Bonum Certa Men Certa

Leftover Links 05/08/2023: Rust Holes and More Layoffs



  • Leftovers

    • Education

      • Parents accuse Bellevue School District of favoring rich kids in school closures

        When the Bellevue School District (BSD) opened its newest, state of the art elementary school on pristine wetlands and powered by geothermal energy in 2018, at a cost of $49 million, its principal did a welcoming dance in a video to show off the school.

        As she led the camera through the Microsoft Showcase school, showing classrooms that could be converted to learning pods for smaller or larger groups, she also pointed to teachers in a large group, waiting to teach kids.

        Today, however, issues of equity are dampening the shining reputation of the school—and raising questions about the district’s commitment to fairness.

    • Hardware

    • Proprietary/Artificial Intelligence (AI)

      • Bruce SchneierPolitical Milestones for AI

        ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance.

        But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of campaigns that attack opponents with fake images (or fake audio or video) because we already have decades of experience dealing with doctored images.

    • Security

      • InfoSecurity MagazineThreat Actors Use AWS SSM Agent as a Remote Access Trojan

        Threat actors have been observed using Amazon Web Services ( AWS ) 's System Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines.

      • Rust BlogThe Rust Programming Language Blog: Security advisory for Cargo (CVE-2023-38497)

        This is a cross-post of the official security advisory. The official advisory contains a signed version with our PGP key, as well.

        The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

      • SUSE's Corporate BlogSUSE and IBM: Enhancing Data Security (a Technical Reference Documentation Getting Started guide) [Ed: "confidential computing" is a sham that encourages companies and governments to outsource their operations and data based on false premises of confidentiality]

        The Essence of Confidential Computing At its core, confidential computing addresses the vital need of safeguarding data while it is in use. SUSE and IBM work together to deliver advanced technical capabilities, like confidential computing. IBM Z€® and LinuxONE systems provide key hardware capabilities for the trusted execution environment.

      • Bleeping ComputerHackers can abuse Microsoft Office executables to download malware

        The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes...

      • SANSFrom small LNK to large malicious BAT file with zero VT score, (Thu, Aug 3rd)

        Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.

      • IT WireTenable chief says no way to verify Microsoft claims about fixing Azure flaw

        Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.

      • SANSAre Leaked Credentials Dumps Used by Attackers, (Fri, Aug 4th)

        This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).

      • Security WeekExploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

        Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.

      • Security WeekFive Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

        Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

      • Security Week670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

        CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.

      • LWNSecurity updates for Friday

        Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

      • USDOJNigerian National Pleads Guilty to $1.25 Million Business Email Compromise Scam Impacting U.S. Company

        Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.

        Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.

      • Gray Media GroupMassive data breach could impact many who attended or worked for public schools in Colorado

        A news release issued by the Colorado Department of Higher Education is notifying the public of a “data incident.”

        KKTV 11 News is working to learn more about the situation, but the release reads as follows:

        The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.

    • Defence/Aggression

      • JURISTSingapore executes second prisoner in one week despite international outcry

        Singaporean authorities executed Mohamed Shalleh Bin Abdul Latiff, a 39-year-old former delivery driver, Thursday for trafficking 54.04 grams of diamorphine, a controlled drug, which is four times the amount required to trigger the mandatory death penalty under Singapore’s Misuse of Drugs Act. Shalleh is the second person executed by the country in the last week.

      • Federal News NetworkUS military may put armed troops on commercial ships in Strait of Hormuz to stop Iran seizures

        The U.S. military is considering putting armed personnel on commercial ships traveling through the Strait of Hormuz, in what would be an unheard of action aimed at stopping Iran from seizing and harassing civilian vessels. That's what five American officials told The Associated Press on Thursday. If implemented, it would be an extraordinary step by the Pentagon as it grapples with a renewed effort by Iran to harass and seize ships traveling in the strait, through which 20% of all the world’s crude oil passes. Iran’s mission to the United Nations did not immediately respond to a request for comment from the AP about the U.S. proposal.

      • War in Ukraine

    • Environment

    • Finance

      • AxiosHackerOne lays off 12% of workforce

        Popular bug bounty program HackerOne is laying off 12% of its workforce, CEO MÃ¥rten Mickos told employees earlier this week.

      • Daniel PocockDaniel Pocock: Conflicts of Interest: Extinction Rebellion & Rishi Sunak, Greenpeace & Donald Trump

        There have been many rumors about conflicts of interest in the Debian Google Summer of Code and Outreachy internships. The only case where evidence has appeared is the former leader himself, the very person who started rumors about other mentors and I included.

        Yet conflicts of interest can come in many forms. One of the most bizarre cases I've seen was a pensions industry meeting in the UK.

        Representatives of pension administrators and government officials gathered in the town of Swindon. Rishi Sunak, who has recently become Prime Minister, attended the meeting in his former role as local authorities minister.

      • AxiosThe lesson for the Fed in "early hiker" monetary policy

        One reason to be optimistic that U.S. inflation can fall without a recession: Many smaller nations that did move earlier than the Federal Reserve to hike interest rates have done exactly that.

        Why it matters: The unusual dynamics of a post-pandemic global economy appear to be making a so-called "immaculate disinflation" — one with minimal pain — more plausible than it once seemed based on the historical record.


        What they're saying: "There are other economies we can also look to to get some sense of what's likely to happen in the U.S. — other economies that were actually a lot faster in tightening monetary policy," Jan Hatzius, chief economist at Goldman Sachs, said on a call with reporters last month.

      • BloombergTech Giants Slash Marketing Budgets, Bruising Major Ad Firms

        After massive layoffs earlier this year, technology giants have found one more item to slash: marketing budgets.

        Several large advertising companies reported a sharp cutback in spending from US tech and telecom companies, which had recently become some of the largest marketers in the world.

      • Telus slashing 6,000 jobs in order to remain competitive

        According to news outlets, including CBC News, the company plans to cut approximately 6,000 jobs. 4,000 roles will be eliminated at Telus’ main business, with the remaining 2,000 affecting Telus International.

        President and CEO Darren Entwistle claimed that the reduction is being made with “a very heavy heart” and was prompted by the “evolving regulatory, competitive and macroeconomic environment.”

        “Against the backdrop of rapid transformation in our industry and the ways in which our customers want to engage with us, today we are announcing a significant investment in an extensive efficiency and effectiveness initiative across Telus,” Entwistle said in a news release obtained by CBC News.

      • Study after study shows that working from home leads to more efficiency and higher quality work — so why do companies want people back in the office? Here are 3 possible reasons

        Employees overwhelmingly love the option to work from home. More than nine in 10 prefer it exclusively or as a hybrid arrangement, a Gallup study shows.

        Employers, on the other hand, don't appear fully on board, as many are calling employees back into the office.

        In some ways, employers' resistance to remote work is a mystery. After all, eliminating commutes gives the average U.S. employee almost one extra hour to work each day, according to research from the University of Chicago’s Becker Friedman Institute. Plus, staff forced to work in-office are more likely to experience burnout and low engagement, per Gallup.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

    • Freedom of Information / Freedom of the Press

    • Monopolies



Recent Techrights' Posts

It Feels Like Brett Wilson LLP Has Just Tacitly Admitted That It Defamed Me
It arguably admitted many other things by refusing to deny or address them (altogether)
A Year Ago, Only a Few Weeks After We Countersued the 'Hulk Hogan of UEFI', Our Webhost Came Under Attack
At the end of September 2024 our webhost received several threats
 
Why the EPO Never Managed to Silence Us (After Over a Decade of Trying)
Firms like Mishcon de Reya and Brett Wilson LLP contribute to a bad stigma, staining the entire occupation
What is Roy and Rianne's Righteously Royalty-free RSS Reader?
A news reader that uses OPML files and parses RSS feeds
The Free Software Foundation (FSF) Turns 40 in 5 Days
We should be talking about software freedom, not "Open Source"
Stefano Maffulli's Front Page Mentions "AI" 11 Times
They're more focused on slop (plagiarism) than sharing or Software Freedom
CMS Rot
With "modern" (bloated) content management systems (CMSs) there is a long chain of dependencies
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, September 28, 2025
IRC logs for Sunday, September 28, 2025
Slopwatch: Fake Articles About Linux 6.17 and Microsoft Meddling in Linux Development
today's Slopwatch is short because the picks are from Sunday
Gemini Links 29/09/2025: The Labor Wars and Retro
Links for the day
Links 28/09/2025: Windows TCO, Security Breaches, and Deutsche Bahn Woes
Links for the day
Datacentres Aren't Reliable for Backups
bad practices cause immeasurable levels of permanent data losses each and every day
Links 28/09/2025: Science, Censorship, and Security Incidents/Advisories
Links for the day
Gemini Links 28/09/2025: Golem and Cybertrucks
Links for the day
Links 28/09/2025: Moldova Elections, LLM Slop Failing Again to Accomplish Anything
Links for the day
Links 28/09/2025: Slop Does More Harm, Newly Released Epstein Estate Documents
Links for the day
Links 28/09/2025: Fentanylware (TikTok) 'Going Private' (the Dictator's Media Allies) and UK Mirror Lays Off More Journalists
Links for the day
If Only Someone Warned Us About This...
Ubuntu is committing suicide with Rusty code
The Register - Kissing the hand that feeds it
hired to manage the publication several people connected to Microsoft, including the new Editor in Chief
The Myths of "Linux" and of "Intelligence"
As noted this morning
People Remembered GNU's Birthday (Which Helps Remind People It All Started in 1983, Not 1991)
Have the FSF and GNU earned the respect they deserve?
Slopwatch: Ponzi Schemes Promoted by Media Companies, Linux Journal Turning Its 30-Year Reputation to Dust, and Serial Slopper Brian Fagioli Plagiarising, As Usual
This bubble will end up very badly
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, September 27, 2025
IRC logs for Saturday, September 27, 2025
Links 27/09/2025: Squashing Software Patents and When Hospitals Become For-Profit
Links for the day
Gemini Links 27/09/2025: Young Feet and Online Bots
Links for the day
GNU Project Turns 42
In 2033 it'll be 50
Next Step: Find Out Who's Funding the 'Hulk Hogan of UEFI' to SLAPP Us
We now have the 'Hulk Hogan of UEFI' working alongside a strangler of women, who as a Microsoft employee spent time in prison for it
Web Sites That Are Independent Are Also Like Software Projects (Sometimes Literally So)
Roll out your own 'stack'
Pieter Hintjens on Codes of Misconduct a Decade Ago
original is still online
Links 27/09/2025: Australia Might Ban Microsoft GitHub for Young People, Likely Illegal Executive Order Turns TikTok Into Cheeto Propaganda
Links for the day
Repeating the Lies to Promote a Ponzi Scheme is Not OK Because "Many Other Sites Do This" (Including Slopfarms)
They already work on the next Ponzi scheme
The Register MS (Situation Publishing) is Participating in a Ponzi Scheme
The market in "tech" seems awful when a lot of it sells a fraud and journalism about this market is part of the fraud
Glimmer of Hope: More People Realise and Come to Accept "AI" is Just a Giant, Elaborate Ponzi/Pyramid Scheme That Will Leave Everyone Worse Off (Except the "Top of the Pyramid")
quoting Einhorn and some comments
Mass Layoffs in Starbucks... and Society Loses Nothing of Value
Society might even be better off if Starbucks shuts down entirely
Do Your Job and Demand Your Compensation - But in That Order.
We'll do our best to convince the Judge to award all costs to us (lawyers, barrister, LIP bills etc.) plus judgements against them, for abusive litigation and needless suffering associated with that abuse
Matthew J. Garrett Behaved in a Similar Fashion to 4Chan and Kiwi Farms
Opposites attract? Are they opposites at all?
Drew DeVault Suggests "CoC Enhancement", Starts Trolling Projects in Microsoft GitHub
And it backfires immediately
Like Nazi Germany and Volkswagen
Tell us all about "freedom" when your government runs a Ponzi scheme
Microsoft Sponsored This Man, Microsoft Sponsored His Behaviour (and He Controls Microsoft)
They get what they paid for
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, September 26, 2025
IRC logs for Friday, September 26, 2025
He Talks Too Much, He Says Dumb Things
only British when that suits him
Slopwatch: FUD and Plagiarism (Working Against Linux) Promoted and Rewarded by Google News
Shame on Google News