After more than a decade in use, Docker remains the de facto container standard because of its ability to integrate with a broad array of tools and platforms, such as Kubernetes. However, business changes at Docker and market forces have prompted organizations to search for new containerization options.
The development of Asahi Linux for Macs equipped with Apple chips is in full swing. For those of you unaware, Asahi Linux is a project and community dedicated to bringing Linux to Apple Silicon Macs, beginning with the 2020 M1 Mac Mini, MacBook Air, and MacBook Pro.
As you know, the M1 is Apple’s custom Arm-based SoC which started showing on Macs in 2020 after ditching Intel’s x86 silicon chip. Because the M1 is Apple’s most powerful chip, it’s easy to see why developers are interested in porting Linux to it and running programs like Proton, which would turn the Mac into a powerful gaming PC.
I'm announcing the release of the 5.16.16 kernel.
All users of the 5.16 kernel series must upgrade.
The updated 5.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
thanks,
greg k-h
Apple, Microsoft, Alphabet (Google’s parent), Amazon and Facebook dominate the tech landscape. Their dominance is so broad they account for more than 20% of the S&P 500.
There are many things to admire about Apple’s hardware and software. Apple make great looking (albeit expensive) hardware. Over the years key successes include the iPhone, iPad, iPod, and the MacBook Air. The company designs its own hardware and software. This gives them the power to make an operating system and suite of apps that are tailor-made and optimized for their hardware. Apple also operates the Apple Music and Apple TV media distribution platforms.
Mac OS X is Apple’s proprietary operating system for its line of Macintosh computers. Its interface, known as Aqua, is highly polished and built on top of a BSD derivative (Darwin). There’s a whole raft of proprietary applications that are developed by Apple for their operating software. This software is not available for Linux and there’s no prospect of that position changing.
In 2020, Apple began the Apple silicon transition, using self-designed, 64-bit ARM-based Apple M1 processors on new Mac computers. Maybe it’s the perfect time to move away from the proprietary world of Apple, and embrace the open source Linux scene.
Linux systems are popular for many reasons, but installing applications is not one of them. Apps in Linux are delivered as packages and come in all sorts of flavors. Packaging systems differ in terms of installation, usability, and update mechanisms.
Below, we'll look at and compare three prominent package formats: Snap, AppImage, and Flatpak, all distro independent.
MySQL is an open-source relational database management system with support for Structured Query Language (SQL). It helps in the development of a wide range of web-based applications and online content. MySQL runs on all OS platforms like Linux/UNIX, macOS, Windows and is an important component of the LAMP stack.
MySQL is one of the most popular database systems and many cloud providers offer it as part of their service. It uses commands with queries and data to perform tasks and functions by communicating with the database. This article covers the most commonly used MySQL statements that allow users to efficiently work with databases.
Grafana is a leading observability platform for metrics visualization. It lets you build bespoke dashboards to surface meaningful insights from your application’s real-time data streams.
Grafana’s a cloud-native application that’s ready to be launched on popular infrastructure providers, installed on your own hardware, or deployed as a standalone container. In this guide we’ll focus on the latter choice by using the official Grafana image to start an instance that runs in Docker.
In this tutorial, we will show you how to install MariaDB on Manjaro 21. For those of you who didn’t know, MariaDB is a free and open-source relational database management system (DBMS) that is considered as a successor and replacement of MySQL DBMS. MariaDB is fully compatible with the MySQL database and is widely used as a database server in the LAMP and LEMP stack.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the MariaDB database on a Manjaro 21 (Ornara).
This tutorial gives you some easy steps to customize GNOME Desktop with a clean look with minimal effort. Here's how.
The PowerVR GPUs are in quite a lot of mobile devices. It's one of the larger GPU vendor for ARM hardware and even some x86 platforms. These GPUs have been long renowned for being a problem on Linux. From the PowerVR smartphones to the early Intel Atom CPUs.
For the other GPUs like ARM Mali, Qualcomm Adreno and Vivante, there are already well established open source drivers which is why the current Linux phones have selected hardware that use these GPUs like the Mali GPU in the PinePhone and the Vivante GPU in the Librem 5.
The lack of open drivers for PowerVR has been a huge problem for Linux phone projects dating back to the Nokia N900. The hardware for the N900 is pretty outdated for today's standards, but its GPU can still provide a smooth user experience. There are some projects to use the closed, user space PowerVR driver from Imagination on this hardware, with some shims which give distributions like Maemo Leste GPU acceleration on PowerVR phones, but this is not an ideal situation.
The Raspberry Pi single-board computer and all its variants have captured the imaginations of DIY enthusiasts and budding hobbyists alike, even though it hasn't been immune to the chip crunch. And now that an 8GB model with as much RAM as a Mac Mini is here, interest in building with the board is sure to spike. Much of the coverage you'll see around the web focuses on the more fantastical projects—magic mirrors, portable gaming handhelds, intelligent drones, and so forth. And for good reason! Those maker masterpieces show what sort of power the $35 mini-PC is capable of in the hands of someone with a little imagination and a bin full of spare electronics, especially now that the Raspberry Pi 4 includes more RAM, a huge CPU upgrade, USB-C charging, and enough graphics horsepower to drive a pair of 4K monitors simultaneously.
The Raspberry Pi is useful for streaming games, running operating systems, making an NAS, playing retro games, and more.
Up-and-coming SiFive is selling its OpenFive business, including its portfolio of blueprints for chip connectivity, to fellow silicon designer Alphawave.
SiFive will hand over OpenFive to publicly traded Alphawave for $210m in cash, the pair announced on Monday. SiFive said this will allow it to focus on its core business, which is designing RISC-V CPU cores and related tech for people to license and put into system-on-chips. In this respect, SiFive is a rival of Arm, which also licenses CPU core designs among other tech.
Silicon Valley-based SiFive's profile has risen over the few years, in part because Intel reportedly tried to acquire it last year for $2bn before discussions ended. The upstart's CPU cores are compatible with the open-source RISC-V instruction set architecture, which is royalty-free to use. Implementations of the ISA can be offered as paid-for products or made freely available; SiFive provides a mix of free and non-free RISC-V CPU cores, for instance.
A novel way of tricking people out of their passwords has left us wondering if there's a need to rethink how much we trust our web browsers to protect us and to accelerate efforts to close web security gaps.
Earlier this week, an infosec researcher known as mr.d0x described a browser-in-the-browser (BitB) attack. It's a way to steal login credentials by simulating the little browser windows that Google, Microsoft, and other authentication service providers pop up that ask you for your username and password to continue. You've probably seen these windows: you click on something like a "Sign in with Microsoft" button on a website, and popup appears asking for your credentials to access your account or profile.
Services like Google Sign-In will display a Google URL in the popup window navigation bar, which offers some reassurance that the login service is actually coming from a trusted company and not an unknown one. And bypassing defenses built into the user's browser to fool them into trusting a malicious page tends to be difficult in the absence of an exploitable vulnerability, thanks to browser security mechanisms including Content Security Policy settings and the Same-origin policy security model.
Browser maker Brave has developed a new way to ground "bounce tracking," a sneaky technique for bypassing privacy defenses in order to track people across different websites.
Bounce tracking, also known as redirect tracking, dates back at least to 2014 when ad companies were looking for ways to avoid third-party cookie blocking defenses.
"Bounce tracking is a way for trackers to track you even if browser-level privacy protections are in place," explained Peter Snyder, senior director of privacy at Brave, on Tuesday.
The IBM Cloudant software team has decided to pull the plug on its push to create a new database engine underlying Apache CouchDB, the NoSQL document store used by the BBC, Apple and atomic research facility CERN.
In a post on the Apache list, Robert Newson, former IBM Cloudant employee and Apache CouchDB Project Management Committee member, explained that IBM Cloudant had supported a plan to "build a next-generation version of CouchDB using the FoundationDB database engine as its new base."
NoSQL database challenger MongoDB has decided it won't sell its wares in Russia – not even its software-as-a-service offering.
Starting a new website? From writing raw code to using content management systems like WordPress or website builders like Squarespace, Wix, and Weebly, there are tons of ways to get your website up and running.
The most popular tool these days, however, is WordPress. Once you’ve settled on using WordPress, you’ll have another choice to make. Should you use WordPress.com or WordPress.org?
There isn’t a yes or no answer to this—but once you’ve read through this article, you’ll have the information you need to make an informed choice.
Referencing scholarly documents as information sources on Wikipedia is important because it supports or improves the quality of Wikipedia content. Several studies have been conducted regarding scholarly references on Wikipedia; however, little is known of the editors and their edits contributing to add the scholarly references on Wikipedia. In this study, we develop a methodology to detect the oldest scholarly reference added to Wikipedia articles by which a certain paper is uniquely identifiable as the “first appearance of the scholarly reference.” We identified the first appearances of 923,894 scholarly references (611,119 unique DOIs) in 180,795 unique pages on English Wikipedia as of March 1, 2017 and stored them in the dataset. Moreover, we assessed the precision of the dataset, which was highly precise regardless of the research field. Finally, we demonstrate the potential of our dataset. This dataset is unique and attracts those who are interested in how the scholarly references on Wikipedia grew and which editors added them.
Today's day must be noted. I experienced enlightenment in Emacs. I have been aware of everything. I had been trying Emacs several times, and had been installing it many times more. But today's attempt was groundbreaking. Everything seems to be clear, of course I know only a little.
The consortium formed by Dyne.org, RIDDLE&CODE and InfoCert has entered the second phase of the European Blockchain Services Infrastructure (EBSI) project and will receive support to further develop and test its multilayered blockchain stack ZENBRIDGE.
Type-fans rejoice! Plans (or a proposal, at least) are afoot to pop some type-checking into the infamously dynamically typed JavaScript.
More than 30 researchers from top AI research labs at Google, DeepMind, the University of Toronto, MIT, and more, collaborated to develop Kubric, an open-source Python-based software library that can simulate scenes of objects, and is aimed at deep-learning engineers. The library can export generated synthetic datasets directly into machine learning models during the training process. The code is built on top of physics engine PyBullet with Blender used for rendering.
The US Senate has passed legislation aimed at making Daylight Saving Time permanent, leaving the country in the "spring forward" state from 2023.
The practice of changing the clocks twice a year in the US dates back to the agrarian heyday of the early 1900s and has endured, despite regular grumbling. Clocks go forward an hour at the start of the year ("Spring forward") and go back towards the end ("Fall back"),a process that creates its own biannual chaos.
The ITAM Forum, the professional body for IT asset management, is in the final validation stage of an independent, globally recognized standard for understanding business technology assets.
In a move designed to put admins in a stronger position when it comes to software license audits, the launch of the ISO/IEC 19770-1 certification scheme was developed by around 100 volunteering ITAM professionals and NEN, the Royal Netherlands Standardisation Institute.
Trying to access personal medical information has been an intermittent annoyance for most people in the United States — until Covid-19 came along with a reminder of what a mess it can be.
The name Rafaela Vasquez may not immediately be recogniseable, but the accident that ties her to the first-ever fatal self-driving car crash accident will be.
Vasquez was the driver when one of Uber's autonomous test cars crashed into a woman walking her bike across the road at night in March 2018. Now nearly three years later, she is due to go on trial for negligent homicide, denies wrongdoing, and has spoken out for the first time.
In the official archive of IOTA, the term of “coordicide” was coined in November 2018 probably for the first time in a blog post . Under this working title, the IOTA Foundation has thus been working for years to abolish the central coordinator in Tanglenet and thus implement the iron principle of decentralization for cryptocurrencies in IOTA as well. Progress on Coordicide (IOTA 2.0) was announced at least as often as setbacks. Investors, meanwhile, increasingly understood that without decentralization, IOTA cannot stand a real chance with growth sectors of the crypto industry such as DeFi and smart contracts/DApps. Hans Moog, publicly perceived as the chief developer at IOTA, has now raised hopes for a happy ending via Twitter.
AI algorithms designed to generate therapeutic drugs can be easily repurposed to invent lethal biochemical weapons, a US startup has warned.
Experts have sounded alarm bells over the potential for machine-learning systems to be used for good and bad. Computer-vision tools can create digital art or deepfakes. Language models can produce poetry or toxic misinformation.
Achieving affordable space exploration will require lightweight structures for vehicles, solar arrays and antennas. Lightweight materials also will be used for components of structures like pressurized habitats, cryogenic tanks, landing gears and truss cages.
The problem is that NASA envisions that many of those structures will be made from tailorable composite materials, but no design tool has been able to fully exploit the materials' full potential. AnalySwift LLC, a Purdue University-affiliated commercial software provider, and Wenbin Yu, a professor in Purdue’s School of Aeronautics and Astronautics, are conducting research to create one. Yu is the principal investigator. Liang Zhang of AnalySwift and Xin Liu of the University of Texas at Arlington are co-investigators.
Nvidia, IBM, and university collaborators have a developed an architecture they say will provide fast fine-grain access to large amounts of data storage for GPU-accelerated applications, such as analytics and machine-learning training.
Dubbed Big accelerator Memory, aka BaM, this is an interesting attempt to reduce the reliance of Nvidia graphics processors and similar hardware accelerators on general-purpose chips when it comes to accessing storage, which could improve capacity and performance.
Good news for those kept out of the seat of a new Ford Explorer by the chip shortage: you can get one now, with a slight catch.
Speaking at a meeting of the National Automotive Dealers Association, Ford VP of sales Andrew Frick said his automaker was planning to ship Ford Explorers without rear seat HVAC controls. Luckily for children and pets, heat and air conditioning for the rear of the vehicle can still be controlled from the front.
Buyers who decide to skip the wait will get an unspecified price break on a new Explorer, where they'll find a flat panel installed in place of the regular rear seat heating and cooling knobs.
Chip designer and licensor to the stars, Arm, has reportedly dropped around 1,000 workers onto unemployment queues.
An email to staff from Arm CEO Rene Haas, seen and reported by the UK's Daily Telegraph, states: "To stay competitive, we need to remove duplication of work now that we are one Arm; stop work that is no longer critical to our future success; and think about how we get work done."
Haas, who has been in the chief exec's chair for about a month, added Arm needs "to be more disciplined about our costs and where we're investing."
"I write this knowing that although it is the right thing to do for Arm’s future, this is not going to be easy," he added.
Between 12 and 15 per cent of staff will be let go as a result globally. The biz employs 6,400 worldwide.
The Chinese city of Shenzhen – the nation's tech hub – has gone into a week-long lockdown intended to slow an outbreak of COVID-19, and sent the world's tech-dependent industries into a whirlwind of worry about the impact on supply chains.
[...]
This matters because Shenzhen is a hub for China's technology and logistics industries. The city is home to Huawei, Tencent, and many other large tech companies - including Taiwan's Foxconn which has reportedly shut a pair factories at which iPhones are made. The famed Huaqiang Electronics World – a sprawling mall specializing in electronics components and accompanying online marketplace – is a top-tier sourcing option for any manufacturer. And plenty of manufacturers can be found in and around Shenzhen.
Venture capitalists funneled billions into semiconductor startups in 2021, we're told, targeting designers of machine-learning technologies that fulfill specific or niche needs.
Trade restrictions, sanctions, and other challenges are putting a dampener on China's ambition to become a chip manufacturing hot spot.
Research firm IC Insights is projecting the Chinese semiconductor foundry market share to remain flat through 2026, while rival manufacturers in the US, Taiwan, Korea, and other countries grow.
Chip makers in China held an 8.5 percent market share in 2021 by revenue, and that will grow to just 8.8 percent in 2026.
An international team of researchers, led by experts from the University of Toronto’s Leslie Dan Faculty of Pharmacy, has conducted one of the first field trials for a synthetic biology-based diagnostic platform that could provide rapid, de-centralized and low-cost patient testing for infectious diseases such as the Zika virus.
The work, conducted on-site in Latin America, revealed the potential for the cell-free synthetic biology tools and companion hardware. Published in Nature Biomedical Engineering, the study’s results show that the novel diagnostic platform has analytical specificity and sensitivity equivalent to a U.S. Centres for Disease Control (CDC) PCR test for Zika and a diagnostic accuracy of 98.5 per cent with 268 patient samples collected in Recife, Brazil.
The platform is also programmable and can be similarly applied to detect any pathogen sequence. In addition to validating highly accurate diagnostic results for Zika, the team also achieved similar diagnostic performance for chikungunya virus, another mosquito-borne arbovirus.
Oracle customers can only use its licensing tools after the company has started to talk to them about software audits or offered license advice. Meanwhile, third-party tools that have been verified by Oracle do not help users in terms of license compliance.
With not just ransomware gangs raiding network after network, but nation states consciously turning a blind eye to it, today's chief information security officers are caught in a "perfect storm," says Cybereason CSO Sam Curry.
AMD has confirmed there is a performance problem with some of its Zen-family processors and Microsoft's operating systems.
Reports of stuttering performance under Windows 10 and 11 on some Ryzen systems have been rumbling for a while now and it appears the problem is lurking within Firmware Trusted Platform Module (fTPM) used in a number of AMD's chips.
Specifically, the insecure code is in Dynamic Sampling Agent, which is the collection component of AppInternals. Versions affected, according to a CVE record, include 10.x, versions prior to 12.13.0, and versions prior to 11.8.8. Aternity's advisory about the security holes is locked behind a customer login page. We've asked the vendor for more information.
A website for SAP's Customer Influence programs is exposing member data, creating the possibility for targeted social-engineering attacks.
At the time of publication, the website is no longer accessible.
The programs are designed to help customers and long-standing users make suggestions to SAP about how it can improve its products and add new features. Ideas for future development can be submitted, debated, and voted on before being taken up by the German software giant.
Google Maps Platform services went missing for a few hours on Friday as various APIs fell over.
Around 0847 am PDT (1347 UTC), users of Google Maps Platform services began reporting problems. These surfaced on crowdsourced reporting sites like DownDetector.com and on the Maps Platform Status Page.
Criminal defense law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
[...]
The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
A warning by the German Federal Office of Information Security against the use of Kaspersky products had no technical advice or objective evidence to back it up, the chief executive of the Russian security firm says.
A US bill that would require critical infrastructure operators to report cyberattacks within 72 hours is headed to President Joe Biden's desk to be signed into law.
The FTC wants the former owner of CafePress to cough up $500,000 after the customizable merch bazaar not only tried to cover up a major computer security breach involving millions of netizens, it failed to safeguard customers' personal information.
In a complaint [PDF] filed against CafePress former owner Residual Pumpkin Entity and PlanetArt, which bought the platform in 2020, the FTC alleges multiple instances of shoddy security practices at the online biz. In a settlement proposed by the US watchdog, Residual Pumpkin will pay up the half-million dollars.
Microsoft has acknowledged the existence of a flaw in its Azure cloud computing service that allowed users full access to other users' accounts.
The flaw was dubbed “AutoWarp” by Orca Security, which discovered and reported it.
The vulnerability only impacted users of the Azure Automation Service. That service allows Azure users to use PowerShell or Python to write runbooks that automate many actions within Azure. "Trigger automation from ITSM, DevOps and monitoring systems to fulfil requests and ensure continuous delivery and management," suggests Microsoft’s product info page.
The Automation Service doesn't let just anyone initiate actions on your Azure rig: you need to link it to a managed identity that has the relevant permissions.
Microsoft appears to be experimenting with more adverts in Windows 11 after eagle-eyed Insider users spotted helpful hints turning up in File Explorer.
Windows Insider Florian posted a screenshot of the ads, and other unpaid testers said they noticed similar hints lurking in the Dev Channel build, with one ad suggesting users visit Microsoft's Office website to look at PowerPoint templates.
Our sacrificial Dev Channel machine (currently running 22572.201 – yet another servicing pipeline test) does not show the messages, suggesting that Microsoft is performing some sort of A/B testing and we're simply not on the list.
Lurking within this month's Patch Tuesday batch of updates is a fix for a Windows issue in which locally synchronized OneDrive data was not always deleted during a reset.
The bug, which turned up in the Windows release health dashboard in February, is an ironic one, considering the disastrous October 2018 roll out of Windows 10, which infamously gave users extra disk space by quietly wiping their data.
This latest issue, which hit both Windows 10 and 11, manifested for some users by letting locally synced OneDrive data linger even when a user selected the "remove everything" option during a reset. More seriously for administrators, the issue could also occur after a remote reset initiated by a Mobile Device Management (MDM) application (such as Intune, itself the subject of some news this week), thus defeating the point of the function.
Analytics India Magazine has outlined the top 10 repositories every aspiring ML developer should follow on GitHub; these consist of all-rounded resources to learn and practice the art, and roadmaps to work in the industry.
It's less than two years old, but the Open Source Security Foundation (OpenSSF,) a cross-industry group hosted at the Linux Foundation, is attracting an impressive (and growing) roster of members signing up to pitch in on efforts to identify and fix security vulnerabilities in open-source software (OSS), while improving everything from tooling and training to research and vulnerability disclosure practices.
The Dent Project has released version 2.0 of its open source network operating system, carving out features designed to make it easier for small or mid-sized enterprises to support edge deployments.
Dent OS is a Linux Foundation project that provides a platform for disaggregated network switches running on white-box hardware, and is based on the Linux kernel and open-source projects such as Switchdev. The first release was codenamed "Arthur", after Arthur Dent of Hitchhiker's Guide to the Galaxy, and this latest release was codenamed "Beeblebrox".
Recent findings by security researchers at SonarSource showed multiple security vulnerabilities in popular package managers, including Pip, Yarn, Composer, and others. Package managers, though, are not the only weak link in the open source security chain. InfoQ has spoken with Sonatype CTO Brian Fox.
When we hear the term “hacking”, the first thing that comes to mind is that it is criminal. However, ethical or white hat hackers employ their expertise to discover and fix vulnerabilities and security hazards in a computer system. Today, it is critical to safeguard vital data held on electronic devices such as computers, smartphones, tablets, and so on. Ethical hacking may be an effective tool against cyber attackers in this regard. Ethical hacking is defined as hacking done with the authorisation of the network's owners.
And that's a worry, because in 2021 NASA's auditor found "incidents of improper use of NASA IT systems had increased from 249 in 2017 to 1,103 in 2020 – a 343 per cent growth; the most prevalent error was failing to protect Sensitive but unclassified (SBU) information."
China claims it has obtained malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets.
The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which today cited a report it got exclusively from China's National Computer Virus Emergency Response Center.
Trouble is, NOPEN was among the files publicly leaked in 2016 by the Shadow Brokers. If you can recall back that far, the Shadow Brokers stole and dumped online malware developed by the NSA's Equation Group.
China captured a spy tool deployed by the US National Security Agency, which is capable of lurking in a victim's computer to access sensitive information and was found to have controlled global internet equipment and stole large amounts of users' information, according to a report the Global Times obtained from the National Computer Virus Emergency Response Center exclusively on Monday.
According to the report, the Trojan horse, "NOPEN," is a remote control tool for Unix/Linux computer systems. It is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device's information.
An overview of some of the most popular open-source tools for threat intelligence and threat hunting
Intel this month published an advisory to address a novel Spectre v2 vulnerability in its processors that can be exploited by malware to steal data from memory that should otherwise be off limits.
Arm said a number of its processor cores are also affected by this security flaw, and like Intel, its hardware defenses can't block it outright, leaving developers to implement software-level mitigations.
The node-ipc developer attempt to protest Russia's attack on Ukraine has the unintended consequence of casting more doubt in software supply chain integrity.
TAG initially detected Exotic Lily – which the researchers describe as a "resourceful, financially motivated threat actor" – in September 2021 exploiting a zero-day flaw in Microsoft MSHTML (tracked as CVE-2021-40444). Further investigation discovered that the group was acting as an IAB working with a Russian gang known as FIN12 by cybersecurity vendors Mandiant and FireEye, Wizard Spider by CrowdStrike, and DEV-0193 by Microsoft.
Researchers at Chinese internet security company Qihoo's 360's Network Security Research Lab discovered the botnet family, which they dubbed B1txor20, as it was infecting hosts via the Log4j vulnerability. It primarily targets Linux Arm and 64-bit x86 systems. Compromised devices are commandeered, and brought into the network as remote-control bots, hence the term botnet.
It's not clear exactly right now how the malware gets onto a device, though it probably involves exploiting a default admin password to gain access via an enabled remote management service. According to Trend Micro's Cyclops Blink technical analysis, once the modular malware, written in C, has been injected into the gateway and is running, it sets itself up and renames its process to "[ktest]" presumably to appear as a Linux kernel thread.
A bug in OpenSSL certificate parsing leaves systems open to denial-of-service attacks from anyone wielding an explicit curve.
The vulnerability stems from a bug in the BN_mod_sqrt() function, which the OpenSSL team said is used to parse certificates that "contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form." As it turns out, all you need to do to trigger an infinite loop in BN_mod_sqrt() is hand an OpenSSL-based application or service a certificate with invalid explicit curve parameters.
This parsing happens prior to verification of the certificate's signature. Slip a bad certificate to any app or server using BN_mod_sqrt() to parse certs, and the software will get caught in the loop and stop working.
A Register reader has raised concerns over UK ISP Virgin Media's password policies after discovering he couldn't set a password longer than 10 characters or one that includes non-alphanumeric characters.
Our reader Nick told us he was facing repeated attempts to take control of an @virgin.net email account he owns – adding that the company's password policy left him vulnerable to what he described as a sustained brute-forcing attack.
America's National Science Foundation has signaled yet again how important it thinks quantum computing is with a six-figure grant to Penn State.
The $715,000 grant is heading to Swaroop Ghosh, associate professor at Penn State School of Electrical Engineering and Computer Science. Ghosh plans to use the funding to close gaps in quantum computing security and create a post-secondary quantum computing curriculum.
A perfect fit for these requirements is live patching through tools like TuxCare's KernelCare Enterprise tool which delivers automatic, non-disruptive, live patching for Linux distributions.
The ABC's claim to being the most trusted news site in Australia has come under serious doubt following the release of a video that shows how the data of users, logged in or not, is being leaked to a number of commercial outlets.
Researcher Vanessa Teague, one of the few technical experts to raise objections to the ABC's imposition of logins for iview users, pointed out on Wednesday that the ABC news website was also leaking data to the likes of Google, Facebook, Chartbeat and Tealium.
Russia's Investigative Committee, the nation's peak criminal and anti-corruption investigation body, has opened a probe into whether Meta is an extremist organization.
The move follows Meta's decision last week to relax rules about exhortations to commit violence posted to its Facebook and Instagram properties – but only within Ukraine.
Could the light detection and ranging (lidar) sensors in your future smartphone take the place of laboratory equipment in health and food safety applications? It's looking like a possibility.
Researchers at the University of Washington reckon handset lidar can determine fluid properties, sparing you from having to use expensive lab gear. The amount of liquid needed for a smartphone lidar test is significantly less than that for a medical lab, too, they said.
The Aliartos Vocational Night School employs a central system designed by its students that makes sure physical distancing rules are being observed.
When southern resident killer whales off the coast of British Columbia and Washington state surface for breath, they show off pointy dorsal fins and their iconic black-and-white colouration. But a closer inspection can reveal white scars scratched onto their otherwise sleek backs. These scars are from bite marks — “tooth rakes” — inflicted during skirmishes with other killer whales.
Fujitsu has warned investors its full-year profits will fall 23.6 per cent below previous forecasts because it's extended an offer for older workers to leave in favor of youngsters more likely to deliver the DX, or "digital experience," customers demand.
A Tuesday announcement was uncommonly blunt about the Japanese giant's intentions, stating: "As part of its human resources initiatives to strengthen its status as a DX company, Fujitsu will temporarily expand its 'Self-Produce Support System' to support employees seeking career course redirection outside of the Fujitsu Group."
Only staffers aged 50 or over are eligible for the offer of "career course redirection." Fujitsu says 3,031 people have already applied for the scheme as of February 28. Most are executives or workers who have been rehired after already retiring once.
Nothing seemed amiss to McKenna Schramm when Ohio Valley University recruited her to run track. The campus tour had all the standard trappings: a walk-through of the dorms, a stop at the cafeteria, and a visit to the campus chapel. The admissions letter, dated January 8, 2020, looked a lot like the ones she’d received from other colleges.
The lawyers and First Amendment scholars who have made it their life’s work to defend the well-established but newly threatened constitutional protections for journalists don’t usually root for the media to lose in court.
But that’s what is happening with a series of recent defamation lawsuits against right-wing outlets that legal experts say could be the most significant libel litigation in recent memory.
The suits, which are being argued in several state and federal courts, accuse Project Veritas, Fox News, The Gateway Pundit, One America News and others of intentionally promoting and profiting from false claims of voter fraud during the 2020 election, and of smearing innocent civil servants and businesses in the process.
Aleksandr Litreev wants to preserve access to the free and open internet for people living under authoritarian rule.
The official declaration this week means that Isaiah Andrews, 84, can seek damages from the State of Ohio for spending more than half his life in prison after being wrongly convicted of killing his wife.
A document posted by the Cyberspace Administration of China (CAC) quotes Xi as saying "informatization has brought a once-in-a-lifetime opportunity to the Chinese nation" and outlines a range of digital transformation tasks that must be achieved under the 14th five year plan (2021–2026) to achieve the desired level of digitization.
Cogent Communications will pull the plug on its connectivity to customers in Russia in response to President Putin's invasion of Ukraine.
The US-based biz is one of the planet's largest internet backbones – the freeways of the internet – and says it carries roughly a quarter of global 'net traffic.
Its clients range from small businesses to mobile carriers and broadband ISPs. Cogent's role is to pipe hundreds of terabits of your internet data around the world every second. Russian state-owned Rostelecom is among the dozens of customers Cogent has in the country.
Nominet, the dot-UK domain registry, has announced that it will suspend services for Russian web domain registrars – and the British government says it "welcomes" the action.
Suspension will prevent the registrars from managing or renewing dot-UK domains they own or control.
"We are not accepting registrations from registrars in Russia – we are suspending the relevant tags. To avoid compromising outlets for expression outside the control of the regime, the very small number of domains with Russian address details will continue to operate as normal," said the organisation in a statement on its website.
Russia has reportedly blocked access to Western media outlets including the BBC to netizens within its borders, as suspicions rise that the country has begun implementing a "splinternet" plan to seal itself off from the wider internet.
This morning the British state broadcaster declared it had been blocked from inside Russia, using also-blocked Twitter to spread the news among Westerners, and signposted web users to a long-forgotten Tor mirror of itself. The BBC launched two new shortwave frequencies in the region earlier this week to broadcast four hours of World Service English news a day. These frequencies can be received clearly in Kyiv and parts of Russia.
The Beeb is not alone; other Western news outlets including Germany's Deutsche Welle, Voice of America, US-sponsored Radio Free Europe and others have also been blocked.
Although the Reuters financial newswire cited an order of Roskomnadzor, the Russian equivalent of Britain's Ofcom media regulator, the Roskomnadzor blocked site checker returned no information about BBC.com when checked by The Register at the time of writing.
[...]
Tor is designed to frustrate censorship by bouncing user traffic through a number of relay nodes, disguising its true origins and destinations. Should the Russians try and shut down Western Tor-hosted websites, they're likely to fail – but previous efforts to arrest local exit node operators have borne some fruit.
Tor exit relays have long been a target, not only for law enforcement agencies in the West as well as authoritarian countries, but also those who would log and track exit node users – and, inevitably, cryptocurrency scammers.
Twelve farm labor, advocacy, and repair groups filed a complaint last week with the US Federal Trade Commission claiming that agricultural equipment maker Deere & Company has unlawfully refused to provide the software and technical data necessary to repair its machinery.
The groups include National Farmers Union, Iowa Farmers Union, Missouri Farmers Union, Montana Farmers Union, Nebraska Farmers Union, Ohio Farmers Union, Wisconsin Farmers Union, Farm Action, the U.S. Public Interest Research Group, the Illinois Public Interest Research Group, the Digital Right to Repair Coalition, and iFixit.
Taiwan's Ministry of Justice has tasked its Investigation Bureau to conduct a series of raids around the island and hauled in 60 Chinese nationals suspected of lifting trade secrets or poaching talent from China-owned firms.
The raids took place on Wednesday March 9, with over 100 investigators dispatched to 14 locations in four Taiwanese cities. Some of the companies searched include Advanced Manufacturing EDA Co., Bouson International, Vimicro, Beijing Yinxing Technology, VeriSilicon, Analogix Semiconductor, Key Technology, and GLC Semiconductor.
A bunch of toner manufacturers and sellers have infringed on Japanese electronics outfit Canon's patents, according to an initial finding from the US International Trade Commission (ITC), with a judge recommending imports of their products be banned.
The notice [PDF] from an administrative law judge this week said an Initial Determination (ID) was made on Tuesday 15 March, finding that "certain toner supply containers" violated Section 337.
