BellSoft has released Alpaquita Linux, an operating system based upon Alpine Linux, optimized for containerized Java applications. A plain Docker image is available, as well as Docker images with Liberica JDK or JRE or a Native Image Kit based upon GraalVM.
Landscape is the leading management and administration tool for Ubuntu, and the most cost-effective way to support and maintain large and growing networks of desktops, servers, and clouds. The stable version of Landscape can only be installed on Ubuntu 18.04 (Bionic Beaver), which is due to reach the end of standard support in April 2023. Despite reaching the end of standard support, Bionic will continue to receive security patches throughout its extended security maintenance window, if an Ubuntu Pro subscription is enabled. Landscape beta is a modernised iteration of the current stable Landscape version. Landscape beta can be installed on Ubuntu 20.04 (Focal Fossa) and Ubuntu 22.04 (Jammy Jellyfish), which reach the end of standard support in April 2025 and April 2027 respectively. This means any Landscape user can now test their upgrade path to a newer version of Ubuntu.
In a microservices world, each service needs to verify that a subject (user or machine) has permission to perform an operation on a resource that the service manages. But in an agile environment where each team owns the implementation of their application or service, authorization models are quick to diverge. Since roles and permissions need to be enforced consistently across the organization’s services and applications, this divergence makes it hard to evolve the authorization model in a holistic way. Agility and security suffer.
Server-side apply (SSA) has now been GA for a few releases, and I have found myself in a number of conversations, recommending that people / teams in various situations use it. So I’d like to write down some of those reasons.
Learn more than ever from important non-fiction books at https://shortform.com/galactic and receive 5-days of unlimited access and an additional 20% discount on the annual subscription! Today, I'm giving my impressions of the future directions of Fedora and Ubuntu based on their latest interim releases in late Oct 2022
If you are Vim user and you spend a lot of time at the command line, then surely you've encountered this frustrating problem...
Analyzing BSD Kernels for Uninitialized Memory Disclosures Using Binary Ninja, Sharing Dual-Licensed Drivers between Linux and FreeBSD, favorite Things About The OpenBSD Packet Filter Tools, How to trigger services restart after OpenBSD update, Gems from the Man Page Trenches, and more.
Joe extrudes the filament.
Back in May 2022, a mysterious set of patches titled insufficient TCP source port randomness crossed the mailing lists and was subsequently merged (at -rc6) into the 5.18 kernel. Little information was available at the time about why significant changes to the networking stack needed to be made so late in the development cycle. That situation has finally changed with the publication of this paper by Moshe Kol, Amit Klein, and Yossi Gilad. It seems that the way the kernel chose port numbers for outgoing network connections made it possible to uniquely fingerprint users.
[...]
Kol and company were able to come up with an interesting attack on this algorithm. A hostile web page (otherwise known as almost any page on today's Internet) could load a JavaScript fragment that, through a series of iterations, creates a mapping between destination port numbers and the counter-table entries used to assign source-port numbers. It is, in other words. looking for hash-table collisions on the counter table. This table, remember, has only 256 entries, so hash collisions will not be rare or hard to find.
Specifically, the attack initiates a series of outgoing connections, all to the same remote address, but each to a different destination port. It then looks at the assigned source-port number for each connection attempt (note that the connection need not actually be established). Since any given counter-table entry is incremented after being used to generate a source-port number, two connection attempts that hit that counter-table entry will result in source-port numbers that differ by one — if the source and destination addresses are the same. So the attack looks for connection attempts that resulted in sequential source-port numbers and concludes that the destination-port numbers used in those attempts map to the same counter-table entry.
The optimal number of outgoing connections for one iteration of this attack is said to be one less than the size of the counter table, or 255. A single iteration of this algorithm will produce at most a small number of collisions, which do not tell an attacker much, but it can be run over and over again to come up with more of them. So the above process is repeated until collisions have been found for each entry in the counter table. Once that is done, a second phase uses a similar technique, but mixing connections to a loopback address with connections to the remote-server destination ports found in the first phase. The purpose here is to find which destination ports, when used with a loopback destination, map to the same table cell as one of those remote-server port pairs. This second phase generates pairs of destination port numbers that, when used with the loopback address, generate collisions in the counter table; these port-number pairs are independent of any remote address.
Each pair of colliding loopback port numbers, in effect, tells the attacker a little more about the secret key that the kernel generated at boot time. The key itself is never disclosed, but there is no need for that; a sufficient number of colliding port-number pairs is sufficient to uniquely identify the system involved. The key point is that these port-number pairs are a function of the secret key — which is different for every system — and can thus be used to create a unique device identifier.
The 6.1 merge window is well underway: since it opened, 5,752 non-merge changesets have been pulled into the mainline repository. That is approximately half of the work that had piled up in linux-next and marks a good time to look at what has been merged so far. Some long-awaited core changes have landed for the next kernel release, but there are likely to be more significant changes to come.
The kernel's Bugzilla instance is largely unloved and ignored, at least as a bug-reporting tool for the bulk of the upstream kernel. At the recent Maintainers Summit, Bugzilla was discussed during the regression-handling session led by Thorsten Leemhuis. In a followup to that discussion, Leemhuis posted some ideas for improving the state of bugzilla.kernel.org to the ksummit-discuss mailing list recently; the resulting discussion helped clarify a number of problem areas for it—and for the Bugzilla tool itself.
In his post, Leemhuis noted that those present at the summit expressed a fair amount of dissatisfaction with the kernel Bugzilla, so his goal was to propose a few different fixes to make things better. The main complaints during that session were effectively that bug reports via email work better for most kernel developers; there was also concern expressed that the Bugzilla project is unmaintained at this point. Part of his Kernel Summit session (YouTube video) on regression tracking was another place where many of the same problems with Bugzilla were raised. But there are kernel developers (and kernel subsystems) that use and rely on Bugzilla, so the ultimate "solution"—dropping the bug-reporting tool—is not really a viable option even though it is a popular sentiment.
Leemhuis's suggested path is to make it clear that most of the kernel does not use or pay attention to what gets submitted to Bugzilla. There are only 20 of around 2500 entries in the kernel MAINTAINERS file that specify Bugzilla as the place to post bugs; the rest either point to email addresses for mailing lists and maintainers, or to external bug trackers. Part of the problem from the user side is that there are "lots of bug and regression reports (even good ones!)" that never get a reply from a developer, as his analysis back in April showed. His goal is to redirect most of these reports to the proper places, or at least to make it clear to reporters that their bug may well be ignored.
Cloud computing is becoming more important as we enter the era of a data-driven world. In the data-driven world, it is important to keep data secure and accessible from everywhere. Well, Google Drive offers that solution in the most efficient way possible. You can securely store all your important data on Google Drive and access it from anywhere by logging into your Google account.
Like other apps in Google Suite, Drive has become an essential cloud storage app in our life. It offers free storage of up to 15 GB which is more than enough and can be used across GMAIL, Google Photos, and other Google services.
So, today I am going to share with you Google Drive clients you can use to access your Google Drive account on Linux and other distributions.
 I've done a lot of writing throughout my career, mostly as an IT consultant creating product documentation as client deliverables. These documents generally provide instructions on installing various operating systems and software products.
Since 2018, I've contributed to opensource.com with articles about open source software. Of course, I use open source editors to write my pieces. Here are the four open source editors that I have used.
A Terminal multiplexer is a program that multiplexes the login sessions inside the Terminal. A multiplexer makes life easy for a user by allowing him to have multiple sessions inside a single Terminal window. Users can attach and detach these sessions.
Today, we will discuss the two popular multiplexer tools: Tmux and Screen. The tutorial is supported by examples that include snapshots of commands and their output so that the users can easily grasp the concept of multiplexers.
Without any further ado, let’s get started!
Ardour 7.0 is now available, bringing many changes and additions to the popular open source digital audio workstation (DAW), reports Sourav Rudra.
Version 7 is a major release, and it marks the end of 32-bit builds, Rudra says.
Scheduled queries allow you to collect and process data about your systems on a regular cadence so that you can respond to changes promptly.
In this tutorial, we will show you how to install ExifTool on Linux Mint 21. For those of you who didn’t know, ExifTool is a free and open-source software program for reading, writing, and manipulating image, audio, video, and PDF metadata. It supports a wide range of file formats, making it a versatile tool for anyone who needs to view, edit, or manipulate metadata. ExifTool is frequently updated with new features and bug fixes, and the developers provide excellent support via the official website.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of ExifTool on Linux Mint 21 (Vanessa).
While the Chrome browser works stupendously well on Chromebooks, some users might want to install the Tor browser for added privacy protection. As you know, Tor is one of the best browsers for privacy that offers a private Tor network to route traffic securely and has many built-in security features. So if you are a privacy-conscious user and want to install the Tor browser on your Chromebook, this guide is just what you need. You can either install the Linux version or go for the Android version of the Tor browser based on your requirement. So on that note, let’s move to the tutorial.
Cloudflare is a company that has become well-known for its DDOS protection services. However, it is also one of the leaders in providing secure and private connections.
One of the products that Cloudflare offers for free is its tunneling service. This tunnel allows you to create a secure connection between your device and the Cloudflare network.
Using Cloudflare’s tunnel on your Raspberry Pi, you don’t have to worry about opening any ports in your firewall. If you want to give access to a service that uses HTTP or HTTPS, you won’t even need Cloudflared installed on another device.
The whoami command is short for “Who am I” and will print the effective username of the user that invoked the command. It is a fundamental command and will come in handy if you need to know the current user’s identity. For example, you might want to check the user before running a script.
The Linux version of the whoami command differs from the Windows version. The Windows version has more options you can use with the command, while the Linux only features two options. However, the basic functionality of the command is the same on both operating systems.
If you want a command that provides you with more information about the system’s current users, you should look at using the w or who command. Even without any options, the who command will provide you with a decent amount of information.
ZoneMinder is free, open-source software that allows you to monitor your CCTV feeds from one location. Best of all, thanks to being open-source software, it has support for most analog or IP cameras.
The Raspberry Pi makes an excellent pick for running ZoneMinder, especially when you don’t have many cameras since it is relatively low-powered and can be left running 24/7.
To make the most of ZoneMinder, you will need to know your cameras’ IPs and how to connect to them. Thanks to ZoneMinders popularity, you can often search for your camera brand name followed by “ZoneMinder” and find connection guides.
Over the following sections, we will cover how to install all of the software required to get ZoneMinder running on a Raspberry Pi.
The Plex Media Server is one of the best ways to categorize and stream your media from Ubuntu to any Plex client.
This server organizes all of your media, whether that be a photo, audio, movie, or TV show, and allows you to stream it to a Plex client. If you pay for the Plex Pass, the server can even scan your media and allow you to skip intros.
For devices that don’t support the format you have your media in, the Plex Media Server can even transcode it on the fly to a supported format.
In the following sections, you will learn how to install the Plex Media Server to your Ubuntu system using the official repositories.
For this tutorial to work correctly, you will need to install Python to your chosen operating system. We have tutorials on installing Python to Windows, macOS, and Linux. These are all straightforward and will not take long to complete.
The steps below will take you through all you need to know to run a Python script. If you encounter any issues, your system may not have Python configured correctly.
Pi-Hole is a software that act as your DNS provider to actively block internet ads and trackers. It does this by filtering the DNS requests and sending any blocked domains into a blackhole, so the request is never completed.
Another cool thing about Pi-Hole is that it can also work well to monitor your network traffic, as you can set it to log any DNS requests that the server receives.
There are a couple of different methods that you can use to exit the Python interpreter while in the terminal, which I will go into detail below. The instruction for Linux or macOS is slightly different from Windows, so choose carefully.
NordVPN is one of the most popular VPN services around, known for its fast and diverse network while managing to maintain privacy.
VPN stands for Virtual Private Network and allows you to create a secure tunnel between two locations. This tunnel is heavily encrypted, meaning no one can see what’s occurring inside it. In addition, services will see you connecting from the VPN provider’s IP address and not your own.
For Linux systems such as Ubuntu, the NordVPN team maintains its own client. This client has some benefits over using the Wireguard or OpenVPN apps but requires you to use the desktop version of Ubuntu.
Webmin is a web-based application for managing Linux-based operating systems.
Yarn is a package manager for JavaScript environments.
This tutorial explains the most relevant basic Linux network commands which covers both the practical implementation and straight to the point theoretical knowledge.
After reading this document and reproducing all its examples, you will learn how to manage the most important networking aspects from the Linux terminal.
This content is thoroughly optimized for the users without experience or knowledge on networking, avoiding uncritical theoretical information and focusing on practice, but including all the basic theory that a user without previous knowledge on networking must learn.
This is also the first part of a comprehensive Linux networking course. The second part can be found in the Advanced Linux Network Commands Tutorial which is more practical and less theoretical. By reading both of them, you will acquire the practical knowledge of a Linux network administrator.
All the examples used in this article contain screenshots, making it easy for all Linux users to learn how they are applied and how to understand the outputs and results.
Aleksandr and Keith both advocate for attribute selectors instead of class names, but while Aleksandr describes the more conservative approach of preferring attribute selectors where one already exists on the HTML element, Keith goes a step further and proposes adding your own data-* attribute instead of another class when you need something to hook into.
Let’s look at both more closely.
It’s time to get me up to speed with modern CSS. There’s so much new in CSS that I know too little about. To change that I’ve started #100DaysOfMoreOrLessModernCSS. Why more or less modern CSS? Because some topics will be about cutting-edge features, while other stuff has been around for quite a while already, but I just have little to no experience with it.
It’s time to get me up to speed with modern CSS. There’s so much new in CSS that I know too little about. To change that I’ve started #100DaysOfMoreOrLessModernCSS. Why more or less modern CSS? Because some topics will be about cutting-edge features, while other stuff has been around for quite a while already, but I just have little to no experience with it.
In this article, I will show you modern examples of Lisp which can help you with DevOps tasks and automation in general. No, I'm not joking. No, I'm not drunk.
In no uncertain terms, the power of Lisp is ideally suited for automation. This is not just because of how expressive it is. It's also because of how straightforward Lisp is for solving real-world problems.
Now, let's dive in.
Here’s how you can quickly check whether you are running Xorg or Wayland Display Server.
With every passing day, the modern Wayland display server is making its way to all Linux distributions. Although the legacy Xorg is still relevant and will stay, Wayland is undoubtedly better in security and other performance aspects.
However, Xorg will not completely phase out anytime soon. Probably never.
A reverse proxy server directs the client requests to the appropriate backend server. Today, we will learn how to create a Reverse Proxy in Nginx. To demonstrate that, we use the Ubuntu 22.04. Using the Ubuntu’s command line, we will implement a set of commands to first install the Nginx and then create a reverse proxy. Without any further ado, let’s get started!
This article guide takes us through the installation, configuration, and testing of MySQL database server software on an AlmaLinux 9 and AlmaLinux 8 distribution.
MySQL, the most popular open-source database management software solution, is developed, distributed, and supported by Oracle Corporation. However, if linked with Linux, Apache/Nginx, and PHP/Python/Pearl, it creates a complete LAMP or LEMP stack solution, which makes data query and management possible through its implementation of SQL (Structured Query Language) and relational models.
PostgreSQL is an immensely popular open-source relational database management system (RDBMS) that has been around for over 30 years. It provides SQL language support which is used for managing databases and performing CRUD operations (Create Read Update Delete).
When using Linux we have many ways to manage access to resources: the most basic one is by setting the appropriate UGO/RWX permissions on files and directories. In some occasions we may also want to make use of the setuid, the setgid and the sticky bit. Furthermore, we can use ACLs (Access Control List) in order to achieve an higher level of granularity or implement Mandatory Access Control security such those based SELinux or AppArmor.
In addition to the strategies mentioned above, on most filesystems we can manipulate a set of “attributes” in order, for example, to make a file immutable.
In this article we talk about file attributes on Linux, and we learn how to check the attributes assigned to a file and how to manage them.
We use the passwd command in Linux to change a user password with ease. This command replaces an old authentication token/password for a user with a new one and it is stored in Linux system’s /etc/shadow file. Today, we will explore the two methods to change the password in a Linux system. One method follows the change of password via Graphical User Interface (GUI) and the other method involves using the Linux commands that are executed on Linux command line OR Terminal to change the password.
In this tutorial, we will show you how to install Stellarium on Manjaro 21. For those of you who didn’t know, Stellarium is a free open-source planetarium for your computer. It displays stars, constellations, planets, and nebulae, and has many other features including multiple panoramic landscapes, fog, light pollution simulation, and a built-in scripting engine. Stellarium is available for Linux, Windows, and macOS.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Stellarium desktop planetarium on a Manjaro 21 (Ornara).
In this post, you will learn how to install Viber Desktop on Ubuntu 22.04 | Linux Mint 21
Viber is an instant messaging client similar to WhatsApp or Telegram. One of the main differences is that Viber from the beginning supported native calling and video.
Fortunately, Viber has a desktop client that allows you to have it linked to your mobile phone.
SeaMonkey is a free and open-source Internet suite. It is the continuation of the former Mozilla Application Suite, based on the same source code, which itself grew out of Netscape Communicator and formed the base of Netscape 6 and Netscape 7.
Compared to Firefox, the SeaMonkey web browser keeps the more traditional-looking interface of Netscape and the Mozilla Application Suite, most notably the XUL architecture. This allows the user to extend SeaMonkey by modifying add-ons for Thunderbird or the add-ons that were formerly compatible with Firefox before the latter switched to WebExtensions.
Bpytop is a resource monitor that shows usage and stats for processor, memory, disks, network and processes.
In this post, we will learn how to configure proxy for apt command on Ubuntu and Debian system.
In most of the production environments, Ubuntu and Debian servers do not have direct internet connectivity. To install updates, one must configure proxy for apt command so that all the apt command requests go via proxy server.
APT proxy settings can also be enabled during the OS installation however if proxy settings are skipped during OS installation, then use the following steps to configure.
Notepadqq is a free and open-source text editor program for Linux. It is an alternative to Notepad++, which many programmers and even general desktop power users often use as their notepad of choice due to its ease and minimalism. In contrast, others prefer its more unique features, such as multiline editing. While some may find the absence of certain features limiting, others appreciate the program’s simplicity. The clean interface makes it easy to find what you’re looking for, whether a specific line of code or a particular symbol.
In the following tutorial, you will learn how to install NotepadQQ on Linux Mint 21 LTS using two different methods, with APT and Flatpak as an alternative installation methods of installing NotePadQQ using the snap package manager and wine.
DeaDBeeF (as in 0xDEADBEEF) is an audio player for Linux, Android, and other Unix-like operating systems. It is free and open-source software released under the terms of the GNU General Public License. DeaDBeeF is primarily targeted at audio enthusiasts and power users. It supports a wide range of audio formats, including popular ones such as MP3, AAC, WMA, OGG, Vorbis, FLAC, and others. DeaDBeeF also supports playback of high-quality music files with bit depths of up to 32 bits and sample rates of up to 384 kHz
The following tutorial will teach you how to install DeaDBeeF on Manjaro 21 Linux. The tutorial will use the command line terminal with the yay AUR helper. Ideally, most users may be using some wrapper for Pacman; for new users, it is essential to install one to keep your packages up-to-date while you learn Arch/Manjaro.
This tutorial shows how to update and upgrade Manjaro Linux to the latest version using command line and GUI methods.
In the mood to play a co-op shooter? Humble Bundle has a huge PAYDAY 2: The Ultimate Score bundle ready for you. If you don't own it already that is, as it's not exactly a new game.
Lutris, the open source game manager that can help you keep together all your games from various services on Linux and Steam Deck has a new Beta release fixing some big issues. The release in terms of changes is quite small but still an important one to keep it running smoothly.
You know a game is going to be good, when you're already chuckling away in the first few minutes. Point and click adventure Lucy Dreaming is out now.€ Note: the developer sent a key over.
Need more Football in your life? Yes, I said Football, get over it. Pixel Cup Soccer - Ultimate Edition is officially out now along with Native Linux support. This game took over from Pixel Cup Soccer 17, which the developer unlisted on Steam, as this big new version is quite different as the developer said "the essence of the new game is the same, the technological differences are huge".
Recently I mentioned GB Operator a little USB gadget that reads cartridges of the Game Boy, Game Boy Colour and Game Boy Advance. After giving it a go myself (personal purchase), I'm impressed and a little in love.
Now the official Steam Deck Docking Station is out, a lot more people are testing the Steam Deck on external displays showing up numerous issues so Valve has added a little something to help.
UserBase is a wiki about all things KDE with a goal of presenting our users with helpful and up-to-date information. Sadly, we are some way from achieving this: While KDE developers are moving swiftly forwards producing amazing software our efforts to document this have been stalling.
At the recent Akademy, a week long gathering of KDE community members, we decided to do something about it. It is a big task, however, and we need your help! The team is small, but we hope it will grow and become a vibrant and friendly community.
LibreELEC 10.0.3 has been released, bringing Kodi (Matrix) v19.4 with additional fixes from the Kodi Matrix branch (till Oct 2, 2022).
Users of LibreELEC 10 Beta or RC1 get an automatic update to the final version. LibreELEC 9.2 setups will not be automatically updated, you will need to manually update.
We can offer stable and good working versions for Allwinner, Generic and Rockchip devices. The RPi4 is also in good shape but the codebase is rather new, so it is not polished yet (keep reading for details).
If you think Casper is the only friendly Ghost, think again - GhostBSD (22.10.12) is spooktacularly easy to use and a very polished. There is one scary part - there is a bit of ramble, so beware poor viewers...
Snapshots of openSUSE Tumbleweed rolled out consistently this week.
The rolling release put out a snapshot everyday since Oct. 12 and this week brought a few major version updates as well as an update of KDE’s Gear.
The latest snapshot 20221019 came out a few hours ago and updated the Common Internet File System and user-space tool cifs-utils 7.0. The update fixed some warnings that included a compiler warning as well as the package fixing some memory allocation. The Netscape Portable Runtime package mozilla-nspr updated to version 4.35, and it had fixes for building with clang compiler. The package also uses a number of online processors on certain platforms. Mozilla’s mozilla-nss updated to version 3.83. The Network Security Services package removed older unix support, added two DigitalSign root certificates and changed configuration settings behavior to skip configs with unsupported mandatory extensions instead of these failing; this was focused on Encrypted Client Hello extensions. A few other packages updated in the snapshot.
GNOME’s encryption interface Seahorse updated to major version 43 in snapshot 20221018. This package joined the several other GNOME 43 Guadalajara packages that are already in the rolling release. The package fixed warnings related to authorized keys, and it disabled key sharing over DNS Service Discovery by default. An update of gpg2 2.3.8 fixed a problem with Yubikey 5.4 firmware and fixed a regression in READKEY --format=ssh. An update of libsoup 3.2.1 fixed a minor memory leak and libxml2 2.10.3 fixed an integer overflow, which addressed CVE-2022-40303; this had no effect on OpenStack Cloud’s 8 and 9. And cfg80211, which is configuration Application Programming Interfaces for 802.11 devices in Linux, had some changes with the 6.0.2 kernel-source update. It fixed a Block Starting Symbol refcounting bug and avoids a non-transmitted BSS list corruption. A change was made with the nodejs18 18.11.0 update; it added an experimental watch mode. Running in watch mode using node, watch restarts the process when an imported file is changed. Several other packages updated including libzypp 17.31.4, libgcrypt 4.4.28, yast2-network 4.5.9 and more.
Almost one month after our latest update, here it comes a bunch of news from the YaST Team trenches.
Red Hat’s Ceph Storage is a highly scalable open-source software-defined storage solution designed to address enterprises’ block, file and object storage needs. It is deeply integrated with Red Hat’s OpenStack Platform and is at the center of the OpenShift Data Foundation (ODF).
Many enterprises are running Red Hat Rook as the Ceph operator in Kubernetes clusters. However, Ceph can run securely anywhere that OpenShift runs—on-premises and in the cloud—and is designed to help enterprises simplify operations and speed application developers’ time to market.
According to IBM, it will integrate the storage technologies from Red Hat ODF as the foundation for IBM Spectrum Fusion, thus combining the companies’ container technologies. In addition, IBM intends to offer new Ceph solutions to deliver a unified, software-defined storage platform that bridges the architectural divide between data centers and cloud providers.
Red Hat Enterprise Linux (RHEL) for Workstations is a reliable, flexible, high-performance operating system, optimized for intensive workloads such as animation, computer-aided design and engineering, scientific research, medical imaging and more.
Flathub system merged a feature that gives you a verified badge for Flatpak apps.
From the look of the code, it seems you get a verification symbol if -
1. You own the application and its respective GitLab/GitHub repo 2. You control the domain of the app ID (e.g. org.mozilla.firefox)
Here's how it may look.
As accessibility to artificial intelligence (AI) has increased, so has its adoption. Over the last two years, more than half of organizations have accelerated their AI rollout, revolutionizing the future of work.
The simplification and commoditization of AI tools have catalyzed harnessing AI’s true potential. Banking institutions have embraced AI to detect and prevent fraud, schools leverage the systems to help students learn faster and alert teachers to problems, and supply chain managers integrate end-to-end solutions to address procurement and distribution challenges.
With some organizations at the start of their implementation journey and others struggling to understand the impact, it’s critical to understand the full breadth and potential the technology holds, especially as it serves as a competitive edge.
Resiliency can make all the difference between a team that struggles with changing priorities and repeated setbacks and one that sails through the unexpected and adapts quickly. This isn’t magic or coincidence – it’s a result of leaders building key characteristics of resilience into the DNA of their IT culture.
“Resiliency is facing challenges and difficult times head-on and coming out the other side stronger. If the past few years have taught us anything, it is that we need to be adaptive, communicative, and willing to challenge the norms of our organizational culture,” says Bill Golden, deputy state treasurer and CIO, NC Department of State Treasurer. “It’s about being able to listen and respond to the ever-changing needs of our customers with a smile and a productive attitude.”
Big Blue was one of the system designers that caught the accelerator bug early and declared rather emphatically that, over the long haul, all kinds of high performance computing would have some sort of acceleration. Meaning, some kind of specialized ASIC to which a CPU would offload its math homework.
This year the annual Flock to Fedora conference was online again and again it was known as Nest With Fedora. Even with the situation around COVID-19 and without the option to meet others in person, Nest was still an awesome conference with plenty of things to do. The conference was hosted on Hopin platform, which allowed organizers to provide conference wide presentations and smaller sessions for other talks. There were also some social related activities, like booths or meeting others in Work Adventure. You could also invite anybody for a private talk. The Community Platform Engineering (CPE) Team was there and gave quite a lot of talks.
Application programming interfaces (APIs) make connections between systems that enable companies to conduct business. APIs are now one of the most popular ways for applications, microservices, and containers to communicate. They offer a wide range of benefits, including reliable communication and data transfer, streamlined development, easy scalability, and cost-effective re-usability. However, as APIs become more prevalent in the cloud-native landscape, they also leave applications vulnerable to many more security risks.
APIs can expose an application and its data, greatly expanding the attack surface and providing a range of new opportunities for attacks. Since APIs are used for communication and data transfer, an insecure API can expose sensitive customer or corporate data, causing revenue loss and damage to a brand's reputation.
Continuous integration (CI) and continuous deployment (CD) are development processes making use of automated tools to produce high-quality software.
CI ensures that any code submitted by each developer works together with all other code in the project. Typically, CI works by running regression tests.
CD involves further automation to make sure that the latest accepted versions of a project enter production, and that all the pieces deployed together are compatible.
Numerous tools, such as integrated development environments and version control systems, help you build software. But when it comes to creating software that customers trust—and even love—you need to pay attention to the details. A good CI/CD environment ensures that testing, integration, and deployment are fast, easy, and accurate. CI/CD allows you to iterate faster, build more reliable code, and deliver better customer experiences.
Ubuntu 22.10 is out, and the biggest change is a new official remix: Ubuntu Unity is now an official flavor.
Unity was once Ubuntu's in-house desktop, but was abandoned for a stock GNOME Shell interface in 2017. As we noted here in The Reg, it was revived by 12-year-old Linux wunderkind Rudra Saraswat, and since then the Ubuntu Unity team applied to become an official edition. After the vote went through, and from version 22.10, it's official once more.
The "Kinetic Kudu" release is based on kernel 5.19, released at the end of July, and the official mainstream flavor uses GNOME – specifically, the latest GNOME 43.
The various underlying subcomponents of 22.10 mostly also apply to the various remixes as well: systemd 251.4, Netplan 0.105, Firefox 104, Thunderbird 102, LibreOffice 7.4, CUPS 2.4, BlueZ 5.65, NetworkManager 1.40, Mesa 22, Pipewire 0.3.57, Poppler 22.08, PulseAudio 16, and xdg-desktop-portal 1.15.
Bear in mind that 22.10 is an interim release. The rule is easy to remember, but apparently quite a few people don't get it. Ubuntu puts out a release twice a year. Stable releases are the earlier ones in even-numbered years.
Today, Canonical releases Ubuntu 22.10. Are you excited? Well, you probably shouldn't be. Don't get me wrong, the newest version of the operating system -- which is codenamed "Kinetic Kudu" -- seems fine, but there is nothing truly exciting to be found in it. Yeah, it is just another cookie-cutter Ubuntu release.
With all of that said, there are some notable improvements, such as the new GNOME 43 desktop environment and inclusion of the latest Mesa in the Steam snap. For the most part, however, desktop users will likely find this version very underwhelming.
"All users will benefit from the refinements in GNOME 43, including GTK4 theming for improved performance and consistency. Quick Settings now provide faster access to commonly used options such as Wi-Fi, Bluetooth, dark mode and power settings," says Canonical.
Ubuntu 22.10 "Kinetic Kudu" is here. It brings many significant improvements, notably Linux Kernel 5.19 and the GNOME 43 experience.
Of course, this is a customized GNOME experience that will be familiar to existing Ubuntu users.
Ubuntu 22.10 will be available to download and install later today from https://ubuntu.com/download.
Codenamed “Kinetic Kudu”, this interim release improves the experience of enterprise developers and IT administrators. It also includes the latest toolchains and applications with a particular focus on the IoT ecosystem.
“Connected devices are an exciting area of innovation that also create new digital risks in the home and the business. We are focused on enabling a new generation of easy to use and highly secure IoT, so these developers in particular will find a number of quality of life improvements for embedded device and remote development in Ubuntu 22.10”, said Mark Shuttleworth, CEO of Canonical. ”This release also brings new capabilities to our enterprise management story. The new Landscape beta makes it easier than ever to administer your entire Ubuntu estate across any architecture”.
When it comes to Raspberry Pi support, the theme of Ubuntu 22.10 is definitely embedded devices.
In this release, Ubuntu now supports a range of embedded display HATs as well as under-the-hood improvements to the GPIO stack as we transition from RPI.GPIO to lgpio (more about that later).
In addition we’ve worked hard to support the Raspberry Pi’s even smaller cousin, the Raspberry Pi Pico W with the full MicroPython stack now available in the Ubuntu repositories.
We’ll run through these highlights and more in the rest of this post, but as usual Dave ‘Waveform’ Jones, our resident Raspberry Pi engineer at Canonical, has put together a suite of detailed blog posts to provide additional backstory to each feature. Check them out as we go through.
 When PI4B is used with the CB1, the CPU performance will be close to that of the Raspberry Pi 3B, but with compatibility with many of the accessories for the Raspberry Pi 4. If you wish to do so, you could also connect a Raspberry Pi CM4 to the PI4B adapter board. BIGTREETECH provides a Debian Linux for the CB1, and other operating systems are also in the works, but the company has not released public documentation for the board nor any OS images just yet. [Update: The OS image and Linux kernel source code can be found on GitHub]
The BIGTREETECH CB1 system-on-module can be purchased on Taobao in mainland China for about $19.9, and the complete package with the PI4B adapter goes for about $29.9. The company also has an Aliexpress store, but the CB1 is not listed yet. Let’s hope it will show up on Aliexpress in the near future. [Update: it can be purchased on the BQ store, see comments section]
 ZPE Systems Nodegrid Mini SR is a compact cloud-orchestrated gateway designed for the secure management of Internet of Things (IoT) and Operational Technology (OT) infrastructures.
Power by a dual-core Intel processor, the Linux-based device is equipped with 4GB RAM, a 16GB encrypted storage device, and whose hardware looks to be very similar to the Compulab Fitlet2 mini PC with two Gigabit Ethernet ports, four USB 3.0/2.0 ports, and optional support for WiFi 6 and 4G
Cytron’s Maker Pi Pico Mini comes with a Raspberry Pi Pico or Raspberry Pi Pico W microcontroller board. It has the same features as the larger Maker Pi Pico including a GPIO LED, WS2812B Neopixel RGB LED, a passive piezo buzzer, programmable push buttons, and a reset button.
I would like to thank Cytron for sending the Maker Pi Pico Mini board fitted with a Raspberry Pi Pico W as well as a character RGB LCD and a 3.7V Lithium Polymer battery. In this tutorial, we will show how to make a weather station with the Maker Pi Pico Mini board using Arduino code and the OpenWeather API.
Whether it’s a home, an office, a school, a restaurant, or something else, it’s always important to keep your indoor environment safe, clean, and pleasant to be inside.
It’s also a good idea to keep track of the air quality and conditions around you, not just for safety but also to ensure your systems are all working correctly and to avoid any wastage and inefficiencies.
Accurately monitoring your buildings can seem like a big challenge, but it’s actually very achievable with the right tools, and in fact, doesn’t require a whole lot of technology and expertise to get started. In this article, we’ll look at why it’s so essential to monitor your buildings and how anyone can build their own systems for doing so.
SeeedStudio announced yesterday the A205E Carrier Board which is compatible with Jetson Nano/Xavier NX modules from NVIDIA. The A205 includes flexible peripherals such as dual GbE LAN ports, dual HDMI ports, one PCIe M.2 key-M for SSD storage, one M.2 Key for Wi-Fi/BLE, etc.
Controlling tiny LEDs with an Arduino can be a fun project to kick off your journey learning DIY electronics. But do you know what’s even more fun? Powering light bulbs with a custom-built Arduino project: large, high-power, room-enlightening light bulbs!
However, the Arduino can’t emit more than 5V from any of its pins, let alone enough to power a light bulb that needs 30 to 40 times the voltage for an LED. That’s why you’re supposed to use a relay module instead. Here’s how to do that with your Arduino.
Many of us now outsource PCB production to board houses overseas, which offer high-quality boards with increasingly-impressive turnaround times. [Shri Hari Ram] still likes to brew up their own PCBs, though, and decided to try a new method to speed things up.€
Queries is a free Libre software database management solution for Linux desktops. It is written pure Rust.
In the nutshell, it is a complete workbench for SQL database engines with initial support for PostgreSQL.
The Internet of Things (IoT) and edge computing industries are developing quickly, and with it so does the scale of endpoints and the complexity of business logic. The more the IoT ecosystem grows, the more important it becomes to verify the availability and reliability of your platform. If you're delivering services, then testing your IoT system can help you find bottlenecks in performance, and help you plan ahead for scalability.
IoT can consist of any number of different devices using diverse protocols, strung together with complex integration architecture. This can make it challenging to design effective and meaningful tests for it. In this article, I demonstrate how to test an IoT platform using EMQX as an example of how to introduce performance test tools to verify and test platform-related quality indicators.
Convert image to Text with this multilingual free app: Capture2Text
Capture2Text is a free open-source OCR that allows you to convert any image capture to text. It supports about 90+ languages so far and comes with a highly customized shortcuts.
Alongside its rich graphical user interface (GUI), Capture2Text also offers a command-line interface CLI that an advanced user can use to batch convert many images with one command.
[...] The app is released as a free Libre open-source software (FLOSS) under the GNU General Public License version 3.0 (GPLv3).
In the very beginning, what is now Apache's prefork MPM was your only option; it was just how Apache worked. Then a long time ago, Apache added other Multi-Processing Modules (MPMs), although they were somewhat untrusted so for a while the conservative, backward compatible default was the prefork MPM. We started using Ubuntu based web servers (running Apache) a long time ago, and so we got their default of the prefork MPM.
Pocket Casts is a popular podcast app for its simplicity, hand-curated collection, and features.
If you did not know, it was entirely a paid app a few years back.
In 2019, they made their mobile apps accessible to all and introduced Pocket Casts Plus subscription to access desktop apps and extra features.
Automattic (the company behind WordPress.com) acquired Pocket Casts in 2021.
Automattic is involved with open-source projects. So, it was obvious for users to expect it to be open-source sooner than later.
And the time has come!
Avoiding misinformation online can be tricky, especially during election season. And while the media cycle may be more low-key than it would be for a U.S. presidential election (coming up soon in 2024), this November’s midterm has not been immune to internet discord. Americans have got some big decisions to make after all, like how power is balanced in Congress and who gets to make decisions about important issues in your state and local community.
We’re not here to tell you who to vote for. But as an organization that advocates for a healthy internet, we consider online misinformation to be a huge barrier to seeing that better internet. Here are some nonpartisan, online resources to help us all do the responsible thing: Make informed choices and get ready to vote.
Seven years ago today I began working at Mozilla.
What have I been up to this year? Not blogging, that’s for sure. I’m not sure if I can lay the entire blame of this at the feet of *gestures at everything*, but with the retirement of the This Week in Glean rotation, I’ve gone from infrequently blogging to never blogging.
Which is weird. I like doing it. It can be very fun. It isn’t usually too difficult. Seems like the intersection of all the things that would make it not only something I could do but something I want to do.
The announcement reflects the project’s new marketing strategy: The Document Foundation is focused on the release of the Community version, while ecosystem companies are focused on value-added long-term supported versions targeted at enterprises. The distinction has the objective of educating organizations to support the FOSS project by choosing the LibreOffice version best suited for their needs instead of the Community version generously supported by volunteers.
Since 2022, we have observed that the general pandemic situation is improving. While no large event may be possible this year, nothing stands in the way of smaller events. We are therefore looking forward to decentralized events of a variety of local groups between Christmas and New Year. We are looking forward to talks, workshops, art, music and certainly one or the other surprise.
qlcal is based on the calendaring subset of QuantLib. It is provided (for the R package) as a set of included files, so the package is self-contained and does not depend on an external QuantLib library (which can be demanding to build). qlcal covers over sixty country / market calendars and can compute holiday lists, its complement (i.e. business day lists) and much more.
This release fixes a small bug affecting one function, brings calendar updates from QuantLib 1.27 and 1.28, and applies a little bit of polish to appease clang++-15.
A minor release of RcppQuantuccia arrived on CRAN today. RcppQuantuccia started from the Quantuccia header-only subset / variant of QuantLib which it brings it to R. This project validated the idea of making the calendaring functionality of QuantLib available in a more compact and standalone project – which we now do with qlcal which can be seen as a successor to this.
In the process of writing it and debugging it, another Recurser and I traced through the execution with a known position where we could calculate the execution. This let us figure out what was going wrong, and also gain some intuition for what the algorithm was doing. I'm going to use that same position here to illustrated alpha-beta pruning. (This is partially so that when I inevitably forget the details, I can come back here and refresh myself!)
As Scala developers and fans of the functional programming promoted by Haskell, how do we justify the use of IO to newbies coming from Java? It’s been a fun ride, but the truth is that Java 19 is changing everything.
There are two problems with this. First, the filter is in the wrong place. It says that the search should proceed downward only from the good nodes, and stop when it reaches a not-good node. This isn’t what we want, because it should be up to childrenOf to decide how to continue the search. If the search should be pruned at a particular node, childrenOf should return an empty list of children. For example, when searching for palindromes, the search would be cut off at ab, and never proceed downward to find aba or abccbccba.
But the larger problem is that in most cases the search computes forever without producing any output at all, because the call to s recurses before it returns even one list element.
I have been a little bit confused about some aspects of Go modules in practice for a while, and to get things more nailed down in my head, I'm writing some entries (writing entries here can be a form of talking to the duck). This is the first one, because before I understand the unusual corner cases I need to cover the normal and proper cases.
Philip Herron and Arthur Cohen presented an update on the "gccrs" GCC front end for the Rust language at the 2022 Kangrejos conference. Less than two weeks later — and joined by David Faust — they did it again at the 2022 GNU Tools Cauldron. This time, though, they were talking to GCC developers and refocused their presentation accordingly; the result was an interesting look into the challenges of implementing a compiler for Rust. Herron started by saying that he initially found the project too difficult; the Rust language was simply too volatile to try to develop a compiler for it. So he gave up for a while. He kept getting questions about when the work would be done, though, so he eventually restarted the project. The language has been mostly stable since 2015, so the task has gotten a little easier.
There are a few goals for the gccrs project beyond simply compiling Rust code. The work needs to end up in the GCC mainline once it's ready. It should reuse as much of the GNU toolchain as possible. There is also an effort to make the gccrs code as easy as possible to backport to older versions of GCC. Finally, advanced features like link-time optimization should be supported for Rust code.
Mugs celebrating Perl 5.36 are now available at The Perl Store with all proceeds going to The Perl Foundation
A casual understanding of how AM radio works is pretty easy to come by, and standard FM is only a little more complicated. Things can go off the tracks a bit with stereo FM, though — figuring out how they squeeze two separate audio tracks onto one radio signal is a bit of a head-scratcher. In that case, wrapping your head around the concept might be helped by mocking up a stereo FM signal with an arbitrary waveform generator and a little bit of Python.
At the end of September, Victor Stinner reported on a security bug fix he had been working on for a script from the CPython Tools/scripts directory. As part of that work, he realized that there were 74 scripts in that directory that were potentially outdated, unused, unmaintained, trivial, buggy, or some combination of all of those. It is not uncommon for projects to have code that accretes in overlooked corners of the source tree, but it makes sense to periodically take a look to see if changes are needed. Stinner seems to have kicked that off for Python with his message.
The proximate cause was a shell-code-injection flaw in get_remote_certificate.py, which is a thin wrapper around the openssl command-line tool to retrieve a TLS certificate from a site and display it. As Stinner notes, just using openssl directly is "simple enough". So he suggested removing get_remote_certificate.py from the repository entirely for Python 3.12.
I know most people reading this article are developers of Linux or Linux enthusiasts and do not need any introduction to Git. But for beginners, Git is one of the most popular and widely used version control systems available for software development and other similar kinds of work. Git is a tool that can be managed and used through the command line, and it is one of the easy-to-use command-line version control tools available for Linux developers and users.
With most developers nowadays using graphical tools for programming and development, there is no surprise they are also seeking GUI tools which could prove to be efficient alternatives to the Git command line tool. There are many Git GUI clients available for Linux and its distros like Ubuntu which offer most of the features of the Git command line tool with more efficiency and reliability.
So today, we’re going to look at the best 10 Git GUI clients, which you can install on Ubuntu and use as a version control tool for software development.
The anxiety around the state of cinema that Olivier Assayas captured in his 1996 international breakthrough, Irma Vep, has proved remarkably enduring. The French auteur uses the setting, a troubled production of a remake of Louis Feuillade’s 1915 Les Vampires, to explore the ways film is adapting to an epoch of encroaching globalization and ever-changing tastes. The movie’s aging, unstable director, René Vidal (Jean-Pierre Léaud, the most prominent actor of the French New Wave), strives to update a classic for a self-aware era with Maggie Cheung (playing a version of herself), an international star best known for her action films, in the role of Irma Vep—arguably the ur–femme fatale, originally brought to life by the silent film star Musidora. On this postmodern canvas, Assayas places a New Wave icon in direct conversation with French cinema’s past and its globalized present.
But what if you could get GPT-3 to market your product for you? Well, I certainly couldn’t do it if I tried. But serendipity is, in many ways, what makes life worth living. You can imagine my surprise when I woke up to a message on ChiselStrike’s discord, with someone claiming that GPT-3 auto-generated a story attributing one of the ChiselStrike cofounders, Pekka Enberg, as the author! See if for yourself: [...]
But Feynman's anecdotes were intentional. Colleagues would talk about how he would obsess over narratives. A longtime "rival" and fellow Nobel Prize winner in Physics, Murray Gell-Mann, never achieved the same level of pop culture fame as Feynman. Gell-Mann had the same propensity for marketing complex ideas: he was the one who discovered and named quarks, a subatomic particle that is a fundamental part of matter. The quirky name comes from James Joyce's Finnegan's Wake.
It’s also “a fantastic farm where ashes grow like wheat into ridges and hills and grotesque gardens; where ashes take the forms of houses and chimneys and rising smoke and, finally, with a transcendent effort, of men who move dimly and already crumbling through the powdery air.”
My book on the hypercommercialization of girls sports identified many instances of verbal and physical abuse of girls and young women at both the youth and college levels.
Seasoned Hackaday readers may have noticed over the years, that some of us who toil under the sign of the Jolly Wrencher have a penchant for older tech. After all, what’s not to like in a dirt cheap piece of consumer electronics from decades past that’s just begging for a bit of hardware hacking? For me at the moment this is manifesting itself in a selection of 8mm movie cameras, as I pursue a project that will eventually deliver a decent quality digital film cartridge.
Is the history of this algorithm lost in time, or do we know who first invented it, or at least wrote it down? I think it sometimes pops up in connection with coin-weighing puzzles.
For over a century now, radio amateurs have made tuned circuits using a coil of wire and a variable capacitor. In recent decades the supply of variable capacitors has dwindled, as SDR technology has supplanted the traditional tuning capacitor. No more tuned circuits for the radio amateurs? Not quite, as [Bill Meara N2CQR] shows us in the video below the break by making variable inductors using permeability tuning. This is hardly high-tech, the major component is as simple as a glue stick.
Some people have issues using regular computer mice, and need alternative input devices that suit their needs. [Olman Orozco] designed an affordable mouth-joystick intended to work as a mouse to suit that very use case.
While the polygraph is colloquially associated with pseudoscientific lie detector tests, the actual invention of the first polygraph was designed to mechanically duplicate the pen strokes of someone writing. Famously, a polygraph was used by former US President Thomas Jefferson in his “modern office”, a replica of which still sits in the Smithsonian museum. Few of us have a need for a pen-based polygraph anymore, but inspiration from the centuries-old invention can still be gleaned from the machine, like in this 3D printer which can output four identical prints at once.
UV rays are great at helping us generate vitamin D, but they can also be harmful, causing sunburn and even melanoma. To help kids keep track of the UV index in his local area, [Jude Pullen] created the UV Budgie.
When Nalleli Cobo got her first MRI, the nurse told her it would be a picture of her brain. She was alone in a hospital gown in the scanner, imagining high-tech photos of her thought bubbles and quietly panicking. “You cannot think of Justin Bieber!” Cobo warned herself. Instead, she practiced concentrating on the smell of the AllenCo oil plant she lived next to—along with her headaches, stomach pain, heart palpitations, nosebleeds, and body spasms—so that the doctor would see what was really happening. She was 10 years old, and already aware of the devastating effects of urban oil drilling.
Black residents in southeastern Louisiana bear a disproportionate cancer risk from industrial air pollution, the agency found, with children at one predominantly Black elementary school having been exposed to a dangerous carcinogen at levels 11 times what the EPA considers acceptable.
Dennis Diaz, a resident of the public housing project Jacob Riis Houses in the East Village, New York City, said that after he experienced nausea, diarrhea, dizziness, and migraine headaches around late August and early September, he took preliminary tests that revealed he had been exposed to arsenic.
Last week, Health and Human Services Secretary Xavier Becerra announced an extension of the public health emergency (PHE) until January 11, but it's not clear whether the administration is planning another renewal—leaving millions of households concerned about their health coverage and Supplemental Nutrition Assistance Program (SNAP) benefits.
"Obviously we've seen in the past two years what the effects of spillover can be."
"The Republican Party is openly promising to topple the entire American economy unless they are allowed to demolish Social Security and Medicare,” Pascrell said in a statement after House Minority Leader Kevin McCarthy (R-Calif.) confirmed that the GOP will use a fast-approaching debt ceiling fight as leverage to enact spending reductions if Republicans retake control of the chamber in the November elections.
Soon, I was left figuring out how to load a Windows 10 Enterprise Edition 90 day evaluation copy into VirtualBox from an image supplied by Microsoft…..
Yeah, I’m serious.
I was disgusted that it took up most of an afternoon to get the appliance working.
GPUScore Sacred Path is the world's only cross-platform GPU benchmark that includes the latest GPU technologies like Variable Rate Shading (VRS). Sacred Path supports all the relevant device categories - ranging from premium mobile phones to high-end gaming PCs. It has full support for Android, iOS, Linux, macOS and Windows.
This benchmark is of great importance for application vendors, device manufacturers, GPU vendors and IT Media. Game developers need a thorough understanding of performance across the device range to optimize the use of the same assets across a maximum device range. GPU vendors and device manufacturers can compare their products with competitor products, which allows them to develop new product ranges with the correct targeting. In addition, Sacred Path is a true asset for media reviewing any GPU-equipped devices.
On October 18th, 2022, Debian GNU/Linux 11 “Bullseye” users received a new major kernel update patching a total of 17 security vulnerabilities, including CVE-2022-3176 and CVE-2022-2602, two flaws discovered in the io_uring subsystem that could lead to local privilege escalation to root, and CVE-2022-40307, a race condition discovered in the EFI capsule-loader driver that could also lead to local privilege escalation or a denial of service (crash or memory corruption).
Threat intelligence firm SOCRadar says it has detected that sensitive data from 65,000 entities has been made public because of a misconfigured Microsoft endpoint. It has dubbed the leak BlueBleed, adding that this data was only the first part of the leak.
The total amount of data was from more than 150,000 companies in 123 different countries, SOCRadar said in a post.
British security guru Kevin Beaumont tweeted about the leak, saying: "Microsoft have had some sort of breach due to a misconfigured system, which has exposed customer data."
Medical insurer Medibank Group says its shares have entered a trading halt after it was contacted by an individual who claims to have stolen 200GB of data from the company during a network attack which it reported last week.
In a statement issued on Thursday, the company said the individual in question had provided a sample of records for 100 policies. "...we believe [this] has come from our ahm and international student systems," it said.
The company provides private health insurance and health services to more than 3.9 million people in Australia.
"That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data," Medibank Group said.
Another day, another success at sneaking into a building and pretending to be staff. I do so love drinking other people’s expensive office coffee. No fruit bowls though. Close, but no banana.
It got me thinking, again, about what makes for good social engineering (SE), and what advice would I give my younger self.
“Cybersecurity has reached a tipping point,” wrote MIT professor Stuart Madnick in a recent Harvard Business Review article, New Cybersecurity Regulations Are Coming. Here’s How to Prepare. “After decades of private-sector organizations more or less being left to deal with cyber incidents on their own, the scale and impact of cyberattacks means that the fallout from these incidents can ripple across societies and borders.”
Given the growing threat of cyberattacks, there’s an urgent need to improve the security of IT systems. However, we still don’t know a lot about cyberattacks, including how many attacks have taken place and who’s been attacked. Until recently, cybersecurity regulation were mostly focused on data privacy, and the only attacks that had to be reported were those involving personal information, such as the theft of names and credit card numbers.
Today, we release IPFire 2.27 - Core Update 171. It updates major parts of the distribution, such as the kernel and the IPS engine, and features bug fixes as well as stability and security improvements - most notably, upstream fixes against a strain of vulnerabilities in the kernel's WiFi components. Particularly IPFire users running WiFi networking hardware are advised to install this update as soon as possible, and reboot their systems afterwards.
Also, this Core Update initiates the deprecation of IPFire support for 32-bit ARM hardware, ultimately taking effect on February 28, 2023.
WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day €- and big props to them for doing that. But you can’t just look at that and then stop at message protection. WhatsApp does not protect metadata the way that Signal does. Signal knows nothing about who you are. It doesn’t have your profile information and it has introduced group encryption protections. We don’t know who you are talking to or who is in the membership of a group. It has gone above and beyond to minimize the collection of metadata.
WhatsApp, on the other hand, collects the information about your profile, your profile photo, who is talking to whom, who is a group member. That is powerful metadata. It is particularly powerful—and this is where we have to back out into a structural argument € for a company to collect the data that is also owned by Meta/Facebook. Facebook has a huge amount, just unspeakable volumes, of intimate information about billions of people across the globe.
It is not trivial to point out that WhatsApp metadata could easily be joined with Facebook data, and that it could easily reveal extremely intimate information about people. The choice to remove or enhance the encryption protocols is still in the hands of Facebook. We have to look structurally at what that organization is, who actually has control over these decisions, and at some of these details that often do not get discussed when we talk about message encryption overall.
Journalist Sues Predator Spyware Maker for Allegedly Helping Government Surveil Him
If Netflix’s business models were structured like the Marvel Cinematic Universe, the company would be about to enter Phase 3. Phase 1, of course, is when the company launched its DVD-by-mail service in 1999, transforming the way DVDs were rented. Phase 2 began in 2007, when it supplemented its DVD subscriptions with a streaming video-on-demand service, ushering in the modern era of streaming entertainment. Phaseââ¬Â¯3 of the Netflix Revenue Universe (the NRU?) will begin in earnest in November, when the company launches its advertising-supported streaming tier.
Law enforcement officers have plenty of unfettered access to expansive databases containing plenty of personal information. This access is instrumental to law enforcement work, including ongoing investigations, attempts to locate wanted criminals, and the routine minutia of validating drivers licenses and registration.
The European Union’s executive body is pushing ahead with a proposal that could lead to mandatory scanning of every private message, photo, and video. The EU Commission’s wants to open the intimate data of our digital lives up to review by government-approved scanning software, and then checked against databases that maintain images of child abuse.€
The 2018 law was already too broad, exempting officials from following procedures that ordinarily govern electronic surveillance and hacking, such as the Wiretap Act, Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act.
This year, Eticas checked public policies and documents of 15 Internet companies that handle user data in their day-to-day activities, including telecom providers, home sales and rental sites, and apps for selling second-hand goods. Eticas added three new companies to the report: the telecom provider Digi Spain Telecom, the second-hand goods app Vinted, and the startup Trovit.es, which offers deals for selling or renting homes, cars, and other products. Telecom provider Euskatel is no longer in the ranking after its acquisition by MásMóvil.
Shortly after GDPR went into effect in 2018, Apple began running privacy-focused advertisements and since then, has released several more along the same line — coming out with unique angles to showcase its enhanced security features.
Using privacy as a marketing asset was viewed as a smart marketing move by Estelle Masse, Europe legislative manager and global data protection lead at Access Now, a data privacy advocacy organization that defends the digital rights of users worldwide.
“Privacy is actually a commercial advantage,” Masse said. “Companies need to move beyond thinking it’s part of an annoying compliance checklist. It can be a competitive advantage for you and build trust for your users.”
As other companies clamored to navigate compliance with enhanced privacy regulations while maintaining their marketing data strategies, Apple embraced privacy issues as a key point for its marketing. The company proved privacy could be an asset, rather than the liability it became for its Silicon Valley neighbor, Facebook (now Meta), which spent 2018 navigating the Cambridge Analytica data privacy scandal. Meanwhile, for other tech companies, privacy became a downfall instead of a key feature.
Off-the-shelf spyware has long been associated with abuses by autocratic regimes, but in recent years it’s democracies who are reckoning with the their own potential abuse of such surveillance tools.
Sophisticated digital surveillance tools were once only available to a handful of government intelligence operations. But mercenary software-as-a-service operations like Pegasus, from Israeli firm NSO Group, have made such powers accessible to practically any government willing to pay.
The 30-year-old man attacked several passers-by "with at least one knife", near the train station in Ansbach, a Bavarian town close to Nuremberg, according to local police.
“Turkey's behavior toward 92 migrants whom we rescued at the borders today, is a shame for civilization,” he said on Twitter. “We expect Ankara to investigate the incident and protect at last, its borders with the E.U.”
Lallemant believes, based on his decades of experience as a police officer and then as the police chief of Paris, that the large-scale presence of Muslims, who do not wish to integrate into French society, but rather, to challenge the French state and its laws, will end in a civil war, where even the Ãâ°lysée Palace will need to be guarded by the army from Muslim insurrectionists.
In an 18-page opinion on Trump affiliated lawyer John Eastman's push-back on a subpoena for emails relating to the events of Jan. 6, U.S. District Court Judge David O. Carter revealed that Trump knowingly signed documents containing fake voter fraud numbers.
According to The Washington Post, Carter determined that several documents exchanged within Trump's circle need to be made public as they're proof of "knowing misrepresentation of voter fraud numbers in Georgia when seeking to overturn the election results in federal court."
The funds will be included in the Senate version of the 2023 NDAA.
Sarah Wu reports the chairman of Taiwanese chipmaker TSMC commented on challenges for the semiconductor industry stemming from U.S.-China relations.
Robert Lipsyte calls for banning both The Bomb and the home run as the first crucial steps toward a safer, more peaceful world.
Noting that martial law had already been in effect in the occupied Ukrainian regions prior to their annexation, Putin said in a nationally televised address that "we need to formalize this regime within the framework of Russian legislation."
Vladimir Putin announced Wednesday that he has signed a decree implementing martial law in Ukraine's Luhansk, Donetsk, Zaporizhzhia and Kherson regions, which Russia annexed in late September.
Occupation authorities in the annexed Kherson region of Ukraine have announced the start of a new Ukrainian offensive in that direction. “Up to two infantry battalions of the 128 Motor Assault Brigade and a 17 Brigade tank battalion” have “launched an offensive in the Nova Kamianka–Beryslav direction,” said Kirill Stremousov, deputy head of the Russian-installed regional administration. The acting “governor” of Kherson, Volodymyr Saldo, says that “no one is about to surrender” Kherson. Still, Saldo has ordered to evacuate his administration to the left bank of the Dnieper. He also forbade any entry of traffic into the right-bank area for the coming week, urging all residents to leave. While the Ukrainian General Staff is silent about the offensive, Russia’s General Surovikin says that he expects “to make some difficult decisions” in Kherson.
The Russian Federation is preparing to toughen penalties for violating Russia’s residency, says secretary of the Russian Security Council, Nikolay Patrushev.
Following the President’s introduction of martial law in the annexed regions of Ukraine, and of other security measures on Russian territory, Moscow Mayor Sergey Sobyanin has assured Muscovites that “currently, no measures that would limit the normal rhythms of city life are being introduced.”
The Russian-installed occupation administration in Mariupol has dismantled a memorial dedicated “to the victims of the Holodomor of 1932–1933 and political repressions.” The memorial had been in the city's center since 2004.
The price of a bulletproof vest has skyrocketed to twenty times the January price, said the Russian Senator Lyudmila Narusova, when speaking to the Federation Council.
Overall, the situation in the special military operation zone is tense. Our opponent is a criminal regime, while we and the Ukrainians are one people and want the same thing: for Ukraine to be a country that’s friendly to Russia and independent from the West. The Ukrainian Armed Forces are pulling all of their reserves, including untrained territorial defense forces, to the front; they’re effectively condemning them to destruction. Nationalist detachments are shooting everybody who tries to escape. Every day, the Ukrainian Armed Forces lose 600–1,000 people to death and injuries. We’re not striving for a quick advance, because we take care of every soldier, and because this reduces the number of civilian victims. The situation in the Kherson direction is complicated. In the city itself, there are supply problems. NATO is demanding that Ukraine carry out offensive operations regardless of the number of casualties. We have information that Kyiv might use illegal methods of warfare. Our task is to save lives, and that’s why we’re moving the population out of the area. Our subsequent plans with regard to Kherson will depend on the situation. We haven’t ruled out making some tough decisions.
The Russian-installed occupation administration in Ukraine’s Kherson region has sent a text message to all Kherson residents urging them to leave the city to avoid possible shelling from the Ukrainian army.
“The United States regards our country as part of the homeland, and we regard ourselves as part of the homeland,” FSM President David Panuelo said in a September 27 lecture at Georgetown University.
Announcing the winners of the Sakharov Prize, E.U. lawmakers particularly praised Ukrainian President Volodymyr Zelenskyy, who drew international praise in the early weeks of Russia's attack on his country for remaining in Kyiv to rally the public and appeal to Russian soldiers not to participate in the war.
Businessman Evgeny Prigozhin, who recently admitted to founding the Wagner private military company, says that his representative is building “defensive structures” and forming “a people’s militia” in the Belgorod region.€
The Kremlin Press Secretary Dmitry Peskov said that Russia has no plans for closing its borders following the introduction of martial law in the annexed Ukrainian territories.
For a time, these activists had public opinion on their side. In August 1946, a Gallup poll found 54 percent of American respondents favored (and only 24 percent opposed) turning the United Nations into “a world government with power to control the armed forces of all nations.” Similar polls in other nations during the late 1940s reported comparable results.
So, consider banning both The Bomb and the home run as the first crucial steps toward a safer, more peaceful world.
But the shame is precisely that everyone does use, or in truth misuse, power in the international community based on the same cynical principles of force and counterforce which motivate Putin. Nuclear deterrence is an unworkable and self-destructive system that leads only in one horrible direction. We are not trying nearly hard enough to evolve alternatives, as if we were paralyzed by the challenge of killing war before war kills us.
Jeesh, Dirty Harry was quick to respond to the unneeded and unwarranted escalation language: Marvelous. I guess the punks felt lucky.
But still the US, distracted by its own internal political diversions, trade wars with China, and an ignominious retreat from Afghanistan in 2021 that left many wondering how reliable America longer term is in guaranteeing or supporting European security needs.
Two recent books by academics share Biden’s concern and raise serious warnings as the growing tendency toward fascism – Yale’s Jason Stanley’s How€ Fascism€ Works: The Politics of Us and Them (Random House, 2018) and Lehigh’s Anthony DiMaggio’s Rising Fascism in America: It Can Happened Here (Routledge, 2021).
If the world is indeed entering a new Cold War, it bears little resemblance to the final years of that global conflict with its frequent summits between smiling leaders and its arms agreements aimed at de-escalating nuclear tensions. Instead, the world today seems more like the perilous first decade of that old Cold War, marked by bloody regional conflicts, threats of nuclear strikes, and the constant risk of superpower confrontation.
Drax, which generates around six percent of the UK’s electricity through burning wood pellets at its power station in North Yorkshire, is hoping to secure an estimated €£31.7 billion in government subsidies for a carbon capture project.
"They don't care about our common future. Expect huge cuts in green funding."
"These corporations are simply deciding to make more money—no matter the pain it causes here at home."
Last week, a new comprehensive study of almost 32,000 populations of 5,230 species around the world estimated that wildlife on earth has decreased by almost 70 percent since 1970. The mind can’t really wrap around the scale of loss conveyed by this number.
Unveiled in August, Biden's plan is set to forgive up to $20,000 for federal borrowers who meet specific income requirements. While progressives have long pushed for even bolder debt cancellation, right-wing politicians and groups have taken aim at the administration's more modest policy.
"I then found myself being dragged into the grounds of the consulate. I held on to the gates where I was kicked and punched, I could not hold on for long," he said.
"I was eventually pulled onto the ground of the consulate. I felt punches and kicks from several men. Other protestors were trying to get me out of this situation, but to no avail.
"The attack only stopped when a man who turned out to be a uniformed officer from the Greater Manchester Police pulled me outside the gates.
"Let me say it again so I am clear: I was dragged into the consulate, I did not attempt to enter the consulate."
According to the Forrester report 2022, 55% of security professionals acknowledge their organization experienced a security incident or breach last year involving supply chain providers, while third-party attacks account for 60% of global security incidents.
As per Avinash Tiwari, CISO, Pidilite Industries, such issues stem from unmaintained hygiene on IT/OT (Information Technology/Operation Technology) convergence, which has accelerated due to digital adoption, innovations, and collaborations.
Now, for the first time, the German Federal Office of Justice has imposed fines on Telegram for violations of the Network Enforcement Act. The company is said to have violated the obligation to maintain reporting channels that comply with the law. Neither Telegram users nor state authorities can therefore report incriminated content. According to its own information, the Federal Office of Justice has tried to serve hearing letters since April 2021 without success. However, the notification of an authorised representative with a summonable address in Germany was missing. Thus, no official documents can be served in a legally binding manner. Therefore, the makers are now to pay a total of €5.12 million. However, the penalty order is only legally binding if Telegram waives its right to appeal.
She is reported to have personally given $1 million (€£800,000) to the CEF, which has handed out more than $4 million (€£3.5 million) in grants, including to Extinction Rebellion and Just Stop Oil.
In the past week, a number of prominent MAGA leaders have made comments about Jews that range from insulting to outright anti-Semitic.
Our reporters found that voting is a modern-day literacy test in many ways for the 48 million Americans who have trouble reading. Voters must navigate confusing ballots and registration processes, as well as attempts by some states to make voting more difficult, such as by putting restrictions on the assistance people can recieve. Misinformation and false claims about voting fraud have exacerbated the issue.
We get an update from immigrant justice advocate Guerline Jozef, who is in Mexico to look at the impact of the Biden administration’s expansion of Title 42 to turn away Venezuelan asylum seekers at the U.S.-Mexico border. The Trump-era policy lets the government expel asylum seekers on public health grounds. “It is unacceptable today for the government to try to expand Title 42, and forcing people to continue to die,” says Jozef. Meanwhile, the Biden administration announced it will allow 24,000 Venezuelans to enter the country by air if they have a financial sponsor in the United States. Applicants must first apply online. The program is similar to one set up for Ukrainians earlier this year. Jozef notes immigrants from Venezuela and Haiti are treated harshly, while Ukrainians fleeing similar political instability back home are welcomed, and that the immigration system should be structured to treat everyone with compassion and dignity.
Protests are growing in Port-au-Prince as thousands fill the streets to demand the U.S.-backed Prime Minister Ariel Henry resign after he announced he would raise fuel prices amid an already dire humanitarian crisis. Countries including the U.S. and Canada have sent military equipment to assist the Haitian police in cracking down on the unrest, and the U.S. has been pushing the United Nations Security Council to authorize a security mission, spurring more protests against foreign intervention. “We are seeing people really protesting on the street for the right to [a] sovereign solution to the issues that are happening, and they are saying 'no' to an armed invasion from the international community,” says Guerline Jozef, executive director of the Haitian Bridge Alliance.
On October 18, the imprisoned Russian politician Alexey Navalny appeared before the Moscow appellate court to appeal his nine-year maximal-security prison sentence. We’re publishing an abridged version of Navalny’s courtroom speech, in which he called the war in Ukraine “an immense crime,” started by Vladimir Putin and his circle to cover up the disastrous results of their 22 years of government. Navalny urged the court not to be complicit in the crimes of Putin’s regime. The court dismissed his appeal.
The family of Yury Borisov, the new head of Russian space program Roscosmos, owns real estate in Russia and abroad worth at least a billion rubles, says an investigation by Alexey Navalny’s team.
Still a parliamentarian representing the federal seat of Cook, Morrison – so we are told – did remarkable things.€ According to the group’s blurb on Morrison’s achievements, they are manifold and grand, the sort expected from this “globalization mastermind”.
"The emails show that President Trump knew that the specific numbers of voter fraud were wrong but continued to tout those numbers, both in court and to the public."
These death squads believe they can kill, shoot, taser, abuse and steal from American citizens in the so-called name of law and order.
Starting on October 27, the Vermont independent senator will hold at least 19 events with grassroots groups MoveOn and NextGen America.
Ye, formerly Kanye West, has had quite a week or so. He got locked out of both his Instagram and Twitter accounts for posting anti-semitic nonsense. Immediately following that, he went on the Drink Champs podcast/video show and spouted even more such nonsense. He’s continuing to spew similar nonsense in other interviews as well. Indeed, it seems like anyone putting him on right now is really exploiting someone who is dealing with some pretty serious issues.
The advocacy group Obstetricians for Reproductive Justice (ORJ) began traveling the country in September to meet people who have been personally impacted by abortion bans that have now been passed in at least 13 states following the U.S. Supreme Court's overturning of Roe v. Wade in June.
American democracy is not guaranteed by the Constitution. It has no impregnable defense in law, and in the coming midterm election it stands in mortal jeopardy.
Utah Senator Mike Lee should lose his reelection bid and be drummed out of office for his support of the scheme to install fake electors to overturn the 2020 election. Text messages from Lee to former White House Chief of Staff Mark Meadows revealed that Lee was an early and vocal advocate of the idea that Trump should challenge the results of the election he lost. “If a very small handful of states were to have their legislatures appoint alternative slates of delegates, there could be a plan,” he wrote to Meadows. Lee was also an early backer of now-disgraced lawyer Sidney Powell, helping her secure an audience with the White House. On January 4, two days before the insurrection, Lee whined to Meadows: “I’ve been spending 14 hours a day for the last week trying to unravel this for [Trump]”—“this,” of course, being the election results.
But then I figured I’d “like” these bot profiles back, establishing a match, to see what I could dig up. Hinge itself soon confirmed what I suspected, booting some of these supposed people off the app for potentially fraudulent behavior. I received automated emails on August 6, 8, 9, 14, and again on September 18 and 22, letting me know a match was a fake.
Some researchers believe that Wikipedia could be an overlooked venue for information warfare, and they have been developing technologies and methods similar to the ones used on Facebook and Twitter to uncover it. A team from the UK-based Institute for Strategic Dialogue (ISD) and the Centre for the Analysis of Social Media (CASM Technology) published a paper today exploring how to uncover disinformation on Wikipedia. They also believe that the data mapping may have uncovered a strategy that states could use to introduce disinformation. The trick, they say, is playing the long and subtle game.
Do you remember all the nonsense from earlier this year, in which executives from the Republicans’ favorite spamming operation misread a study about how various email providers handled political mailings and absolutely flipped out? The study didn’t say what they claimed it said: that Google was nefariously sending GOP emails to spam filters. It showed that in an untrained inbox, Google was more likely to declare Republican political messages as spam than Democratic political messages (the same study also showed the opposite for Outlook and Yahoo Mail — those sent more Dem emails to spam than Republicans, but nobody complained about that). Of course, the same study showed that this differential in Gmail went away for anyone who trained their spam filter.
Internet shutdowns can have significant impacts on the economy, health care, and education even in the best of times, but when they are instituted during crises, they can cost lives. Curbing the use of [Internet] shutdowns—and the severe second-order consequences that attend them—requires a united approach that recognizes the underlying impulses and technologies, as well as the struggle of those impacted.
This is exactly what the Iranian government is doing right now, with Internet blackouts and acts of violence during the peak of the Tehran protests. But, as it turns out, the regime carries out the same approach each time the country is embroiled in a scandal.
According to Amnesty International, at least 323 men, women, and children were killed by Iranian law enforcement during five days of nationwide protests in 2019. The deadly crackdown was preceded by the authorities blocking most people's access to the [Internet].
He was thrown into a prison cell with 15 others, including men accused of murders and selling illicit liquor. The police visited his home and took away his passport, bank documents and other official papers. Most importantly, they had accused him of "blasphemy and defying God".
Not until Dearborn Police Chief Issa Shahin arrived later did the protesters stop their agitation. Shahin pleaded with the crowd to relax and not embarrass Dearborn. There was concern expressed by some community leaders that the protesters are making the city and its Arab American Muslim population look bad. But others said that as Muslims, they have to stand up for their faith.
The Chinese government is being weird again. Most of this weirdness springs naturally(?) from its desire to suppress dissent and control the narrative.
Meanwhile, the BGM Telegram channel, founded by Darya Losik's husband, cited several other Telegram channels close to the government as reporting on October 18 that Darya Losik faces a charge over an interview with the Poland-based Belsat, which Belarusian authorities shut down and labeled extremist in July last year.
The United States has called for the immediate and unconditional release of Darya Losik, a State Department spokesman said at a briefing.
A nonprofit that curates an online collection of John F. Kennedy’s assassination records sued President Biden and the National Archives and Records Administration (NARA) on Wednesday to demand the release of all remaining materials on the former president’s 1963 killing.
The Mary Ferrell Foundation and two of its members filed the suit in a Northern California federal trial court, asking a judge to throw out Biden’s order last year to postpone the records’ release.
The Mary Ferrell Foundation filed the federal lawsuit Wednesday one year after Biden issued a memo postponing the release of a final trove of 16,000 records assembled under the President John F. Kennedy Assassination Records Collection Act of 1992, which Congress passed without opposition in response to Oliver Stone's Oscar-nominated film “JFK.”
The JFK records act, signed by President Bill Clinton, required that the documents be made public by Oct. 26, 2017, but President Donald Trump delayed the release and kicked the can to Biden, who critics say continued the policy of federal obfuscation that has existed since Kennedy was assassinated Nov. 22, 1963, in an open motorcade at Dealey Plaza in Dallas.
U.N. human rights officials said they are alarmed by the unabated violent response by security forces against protesters, and reports of arbitrary arrests and the killing and detention of children are also deeply worrying.
U.N. human rights spokeswoman Ravina Shamdasani said as many as 23 children reportedly have been killed and many injured by security forces who used live ammunition, metal pellets, and fatal beatings.
She said schools also have been raided, and children arrested by security forces.
Supporters and Farsi-language media outside of Iran have worried about Rekabi's safety after she choose to compete without the hijab.
[...]
Rekabi left Seoul on a Tuesday morning flight. The BBC's Persian service, which has extensive contacts within Iran despite being banned from operating there, quoted an unnamed "informed source" who described Iranian officials as seizing both Rekabi's mobile phone and passport.
As for the rest of The Squad, silence.
No call by American feminists and progressives for the collapse of the totalitarian government of Iran. No wholesale condemnation of this police state’s mandate that women wear the hijab and face imprisonment for failing to do so, or for failing to wear it “correctly.” No plea that the Biden administration, at the very least, publicly support the Iranian protesters demonstrating the same kind of courage as have the Ukrainians following the Russian invasion.
Christian converts and other religious minorities like the Bahais are not recognised in Iran.
Over the last few years, Mary has faced persecution from the authorities in the form of arrests and interrogations due to her faith as well as activism.
"As U.S. organizations committed to women's rights and justice across the world, we stand in solidarity with the brave people of Iran, overwhelmingly Iranian women and girls, who are demonstrating for their basic rights and strongly condemn the outrageous, widespread, and systematic human rights violations of the Iranian government seeking to silence the Iranian people's demand," the 39 groups, led by the National Iranian American Council, said in a statement.
Protests erupted in the northwestern city of Ardabil on Saturday over the death of Asra Panahi, a teenager from the Azeri ethnic minority.
According to the Coordinating Council of Iranian Teachers’ Trade Associations, the 16-year-old was fatally injured after security forces stormed her classroom, demanding a group of girls sing an anthem praising Ali Khamenei, Iran’s supreme leader.
At the heart of France’s strike movement is inflation.
Compared to the eurozone average, the country’s annual rate of inflation of 5.6 percent is fairly low—largely thanks to government measures to cap rising energy costs. The state has fixed increases in the price of gas and electricity to 4 percent this year and plans to limit those hikes to 15 percent in 2023. It’s also subsidizing the distribution of gasoline and diesel to keep prices at the pump in check.
Much of this is the heritage of the Yellow Vests. The government is anxious to avoid provoking an unruly protest movement such as erupted over fuel costs in late 2018. But while state interventions have helped to lighten the burden of rising prices for consumers, something much more fundamental remains unchanged for many workers: Pay is stagnant across much of the French economy. According to France’s labor ministry, wages in the private sector have grown by only 3.5 percent over the past year.
The Official Project Censored Show The Potential for a Class I Railroad StrikePlay EpisodePause EpisodeMute/Unmute EpisodeRewind 10 Seconds1xFast Forward 30 seconds 00:00 /SubscribeShareThe Official Project Censored Show The Potential for a Class I Railroad StrikePlay EpisodePause EpisodeMute/Unmute EpisodeRewind 10 Seconds1xFast Forward 30 seconds 00:00 /SubscribeShare
Barely 10 years after women finally secured the right to vote, at a point in the early 1930s when Herbert Hoover was president and Prohibition was the law of the land, an otherwise undistinguished session of the Michigan Legislature passed a sweeping ban on access to abortion. Then, in 1973, the US Supreme Court rendered the law meaningless with its Roe v. Wade decision. But in the wake of the ruling in Dobbs v. Jackson Women’s Health Organization, Michigan’s ghost law, which lingered on the books for more than 90 years, is haunting the present.
The Cuban Adjustment Act is another way the US tries to curtail the Cuban government.
The Egyptian government is ultimately responsible for setting Alaa free. But Alaa is a British citizen and the UK government should also intervene, immediately, to do everything it can to uphold Alaa’s human rights and secure his freedom. In her last days as foreign secretary, now-PM Liz Truss called Alaa’s case a “high priority” and affirmed a commitment to secure his release.
Lawyers for Benjamin Cole, a 57-year-old sentenced to death for murdering his 9-month-old daughter Brianna Cole in 2002, do not deny that he killed the infant. However, they argue that his severe mental illness and brain damage—which they say have worsened during his imprisonment—are grounds for stopping his execution.
Refugees and immigrants are one of the reasons that the U.S. is the only western country to count among the top 10 populous countries in the world. However, the population grew at the slowest rate in the U.S. in 2021 since the country's founding. Reduced refugee and immigration intake has much to do with it. Even though the Biden administration set the limit to 125,000 refugees a year, the actual intake was fewer than 26,000 refugees.€
To my Christian friends in the state of Georgia: Do you believe that an unborn fetus is a human being? If you do, then abortion is murder.
As President Biden vows to codify abortion rights if Democrats can control Congress after the midterms, we speak with Democratic Congressmember Cori Bush, who faces reelection this November as a first-term Democrat in Missouri, where abortion was banned after the Supreme Court overturned Roe v. Wade in June. She just wrapped up a “Roe the Vote: Reproductive Freedom Tour.” She discusses her experiences with abortion and much more in her new memoir, “The Forerunner: A Story of Pain and Perseverance in America,” which traces her journey as a registered nurse who took part in Black Lives Matter protests in Ferguson to running for the House of Representatives. “It was not easy” becoming a Black woman politician in a state and country where “true equity or equality” has not yet been achieved, says Bush.
Many attempting the crossing have not been so fortunate. The International Organization for Migration (IOM) reports that since 2014, more than 17,000 people have died or gone missing en route. In the first three months of 2022 alone, up to 600 peopleattempting to reach Europe have gone missing, per the IOM.
China, Iran, Russia and Cambodia, all authoritarian states, are deeply invested in ensuring the isolation of their people from the global internet.
They’re among the top countries trying to centralize state control over domestic internet infrastructure, according to Freedom House’s 2022 Freedom on the Net report, which studied internet freedom in 70 countries, making up 89% of the world’s internet users.
Released on October 18, the report found that global internet freedom has declined for the twelfth year in a row. Rising internet fragmentation, with countries ringfencing their national internet services from the global internet, is one of the main reasons.
In just the last decade or so AT&T has been fined€ $18.6 million€ for helping rip off programs for the hearing impaired; fined€ $10.4 million€ for ripping off a program for low-income families; fined€ $105 million€ for helping “crammers” rip off their customers; fined $60 million for€ lying to customers about the definition of “unlimited” data; and accused of ripping off U.S. schools for decades.
FOR THE PAST five weeks, thousands of Iranians, led by courageous young women, have taken to the streets of dozens of cities around the country, driven to action by the case of Mahsa Amini, a 22-year-old Iranian woman who died while in the custody of the country’s Morality Police. At tremendous risk to their safety, these young people are demanding an end to years of oppression, burning their hijabs, shearing their hair, and marching in solidarity as the protest anthem Baraye, with its chorus “for women, life, freedom,” echoes through the streets. Authorities have responded with a brutal crackdown in which over 230 Iranians are believed to have died already. The government has also instituted strict internet controls, blocking access to social media and messaging apps, as well as knocking the entire web offline for hours at a time in an effort to stymie organizing and conceal the extent of the protests and the police response.
Emoji Co. GmbH has registered trademarks in the dictionary word “Emoji.” They mostly are a licensing organization, and their registrations are in a wide range of classes: “from articles of clothing and snacks to ‘orthopaedic foot cushions’ and ‘[p]atient safety restraints.’” (Raise your hand if you’ve ever seen Emojico-branded patient safety restraints). Indeed, the court essentially questions the entire basis of Emojico’s licensing business, saying:
J.R.R. Tolkien’s “Lord of the Rings” is one of the best-known and best-loved modern works of literature, not least thanks to Peter Jackson’s films based on the cycle. Given that popularity, it’s no surprise that there was interest in creating adaptations of other Tolkien works. The result is “The Lord of the Rings: The Rings of Power”.€ According to Wikipedia:
Major Japanese manga publishers requested assistance from a US court this week. The companies say that information held by financial and tech companies will help them file lawsuits against the operators of seven pirate sites, some with 'Mangaraw' branding. After previously using Cloudflare's services, some of the sites are now operating openly from Russia.
The Internet Infrastructure Coalition, which represents many key Internet companies, is urging the U.S Trade Representative to keep neutral infrastructure intermediaries off its annual list of notorious piracy markets. The coalition calls for clarification to prevent the review process from singling out the wrong targets.
A couple of weeks ago, Walled Culture reported on a terrible idea in France: requiring companies to pay for the use of public domain material. As the post explained, this is a subversion of what it means for something to enter the public domain, and a betrayal of the implicit bargain of copyright. Fortunately, the plan was dropped, partly as a result of the outrage it generated.
Naively, I assumed that this was a lucky escape, but that the idea would be back unless we were on our guard. I was wrong: the idea won’t be back, because it has already been implemented in a number of other countries. For example, Jorge Gemetto pointed out on Twitter that something called the “paying” public domain has existed in Uruguay and Argentina for many years. He linked to an interesting article on the topic by Maximiliano Marzetti, who lists even more countries blighted by this copyright perversion: Algeria, Kenya, Ruanda, Senegal, Republic of the Congo, Côte d’Ivoire, and Paraguay. Marzetti refers to a 2010 report from WIPO, which explore the idea of the “paying” public domain further.
is in the wrong order. in fact, shouldn't we think it strange that "laugh" is included at all? is humor truly on equal grounds with love and conscious existence itself? what might it look like for a society to prioritize laughter over love?
laughter is certainly enjoyable, but it's a dangerous goal on its own. what happens in such a society when a non-normative group emerges? long after widespread fear and disgust of homosexual people has faded, laughter remains, in more circles than I like to accept. this is unacceptable, and it is only one such example.
My pre-pandemic job was 80% on-site, downtown Minneapolis. I got up early, took the bus down the street all the way into the city. Our company had moved downtown a few years prior so there were still a lot of people who originally signed up for a much more local commute, and the company said work part time remote if you want. We were a web services business, no real need to always be in the office if your day to day didn't require it. I didn't mind the commute as I wasn't driving. My wife, however, liked the days when I was Work From Home as it meant I was off work and instantly available. So some Fridays, or weeks with lots of other stuff going on I'd stay home and work out of my home office.
[...]
A big thing I missed about that job was interacting with my coworkers, both in work and non-work activities. We did the little pods with no walls between our cubicles. Everyone sitting so close together that often the entire room would have ongoing conversations while we all typed away.
[...]
I miss having a whiteboard. I am planning on cleaning out my office, which went to shambles when I was WFH 100%, and setting up a board on my wall with an HD webcam pointed at it so I can easily stream what it is I'm writing. Still haven't found a way to resolve the "hey, sorry to bug you but can you come over here and show me X" part of office life that we are missing.
[...]
Being a software developer you have one of two options. Stick with the companies that are local, or open yourself up to more global opportunities. Before the pandemic there were lots of companies that had remote contractors and full time employees. Some companies were exclusively remote. Doing the remote gig is something a lot of us do. It requires a special type of person and needs to be an active choice. Sadly due to the pandemic many of us didn't have much choice. Will be interesting to see how many places stay remote only. This may be a more permanent change than we first thought.
Well, I've needed some technical support with an application I've
downloaded.
There are two ways to get it:
The first is by contacting the company, and then wait for some days
till they call you back, and then let someone guide you step by step
through the process of installing the application. But prior to them
calling me, I had been receiving some ispinning wheel of death and so could not
complete the installation. And with that person's help, I just get the same
spinning wheel of death.
THICK AS A BRICK!
The secret is to try and install time and time again until you pass that
screen with the spinning wheel of death.
I don't like it when that moron says that the problem is with my smartphoe
because everybody else has successfully installed the application.
Now, guess what? Had only that duce read the review on Google Play, he
would have known that the application is problematic. Why not just fix it?
Recently I learned about docopt -- idea (anof generating command line parser from help message and implementation for multiple languages; conventional command line parsers do it other way round: help message from the parser. It was pleasant to discover something new in design area that seemed to be fully explored for decades.
[...]
Of course, there is still room for improvement. For example, if user provides unknown option or both of mutually-exclusive options, full usage line is printed without clarification of what exactly was wrong.
Still, from help message that needs to be written anyway (since getopt does not generate it) decent command line parser is generated. Writing of the shell scripts is much easier now.
been playing this. never expected it to come out, but it is fitting a hellish game escaped kickstarter hell. it didn't escape feeling unfinished, though.
Humans really want to put things in categories, so we invent the categories. They don't exist outside our minds. But we disagree about whether we got them right. There is no right! We invented them, and we invented the rules about what belongs in them.
Science involves a lot definition of categories that are very precise, but one thing that scientists like doing is taking categories that alrady exist and "fixing" them: a dolphin isn't a fish; and there's no such thing as a fish any way. Sometimes the "fix" sticks. We don't want to sound foolish so we don't call a dolphin a fish. Sometimes everyone ignores the "fix". We all carry on talking about fish.
I received some email from Remy [1] about my post yesterday [2] where they sent along some related links. They received their own badly written sponsored post email [3], and also linked to Kev Quirk's badly written sponsored post email [4]. I was then reminded of the time I sold out [5] to get that sweet-sweet sponsored money (it wasn't much—about $100 for seven ads) and the aftermath five years later [6].
It's a simple node class that has a list of children. You can pass a list of children when you create the object, or if you don't supply one it defaults to an empty list.
There's something very wrong with this code that's somewhat obvious with hindsight, but I didn't catch it until after some time in the debugger.
So you create a couple empty nodes and then start appending to each one's children list. Straightforward enough. But what actually happens?
[...]
Thankfully for me this was all in a piece of code less than 50 lines long so I was able to figure things out pretty quickly. I ended up just removing the children parameter from the constructor since I wasn't really using it anyway and instead I set the children list to a new empty list defined in the constructor body.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.