwistle claimed that the reduction is being made with “a very heavy heart” and was prompted by the “evolving regulatory, competitive and macroeconomic environment.”

        “Against the backdrop of rapid transformation in our industry and the ways in which our customers want to engage with us, today we are announcing a significant investment in an extensive efficiency and effectiveness initiative across Telus,” Entwistle said in a news release obtained by CBC News.

      • Study after study shows that working from home leads to more efficiency and higher quality work — so why do companies want people back in the office? Here are 3 possible reasons

        Employees overwhelmingly love the option to work from home. More than nine in 10 prefer it exclusively or as a hybrid arrangement, a Gallup study shows.

        Employers, on the other hand, don't appear fully on board, as many are calling employees back into the office.

        In some ways, employers' resistance to remote work is a mystery. After all, eliminating commutes gives the average U.S. employee almost one extra hour to work each day, according to research from the University of Chicago’s Becker Friedman Institute. Plus, staff forced to work in-office are more likely to experience burnout and low engagement, per Gallup.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

    • Freedom of Information / Freedom of the Press

    • Monopolies



Recent Techrights' Posts

Today We Got an Early Birthday Gift
Exciting times
[Meme] Going Too Far to the Left Can Breed Militant Ideology
Some people can never be appeased because they prefer not to be appeased
FSF Expressed No Preference Regarding Presidential Candidates (Its Founder Did)
Because he is a principled person, he does not prioritise loyalty to customers or employers (money)
Who Next on the Linux Foundation's 'Kill List'?
Remember that only about 2% of the "Linux" Foundation's budget goes to Linux
Even LKML Subjected to Slop/SPAM by Guardian Digital, Inc (linuxsecurity.com)
They're really awful
What Makes RMS Such an Attractive Target ('Discreditisation' Campaigns)
Don't be so easily fooled
The Biggest OEMs or Vendors of GNU/Linux Stopped Competing With Microsoft (Which Pays Them to Promote Windows, Too)
Where are the competition authorities (or regulators for that matter)?
 
[Meme] When You Discredit People Who Discredit Secret Code
proprietary systems with hundreds of millions of transistors (and hundreds of millions of lines of code)
The High Cost of Making Scepticism of Proprietary Voting Machines a "Trump" and "Conspiracy Theory" Territory
Time to get back to paper? Or read an old paper?
Links 07/11/2024: Online Manipulation in Social Control Media, Election Deniers, and More
Links for the day
Gemini Links 07/11/2024: emacs-guix and File Hoarding
Links for the day
[Meme] Election Day at the European Patent Office
Less than 60 minutes left to cast your vote
Staff Union of the European Patent Office (SUEPO) Election Ending Today
In one hour
[Meme] When the Patent Office Does Illegal Things and Staff Speaks Out
many leaks received today
Apple's Debt Has Skyrocketed While Gimmicks Like Vision Pro Failed
In Apple's case, the debt is almost double the "Cash on Hand", which isn't even cash
A President Trump is Excellent News to Microsoft
His racist policies gave lots of contracts to Microsoft
Links 07/11/2024: Facebook Scams, Journalists on Strike
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 06, 2024
IRC logs for Wednesday, November 06, 2024
Microsoft-Connected Publishers Want Us to Think That Linux is Some Sort of a Virus and a "Backdoor"
"The problem is with windows and the attack vector is via Windows"
We've Made it to 18! Here's to Another 18!
Going on for another 18 years means until some time at the end of 2042
Links 07/11/2024: Political Angst and Laptop Issues
Links for the day
Links 06/11/2024: BPF in RFC 9669, More Facebook Fines for Privacy Abuses
Links for the day
Gemini Links 06/11/2024: Political Shock and Hermaic Encouragement
Links for the day
Planet Debian Allows Politics (But It Depends on Your Opinions and Debian's Big Sponsors)
Planet Debian is OK with politics... as long as all your political opinions are the "correct" ones and you add cute animals
Let's Encrypt Falls to a New Low of Only 0.6% of Gemini Capsules Known to Lupa
In Gemini Protocol, certificates for encryption are required, but centralised Certificate Authorities (CAs) aren't needed
Computer-Generator Crap Flooding the Web, the Latest Example About "Linux"
Here's today's example
Links 06/11/2024: Election Disinformation and Legal Actions
Links for the day
Gemini Links 06/11/2024: Stargazing and Death on Hallowe'en
Links for the day
Would You Trust a Liar?
Why lie about the authorship?
Mass Layoffs at Mozilla Announced During US Elections
Maybe nobody will notice?
[Meme] Announcing "Results" Before Everyone Even "Played"
There is a "tech" angle to otherwise political news
US Polls Close in One Minute (Social Control Media Does Not Care, Will Not Wait)
US election results will be known in about 2 days
Concentration and Centralisation Versus Aggregation or Syndication
KDE has a history of burying old sites
Social Control Media, Even Hours Before Polls Have Closed
Has social control media controlled by CPC (TikTok) and the Trumpmobile guy (Musk's "X") done enough to convince people not to even vote (based on presumptive "results", presented a long time before all polls have closed)?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 05, 2024
IRC logs for Tuesday, November 05, 2024
Wayland Pains in Community-Led Distros of GNU/Linux
Few people and companies use Wayland; there's hardly any technical or practical reason to choose it
IBM Still Conflating Microsoft With 'Security'
As a meme
Sanctions Cause Fragmentation in Software
some Chinese Linux developers are already subjected to restrictions similar to Russians'
Web Failing With Slop, Even in 'Linux' Sites (LLM Spam)
Add SEO prompting to the mix and the Web becomes a pool of slop, not knowledge
[Meme] State of the World Wide Web and Online Journalism
Technically a failure (DRM) and cannot even get basic things right
Trump's signature policy, building a wall, copied from Irish-Australian student politician
Reprinted with permission from Daniel Pocock
Linus Torvalds' self-deprecating LKML CoC mail linked to Hitler's first writing: Gemlich letter
Reprinted with permission from Daniel Pocock
[Meme] Turning 18 in One Day
just one more day
Birthday Tomorrow
Many cakes and drinks are ready; we're one day away now
The Internet is Failing to Protect Democratic Processes and Human Knowledge
Amplifying lies, rewarding plagiarists
Links 05/11/2024: Criminal Referrals Regarding Patent Trolls and Disinformation About the Election Process (Already)
Links for the day
Gemini Links 05/11/2024: 'App' Needed for Parking, NNCP, Gomphotherium
Links for the day
How Voting Does Not Work
You cannot vote from an "app"
Saving the Planet With Honesty, Transparency, and Sharing (Not Only of Computer Code)
GAFAM is destroying the only habitat humans and other animals have and it'll only get worse
Disinformation About Election Outcomes Even Before Any Election Outcomes (or Election/Voting!)
seeding doubt about election outcomes
Links 05/11/2024: Bluesky and Enshittification, Pugad Baboy, and Lots of Disinformation Flooding the Web
Links for the day
[Meme] Sweaty Under the Belly
"OK, my critics are 'spam'"
Microsoft Bribing Canonical (to Stop Competing) and Bribing Users to Shun the Competition
Canonical is worth shunning
[Meme] The 2024 'Info Bros'
And prehistoric googling
Computers Getting Worse (for the User) Over Time
This is like Windows-ism coming to "Linux" through the hardware
[Meme] How NOT to Vote
Another form of (mostly-unspoken-of) election interference
An LLM Inside a 'Search' Engine Means That Companies Tell You What They Want, Not What Web Pages to Visit
The future of 'googling' things might be as unreliable as using Social Control Media as a source of information
Google's Debt Has Increased and 'Cash on Hand' Fell by 22.27% This Past Year
These are the numbers that the corporate media intentionally leaves out
Against Outsourcing of Sites and E-mail
Software Freedom is great, but it is not enough if you let someone else do it 'for you'
Drew DeVault: People Talking About My Attack Site (Against the Founder of GNU/Linux) is "Spam"
"Spam on sr.ht mailing lists"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 04, 2024
IRC logs for Monday, November 04, 2024
There's a Reason Why Techrights is Turning 18 and Tux Machines Will Turn 20.5 Next Month
I started advocating GNU/Linux when I was a teenager
"Oppose the Fascist"
what the founder of GNU/Linux said
Techrights Has a Long History of Fighting to Expose 'Team Mono' or Microsofters Inside GNOME
Never downplay the malice of Microsoft and its operatives
Halloween, All Saints Day & Swiss citizenship
Reprinted with permission from Daniel Pocock
Gemini Links 05/11/2024: Halloween Over, Intention and Implementation, Bookmark Syncing
Links for the day