Bonum Certa Men Certa

Leftover Links 05/08/2023: Rust Holes and More Layoffs



  • Leftovers

    • Education

      • Parents accuse Bellevue School District of favoring rich kids in school closures

        When the Bellevue School District (BSD) opened its newest, state of the art elementary school on pristine wetlands and powered by geothermal energy in 2018, at a cost of $49 million, its principal did a welcoming dance in a video to show off the school.

        As she led the camera through the Microsoft Showcase school, showing classrooms that could be converted to learning pods for smaller or larger groups, she also pointed to teachers in a large group, waiting to teach kids.

        Today, however, issues of equity are dampening the shining reputation of the school—and raising questions about the district’s commitment to fairness.

    • Hardware

    • Proprietary/Artificial Intelligence (AI)

      • Bruce SchneierPolitical Milestones for AI

        ChatGPT was released just nine months ago, and we are still learning how it will affect our daily lives, our careers, and even our systems of self-governance.

        But when it comes to how AI may threaten our democracy, much of the public conversation lacks imagination. People talk about the danger of campaigns that attack opponents with fake images (or fake audio or video) because we already have decades of experience dealing with doctored images.

    • Security

      • InfoSecurity MagazineThreat Actors Use AWS SSM Agent as a Remote Access Trojan

        Threat actors have been observed using Amazon Web Services ( AWS ) 's System Manager (SSM) agent as a Remote Access Trojan (RAT) on Linux and Windows machines.

      • Rust BlogThe Rust Programming Language Blog: Security advisory for Cargo (CVE-2023-38497)

        This is a cross-post of the official security advisory. The official advisory contains a signed version with our PGP key, as well.

        The Rust Security Response WG was notified that Cargo did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user.

      • SUSE's Corporate BlogSUSE and IBM: Enhancing Data Security (a Technical Reference Documentation Getting Started guide) [Ed: "confidential computing" is a sham that encourages companies and governments to outsource their operations and data based on false premises of confidentiality]

        The Essence of Confidential Computing At its core, confidential computing addresses the vital need of safeguarding data while it is in use. SUSE and IBM work together to deliver advanced technical capabilities, like confidential computing. IBM Z€® and LinuxONE systems provide key hardware capabilities for the trusted execution environment.

      • Bleeping ComputerHackers can abuse Microsoft Office executables to download malware

        The list of LOLBAS files – legitimate binaries and scripts present in Windows that can be abused for malicious purposes...

      • SANSFrom small LNK to large malicious BAT file with zero VT score, (Thu, Aug 3rd)

        Last week, my spam trap caught an e-mail with LNK attachment, which turned out to be quite interesting.

      • IT WireTenable chief says no way to verify Microsoft claims about fixing Azure flaw

        Microsoft claims it has completely fixed a critical security issue in its Azure cloud platform, found in March by researchers from security firm Tenable, who then told Microsoft about it. Tenable chief executive and chairman Amit Yoran had claimed in a blog post on Wednesday that it took more than 90 days for Microsoft to effect a partial fix.

      • SANSAre Leaked Credentials Dumps Used by Attackers, (Fri, Aug 4th)

        This is a classic problem: One day, you create an account on a website (ex: an online shop), and later, this website is compromised. All credentials are collected and shared by the attacker. To reduce this risk, a best practice is to avoid password re-use (as well as to not use your corporate email address for non-business-related stuff).

      • Security WeekExploitation of Ivanti EPMM Flaw Picking Up as New Vulnerability Is Disclosed

        Exploitation of the Ivanti EPMM flaw CVE-2023-35078 is picking up as a new critical vulnerability tracked as CVE-2023-35082 is disclosed.

      • Security WeekFive Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

        Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

      • Security Week670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

        CISA disclosed 670 ICS vulnerabilities in the first half of 2023, but roughly one-third have no patches or mitigations from the vendor.

      • LWNSecurity updates for Friday

        Security updates have been issued by CentOS (bind and kernel), Debian (cjose, firefox-esr, ntpsec, and python-django), Fedora (chromium, firefox, librsvg2, and webkitgtk), Red Hat (firefox), Scientific Linux (firefox and openssh), SUSE (go1.20, ImageMagick, javapackages-tools, javassist, mysql-connector-java, protobuf, python-python-gflags, kernel, openssl-1_1, pipewire, python-pip, and xtrans), and Ubuntu (cargo, rust-cargo, cpio, poppler, and xmltooling).

      • USDOJNigerian National Pleads Guilty to $1.25 Million Business Email Compromise Scam Impacting U.S. Company

        Onwuchekwa Nnanna Kalu, 39, a Nigerian National from Rivers State, Nigeria, pleaded guilty today to stealing $1.25 million from an investment firm located in Boston, through a business email compromise (“BEC”) scam. The plea was announced by U.S. Attorney Matthew M. Graves and Acting Special Agent in Charge David Geist, of the FBI Washington Field Office's Criminal and Cyber Division.

        Nnanna Kalu pleaded guilty in the District of Columbia to one count of wire fraud. U.S. District Court Judge Randolph D. Moss scheduled a sentencing hearing for November 29, 2023. Kalu was arrested in 2022 and has been detained by the Court as a risk of flight.

      • Gray Media GroupMassive data breach could impact many who attended or worked for public schools in Colorado

        A news release issued by the Colorado Department of Higher Education is notifying the public of a “data incident.”

        KKTV 11 News is working to learn more about the situation, but the release reads as follows:

        The Colorado Department of Higher Education (“CDHE”) is providing notice of a cybersecurity incident that may involve the personal information of certain individuals. CDHE is providing information about the measures it has taken in response to the incident, and steps impacted individuals may take to protect themselves against possible misuse of information.

    • Defence/Aggression

      • JURISTSingapore executes second prisoner in one week despite international outcry

        Singaporean authorities executed Mohamed Shalleh Bin Abdul Latiff, a 39-year-old former delivery driver, Thursday for trafficking 54.04 grams of diamorphine, a controlled drug, which is four times the amount required to trigger the mandatory death penalty under Singapore’s Misuse of Drugs Act. Shalleh is the second person executed by the country in the last week.

      • Federal News NetworkUS military may put armed troops on commercial ships in Strait of Hormuz to stop Iran seizures

        The U.S. military is considering putting armed personnel on commercial ships traveling through the Strait of Hormuz, in what would be an unheard of action aimed at stopping Iran from seizing and harassing civilian vessels. That's what five American officials told The Associated Press on Thursday. If implemented, it would be an extraordinary step by the Pentagon as it grapples with a renewed effort by Iran to harass and seize ships traveling in the strait, through which 20% of all the world’s crude oil passes. Iran’s mission to the United Nations did not immediately respond to a request for comment from the AP about the U.S. proposal.

      • War in Ukraine

    • Environment

    • Finance

      • AxiosHackerOne lays off 12% of workforce

        Popular bug bounty program HackerOne is laying off 12% of its workforce, CEO MÃ¥rten Mickos told employees earlier this week.

      • Daniel PocockDaniel Pocock: Conflicts of Interest: Extinction Rebellion & Rishi Sunak, Greenpeace & Donald Trump

        There have been many rumors about conflicts of interest in the Debian Google Summer of Code and Outreachy internships. The only case where evidence has appeared is the former leader himself, the very person who started rumors about other mentors and I included.

        Yet conflicts of interest can come in many forms. One of the most bizarre cases I've seen was a pensions industry meeting in the UK.

        Representatives of pension administrators and government officials gathered in the town of Swindon. Rishi Sunak, who has recently become Prime Minister, attended the meeting in his former role as local authorities minister.

      • AxiosThe lesson for the Fed in "early hiker" monetary policy

        One reason to be optimistic that U.S. inflation can fall without a recession: Many smaller nations that did move earlier than the Federal Reserve to hike interest rates have done exactly that.

        Why it matters: The unusual dynamics of a post-pandemic global economy appear to be making a so-called "immaculate disinflation" — one with minimal pain — more plausible than it once seemed based on the historical record.


        What they're saying: "There are other economies we can also look to to get some sense of what's likely to happen in the U.S. — other economies that were actually a lot faster in tightening monetary policy," Jan Hatzius, chief economist at Goldman Sachs, said on a call with reporters last month.

      • BloombergTech Giants Slash Marketing Budgets, Bruising Major Ad Firms

        After massive layoffs earlier this year, technology giants have found one more item to slash: marketing budgets.

        Several large advertising companies reported a sharp cutback in spending from US tech and telecom companies, which had recently become some of the largest marketers in the world.

      • Telus slashing 6,000 jobs in order to remain competitive

        According to news outlets, including CBC News, the company plans to cut approximately 6,000 jobs. 4,000 roles will be eliminated at Telus’ main business, with the remaining 2,000 affecting Telus International.

        President and CEO Darren Entwistle claimed that the reduction is being made with “a very heavy heart” and was prompted by the “evolving regulatory, competitive and macroeconomic environment.”

        “Against the backdrop of rapid transformation in our industry and the ways in which our customers want to engage with us, today we are announcing a significant investment in an extensive efficiency and effectiveness initiative across Telus,” Entwistle said in a news release obtained by CBC News.

      • Study after study shows that working from home leads to more efficiency and higher quality work — so why do companies want people back in the office? Here are 3 possible reasons

        Employees overwhelmingly love the option to work from home. More than nine in 10 prefer it exclusively or as a hybrid arrangement, a Gallup study shows.

        Employers, on the other hand, don't appear fully on board, as many are calling employees back into the office.

        In some ways, employers' resistance to remote work is a mystery. After all, eliminating commutes gives the average U.S. employee almost one extra hour to work each day, according to research from the University of Chicago’s Becker Friedman Institute. Plus, staff forced to work in-office are more likely to experience burnout and low engagement, per Gallup.

    • AstroTurf/Lobbying/Politics

    • Censorship/Free Speech

    • Freedom of Information / Freedom of the Press

    • Monopolies



Recent Techrights' Posts

Red Hat QA Team "Had Shrunk by Half Over the Past Year." (After IBM Divestment)
If Red Hat's workforce is being moved to the East, then RHEL can become a national security problem
Preparations for Our 19th Anniversary Have Already Begun
When we get back we'll probably sort out some balloons and venue for the next party
Pleased After 2 Years With team.blue
Moving from a Content Management System (CMS, dynamic) to a Static Site Generator (SSG) was a wise decision that made life so much easier
The Free Software Foundation (FSF) is Being Attacked by Organisations Jealous of Its Principled Stance and Longevity
Nobody is perfect, but imperfection does not instantaneously imply sinister intent
 
Activists Can Win, But Keep an Eye on the Ball and on the Trophy
GitHub is dying, it was a loss-making trap, not free hosting
Gemini Links 04/09/2025: Katrina Remembered, Distracted Driving, and Virtual Economics
Links for the day
At This Point It's No Longer Matthew Garrett But People Who Fund Matthew Garrett (or Companies That Fund His SLAPPs Against My Wife and I)
The only thing worse than misogynists are misogynists who fail to respect other people's right to go on holiday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 03, 2025
IRC logs for Wednesday, September 03, 2025
The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
The term "Serious Harm" is legally meaningful here
GNOME Unfit for Diversity and Inclusion
GNOME's leadership is using "bad words"
Brodie Robertson Addressing the Recently-Discovered Comments
Most people probably knew nothing about this until he wrote a response
Slopwatch: "Open Source" and "Linux" News Faked, Made by Bots and Entered Into Google News
Spam combined with slop about "Linux" has entered Google News
Links 03/09/2025: Microsoft Causes Mass Layoffs Outside Microsoft Also, "Google Can Keep Paying for Firefox Search Deal"
Links for the day
Gemini Links 03/09/2025: calendar.txt, Alhena 5.3.1, and ROOPHLOCH
Links for the day
The Theory That the Man From McKinsey, Whom Red Hat Took From Microsoft a Month Ago as Executive, Wants 'Efficiency' (Lower Salaries)
So far... no "official" word
When Your Site's Articles Are Being 'Cheapened' by Slop as Feature Images
Dr. Farnell should become an advisor to The Register MS
Certificate Authority Let's Encrypt Drops to Only Half a Dozen Capsules and 0.2% of the Whole in Geminispace, Self-Signed is the Way to Go
It used to have hundreds, according to Lupa
Doing to Red Hat What They Already Did (and Still Do) to IBM
there seems to be a drive to hire cheaper staff, and it may be led by somebody Red Hat hired from Microsoft
Links 03/09/2025: Salesforce's Latest Mass Layoffs, 93% in Large Poll at The Register MS Say UK Government Should Dump Microsoft
Links for the day
If You Reject the Google Verdict in the US, Then You Should Also Reject the "Modern" Web (Do Something About It)
Gemini Protocol is still open; it cannot be hijacked or subverted because it's frozen by design and by intention
Open Source Initiative IRS Filing: Almost All the Money is Corporate, Stefano Maffuli (Executive Director) Takes About a Quarter of That Money for Openwashing of "AI" Ponzi Scheme
OSI is currently little but a PR/marketing agency of Microsoft
Many People Are "Leaving" Red Hat, Even High-Level Managers
Something is definitely going on at Red Hat
Techrights Has Been Subjected to Calls of Violence (and Death Threats), It Never Condoned Violence
I have no sympathy for people who call violence "free speech" and then get in trouble
Condoning Violent Behaviour and "Free Speech"
perhaps Microsoft Lunduke lost touch with what constitutes violence
Takeaway From the Google Verdict: GAFAM Has Too Much Control (Even Over the US Government and Courts With Government Appointees)
Many people feel disappointed but hardly surprised by the verdict
The Free Software Foundation (FSF) Turns 40 in One Month
As noted a few days ago, several times in fact, many people now recognise the importance of the FSF's mission, even if most people don't know what the FSF is
Many Microsoft "Assets" Are Fabricated Baloney (to Game the Numbers)
At times it seems like what we deal with are many weak patents (on algorithms), valuations or speculations based on hype ("hey hi"), and stocks held by Microsoft and its own staff
"Voluntary" Layoffs at Microsoft (to Game the Numbers, Sugar-Coating a Crisis)
"Employees interested have until the end of October to volunteer."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 02, 2025
IRC logs for Tuesday, September 02, 2025
Links 02/09/2025: Oligarch Tech and Text Encoding Concerns in Ada
Links for the day
"Internal Changes at Red Hat / IBM"
It seems like quite a few people are leaving
Confirmed in French Media: Mass Layoffs (10% Culled) in Microsoft France
Now some reports in French
"People on LinkedIn Saying That They've Left Red Hat."
We already saw signs of it a month ago and named some of the people
Gone With the BRICs (or BRICS): "Linux 8" in Cuba
GAFAM must be worried
Telecompaper Reports Microsoft to Reduce the Workforce by Another 10% (in France)
Imagine what this will do to staff's morale
Microsoft in Freefall in Finland
Can Finland eradicate Windows from all its infrastructure, including core operations that are sensitive to sabotage by cracking?
Google's Chrome Passes 70% and Web Standards Are Dying
The Web is quickly becoming devoid of any standards
India is Back to Windows 8 (Market Share Down to 8%) as Android Soars to a New Record High
For Microsoft, India is a runaway market
Slopwatch: Plagiarism and Ponzi Scheme, Bubble About to Burst Entirely, Admits Goldman Sachs
the hype that Google News and The Register MS actively participate and profit from
Links 02/09/2025: SCO Summit and Russia Suspected Of Jamming GPS
Links for the day
Gemini Links 02/09/2025: Mediterranean Marriage and Staying Connected at 35,000 Feet
Links for the day
The Register MS Says "AI Web Crawlers Are Destroying Websites", So Why Does The Register MS Help 'AI' Companies? (Spoiler: Money)
People need to call out The Register MS on its hypocrisy
Slopfarms Already Peaked, They Will Die When Slop Companies Run Out of Money to Borrow
slopfarms will lack an actual "engine"
Links 02/09/2025: Attacks on Unions, Microsoft TCO, and DDoSing a Growing Problem
Links for the day
Why We Publish Information About the SLAPPs (But Not About the Legal Process), an Abuse of Process by Americans Trying to Silence Critics of Their Employer, Microsoft
It doesn't take thousands of pages to explain something simple
Internet Relay Chat Didn't Fall Off a Cliff
IRC will turn 40 in less than 3 years from now
The UEFI 9/11 - Part V - This is Not a Drill (Disable "SecureBoot" Now)
A "9/11" Coming
There's No Obligation to Speak to Anybody
The very fact that "bkuhn" is till spending time in social control media says a lot about his poor judgment
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, September 01, 2025
IRC logs for Monday, September 01, 2025
Microsoft Trying to Force People to Resign (Amid Mass Layoffs) a Strategy That Takes Its Toll
Microsoft seems to be circling down the drain and the "final flush" will be the moment the "hey hi" (AI) bubble implodes completely
Google Simply Cannot Be Trusted
Only fools would trust GAFAM
Admission That a Third Party (or Parties) Funds the SLAPPs Against Techrights
This can end up costing them over a million dollars
Modifying and Writing One's Own Computer Programs is Not a Crime (or: Google Proves That Stallman Was Right)
We're generally gratified to see so many positive mentions of him
Why We Stopped Publishing Videos (for Now)
We'll probably get back to videos one day, but it's hard to say when or to what extent
What Animal Rights Activism Teaches Us About Sympathy and Focus
It's possible to believe that the planet is warming, that we must do something about it, and still eat eggs and butter