Bonum Certa Men Certa

Links 01/05/2022: FuguIta 7.1 and Consfigurator 1.0.0



  • GNU/Linux

    • Desktop/Laptop

      • Old McInquiry had a prompt, e-i-e-i-o

        It can feel a bit as though I've "given in" for not wanting to build/customize its foundation, but I'm lazily fine with whatever Linux a modern Chromebook provides.

      • Android PoliceChrome OS is picking up an old-school feature to help level up your multitasking game

        Chrome OS has long been setting out to show that it's as much a full-blown operating system as something like Linux or Windows, and that includes robust support for multitasking. It allows you to open multiple apps at once and offers features like split-screen to easily use them simultaneously. But one oversight has involved situations that might be better suited to floating windows (rather than split apps) — like pinning a calculator while working out expenses listed in a note, or playing a video while chatting with friends on a messenger. That's why we're so excited to see Google adding a nifty pinning feature to Chrome OS, bringing your most mundane multitasking desire to life: keeping a window on top.

    • Audiocasts/Shows

    • Applications

      • consfigurator 1.0.0

        I am pleased to announce Consfigurator 1.0.0.

        Reaching version 1.0.0 signifies that we will try to avoid API breaks. You should be able to use Consfigurator to manage production systems.

    • Instructionals/Technical

      • Linux Cloud VPSHow to Install and Use PHP Composer on Ubuntu 20.04

        Composer is a dependency manager tool for PHP especially designed to install and update project dependencies. It installs all required packages that are compatible with the PHP project. It allows you to specify the library that you will need for your project. It is used in all modern PHP-based applications including, Laravel, Drupal, Magento, and more.

      • How To Upgrade Ubuntu 22.04 LTS Jammy Jellyfish

        The newest Long Term Support (LTS) edition of the Ubuntu operating system, Ubuntu 20.04 (Jammy Jellyfish), was released on April 21, 2022. This tutorial will walk you through the process of upgrading an Ubuntu system running version 20.04 or later to Ubuntu 22.04.

      • H2S MediaInstall p7Zip GUI on Ubuntu 22.04 LTS Jammy Linux

        Tutorial to install Install p7Zip on Ubuntu 22.04 Jammy JellyFish using command terminal. It is an open-source tool to highly compress files and folders on Linux and FreeBSD systems. It is the best alternative to Winrar software which is meant for Windows platforms.

      • Linux CapableHow to Install Nginx Mainline on Ubuntu 22.04 LTS
      • TecAdminChange Screen Resolution of An Ubuntu VM in Hyper-V – TecAdmin

        Recently I created a Ubuntu desktop virtual machine in the Hyper-V platform. After login to the desktop realises that the screen resolution is not correct. I tried to change VM to full-screen mode but it opens in partial screen.

      • DTMaking sshd more secure on Sailfish OS | dt.iki.fi

        Recent versions of Sailfish OS (currently 4.4.0.58) use a socket that listens on port 22, and start sshd (to be precise, a per-connection sshd@.service) when someone knocks.

        Pretty neat, probably saves some resources when you don't need an ssh connection.

        But safer it is not. I recommend to make some changes to /etc/ssh/sshd_config to disallow most connection attempts.

      • How to Install Classic GNOME Flashback in Ubuntu 22.04 LTS

        A quick guide on how to install the good old Classic GNOME Flashback in the latest Ubuntu 20.04 LTS.

      • Linux Host SupportHow to Install Webuzo v3 on Ubuntu 20.04

        In this tutorial, we are going to explain how to install Webuzo v3 control panel on Ubuntu 20.04.

        Webuzo is a hosting control panel that allows the developers and administrators to easily manage their domains, create databases, deploy a variety of applications create users and etc. With Webuzo can be managed different applications such as MySQL, MongoDB as databases, Nginx, LighTTPD as webservers, PHP, Ruby, Perl as languages and etc.

      • ID RootHow To Install ClamAV Antivirus on Debian 11 - idroot

        In this tutorial, we will show you how to install ClamAV Antivirus on Debian 11. For those of you who didn’t know, ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware & other malicious threats. It integrates Mail servers to scan attachments received. In addition to scanning mail attachments, it provides protection to corporate networks. ClamAV package provides a flexible and scalable multi-threaded daemon in the clamav-daemon package, a command-line scanner in the ClamAV package, and a tool for automatic updating via the Internet.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the ClamAV on a Debian 11 (Bullseye).

      • UNIX CopHow To Install GitKraken on Ubuntu 20.04

        In this article, we will show you how to install GitKraken on Ubuntu 20.04

        GitKraken Client is a software that makes Git commands and processes easy, fast, and intuitive, it has a visually appealing experience that requires fewer interactions, allows for more fluid workflows, and provides total functionality.

        GitKraken is a graphic interface for Git that allows us to manage our repositories from a comfortable and modern graphic interface. Integrations with GitHub, GitLab, Bitbucket, and Azure DevOps make it swift and simple to clone, fork, and add remotes.

      • H2S Media3 ways to install Deluge BitTorrent on Ubuntu 22.04 LTS Jammy

        Find out the commands to install the Deluge BitTorrent client app on Ubuntu 22.04 LTS Jammy JellyFish using the terminal.

        BitTorrent is a file-sharing protocol that allows the exchange of files of any kind. In principle, Bittorrent corresponds to other formerly well-known file-sharing platforms such as eMule or Limewire. Because all these offers are based on a peer-to-peer principle (P2P), in which data is not downloaded from a central server, but directly from the computers of other users.

      • UNIX CopHiding Images with UNIX Utilities

        The following article is about a small trick I learned on the internet. It concerns with how we can hide an image within another image. This will be done with just the standard UNIX utilities (no crazy steganography).

        Albeit other ways exist, a simple method to achieve this is to simply append the main image to another one. All this time, we’ve been using the cat command to view contents of a file. However, it was originally intended to be used to concatenate two files together. Most of the time, these files will be text-only but it behaves no different for binaries.

    • Desktop Environments/WMs

      • GNOME Desktop/GTK

        • 9to5LinuxGNOME 43 Release Date Slated for September 21st, 2022

           The release schedule for the upcoming GNOME 43 desktop environment series was published at the end of March 2022, shortly after the release of the GNOME 42 desktop environment, suggesting that the final release date is slated for September 21st, 2022.

          GNOME 43 will be the third major update in the GNOME 4x series, and development slowly kicked off this month but an alpha version will be readied for public testing in early July, while the beta version is expected a month later in early August.

    • Distributions

      • BSD

        • FuguIta 7.1, based on OpenBSD, is out

          In TMPFS, the file system capacity was automatically set when 0 was specified as the file system capacity at boot time, but MFS has no such function, so the file system capacity must be specified explicitly. In addition, a unit symbol can be added after the numerical value to specify the file system capacity. The symbol K stands for kilobyte, M for megabyte, and G for gigabyte. If there is only a number without a suffix, it is assumed to be a megabyte. You can also specify the value as a percentage of the RAM capacity by appending %, or as a percentage of the total RAM and swap file capacity by appending %% .

        • RachelPaying a visit to planet BSD

          I've received some comments from readers asking me about my distribution choices, and specifically what I thought about the various flavors of BSD. It seems like a fair question. It's been a long time since I ran any of them for any "serious work", and it's likely much has changed. In any case, it seemed like a good opportunity to mess around and see what's out there.

      • IBM/Red Hat/Fedora

        • Fedora's Lead Speaks on the Popularity of Linux and the Importance of Open Source - Slashdot

          Fedora project leader Matthew Miller spoke to TechRepublic's Jack Wallen this week, sharing some thoughts on the future of Linux — and on open source in general: Matthew Miller: I think it's a lost cause to try to "sell" our quirky technology interest to people who don't see it already.

        • ByteXDCentOS Stream & Everything You Need To Know About It

          CentOS is a community driven Linux distribution, which is an official fork of RedHat Enterprise Linux (RHEL).

          After the announcement from RedHat that CentOS 8 has reached End of Life, CentOS have started a new release, named CentOS Stream which will be an upstream release, rather than traditional CentOS Linux. This newly released distro has put the entire community in a mixed position about whom will be most benefitted with the distro and how to use it properly.

          In this article, we will try to give a brief discussion over CentOS Stream and everything you need to know about it.

      • Debian Family

      • Canonical/Ubuntu Family

        • 9to5LinuxUnity 7.6 Released for Public Testing as the First Major Update to Unity7 in 6 Years

           Featuring a new flat UI while retaining the system-wide blur, Unity 7.6 promises major improvements like redesigned Unity Dash (app launcher) and HUD, as well as refreshed styles for dock’s menus and tooltips for a modern and slick look, and improved low graphics mode to make the Unity Dash faster.

          The upcoming release also improves the app info and ratings in the Unity Dash preview, improves the “Empty Trash” button in Unity Dock to use the Nemo file manager instead of Nautilus, and lowers the RAM usage.

        • Ubuntu 22.04 Features and What’s New?

          Ubuntu’s new long-term support (LTS) version has come, which is huge news in the Ubuntu community. While new versions are released every six months, LTS releases are only released every two years and can get upgrades from Canonical for up to a decade. That means the features shown below are what many people will see on their computers for the foreseeable future.

          So, what distinguishes Ubuntu 22.04 from Ubuntu 20.04? Is it worthwhile to update, and will you continue with this release in the long run? Here are a few of the more appealing modifications.

    • Devices/Embedded

    • Free, Libre, and Open Source Software

      • The New StackChallenges of Creating a Decentralized, Open Source Twitter

        This is not the first time social media giant Twitter has been besieged by would-be open source competitors. As concerns grow about an undue influence that Elon Musk, who is set to buy the social media giant, might have over the world’s unofficial town square, many are now contemplating jumping to a true open source, peer-to-peer social media network such as Mastadon, or perhaps even starting a new one from scratch.

        But standing up a federated, open source equivalent free from corporate influence may be more difficult than one might image.

        Open source software developer and advocate Evan Prodromou has been down this path before. A few years after Twitter launched, Prodromou fielded an open source, decidedly non-commercial Twitter-like microblogging service, called StatusNet, which, at least for an audience of technically-inclined open source types, gave Twitter a run for its money. More than 8,000 folks (myself included) signed on within 24 hours of its launch on July 2, 2008, and accumulated more than a million notices by that November.

        Over time, StatusNet grew into into a commercial service called Identi.ca, and its code base was eventually rewritten, by way of Node.js, into an activity streams engine that can be used to power internal or public-facing social media services.

        We spoke with Prodromou, by email, to learn more about the challenges and potential benefits of creating an open source, decentralized competitor to Twitter. What were the technical, and social challenges to running a social media service, especially an open source federated one? And what can we achieve by establishing web standards in this space?

      • Sculpt OS release 22.04

        Sculpt OS version 22.04 introduces the concept of service-level sandboxing and features completely new drivers for wireless, graphics, and USB.

        On the user-visible surface, the new version of Sculpt OS looks and feels familiar to users of the previous version. Under the hood, however, at the nitty-gritty hardware-support level, it features completely revamped device drivers for Intel wireless, Intel graphics, and USB.

        In a major surgery, the new drivers got transplanted from the Linux kernel version 5.14.21 using Genode's unique DDE approach. In contrast to Linux where the drivers are part of the almighty operating-system kernel, Sculpt OS hosts each of the drivers in a dedicated sandbox as plain user-level component. So Sculpt users can enjoy the broad hardware support of up-to-date Linux drivers without ultimately trusting those staggeringly complex driver stacks.

        Closely related, the support of hardware-accelerated graphics that we introduced with the previous version 21.10 received substantial optimization and stabilization. With the new version, Sculpt users can not only run native OpenGL applications but can even go as far as using hardware-accelerated graphics via guest operating systems hosted within VirtualBox on top of Sculpt.

      • Document FoundationThe Month of LibreOffice, May 2022 starts today – Join in and get snazzy merch!

        Boost your skillset and learn new things- join the Month of LibreOffice! The software is a worldwide, community open source project – and many people who help to improve it, actually started out as regular users of the software.

        So in the coming four weeks, we’d love it if you get involved, join our community, and have fun. You can build up valuable skills for a future career – and you don’t need to be a programmer. There are many ways to help make LibreOffice awesome, as we’ll see in a moment.

      • Linux LinksBest Free and Open Source Software – April 2022 Updates - LinuxLinks

        The table above shows our articles updated in April 2022.

        For our entire collection, check out the categories below. This is the largest compilation of recommended software. The collection includes hundreds of articles, with comprehensive sections on internet, graphics, games, programming, science, office, utilities, and more. Almost all of the software is free and open source.

      • Web Browsers

        • Mozilla

          • Ten Four FoxCameron Kaiser: April patch set for TenFourFox

            I've had my hands full with the POWER9 64-bit JIT (a descendant of TenFourFox's 32-bit JIT), but I had a better idea about the lazy image loader workaround in February's drop and got the rest of the maintenance patches down at the same time. These patches include the standard security fixes and updates to timezones, pinned certificates and HSTS, as well as another entry for the ATSUI font blacklist. In addition, a bug in the POWER9 JIT turns out to affect TenFourFox as well (going back to at least TenFourFox 38), which I ported a fix for. It should correct some residual issues with IonPower-NVLE on a few sites, though it may allow code to run that couldn't run before that may have its own issues, of course. A clobber is not required for this update. The commits are already hot and live on Github.

          • NeowinMozilla's open-source speech data project, Common Voice, now has 20,000 hours of content

            Earlier this week, Mozilla revealed that its Common Voice dataset now contains more than 20,000 hours of content that can be used by anyone around the world to improve their speech recognition software, almost double what it was a year ago. The latest dataset in the English language comes in at a huge 71 GB and now there are more languages supported than ever with the addition of Tigre, Taiwanese (Minnan), Meadow Mari, Bengali, Toki Pona, and Cantonese.

      • Programming/Development

        • Software Is CrapForgetting about the problem of memory

          There’s a pattern that emerged in software some time ago, that bothers me: in a nutshell, it is that it’s become acceptable to assume that memory is unlimited. More precisely, it is the notion that it is acceptable for a program to crash if memory is exhausted.

        • Didier StevensQuickpost: Machine Code Infinite Loop

          Someone asked me what the byte sequence is for an infinite loop in x86 machine code (it’s something you could use while debugging, for example).

        • RlangIterating over multiple database tables with R

          You want to run a query over multiple tables in your database / warehouse and then process and visualise the combined results of those queries. You need to be able to switch between servers, databases, schemas and tables, selecting different columns and applying different conditions in the WHERE clause. You don’t have permsissions to write complex / dynamic SQL (for example you can’t create stored procedures or query system tables).

          Are you stumped?

          Not if you know R!

        • Daniel AleksandersenDaniel Aleksandersen: Common mistakes in BIMI early-adopter implementations

          I queried the Domain Name System (DNS) for the default BIMI records for the top 3 million domains. I evaluated the responses, and fetched the BIMI image for domains with a valid BIMI record. I also evaluated other email policy DNS records used by BIMI; including Domain-based Message Authentication, Reporting, and Conformance (DMARC) and Sender Policy Framework (SPF). The DomainKeys Identified Mail (DKIM) records were not evaluated because this would require me to examine an email message sent from the domain.

        • Daniel AleksandersenDaniel Aleksandersen: Ruby 3.1’s incompatible changes to its YAML module (Psych 4)

          The Ruby programming language released version 3.1 back in December 2021. Among the changes was a big update to Psych version 4.0, Ruby’s built-in YAML Ain't a Markup Language (YAML, a recursive acronym) interpreter. A major version change indicates incompatible changes, and version 4 sure does deliver on that promise.

  • Leftovers

    • uni TorontoOur positive experience with having our support site be basic HTML

      About a decade ago, we wound up caught in a wiki trap, where our support site was stuck using what had become an unsupported piece of wiki software with an unsupported wikitext dialect and no automated migration path. Our way out was not a different wiki software but instead to scrape the HTML of the existing site and then redo the entire site as plain HTML. You might wonder how that has worked out for us over the time since and if we regret our decision. The short answer is that it seems to have worked well, but there are probably some specific circumstances involved.

    • HackadayClever Stereo Camera Uses Sony Wireless Camera Modules

      Stereophotography cameras are difficult to find, so we’re indebted to [DragonSkyRunner] for sharing their build of an exceptionally high-quality example. A stereo camera has two separate lenses and sensors a fixed distance apart, such that when the two resulting images are viewed individually with each eye there is a 3D effect. This camera takes two individual Sony cameras and mounts them on a well-designed wooden chassis, but that simple description hides a much more interesting and complex reality.

    • The Illinois speed/red light camera racket worsens as Springfield doesn’t want to bother with local revenue generators. – BaronHK's Rants

      The Illinois speed/red light camera racket worsens as Springfield doesn’t want to bother with local revenue generators.

      RedFlex is the primary company in charge of local red light and speed trap cameras in Chicago and the other cities in Illinois. In Chicago, they were later found to have bribed their way in by giving a corrupt city official in charge of the traffic system several thousand dollars in cash for every system he got approved under the guise of “safety”.

      And that’s exactly how the government sold the traffic citation cameras….”safety”. However, the real facts suggest something completely different. At most intersections with a red light camera, for example, serious collisions have gone up, not down, as people realize at the last minute that there’s a camera there, and slam on their brakes, sometimes landing in the middle of the intersection in the process.

      It would have been safer to give the motorist the full 3 seconds of yellow light time, recommended by the federal National Highway Transportation Safety Administration (NHTSA).

    • Thoughts for your pennies

      First, the doll-like farthing went. Then the twelve-sided brass threepenny bit, the halfpenny, and finally, in an orgy of numismatic vandalism, the shilling, the florin and the half-crown. At a stroke, two thousand years of monetary history were swept away, a victim of ephemeral economics and a fetish for decimals. The penny coin alone lives on, its nominal value increased, though otherwise pitiably reduced.

      Holding an old penny today is a curious experience. It feels so large and so heavy compared to the footling tiddlywink counter we so aptly call a 'p'. It is a marvel of classic design, with its proud image of Britannia, and its stylised, cryptic inscription - itself almost a summary of English history over the last five hundred years - garlanding the monarch's head. Moreover, it is not an isolated example like our current coin, which feels like a litter's runt: the same majestic form can be found in a great series which tracks centuries of Royalty in England.

    • Hardware

      • HackadayGiant CNC Partners With Powerful Laser Diode

        [Jeshua Lacock] from 3DTOPO owns a large-format CNC (4’x8′, or 1.2×2.4 m), that he strongly feels is lacking laser-cutting capabilities. The frame is there, and a 150 W CO2 laser tube has been sitting in a box for ages – what else could you need? Sadly, at such a scale, aligning the mirrors is a tough and finicky job – and misalignment can be literally blinding. After reading tales about cutters of such size going out of alignment when someone as much as walked nearby, he dropped the idea – and equipped the CNC head with a high-power laser diode module instead. Having done mirror adjustment on a few CO2 tube-equipped lasers, we can see where he’s coming from.

      • HackadayAimbot Does It In Hardware

        Anyone who has played an online shooter game in the past two or three decades has almost certainly come across a person or machine that cheats at the game by auto-aiming. For newer games with anti-cheat, this is less of a problem, but older games like Team Fortress have been effectively ruined by these aimbots. These types of cheats are usually done in software, though, and [Kamal] wondered if he would be able to build an aim bot that works directly on the hardware instead.

      • HackadayTraining Doppler Radar With Smart Watch IMUs Data For Activity Recognition

        When it comes to interpreting sensor data automatically, it helps to have a large data set to assist in validating it, as well as training when it concerns machine learning (ML). Creating this data set with carefully tagged and categorized information is a long and tedious process, which is where the idea of cross-domain translations come into play, as in the case of using millimeter wave (mmWave) radar sensors to recognize activity of e.g. building occupants with the IMU2Doppler project at Smash Lab of Carnegie Mellon University.

      • HackadayNew Tech And The Old Ways

        This week on Hackaday, we featured a project that tickled my nostalgia bone, and proved that there are cool opportunities when bringing new tech to old problems. Let me explain.

      • HackadayHacking Toy RC Cars With The HackRF One

        The origin story for many who’d call themselves a member of the hacker community usually starts with taking things apart as a child just to see how they worked. For [Radoslav], that trend doesn’t seem to have slowed down, and he’s continued taking toys apart. Although since it’s his daughters little radio controlled car, he stuck to a non-destructive teardown. The result? He’s able to control the car with his laptop through a HackRF One SDR transceiver as shown in the video below the break.

      • The Register UKSmartphone shipments expected to drop again for Q1 2022

        For the smartphone industry, the first quarter of 2022 is looking like a repeat of Q1 2020, in which economic uncertainty triggered by world events led to a double-digit shipment slump.

        This time around, researchers at Canalys are projecting an 11 percent drop in shipments, rather than 13 percent, and the causes have shifted from being purely about COVID-19 to include the Russia-Ukraine war, rolling lockdowns in China, inflation, and the traditional dip due to slow seasonal demand.

    • Health/Nutrition/Agriculture

      • TruthOutCOVID Vaccines for Kids Under 5 Could be Available in June, FDA Official Says
      • NBCMillions of Alaska-bound bees die after flight rerouted

        McElrea said she worried when the 800-pound shipment didn’t arrive in Atlanta in time to make the connecting flight. The next day, she said, Delta told her some bees had escaped, so airline workers put the crates holding the bees outside a Delta cargo bay.

      • New York TimesMillions of Bees Bound for Alaska Are Rerouted and Die in Atlanta

        When Sarah McElrea arrived at the Anchorage airport last Friday to pick up the 800 pounds of honeybees she was having shipped from Sacramento, she got the first sense of a disaster in the making: The bees — some five million of them — were in Atlanta, not Anchorage.

        The 200 crates of bees were the first of two shipments coming in from Sacramento designated for more than 300 beekeepers in Alaska and to provide much needed pollination services for apple orchards and nurseries, she said in an interview.

        [...]

        “People don’t grasp just how dependent we as a species are on honeybees for pollination,” Ms. McElrea said. “And this is just such a waste, an absolute tragedy.”

      • Disconnecting is becoming increasingly difficult

        How many opportunities do we let go when we’re passively using our phones?

        Not long ago, my wife started calling my attention about me staying hours on the phone. At first I disagreed – I think most of you would do the same, because when we are on an unaware state, we tend to do things like this. After some insistence from her, I decided to check if that was true. I’m an iPhone user, so I set up Screen Time. For those who don’t know what this app is, it basically maps how many hours we spend with our phones and which apps consumes most of our time.

        The result? Obviously, I got shocked. It’s overwhelming and disturbing to acknowledge how badly I was using my time, swiping my finger across the screen, sometimes with no reasonable purpose.

    • Integrity/Availability

      • Proprietary

        • The VergeThis chart might explain why CNN Plus shut down early

          CNN projected that the service would have two million subscribers by the end of the year, but around two weeks later, they found they’d only managed to attract 150,000 people. At first, this doesn’t sound too bad, but considering services like Disney Plus had 10 million subscribers in its first day — and that Quibi, which was similarly shut down early in life, saw 910,000 people sign up in its first few days — this wasn’t a lot for CNN.

        • PC WorldMicrosoft tests a limited VPN for Microsoft Edge

          The Edge Secure Network is designed to keep your location private and prevent online tracking, but isn’t intended to fool a remote server into thinking you’re working abroad. The browser will collect a “limited” amount of data to access the service, which Cloudflare will delete at the end of each month.

          The data connection isn’t unlimited, either. Instead, Microsoft’s support page says that you’ll be able to use a single gigabyte of free data every month, unlocked by signing into your Microsoft account. Presumably Microsoft will offer users additional Edge Secure Network secured data for an additional fee, too, which would give Microsoft yet another of its beloved subscription options for customers.

        • TechRadarmacOS Server has been killed off at last

          Apple kicks macOS Server to the curb after 23 years

        • WordPressMemberPress Plugin Is Locking Users Out After Support License Expires [Ed: Proprietary software is dangerous and malicious. You don't know what you're getting and what may happen next.]

          The WordPress subreddit lit up this week with reports of MemberPress locking users out of the plugin’s admin if they do not renew their subscriptions. MemberPress is a popular membership plugin for WordPress. It is a commercial-only plugin starting at $179/year for one site, and there is no free version.

        • Security

          • The Register UKFBI: BlackCat ransomware scratched 60-plus orgs [Ed: Microsoft Windows TCO]

            The aforementioned FBI alert also includes BlackCat indicators of compromise and warned the ransomware typically leverages previously compromised user credentials to gain access to a victim's system. "Initial deployment of the malware leverages PowerShell scripts, in conjunction with Cobalt Strike, and disables security features within the victim's network," it said.

            After breaking in, the malware compromises Active Directory user and administrator accounts, and it uses Windows Task Scheduler to configure malicious group policy objects to deploy ransomware. But before it executes the ransomware, BlackCat steals a victim's data, including information from cloud providers.

          • The Register UKBumblebee malware loader emerges as Conti's BazarLoader fades [Ed: Microsoft Windows TCO again]

            "The threat actors have used multiple techniques to deliver Bumblebee," they wrote. "While lures, delivery techniques, and file names are typically customized to the different threat actors distributing the campaigns, Proofpoint observed several commonalities across campaigns, such as the use of ISO files containing shortcut files and DLLs and a common DLL entry point used by multiple actors within the same week."

          • Bleeping ComputerSynology warns of critical Netatalk bugs in multiple products

            Netatalk is an AFP (short for Apple Filing Protocol) open-source implementation that allows systems running *NIX/*BSD to act as AppleShare file servers (AFP) for macOS clients (i.e., to access files stored on Synology NAS devices).

          • The New StackChainguard Enforce: Software Supply Chain Security for K8s – The New Stack

            Only half a year ago, founder Kim Lewandowski, co-founder of Chainguard, the zero-trust security company, said, “Supply chain security by default is our mission and making it really easy for developers to do the right thing.” Now with the beta release of Chainguard Enforce, its first product, a native software supply chain solution for Kubernetes workloads, is here.

          • Dark ReadingCritical Vulnerabilities Leave Some Network-Attached Storage Devices Open to Attack - DARKReading
          • Securing web applications beyond just containers



            This website, `clehaxze.tw` (or `gemini.clehaxze.tw` for Gemini) run on basically the same architecture as any modern web applications. A backend that that serves some files, talks to some database, read some files and render templates. It's my passion to make what I made absolutely secure. A backend is special in that it's a monolithic piece of software that talks to other services through mostly a single mechinism - TCP. In this post, I'm gonna only ramble about stuff I find interesting.

            How could we defend such piece of software? What could we do to slow down attackers? And what can we do if the attacker got ACE (Arbitrary Code Execution) access? Namely, I'm intrested in defending things that the OS can help us with.

          • Privacy/Surveillance

            • NYOBPolitical data breach in Malta: C-Planet refuses right to access and information

              Today, noyb filed a second complaint before the Information & Data Protection Commissioner (IDPC) against the Maltese IT company C-Planet. In January, the company received a €65 000 fine by the IDPC for illegal collection and leak of personal information including political preferences on nearly every Maltese voter. However, C-Planet still did not give the name of the person from whom they received the data, and Maltese citizens are still left in the dark about the origin of the collected data. noyb is now explicitly asking the IDPC to order C-Planet to provide information about the original source of the data.

            • Port SwiggerData breach at US healthcare provider ARcare impacts 345,000 individuals

              ARcare, a US healthcare provider with facilities in Arkansas, Kentucky, and Mississippi, has admitted a data breach potentially affecting 345,000 individuals.

            • The Register UKUS appeals court ruling could 'eliminate internet privacy' ● The Register

              The US Ninth Circuit Court of Appeals on Wednesday affirmed the 2019 conviction and sentencing of Carsten Igor Rosenow for sexually exploiting children in the Philippines – and, in the process, the court may have blown a huge hole in internet privacy law.

              The court appears to have given US government agents its blessing to copy anyone's internet account data without reasonable suspicion of wrongdoing – despite the Fourth Amendment's protection against unreasonable searches and seizures. UC Berkeley School of Law professor Orin Kerr noted the decision with dismay.

              "Holy crap: Although it was barely mentioned in the briefing, the CA9 just held in a single sentence, in a precedential opinion, that internet content preservation isn't a seizure," he wrote in a Twitter post. "And TOS [Terms of Service] eliminate all internet privacy."

    • Defence/Aggression

      • Common DreamsOpinion | It's Taking Nine Years to Replace Underground Jet Fuel Tanks in Washington State—Red Hill Can't Wait That Long

        According to local news media in Kitsap, Washington, it's expected to take approximately nine years to complete the six above-ground tanks project shutting down and closing 33 underground Navy fuel tanks at the US military Manchester Fuel Depot in Manchester, Washington and will cost the Department of Defense around $200 million.€ 

      • Common Dreams'Absolutely Tragic': Doctors Tie Trump's 30-Foot Border Wall to Surge in Injuries and Deaths

        Doctors in Southern California are connecting former President Donald Trump's efforts to build a U.S.-Mexico border wall that "can't be climbed" with soaring rates of serious injuries and deaths among migrants.

        "We had come to save our lives, not to risk them in such an awful way."

      • TruthOutUN Chief Slams Fossil Fuel Industry for Using Ukraine War to Boost Profits
      • Common DreamsUN Chief Slams Fossil Fuel Sector for Trying to Use Ukraine War to 'Lock in a High Carbon Future'

        United Nations Secretary-General António Guterres on Saturday slammed the fossil fuel industry for trying to use Russia's war on Ukraine to boost polluters' profits at the expense of the global climate and all life on Earth.

        "Fossil fuel interests are now cynically using the war in Ukraine to try to lock in a high carbon future," Guterres tweeted. "A shift to renewables is crucial to mending our broken global energy mix and offering hope to millions suffering climate impacts today."

      • Jerusalem PostHitler was 'smart' for 'expelling' Jews from Germany - Iranian paper

        An article on the front page of the Iranian Kayhan newspaper, affiliated with Iranian Supreme Leader Ali Khamenei, on Thursday stated that Hitler was "smarter and more courageous" than current European leaders because he "expelled" the Jews from Germany.

        The article was published as Israel marked Holocaust Remembrance Day. Iranian officials largely deny the history of the Holocaust. On Friday, Iran and its proxies mark Quds Day.

      • Common DreamsOpinion | Now Is the Time for Canada and the World to Adopt a Feminist Foreign Policy

        When Ukrainian and Russian representatives meet to attempt to negotiate a way out of the crisis, the absence of women from those tables is glaring. Yet research shows that peace accords are more likely to last when there is meaningful engagement by women.

      • Common DreamsOpinion | Prosecute Russian and Other Powerful Countries' War Crimes

        Russia's war of aggression against Ukraine and its intervention on that country's internal affairs constitute a serious breach of international law. According to the International Military Tribunal at Nuremberg, "War is essentially an evil thing. Its consequences are not confined to the belligerent states alone, but affect the whole world. To initiate a war of aggression, therefore, is not only an international crime; it is the supreme international crime differing only from other war crimes in that it contains within itself the accumulated evil of the whole."

    • Environment

      • Global Land Outlook 2nd edition

        The second edition of the Global Land Outlook (GLO2), Land Restoration for Recovery and Resilience, sets out the rationale, enabling factors, and diverse pathways by which countries and communities can reduce and reverse land degradation by designing and implementing their bespoke land restoration agenda. Land restoration for recovery and resilience is about creating livelihood and development opportunities for people simply by changing the way we use and manage our land resources.

      • RTLIndonesia's palm oil export ban heats up vegetable oil market

        Palm oil is the most consumed vegetable oil in the world, and Indonesia accounts for 35 percent of global exports, according to James Fry, chairman of LMC consulting firm.

      • [Old] 8 things to know about palm oil

        Palm oil has been and continues to be a major driver of deforestation of some of the world’s most biodiverse forests, destroying the habitat of already endangered species like the Orangutan, pygmy elephant and Sumatran rhino. This forest loss coupled with conversion of carbon rich peat soils are throwing out millions of tonnes of greenhouse gases into the atmosphere and contributing to climate change. There also remains some exploitation of workers and child labour. These are serious issues that the whole palm oil sector needs to step up to address because it doesn’t have to be this way.

      • MongabayPalm oil firm that cleared Papuan forest after losing its permit is still at it

        “Looking at these two Sentinel 2 [satellite] images taken on 20 February and 12 March, it looks like the company kept clearing after the 23rd,” David Gaveau, founder of technology consultancy TheTreeMap, which developed Nusantara Atlas, told Mongabay.

        According to data from Nusantara Atlas, 60.5 hectares (150 acres) were cleared in PNM’s concession from Feb. 20 to March 11, bringing the total for 2022 so far to 116.9 hectares (289 acres).

        Another satellite imagery analysis, by Amsterdam-based sustainability consultancy Aidenvironment, shows 130 hectares (321 acres) of clearing from the start of the year until March 9. That indicates a surge of clearing in the second half of February, given that from the start of the year until Feb. 14, it found about 50 hectares (125 acres) had been cleared.

      • PoliticoUkraine war offers palm oil a comeback, to the horror of green groups

        Environmentalists risk losing hard-fought gains in ridding Europe of palm oil as food companies scramble to replace sunflower oil.

        Russia and Ukraine are the world's biggest producers of sunflower oil, which is used in a wide range of food products — from frozen potato fries and biscuits to mayonnaise and infant formula. But the war between them has seen exports tank. As a result, some food companies are considering going back to palm oil and soybean oil (another bête noire for environmentalists) in desperation, regardless of the damage to tropical forests.

      • Deutsche WelleInvestigating palm oil

        Few ingredients are as widespread or as notorious as palm oil. But although this crop is a major driver of deforestation, this oil might just be our most sustainable option. So what can we do to improve palm oil production, and feed our future thirst for these products?

      • Wildlife/Nature

        • HackadayPlant Growth Accelerated Tremendously With LEDs

          [GreatScott!] was bummed to see his greenhouse be empty and lifeless in winter. So, he set out to take the greenhouse home with him. Well, at least, a small part of it. First, he decided to produce artificial sunlight, setting up a simple initial experiment for playing with different wavelength LEDs. How much can LEDs affect plant growth, really? This is the research direction that Würth Elektronik, supporting his project, has recently been expanding into. They’ve been working on extensive application notes, explaining the biological aspects of it for us — a treasure trove of resources available at no cost, that hackers can and should learn from.

    • Finance

    • AstroTurf/Lobbying/Politics

      • HungaryEC launches conditionality mechanism against government, MNB raises base rate again, government extends price caps, Warsaw launches Hungarian-language campaign to stop Russia

        This is the first time that this mechanism has been launched in the history of the EU.

        The mechanism could be launched against Member States where the EU's financial interests are directly threatened by failures in the rule of law.

      • The HillUkraine war speeds up US cyber agenda [iophk: Windows TCO]

        The war in Ukraine has pushed the United States to expedite its investment in cybersecurity amid constant — though so far unrealized — warnings of Russian cyberattacks on government agencies, election systems and critical infrastructure.

        Following the invasion of Ukraine, federal agencies have invested millions in cyber technology, seized and sanctioned hacking forums, charged Russian cyber criminals, and issued almost weekly warnings on the latest threat risks.

      • NBCA meme hints at Elon Musk’s problems with Twitter

        The podcast episode that the meme is taken from runs for more than three hours. The interview is especially striking considering Twitter’s usual strategic communications about platform moderation. In it, Gadde walks through questions about people who were banned, many of whom violated any number of Twitter’s policies.

        “The claim [Pool] was making throughout the interview about Twitter taking action on behalf of anti-trans harassment did go in circles because Gadde and Pool did not agree with a basic premise that a trans woman is a woman and that misgendering or dead naming a trans person is a form of symbolic violence,” Donovan said in a direct message. “Tim called that point of view ‘left wing bias,’ whereas Gadde saw it as a policy issue, neither right or left.”

      • Rolling StoneElon Musk ‘Vehemently’ Opposed Trump’s Twitter Ban: Report

        Among them are billionaire GOP donor Peter Thiel and former Twitter CEO Jack Dorsey. Dorsey made it known to Musk that the social media site should have private ownership, according to people familiar with the matter. (Twitter was privately owned for its first seven years of existence.) Dorsey resigned last November, having faced pressure from the board to do so due to investors’ concerns about him running both Twitter and Square Inc. Before his departure, he and Musk communicated regularly — including via direct messages on Twitter.

      • India TimesIndian-American entrepreneur appointed first-ever CTO of CIA

        The world’s premier foreign intelligence organisation, the US Central Intelligence Agency (CIA), announced the appointment of Indian-American Nand Mulchandani to serve as the agency’s first-ever chief technology officer (CTO), in a press release on Friday. The new post of CTO was created by the CIA earlier this summer.

      • ABCWhy Twitter Is Unlikely To Become The ‘Digital Town Square’ Elon Musk Envisions

        Twitter as it exists now fills a particular spot in the social media ecosystem. Almost all the information we have shows that Twitter, even more than some other platforms, is used by a relatively small percentage of Americans. Important people like politicians, business leaders, journalists and celebrities do make statements or announcements on Twitter that have real-world consequences, and it has been useful for activism, serving as a starting point for the evolution of new political conversations and movements. Black Twitter users, in particular, report finding Twitter useful in this way. Overall, though, Twitter might be more accurately described as a scrolling newspaper than a public square. Other social media sites, like Facebook, stretch farther into the information ecosystem and are likelier to reveal what most Americans are currently reading, sharing and saying.

    • Misinformation/Disinformation

    • Censorship/Free Speech

      • TruthOutChildren’s Book Authors Are Fighting Back Against Censorship and Book Bans
      • EDRIEU negotiators approve good DSA, but more work is needed to build a better [Internet]

        Friday night’s political agreement on the Digital Services Act (DSA) is a good first step towards protecting people’s rights on the internet and to some extent limiting the immense power that Big Tech companies have over people and democracies.

        EDRi welcomes the conclusion of a political agreement for the DSA on the night of 22nd to 23rd April. The DSA has the potential to serve as a global benchmark for how to regulate today’s hyper-centralised platform economy while also protecting people’s fundamental rights online, including freedom of expression and access to information, the rights to privacy, and to non-discrimination.

        In particular, we welcome the DSA’s appeals and redress mechanisms that will allow users to flag potentially illegal online content to hosting intermediaries, who in turn will be required to react through a transparent response process. Crucially, intermediaries will be able to carefully follow that process without being threatened by immediate legal liability at the expense of the rule of law, and without replacing independent judicial redress options for users.

      • Teen VogueStudent Journalists Face Lawsuits, Censorship for Their Reporting

        According to data from the U.S. Press Freedom Tracker, since 2017 there have been at least five instances of college journalists being presented with search warrants or subpoenaed for documents related to articles published in a college newspaper; the Tracker documented another case in which a university journalist was sued for defamation.

        College students have also faced arrests, physical attacks, and been stopped by federal immigration authorities in the course of their reporting, according to the Tracker. The organization has also documented five cases of high school newspapers being censored or forced to submit their articles for review by administrators due to their coverage of controversial topics.

      • Saudi ArabiaMusk’s Twitter deal stirs fears of abuse in Asia, Middle East | Al Arabiya English

        Elon Musk’s plan to acquire Twitter has alarmed human rights activists in Asia and the Middle East...

    • Civil Rights/Policing

    • Internet Policy/Net Neutrality

      • The Register UK60 countries sign declaration to keep future internet open

        The United States, along with some 60 other countries, today presented a declaration in which they pledge to "reclaim the promise of the internet" from "a trend of rising digital authoritarianism."

        The global community is increasingly reliant on the internet, the Declaration for the Future of the Internet (DFI) said, and as reliance has grown so have challenges to the original vision of the internet as "an open, free, global, interoperable, reliable and secure" system. Governments limiting access, disinformation, cybercrime, illegal and harmful content, splintering and increasing centralization all threaten the internet's future, the declaration said.

      • FCC Poised To Change Directional FM Tower Siting Rules. | Story | insideradio.com

        Sometimes a good idea can’t wait. That is apparently the thinking inside the Federal Communications Commission. Just months after a group of antenna manufacturers proposed changes to the agency’s directional antenna performance verification rules, the FCC is poised to adopt the rule at its May meeting.

        Four FM antenna manufacturers, including Jampro Antennas, Radio Frequency Systems, and Shively Labs, along with Educational Media Foundation, last June filed a petition with the FCC that proposed stations have the option of verifying the directional antenna pattern through computer modeling, rather than by physical measurements as is required by the current rules. This is done by building a full-size mockup of the antenna and supporting structures or by constructing a scale model of the antenna and structures. The manufacturers pointed out that several broadcasters already use computational modeling in their design processes and then must duplicate that effort – at greater expense – to construct physical models on which to make measurements.

    • Monopolies

      • Trademarks

        • Duke is academia’s meanest trademark bully

          Two of the most astute IP [sic] scholars I know also happen to be two of the best legal writers I know, and also happen to work at one of the worst IP abusers in the country: Jennifer Jenkins and James Boyle, of Duke University, the nation’s leading academic trademark abuser.

          Duke has a universal reputation for being a serious trademark abuser, but Jenkins and Boyle wanted to empirically investigate that reputation. The result is “Mark of the Devil: The University as Brand Bully,” forthcoming in Fordham IPLJ.

      • Copyrights

        • VarietyAmazon Values MGM’s Content Library at $3.4 Billion

          In its 10-Q filing with the SEC, Amazon detailed the components of the MGM deal, which closed March 17. The assets “primarily consist of $3.4 billion of video content,” with the acquisition price including $4.9 billion of goodwill, which is defined as “the established reputation of a business regarded as a quantifiable asset.”

          MGM’s catalog comprises more than 4,000 film titles and 17,000 TV episodes, including franchises like James Bond, Rocky and Legally Blonde. Amazon wants to “reimagine and develop” MGM’s intellectual property “for the 21st century,” as founder and executive chairman Jeff Bezos put it last year.

        • Torrent FreakMajor & Persistent Video Game Pirates Investigated by ESA

          The Entertainment Software Association, an industry group representing Activision, EA, Epic, Nintendo and other major gaming companies, is taking a renewed interest in several major 'pirate' sites. All stand accused of large-scale distribution of pirated videogames so the ESA now wants to identify and track them down.



Recent Techrights' Posts

The Free Software Foundation is Looking to Raise Nearly Half a Million Dollars by Year's End
And it really needs the money, unlike the EFF which sits on a humongous pile of oligarchs' and GAFAM cash
 
Links 19/11/2024: War on Cables?
Links for the day
Gemini Links 19/11/2024: Private Journals Online and Spirituality
Links for the day
Drew's Development Mailing Lists and Patches to 'Refine' His Attack Pieces Against the FSF's Founder
Way to bury oneself in one's own grave...
What IBMers Say About IBM Causing IBMers to Resign (by Making Life Hard/Impossible) and Why Red Hat Was a Waste of Money to Buy
partnering with GAFAM
In Some Countries, Desktop/Laptop Usage Has Fallen to the Point Where Microsoft and Windows (and Intel) Barely Matter Anymore
Microsoft is the next Intel basically
[Meme] The Web Wasn't Always Proprietary Computer Programs Disguised as 'Web Pages'
The Web is getting worse each year
Re-de-centralisation Should Be Our Goal
Put the users in charge, not governments and corporations in charge of users
Gemini Links 19/11/2024: Rain Music, ClockworkPi DevTerm, and More
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 18, 2024
IRC logs for Monday, November 18, 2024
Links 18/11/2024: Science News and War Escalations in Ukraine
Links for the day
Gemini Links 18/11/2024: Degrowth and OpenBSD Fatigue
Links for the day
Technology: rights or responsibilities? - Part VII
By Dr. Andy Farnell
BetaNews is Still 'Shitposting' About Trump and Porn (Two Analysers Say This 'Shitposting' Comes From LLMs)
Probably some SEO garbage, prompted with words like "porn" and "trump" to stitch together other people's words
Market Share of Vista 11 Said to be Going Down in Europe
one plausible explanation is that gs.statcounter.com is actually misreporting the share of Vista 11, claiming that it's higher than it really is
Fourth Estate or Missing Fourth Pillar
"The term Fourth Estate or fourth power refers to the press and news media in explicit capacity of reporting the News" -Wikipedia on Fourth Estate
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 17, 2024
IRC logs for Sunday, November 17, 2024
LLMs Are Not a Form of Intelligence (They Never Will Be)
Butterflies are smarter than "chatGPT"
Business Software Alliance (BSA), Microsoft, and AstroTurfing Online (Also in the Trump Administration Groomed by BSA and Microsoft)
Has Washington become openWashington? Where the emphasis is openwashing rather than Open(Source)Washington?
Windows at 1%
Quit throwing taxpayers' money at Microsoft, especially when it fails to fulfil basic needs and instead facilitates espionage by foreign and very hostile nations
Links 17/11/2024: Pakistan Broke, Tyson 'Crashes' or Knocks Over Netflix
Links for the day
Gemini Links 17/11/2024: Nachtigall Planned, Exodus at Twitter
Links for the day
Links 17/11/2024: China's Diplomacy and Gazprom Setback
Links for the day
Sudan Has Reached a State of Android Domination (93% Market Share, All-Time High According to statCounter)
countries at war buy fewer laptops?
[Meme] Just Do It?
'FSF' Europe (Microsoft) and FSF
Microsoft Front Groups Against the FSF, Home of GPL, GNU, and Free Software
Much of the money (not all of it) comes from the criminals at Redmond
Centralisation is Dooming the Web, RSS is One Workaround (But Not "Planets")
At least Gemini Protocol rejects centralisation
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 16, 2024
IRC logs for Saturday, November 16, 2024
Links 17/11/2024: Wars, Bailouts, and Censorship
Links for the day
Gemini Links 17/11/2024: Changing Interests and HamsterCMS
Links for the day