Bonum Certa Men Certa

Links 07/09/2023: DebConf23 and Akademy 2024 Plans



  • GNU/Linux

    • Kernel Space

      • LWNA more dynamic software I/O TLB

        The kernel's software I/O translation lookaside buffer ("swiotlb") is an obscure corner of the DMA-support layer. The swiotlb was initially introduced to enable DMA for devices with special challenges, and one might have expected it to fade away as newer peripherals came along. Instead, though, the swiotlb has turned out to be useful in places outside of its original use cases. This patch set from Petr Tesarik now aims to update the swiotlb with an eye toward its continuing use indefinitely into the future.

        One of the fundamental features of any reasonably capable I/O device is its ability to perform DMA — accessing data directly in main memory without the need to go through the CPU. Without DMA, I/O performance will be severely limited. But some devices are better at DMA than others. Older devices for PC-class hardware, reflecting the history of that architecture, were often limited to 24 bits of address space for DMA transfers, meaning that they could only access the lower 16MB of memory. That was plenty in the early days, but quickly became limiting as memory sizes grew. Another common problem is a 32-bit limitation, restricting access to the lower 4GB of memory.

      • LWNDevelopment statistics for the 6.5 kernel

        The 6.5 kernel was released on August 27 after a nine-week development cycle. By that time, some 13,561 non-merge changesets had found their way into the mainline repository, the lowest number seen since the 5.15 release (12,377 changesets) in late 2021. Nonetheless, quite a bit of significant work was done in this cycle; read on for a look at where that work came from.

        1,921 Developers contributed to 6.5, a slightly lower number than usual; 271 of those developers made their first kernel contribution for this release.

    • Applications

      • PC WorldThe best Linux backup tools: Don’t put it off any longer | PCWorld

        What you should back up depends on how you use your PC. As a rule, a regular backup of the home directories is sufficient. This protects against data loss—for example, if an important file is accidentally deleted. With a suitable tool, you can automate the process.

        If many programs and perhaps server services are installed, a complete backup of the hard disk is recommended from time to time. We present tools with which an image of the drive can be created and, if necessary, also restored on a new hard disk.

    • Instructionals/Technical

      • Make Use OfHow to Check the Status of an Apache Server on Linux

        Apache is one of the most widely used web server software applications in the world. A W3Techs survey estimates that just over 31 percent of all known web servers use a version of Apache. It’s highly customizable, responsive, and completely open-source.

        Apache is an excellent and well-established option for running a website. It’s vital to know how to do essential maintenance when running an Apache web server. Here are five different ways to check your Apache server status on Linux.

      • How To Install Moodleâ„¢ On Amazon, Part One

        The sky is the limit for educational technologies today. The forecast is more and more closed. The explosion of “Platform as a Service” (PaaS) solutions is increasing the rate of innovation in digital products, enabling them to scale instantly without compromising reliability, and at a lower cost. Leading the PaaS charge is Amazon Web Services (AWS), its reign anything but secure.

        It only makes sense to consider the potential of Moodleâ„¢, the largest, open source Learning Management System today, on the AWS. The setup can be tricky, but Roy Plomantes, CTO of Nephila Web Technology, has decades of experience making anyone capable to build things they didn’t think they would on the cloud, maybe even struck by its vast potential.

      • HowTo Geek5 Ways to Count Files in a Directory on Linux

        Working with operating systems like Linux, managing files is one of the fundamental tasks. If you are a Linux admin, imagine the file count you have to deal with. And if your files consume a lot of disk space, then it will be a tough nut to crack. Let's discuss some ways to count these files, including the pesky hidden files.

      • LWNMastering Emacs

        A series of rabbit holes, some of which led to unshaved yaks, recently landed me on a book called Mastering Emacs. Given that I have been using Emacs "professionally" for more than 16 years—and first looked into it a good ways into the previous century—I should probably be pretty well-versed in that editor-cum-operating-system. Sadly, for a variety of reasons, that is not really true, but the book and some concerted effort have been helping me down a path toward Emacs-ian enlightenment. Mastering Emacs may also help others who are struggling in the frothy sea that makes up Emacs documentation.

        The backstory of how I got here is kind of goofy—some days rabbit holes look like so much fun ... and they definitely can be, but the lost "productivity" may be problematic. In any case, a Hacker News item on "Elixir for cynical curmudgeons" caught my eye a few weeks back since I certainly qualify. After reading that and poking at Elixir (and Erlang) documentation some, I remembered that I always wanted to understand Lisp macros better—or at all, in truth. That led me back to a project that I started (and promptly drifted away from) after a talk at linux.conf.au about the history of Lisp that I really enjoyed.

    • Games

      • XDA5 reasons why Linux is good for gaming in 2023

        Linux has gotten a lot better for playing video games over the past few years, making it more friendly for gamers in 2023.

        Windows has long been hailed as the best operating system for gaming, easily beating Linux and macOS when it comes to running the latest graphically-intensive games. But it's not quite as cut and dry these days. Linux gaming has come a long way since the early 2010s when most Windows-based 3D games used to run at drastically reduced framerates on the open-source operating system. In fact, Linux is now a viable platform for gaming, so maybe it's time to give it a shot.

    • Desktop Environments/WMs

      • K Desktop Environment/KDE SC/Qt

        • OpenSUSEKDE Gear, FreeRDP update in Tumbleweed

          This week’s openSUSE Tumbleweed snapshots varied from large to small and there was also an updated arm Tumbleweed snapshot released.

          Packages to arrive so far this month have touched several portions of the rolling release.

          Snapshot 20230904 had security fixes for two packages. The XML parsing package libxml2 addresses CVE-2023-39615, which pertains to a crafted XML that could potentially lead to a global buffer overflow, and libxml2-python mitigates this vulnerability with a patch.

        • KDE OfficialAkademy 2024 Call for Hosts

          One of the biggest things you can do for KDE (that does not involve coding) is helping us organize Akademy.

          Now is your chance to become KDE champions and help make Akademy 2024 happen! We are looking to host Akademy 2024 during the months of June, July, August, and September. Download the Call for Hosts guide, and submit a proposal to host Akademy in your city to akademy-proposals@kde.org by October 1, 2023.

          Do not hesitate to send us your questions and concerns! We are here to help you organize a successful event and you can reach out at any time for advice, guidance, or any assistance you may need. We will support you and help you make Akademy 2024 an event to remember.

  • Distributions and Operating Systems

    • [elementaryOS] One Last Bug Fix Update Before The Big One

      It turns out we have one more updates blog before OS 7.1 and it brings a number of fixes and a few small features. We’re hard at work resolving your reported issues to make this release as smooth and shiny as it possibly can be! So read ahead and find out what was new last month.

      Feedback

      The Feedback app has been ported to GTK 4 and it now features search! This should make it much speedier to send feedback when something unexpected happens.

      The Feedback app now features search

      The feedback app is our way to stay connected with you and address any issues you come across, so please make sure to make use of it. The issues that we send fixes for every month come directly from folks who make use of this app.

      Videos

      We’ve been hard at work getting Videos ready for GTK 4 and one of the steps along the way was getting rid of Clutter—big “C”—which has lead to a massive rework of the app’s internals. The code base is much cleaner and clearer and should be more reliable and performant. This release still uses GTK 3, but look forward to GTK 4 in the next release.

    • New Releases

      • DebugPointMX Linux Unveils New Tool: MX Service Manager

        If you enjoy the simplicity and stability of the popular lightweight systemd-free distribution MX Linux, then a piece of exciting news for you.

        MX Linux team has just announced a new addition to its toolkit – the MX Service Manager. This new mx-tool promises to make managing services and daemons on your Linux system like a cakewalk, giving you more control over what starts at boot time.

      • DebugPointLinux Lite 6.6 Released with 22 Languages Support

        The Linux Lite team has just unveiled their latest and most exciting release to date: Linux Lite 6.6. In this release, they've added a whopping 22 new languages to their already impressive arsenal of features, making it one of the most comprehensive updates since the project's inception back in 2012.

    • Fedora Family / IBM

    • Debian Family

    • Devices/Embedded

      • CNX SoftwareGateworks GW7400 networking SBC features 6 Gigabit Ethernet ports, M.2 & mini PCIe sockets for wireless connectivity

        Gateworks provides an Ubuntu Linux BSP for their Venice boards which includes the GSC (Gateworks System Controller) Firmware, Arm Trusted Firmware, DDR controller Firmware, U-Boot bootloader, the Linux 5.6 kernel, and a rootfs.

        It’s also possible to use mainline Linux, and although some features such as the hantro-h11 jpeg video encoder are missing in mainline, Gateworks does usually have separate drivers for those. More technical details about the hardware and software, as well as a getting started guide can be found in the wiki.

      • LWNThe OpenSprinkler controller [LWN.net]

        The more one pays attention to the Internet of Things (IoT), the more one learns to appreciate simple, unconnected devices. Your editor long ago acquired an aversion to products that advertise themselves as "smart" or "WiFi-enabled". There can be advantages, though, to devices that contain microprocessors, are Internet connected, and are remotely accessible, if they are implemented well. The OpenSprinkler sprinkler timer would appear to be a case in point.

        This article is being written in a part of the world with limited rainfall — a near-desert environment. That notwithstanding, the local humans have reached the conclusion that it would be a good idea to surround their homes with lush, green vegetation that evolved to thrive in a rather more humid environment, and which requires fairly intensive life support — and water pumped from the other side of the continental divide — to survive here. Western civilization, it seems, depends on us continuing to do this; otherwise we would surely not continue to put so many resources into it.

        Providing life support to vegetation by dragging a hose around quickly loses any charm it may have once had, so the installation of automated sprinkler systems is common in these parts. The control system takes the form of a timer that, traditionally, has been programmed through a painful combination of dial turns and button pushes; anybody who has tried to figure out how to configure a bicycle computer (speedometer) will understand. More recently, of course, we have seen the advent of smart controllers that are said to make this process easier and to enable control of the system while vacationing in a distant location. The allure of being able to soak a Colorado front yard while lounging on a South-Pacific beach is, seemingly, irresistible.

      • CNX SoftwareHaxophone – A Raspberry Pi-based electronic saxophone with mechanical keys (Crowdfunding)

        The Haxophone is an unusual Raspberry Pi expansion board that transforms the popular SBC into a travel saxophone using mechanical keys. The hackable musical instrument is open-source hardware and OSHWA certified and comes with mechanical keys which makes it easily repairable, customizable by changing keycaps or the firmware, and at a price point cheaper than commercial digital saxophones with custom molded keys.

      • HacksterPeter Wasilewski's STMViewer Offers Overhead-Free STM32 Data Visualization on Linux and Windows



        Self-described embedded systems enthusiast Peter Wasilewski has put together a tool designed to make it easier to see what's going on inside an STMicroelectronics STM32 — offering a live and historical visual overview of variable values.

        "STMViewer is a software tool that can be used to visualize variables values in real-time using only [an] ST-LINK programmer and a STM32 target," Wasilewski explains of his software. "You might be familiar with STMStudio or CubeMonitor, tools from ST that serve a similar purpose. If there are at least two similar tools, why bother to create my own? Simply because STMStudio is deprecated and works only on Windows, and Cube monitor takes forever to setup with even the simplest graphs."

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Productivity Software/LibreOffice/Calligra

      • The Document Foundation releases LibreOffice 7.5.6 Community
        LibreOffice 7.5.6 Community, the sixth minor release of the LibreOffice 7.5 line, the volunteer-supported free office suite for desktop productivity, is available from our download page for Windows (Intel/AMD and ARM processors), macOS (Apple Silicon and Intel processors), and Linux [1].

        Products based on LibreOffice Technology are available for major desktop operating systems (Windows, macOS, Linux and Chrome OS), for mobile platforms (Android and iOS), and for the cloud.

        For enterprise-class deployments, TDF strongly recommends the LibreOffice Enterprise family of applications from ecosystem partners – for desktop, mobile and cloud – with a large number of dedicated value-added features and other benefits such as SLA (Service Level Agreements).

      • DebugPointLibreOffice Plans for Calendar-Based Versioning: Next Release Set as "24.2"

        In a move that's set to simplify versioning and enhance user experience, the LibreOffice team has planned a significant shift in their versioning strategy. Say goodbye to the traditional major and minor version numbers, and prepare for a more intuitive and user-friendly approach.

        Starting with the next release, LibreOffice will adopt a year.month-based versioning system and the upcoming iteration will bear the version number 24.2.

    • GNU Projects

      • Unicorn MediaGNU’s Having a 40th Birthday Party and You’re Invited

        Wowie zowie! The Gnu System is turning 40, and its parents — the folks at Free Software Foundation — are throwing it a party to celebrate, and y’all are invited!

        Gnus eating cake

        Officially they’re not calling it a party, it’s a hack day, but since they make it clear that no hacking is required (and go out of their way to make it known that there will be cake) I’m calling it a birthday party under the “if it walks like a duck” rule.

        Here’s what Miriam Bastion, the program manager at FSF, had to say about it when she announced the event a few weeks back...

    • Programming/Development

      • Python

        • LWNPython is (mostly) made of syntactic sugar

          "Sugar" is, to a certain extent, in the eye of the beholder—at least when it comes to syntax. Programming languages are often made up of a (mostly) irreducible core, with lots of sugary constructs sprinkled on top—the syntactic sugar. No one wants to be forced to do without the extra syntax—at least not for their favorite pieces—but it is worth looking at how a language's constructs can be built from the core. That is just what Brett Cannon has been doing for Python, on his blog and in talks, including a talk at PyCon back in April (YouTube video).

  • Leftovers

    • Education

      • ACLUWhy Access to Education is Key to Systemic Equality

        All students have a right to an equal education, but students of color — particularly Black and Brown students and students with disabilities, have historically been marginalized and criminalized by the public school system. The ACLU has been working to challenge unconstitutional disciplinary policies in schools, combat classroom censorship efforts that disproportionately impact marginalized students, and support race conscious admission policies to increase access to higher education.

    • Health/Nutrition/Agriculture

      • WiredPinterest’s New Algorithms Want You to See Every Body Type

        When fashion influencer Natalie Craig recently searched Pinterest for skorts and cargo pants, she noticed something different from her past explorations on the service: Women who looked like her were sprinkled among the results—and without adding qualifiers like “plus size” to her query.

        “I’m 5'2" and a size 20, so I have to say, ‘short-size back-to-school outfit inspiration,’” Craig says of her usual challenge to find relevant fashion content online. “Now, I don’t have to take on that mental gymnastics.”

      • The Straits TimesVietnam to sign 5-year rice trade pact with the Philippines to ensure food security

        The Philippines is looking at importing 300,000 to 500,000 tonnes of rice from Vietnam at discounted prices.

    • Proprietary/Artificial Intelligence (AI)

    • Security

      • Help Net SecurityHow Chinese hackers got their hands on Microsoft’s token signing key - Help Net Security

        The mystery of how Chinese hackers managed to steal a crucial Microsoft signing key has been explained.

      • Dark ReadingAtlasVPN Linux Zero-Day Disconnects Users, Reveals IP Addresses

        A security researcher has published exploit code for AtlasVPN for Linux, which could enable anybody to disconnect a user and reveal their IP address simply by luring them to a website.

        AtlasVPN is a "freemium" virtual private network (VPN) service owned by NordVPN. Despite being just 4 years old, according to its website, it's used by more than 6 million people worldwide.

        On Sept. 1, after receiving no response from the vendor, an unidentified researcher (referred to by their Full Disclosure mailing list username, "icudar") posted exploit code for AtlasVPN Linux to the Full Disclosure mailing list and Reddit. By simply copying and pasting this code to their own site, any odd hacker could disconnect any AtlasVPN user from their private network, and reveal their IP address in the process.

        "Since the entire purpose of the VPN is to mask this information, this is a pretty significant problem for users," says Shawn Surber, senior director of technical account management at Tanium.

      • LWNSecurity updates for Thursday [LWN.net]

        Security updates have been issued by Fedora (erofs-utils, htmltest, indent, libeconf, netconsd, php-phpmailer6, tinyexr, and vim), Red Hat (firefox), and Ubuntu (linux-aws, linux-aws-5.15, linux-ibm-5.15, linux-oracle, linux-oracle-5.15, linux-azure, linux-azure-fde-5.15, linux-gke, linux-gkeop, linux-intel-iotg-5.15, linux-raspi, linux-oem-6.1, linux-raspi, linux-raspi-5.4, shiro, and sox).

      • LWNUbuntu to add TPM-backed full-disk encryption

        The Ubuntu blog has a detailed article on plans to add full-disk encryption, with the key stored in the system's trusted platform module (TPM), to the desktop distribution.

      • Data BreachesFTC Finalizes Order with 1Health.io Over Charges it Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy

        The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent.

      • Data BreachesBeverly Hills Plastic Surgery notification — and what it doesn’t tell the patients.

        On July 17, DataBreaches reported that BlackCat had added the Beverly Hills Plastic Surgery (BHPS) to their dark web leak site. The June listing was updated to include photos that appeared to be proof of claims about their access to the clinic’s files.

      • Defence Housing Australia investigates third-party data breach - Cyber Security Connect

        An investigation by Defence Housing Australia (DHA) is currently underway after it was notified that one of its third-party service providers had been hit by a cyber attack.

        The organisation, which provides housing and accommodation for military personnel and their families on and off base, has stressed that while there has been no impact or breach of DHA or Defence ICT systems, an investigation to determine if any data belonging to Defence Force members and their families had been compromised has been launched.

        “DHA has notified the Australian Cyber Security Centre, the Department of Home Affairs’ cyber security response unit, and the Office of the Australian Information Commissioner,” the DHA said in a notice released on its site.

        “Defence personnel affected by this incident will be advised as soon as practicable.”

        The Department of Veterans’ Affairs (DVA) also issued a notice regarding the breach; however, it said that its systems remain secure.

      • The RecordMinneapolis school district says data breach affected more than 100,000 people

        Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyberattack early this year.

        The school system started sending letters late last week, according to local media reports, and on Tuesday a notice posted on Maine’s data breach notification site said that 105,617 people were affected.

      • Data BreachesRagnar_Locker leaks data from Israeli Medical Center

        Mayanei Hayeshua Medical Center in Bnei Brak was hit by a cyberattack on August 7. Patient care was not disrupted for some things, but the ministry instructed that the center’s outpatient clinics and imaging centers not accept patients and that the public not go to its emergency room until further notice. A week later, the hospital disclosed it had received a ransom demand. It was pretty much an open secret that the attackers were the Ragnar_Locker group, but the hospital never named them.

      • Hacker NewsUkraine’s CERT Thwarts APT28’s Cyberattack on Critical Energy Infrastructure [Ed: Microsoft Windows TCO, causing more deaths in Ukraine.]

        The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country.

        The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates the infection chain.

        “Visiting the link will download a ZIP archive containing three JPG images (decoys) and a BAT file ‘weblinks.cmd’ to the victim’s computer,” CERT-UA said, attributing it to the Russian threat actor known as APT28 (aka BlueDelta, Fancy Bear, Forest Blizzard, or FROZENLAKE).

      • Data BreachesCoffee Meets Bagel Meets Hacker?

        This is not the first cyberattack CMB has experienced. In February 2019, DataBreaches reported that user data from 6.1 million users was up for sale on DreamMarket by gnosticplayers.

      • 3,20,000+ Patient Records From Ayush Jharkhand Gov. In Shared On Dark Web Hacking Forums
      • Data BreachesDo IT Consultants victim of attack by Ragnar_Locker

        When DataBreaches started to look into this listing, we discovered that Do IT Consultants’ website is no longer online and the last time it was archived by archive.org was in early 2022.

      • Data BreachesUnited States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang

        Today, the United States, in coordination with the United Kingdom, sanctioned eleven individuals who are part of the Russia-based Trickbot cybercrime group. Russia has long been a safe haven for cybercriminals, including the Trickbot group. Today’s action was taken by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). The U.S. Department of Justice (DOJ) is concurrently unsealing indictments against nine individuals in connection with the Trickbot malware and Conti ransomware schemes, including seven of the individuals designated today.

      • Data Breaches“i know it hurts your little dick seeing a true hacker like me in a crowd full of skids and sheep,” said a man with no knowledge of anatomy

        After the arrest of Breached.vc’s owner “Pompompurin” in March, Breached.vc was taken offline by an administrator because it seemed likely the server had been compromised by law enforcement. Months later, the domain was seized by law enforcement.

      • The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously

        The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rages on.

        “I don’t think we’ve figured out how to talk to the small and medium-sized organizations in a way that actually reaches them, and I don’t think we’ve come up with a convincing story” about why cybersecurity matters, Jessica Wilkerson, a senior cyber policy adviser at the Food and Drug Administration, said Wednesday at the Billington Cyber Summit in Washington.

      • Data BreachesBienville Orthopaedic Specialists notifies 243,000 patients of cyberattack

        On April 1, DataBreaches reached out to Bienville Orthopaedic Specialists (BOS) in Mississippi to ask about a claim by Abyss threat actors that they had compromised BOS. BOS never replied.

        But now, five months later, BOS submitted a breach notification to the Maine Attorney General’s Office. The notification indicates that 242,986 people were affected by a “data security event” that occurred between February 3 and March 5.

      • Insights From The IBM 2023 Cost of a Data Breach Report

        The annual Cost of a Data Breach Report (Report) published by IBM is reliably full of helpful cybersecurity data. This year is no different. After reviewing the Report, we pulled out some interesting data points. Of course, the Report as a whole is well worth the read, but if you don’t have the time to get through its 78 pages, this post may be helpful.

      • Cybernews IBM: Janssen health database breached in cyber incident

        IBM announced Wednesday that an unauthorized party breached the patient healthcare database it manages for the Johnson & Johnson-owned Janssen CarePath platform. Many of the patients are or have been treated for serious diseases, such as cancer.

        The tech giant says it has begun to notify patients whose information may have been compromised in the breach, discovered on August 2nd.

        The IBM-run database is used by Janssen CarePath, a free patient support platform that offers savings on advanced prescription medicines and other patient resources.

      • SANSSecurity Relevant DNS Records, (Wed, Sep 6th)

        DNS has a big security impact. DNS is partly responsible for your traffic reaching the correct host on the internet. But there is more to DNS than name resolution. I am going to mention a few security-relevant record types here, in no particular order:

      • Security WeekPassword-Stealing Chrome Extension Demonstrates New Vulnerabilities

        Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore.

      • Silicon AngleWell-known security consultant ‘Mudge’ is once again on the move

        The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday.

      • Pen Test PartnersInformation disclosure through insecure design

        Introduction Insecure design can lead to many issues. The Software Development Life Cycle (SDLC) should contain steps to evaluate and consider security throughout the process.

      • The Insider website hit by DDoS attack after publishing investigation into “patriotic” hacker group Killnet

        The Insider's website was hit by a 24-hour DDoS attack after the publication of an investigation into the Killnet group, which calls itself the "Russian cyber army." The attack began the day after the investigative report was released online, starting at 13:00 Moscow time and peaking at a rate of 20,000 requests per second. The Insider's website and its mirrors went offline briefly on September 6, hit by a flood of requests from close to 400,000 different IP addresses.

      • Security WeekCrash Dump Error: How a Chinese Espionage Group Exploited Microsoft’s Mistakes [Ed: It is Microsoft’s fault, not China. Microsoft kept covering up, do not paint it as a victim. Microsoft is the worst possible "supply chain".]

        Microsoft reveals how a crash dump from 2021 inadvertently exposed a key that Chinese cyberspies later leveraged to hack US government emails.

      • Scoop News GroupMystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key [Ed: Deflection. Microsoft failed, stop blaming "China".]

        A "crash dump" file containing a highly sensitive signing key is believed to have been at the center of an explosive Chinese hacking campaign.

      • Silicon AngleW3LL ‘Phishing Empire’ targets Microsoft 365 accounts [Ed: Do not use Microsoft. Use software that you control and runs locally.]

        A new report from cybersecurity services company€ Group-IB Global Pvt. Ltd.€ warns of a largely unknown threat actor that is running a “phishing empire” targeting Microsoft 365 accounts.

      • Scoop News GroupResearchers identify high-grade phishing kits attacking nearly 60,000 Microsoft 365 accounts [Ed: Do not outsource to Microsoft. use Free software like LibreOffice.]

        Hackers compromised roughly 8,000 of those accounts with tools that a cybercrime group known as W3LL sold through its underground marketplace.

      • Security WeekCash-Strapped IronNet Faces Bankruptcy Options

        It appears to be the end of the road for IronNet, the once-promising network security play founded by former NSA director General Keith Alexander.

      • Security WeekInvestors Betting Big on Upwind for CNAPP Tech

        Upwind raises a total of $80 million in just 10 months as investors pour cash into startups in the cloud and data security categories.

      • Security WeekThousands of Popular Websites Leaking Secrets

        Truffle Security has discovered thousands of popular websites leaking their secrets, including .git directories and AWS and GitHub keys.

      • Security WeekDozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio

        Dozens of vulnerabilities have been found in widely used security cameras made by defunct Chinese company Zavio.€ 



    • Defence/Aggression

      • France24US imposes sanctions on Sudanese paramilitary commander over Darfur violations

        The United States imposed sanctions Wednesday on Sudanese paramilitary commander Abdel-Rahim Hamdan Dagalo for acts of violence and human rights abuses committed by his troops in their monthslong conflict with Sudan's army.

      • Atlantic CouncilAlternative security futures in the High North

        Climate change, combined with increasing geopolitical competition and hostilities, has focused renewed attention on national security interests in the Arctic. By 2035, how will those variables combine to influence the High North?

      • Atlantic CouncilAtlantic Council announces 2023 Fellowship selection of Veterans in Energy

        WASHINGTON, D.C. – September 6, 2023 - The Atlantic Council Global Energy Center’s (GEC) Veterans Advanced Energy Project (VAEP) announced the twenty highly distinguished military veterans of the 2023-2024 VAEP Fellowship Program. This one-year fellowship offers veterans an immersive experience in the field of advanced energy, culminating in a policy proposal capstone that exemplifies VAEP’s motto, “energy security is national security.”

      • Atlantic CouncilGlobal Development Initiative and Global Security Initiative: China’s Blueprint for the New World Order

        Tuvia Gering and Michael Schuman shed light on the Chinese Communist Party’s approach and practical implementation tactics of Beijing's global development initiatives.

      • Defence WebGlobal Terrorism Index finds attacks down, but becoming more lethal

        The Institute for Economics & Peace’s (IEP) latest Global Terrorism Index (GTI) has found that last year, terrorism resulted in 6 701 deaths – 38% lower than at their peak in 2015 – but the lethality of attacks increased dramatically.

      • teleSURIslamist Party Leaders Arrested by Tunisian Security

        The report was released a few hours after the arrest of Mondher Ounissi, the party's interim head, and the release of Hamadi Jebali, the party's former secretary-general and former prime minister

      • The Straits TimesMain Pakistan-Afghan border crossing closed for second day after clashes
        September 07, 2023 2:33 PM

        PESHAWAR, Pakistan - Pakistan's main border crossing with Afghanistan was closed for a second day on Thursday, leading to a build-up of trucks laden with goods, after clashes between security forces from the two countries.

      • Atlantic CouncilSleight of hand: How China weaponizes software vulnerabilities

        China's new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

      • Federal News NetworkIn Southeast Asia, Harris says ‘we have to see the future’

        Vice President Kamala Harris traveled for more than a day to reach this year's summit of Southeast Asian nations, where she was tasked with strengthening ties in a region that's crucial to U.S. interests. Harris said in an interview with The Associated Press that Washington must “pay attention to 10, 20, 30 years down the line, and what we are developing now that will be to the benefit of our country then." This was her third trip to Southeast Asia since taking office. She's at the center of the White House's efforts to foster partnerships that can serve as a counterbalance to China's influence.

    • Finance

      • GeekWireSlalom Consulting lays off 7% of workforce; CEO cites ‘significant shifts within our industry’

        Seattle-based business and technology firm Slalom Consulting laid off about 900 employees in a workforce reduction.

      • Roku cutting 10% of staff, third mass layoff in months

        In a recent filing to the U.S. Securities and Exchange Commission (SEC), the streaming software company announced that it’s laying off approximately 10 per cent of its workforce as it continues to look for ways to “bring down its year-over-year operating expense growth rate.”

      • Federal News NetworkStock market today: Asian shares fall as China reports weaker global demand hit its trade in August

        Shares have fallen in Asia as China reported weaker global demand hit its trade in August, adding to pressures on its economy. Oil prices and U.S. futures also fell. Hong Kong's benchmark gave up more than 1% and most other major regional markets also declined. China said its exports fell 8.8% in August from a year earlier, while imports were down 7.3%. On Wednesday, the S&P 500 shed 0.7% and the Dow industrials fell 0.6%. The Nasdaq composite handed back 1.1% as declines in several big technology stocks, including Apple, weighed on the market. Treasury yields rose following data showing the U.S. services sector remains strong.

      • YLESurvey: Over 40% of workers in Finland want to retire early

        A survey published on Thursday has found that 43 percent of employees in Finland want to leave active working life well ahead of time.

        Those surveyed who would like to retire early wanted, on average, to get out of the workforce 6.4 years before retirement age.

        The poll was commissioned by Mehiläinen, a private provider of social and healthcare services.

        Mehiläinen's chief occupational health psychologist Suvi Suortamo considers the results to be a sign that working life is perceived as increasingly stressful and burdensome.

      • BBCBrits most likely to say 'we don't live to work' - BBC News

        There's a steady drift towards getting a good work-life balance, a new survey suggests.

      • The StrategistIndia’s quiet rise

        China’s sharp economic slowdown has raised alarm bells around the world. But it has also thrown into relief the rise of another demographic powerhouse next door.

    • Censorship/Free Speech

      • ReasonBrickbat: The King and I

        A court in Saudi Arabia has sentenced Muhammad al-Ghamdi to death after finding him guilty of "describing the King or the Crown Prince in a way that undermines religion or justice," "supporting a terrorist ideology," "communication with a terrorist entity," and publishing false news "with the intention of executing a terrorist crime."

    • Civil Rights/Policing

    • Monopolies

      • Yahoo NewsFTC Should Look at Microsoft Teams Bundle After EU Investigation, Zoom CEO Says

        Zoom Video Communications Inc. Chief Executive Officer Eric Yuan said the US Federal Trade Commission should look into Microsoft Corp.’s bundling of its video-conferencing software, Teams...

      • Silicon AngleGoogle tentatively settles antitrust lawsuit over Play Store practices

        Google LLC has agreed to settle a lawsuit that accused it of breaching antitrust rules with the Play Store. Reuters reported the development today, citing a court document that was filed on Tuesday.

      • TwinCities Pioneer PressGoogle reaches tentative settlement with all 50 states over alleged app store monopoly

        All 50 states, the District of Columbia and Puerto Rico have reached an agreement in principle with Google to settle a lawsuit filed in 2021 over the tech giant’s alleged monopolistic control of the distribution of apps for the software that runs most of the world’s cellphones. The agreement was cited in a court filing late Tuesday by both sides. Terms were not disclosed. Google still faces several major antitrust lawsuits filed by the Department of Justice and other agencies across the U.S. focused on alleged search-related and advertising market monopolistic behavior. In November, it settled with 40 states over the tracking of user location, paying $391 million.

      • [Repeat] New York TimesIn Its First Monopoly Trial of Modern Internet Era, U.S. Sets Sights on Google

        The 10-week trial, set to begin Tuesday, amps up efforts to rein in Big Tech by targeting the core search business that turned Google into a $1.7 trillion behemoth.

      • Trademarks

        • TTAB BlogPrecedential No. 24: Claim for Violation of Section 10 "Anti-Assignment" Provision Is Time-Barred by Section 14

          In this proceeding for cancellation of a registration for the mark SUBSCRIBE & THRIVE for "online ordering" featuring skin care products, supplements, and assorted other products, Respondent Nature's Sunshine counterclaimed for cancellation of one of Petitioner's pleaded registrations for the mark THRIVE on two grounds: fraud and violation of the "anti-assignment" provision of Section 10(a)(1) of the Lanham Act. The Board dismissed the fraud claims due to the insufficiency of the pleading, and it dismissed the Section 10 claim as barred by the time limitation of Section 14(3). Thrive Natural Care Inc. v. Nature’s Sunshine Products, Inc., 2 023 USPQ2d 953 (TTAB 2023) [precedential].

      • Copyrights

        • Public Domain ReviewThe “Madame B Album” (ca. 1870s)

          A leatherbound volume of some hundred photocollages, featuring elaborate, fantastical watercolour settings for photographic portraits of friends, family, and pets.



Recent Techrights' Posts

Techrights' Statement on Code of Censorship (CoC) and Kent Overstreet: This Was the Real Purpose of Censorship Agreements All Along
Bombing people is OK (if you sponsor the key organisations), opposing bombings is not (a CoC in a nutshell)
 
Patents Against Energy Sources That Reduce Pollution
this EV space (not just charging) is a patent mine field and it has long been that way
DARPA’s Information Innovation Office, Howard Shrobe, Values Compartmentalisation But Loses the Opportunity to Promote GNU/Linux and BSDs
All in all, he misses an opportunity
Wayland is an Alternative to X
the alternative to X (as in Twitter) isn't social control media but something like IRC
BetaNews, Desperate for Clicks, is Pushing Donald Trump Spam Created by LLMs (Slop)
Big clap to Brian Fagioli for stuffing a "tech" site with Trump spam (not the first time he uses LLMs to do this)
[Meme] Social Control Media Bliss
"My tree is bigger than yours"
Links 24/11/2024: More IMF Bailouts and Net Client Freedom
Links for the day
Gemini Links 24/11/2024: Being a Student and Digital Downsizing
Links for the day
[Meme] The Most Liberal Company
"Insurrection? What insurrection?"
apple.com Traffic Down Over 7%, Says One Spyware Firm; Apple's Liabilities Increased Over 6% to $308,030,000,000
Apple is also about 120 billion dollars in debt
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 23, 2024
IRC logs for Saturday, November 23, 2024
[Meme] GAFAMfox
Mozilla Firefox in a state of extreme distress
Google Can Kill Mozilla Any Time It Wants
That gives Google far too much power over its rival... There are already many sites that refuse to work with Firefox or explicitly say Firefox isn't supported
Free (as in Freedom) Software Helps Tackle the Software Liability Issue, It Lets Users Exercise Greater Control Over Programs
Microsofters have been trying to ban or exclude Free software
In the US, Patent Laws Are Up for Sale
This problem is a lot bigger than just patents
ESET Finds Rootkits, Does Not Explain How They Get Installed, Media Says It Means "Previously Unknown Linux Backdoors" (Useful Distraction From CALEA and CALEA2)
FUD watch
Techdirt Loses Its Objectivity in Pursuit of Money
The more concerning aspects are coverage of GAFAM and Microsoft in particular
Links 23/11/2024: Press Sold to Vultures, New LLM Blunders
Links for the day
Links 23/11/2024: "Relationship with Oneself" and Yretek.com is Back
Links for the day
Links 23/11/2024: "Real World" Cracked and UK Online Safety Act is Law
Links for the day
Links 23/11/2024: Celebrating Proprietary Bluesky (False Choice, Same Issues) and Software Patents Squashed
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 22, 2024
IRC logs for Friday, November 22, 2024
Gemini Links 23/11/2024: 150 Day Streak in Duolingo and ICBMs
Links for the day
Links 22/11/2024: Dynamic Pricing Practice and Monopoly Abuses
Links for the day
Topics We Lacked Time to Cover
Due to a Microsoft event (an annual malware fest for lobbying and marketing purposes) there was also a lot of Microsoft propaganda
Microsofters Try to Defund the Free Software Foundation (by Attacking Its Founder This Week) and They Tell People to Instead Give Money to Microsoft Front Groups
Microsoft people try to outspend their critics and harass them
[Meme] EPO for the Kids' Future (or Lack of It)
Patents can last two decades and grow with (or catch up with) the kids
EPO Education: Workers Resort to Legal Actions (Many Cases) Against the Administration
At the moment the casualties of EPO corruption include the EPO's own staff
Gemini Links 22/11/2024: ChromeOS, Search Engines, Regular Expressions
Links for the day
This Month is the 11th Month of This Year With Mass Layoffs at Microsoft (So Far It's Happening Every Month This Year, More Announced Hours Ago)
Now they even admit it
Links 22/11/2024: Software Patents Squashed, Russia Starts Using ICBMs
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, November 21, 2024
IRC logs for Thursday, November 21, 2024