Bonum Certa Men Certa

Links 09/11/2022: Clonezilla Live 3.0.2

  • GNU/Linux

    • Desktop/Laptop

      • Djalel OukidTuxedo OS, is it just another Ubuntu-based distro?

        TUXEDOComputers has announced the first version of its new Ubuntu-based operating system that comes pre-installed on their Linux devices under the name Tuxedo OS 1. Of course, the new distro is an addition to the Linux community, but what makes Tuxedo OS different from Vanilla Ubuntu or other popular distros? Is it the perfect expected distro?

    • Audiocasts/Shows

    • Applications

      • Linux Links8 Best Free and Open Source Graphical Mastodon Clients

         Mastodon is a free and open source microblogging platform similar to Twitter, but with user privacy and decentralization in mind. It’s one of many protocols that interacts with the Fediverse of protocols like Pleroma, GNU Social, and others. Unlike Twitter, Mastodon is not one social network.

        Getting started with Mastodon can be confusing for newcomers. Mastodon is a federated service. This means its similar to email. You can create an email account with many different providers. And that’s the same with Mastodon. The service lets you sign up to one of many sites that run Mastodon software, called instances. A user can communicate with other Mastodon users on different instances. The instances are themed – many by country, city, or interest.

    • Instructionals/Technical

      • Linux NightlyUsing systemd to Manage Services on Linux - Linux Nightly

        The majority of Linux distributions rely on Systemd to manage all of the daemons and services running on a system. Systemd allows users to manage and administer system services, mainly through use of the systemctl command. In this tutorial, you will learn how to use systemd to manage and interact with services on Linux.

      • The AnarcatAntoine Beaupré: Using the bell as modern notification

        Computer terminals have traditionally had an actual bell that would ring when a certain control character (the bell character, typically control-g or \a in an C escape sequence) would come in the input stream.

        That feature actually predates computers altogether, and was present in Baudot code, "an early character encoding for telegraphy invented by Émile Baudot in the 1870s", itself superseding Morse code.

      • UNIX CopGitLab: Setup and Install on Ubuntu 18.04, 20.04, and 22.04

        This post is about Gitlab setup and install it.

        GitLab, a web-based Git repository manager, and code hosting application provides an integrated platform to manage projects from planning to development to deployment to the cloud. With GitLab, you can host your Git server and manage your entire development process under one roof, from start to finish. Setting up GitLab on Ubuntu 18.04, 20.04, and 22.04 (Bionic Beaver) can be tricky, but it’s worth it if you’re familiar with the Linux command line and want to get the most out of this powerful tool.

        In this tutorial, I will explain how to set up and configure GitLab on an Ubuntu 18.04, 20.04, and 22.04 server in five steps. Let’s get started!

      • UNIX CopPandora FMS Monitoring Tool Installation on Ubuntu 22.04

        Pandora FMS is software for monitoring computer networks. Pandora FMS allows the visual monitoring of the status and performance of several parameters from different operating systems, servers, applications and hardware systems such as firewalls, proxies, databases, web servers or routers. Wikipedia

        Designed to be modular, multi-platform and easy to customize, Pandora FMS supports monitoring of networks, servers, applications, databases, cloud and virtualization, logs, user experience, and business processes.

        It uses powerful agents for all operating systems to collect data from monitored systems and devices, supports both local and remote network monitoring, auto-monitoring where agents detect storage devices, partitions or databases, and many other things. Agents can control system components such as services, execute processes or remove temporary files and more.

        It also features a flexible notification and alert system, supports remote access via tools such as eHorus and SSH, auto-discovery of networks, network elements, network topology, etc. And has an integrated reporting system with dozens of different report templates and graphs for analysis. Notably, it is fully compatible with most open-source tools and experienced users can also create custom integrations with the services of their choice and so much more.

      • UNIX CopHow to setup Secure GitLab Registry

        We demonstrated how to configure a GitLab instance in our previous post so that you may manage the projects for your company or yourself. We advised using an FQDN and making the GitLab instance accessible through HTTPS. Since most of the applications are containerized, it makes sense to configure a container registry where multiple iterations of your programme and its many components can be kept in Docker images.

        Don’t worry if you don’t know what a container registry is. Once you actually upload the first container image to a GitLab instance, it will become evident. Consider it like repositories for your container images for the time being. These are simply images, stored inside the remote GitLab instance but are not running containers.

      • Linux Hint2 Easy Methods to Install Docker on Raspberry Pi

        Docker is an open-source platform to create, edit, and run applications in the container. The container is a lightweight, loosely created environment where you have the freedom to package and run an application. You can run multiple containers at a single host without worrying about utilizing the system resources and it contains everything you need to run an application on the system. Thus, you can speed up the development process through docker since it reduces the time for writing and running code in production.

        In this article, you will learn how to install docker on your Raspberry Pi system through different methods.

      • Linux HintHow to Install Geany on Linux Mint 21

        Geany is the most popular, lightweight, fast, and open-source text editor used for programming purposes. It is a multi-platform software that runs on several systems like NetBSD, Solaris, Windows, and Linux.

      • Linux HintHow to Clear Arduino Serial Buffer

        Arduino is an electronic platform that takes instructions from users in the form of code known as sketch and generates output accordingly. To collect the instructions and process them one by one, the Arduino uses a serial buffer. The Arduino serial buffer holds the incoming data until the device is ready to process them. Sometimes we have to clear the Arduino serial buffer to avoid interference with incoming data. Let’s see this in more detail.

      • Linux HintHow to Install GNU Debugger GDB on Linux Mint 21

        GNU Debugger, commonly referred as GDB is a powerful and open-source debugging tool that can run on Linux and Unix-type operating systems. The GDB tool was specifically designed for C and C++ languages; due to its wide range of supportive languages, it can debug other languages as well like Ada, Fortran, Go, Pascal, and many others. It is used by developers to examine variables, calling functions, debug preprocessor macros, server-client debug architecture, and many other rich features that one can think of it.

      • Linux HintHow to Install Conky System Monitoring Tool on Raspberry Pi

        Conky is a system monitoring application that displays information on a desktop. Conky displays information about the whole system like the battery status, email notifications, storage, processor information, and much more. It also displays the calendar, time, and status of the weather. In this article, we will show you how to install Conky system monitoring tool on Raspberry Pi OS.

      • Linux HintHow to Install and Setup Plex Media Server on Raspberry Pi

        Plex Media Server is a media streaming platform that allows you to watch Live TV channels, TV shows, and movies. You can even stream your media files, such as audio, video, and pictures, from your system and organize them according to your choice.

        This article is a detailed guide in installing and setting up the Plex media server on your Raspberry Pi system.

      • Linux HintHow to Install Apache Maven on Linux Mint 21

        Apache Maven is a popular, open-source project management tool used to develop and manage Java projects and documentation. It comes from the concept of POM (project object model) with the extensible feature. It has the ability to add plugins and support other languages as well, such as C#, Scala, and Ruby. It is a helpful comprehension tool that gives bundles of details about projects. This tool is also available for Linux distribution also and in this tutorial, we will learn how to install it on Linux Mint 21 system.

      • Linux BuzzHow to enable timestamp in history command

        In this post, we will describe how enable timestamp in history command.

        History command in Linux & UNIX systems keep tracks all command which were executed by the users in the past. By default, history command keeps the records of last 1000 commands. This feature helps sysadmins to recall the command’s syntax if it is executed in the past and also helps in troubleshooting and audit purpose.

        However, in history command output, timestamp is not enabled, so to enable it we must export environment variable HISTTIMEFORMAT.

      • Linux HintHow to Install GNOME Screenshot Utility on Raspberry Pi

        GNOME Screenshot is a lightweight tool used by Linux users to take screenshots on their systems. It’s one of the most valuable tools that allow you to capture an entire window, desired window, and selected area screenshots on your system.

        If you are looking for a screenshot tool for your Raspberry Pi system, you can easily install this tool using this article’s guidelines.

        How to Install GNOME Screenshot Utility on Raspberry Pi

        The GNOME Screenshot utility can easily be installed on all Linux systems, including the Raspberry Pi system and you can follow the below-mentioned steps to install it on Raspberry Pi.

      • Linux HintHow to Install Gradle on Linux Mint 21

        Gradle is an open-source, popular build automation tool used to create applications based on Groovy and Kotlin. It is a flexible tool and is famous among Linux users because of its consistency. Gradle supports many programming languages like Java, Android, C/C++, Scala, etc. It doesn’t matter how long the project is, Gradle will download respective dependencies and repositories automatically to create it. The structure it follows to create applications is building (compiling, linking, code packaging), automating, and delivering the product with fast performance.

      • KifarunixHow to Integrate TheHive with MISP
      • Network WorldBash: A primer for more effective use of the Linux bash shell | Network World

        There are lots of sides to bash and much to know before you're likely to feel comfortable snuggling up to it. This post examines many aspects of this very popular shell and recommends further reading.

      • Make Use OfHow to Run Ubuntu as a Docker Container

        Docker is the most-loved programming tool according to Stack Overflow's 2022 developer survey. It is widely used in IT and has revolutionized the way we deploy applications.

        Docker containers are a bit similar to virtual machines, but they are more lightweight and come packed with only the basic required elements of an operating system. To appreciate how minimal Docker containers can be, let's see how you can run Ubuntu in Docker.

      • ID RootHow To Install Symfony Framework on Ubuntu 22.04 LTS - idroot

        In this tutorial, we will show you how to install Symfony Framework on Ubuntu 22.04 LTS. For those of you who didn’t know, Symfony is a web application framework written in PHP. It provides a set of reusable PHP components. Symfony is easy to install and configure on most platforms.

        This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Symfony Framework on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

      • Linux Made SimpleHow to install SSF2 Project B Patch 9 on a Chromebook

        Today we are looking at how to install SSF2 Project B Patch 9 on a Chromebook.

        If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

        This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

      • Real Linux UserHow to create a Linux Mint bootable USB in macOS and Windows - Linux Mint 21 edition - Real Linux User

        One of the many powerful features of Linux is the ability to start a distribution directly from a USB stick, without affecting your hard drive and the operating system on it. It is therefore not required to perform a complete installation to use or try out Linux before actually installing it. But even if you have made the decision to install Linux individually or maybe next to your current Windows or macOS installation, you need a bootable Linux USB device. In this tutorial, I will explain how to create a Linux Mint bootable USB in macOS and Windows, from which Linux Mint 21 can be started to try out or install.

  • Distributions and Operating Systems

    • New Releases

      • LinuxiacClonezilla Live 3.0.2 Comes with UFW Firewall in the Live System

        Clonezilla is a free, open-source disk imaging and cloning application that runs from a live CD or USB drive. It is created for disk partition, imaging, cloning tasks, bare metal backup, and recovery.

        It is targeted any IT pro looking for a reliable, cost-effective tool to enable them to image and restore machines quickly and safely.

        There are three Clonezilla variations: Clonezilla Live, a small bootable Linux distribution for x86/64-based computers, Clonezilla Lite Server, and Clonezilla SE. Recently, the Clonezilla project published the latest release of Clonezilla Live 3.0.2, so let’s look at what’s changed.

      • 9to5LinuxClonezilla Live 3.0.2 Disk Cloning/Imaging Utility Released with Linux Kernel 6.0 - 9to5Linux

        Clonezilla Live 3.0.2 disk cloning/imaging utility is now available for download. This release is powered by the latest Linux 6.0 kernel series and synced with the Debian Sid repositories as of November 3rd, 2022.

        The post Clonezilla Live 3.0.2 Disk Cloning/Imaging Utility Released with Linux Kernel 6.0 appeared first on 9to5Linux - do not reproduce this article without permission. This RSS feed is intended for readers, not scrapers.

    • BSD

      • APNICA few more of my favourite things about the OpenBSD Packet Filter tools | APNIC Blog

        With PF, you can create a network that learns. Fairly early in PF’s history, it occurred to the developers that the network stack collects and keeps track of information about the traffic it sees, which could then be acted upon if the software became able to actively monitor the data and act on specified changes. So the state tracking options entered the pf.conf repertoire in their initial form with the OpenBSD 3.7 release.

        A common use case is when you run an SSH service or really any kind of listening service with the option to log in, you will see some number of failed authentication attempts that generate noise in the logs. Password guessing, or as some of us say, password groping, can turn out to be pretty annoying even if the miscreants do not actually manage to compromise any of your systems. So to eliminate noise in our logs we turn to the data that is anyway available in the state table, to track the state of active connections, and to act on limits you define such as the number of connections from a single host over a set number of seconds.

    • SUSE/OpenSUSE

      • Ish SookunopenSUSE Board Election 2022 campaign has begun

        openSUSE members can also ask questions to the candidates on the project mailing list. Vojtěch Zeisek asked the candidates about their plans and what they want to achieve with the project.

        Douglas had an interesting answer. He stated that he would like to see that the openSUSE Project adopts the blockchain technology. He cited the election as an example where a smart contract could facilitate the task of running elections and maintaining an updated members list based on whether members' tokens have been used in (x) number of years.

        He also mentioned NFT as something that could be explored to create a sort of badge system like the Fedora project has and member contributions could be rewarded with NFTs.

    • Fedora Family / IBM

      • Weekly status of Packit Team: November 2022 | Packit

        Week 44 (November 1st – November 7th) # Fixed an issue due to which the repository was never searched for a specfile if specfile_path was not specified, and specfile_path was always set to <repo_name>.spec. (packit#1758) Packit is now able to generate automatic Bodhi update notes including a changelog diff since the latest stable build of a package. (packit#1747) Description of Bodhi updates now contains a changelog diff. (packit-service#1713)

      • Red Hat.NET 7 now available for RHEL and OpenShift [Ed: Red Hat helps Microsoft's lock-in tactics]

        This is a quick overview of what developers need to know about this new major release. The .NET 7 release is now available, targeting Red Hat Enterprise Linux (RHEL) 8.7, RHEL 9.1, and Red Hat OpenShift.

    • Debian Family

      • CNX SoftwareAXERA AX620A 4K AI SoC delivers up to 14.4 TOPS for computer vision applications - CNX Software

        AXERA AX620A is a high-performance, low-power AI SoC with a quad-core Arm Cortex-A7 processor and a 14.4TOPs @ INT4 or 3.6TOPs @ INT8’s NPU that is slightly inferior to the Amlogic A311D, and mainly used for AI vision applications.


        The AX620A SDK is based on Debian 11 Linux.

      • Aurélien Jarno - riscv64 porterbox

        For quite some time, many people asked for a riscv64 porterbox. Now we've got one called

        A big thanks to SiFive for providing the HiFive Unmatched board and OSUOSL for assembling the hardware and hosting it.

      • Blisk

        Blisk is the first developer-oriented browser with built-in devices that runs on your desktop and is available for Windows, macOS, and Linux. It provides teams and freelancers with a workspace to develop and test modern web applications twice faster. You can use Blisk as a regular browser to look for something across the web (Browsing mode) or you can use a workspace for web development (Developer Mode).

    • Canonical/Ubuntu Family

      • Daniel LangeYour software stores are a bad idea | Daniel Lange's blog

        There is significant effort involved to get your apt or dnf commands always have a consistent set of servers to talk to.


        That way more admins need to learn how to run high availability services for dubious business opportunities to "later" monetize services. Services that nobody cares to pay for and thus opportunities that never materialize. But every company wants to find that out again. Because if Apple could do it, why shouldn't Canonical be able to do it? $$$!1!!

    • Open Hardware/Modding

      • Tom's HardwareRaspberry Pi Takes Star Trek UI To Red Alert | Tom's Hardware

        Not everyone has the luxury of making their way onto a Starfleet-operated starship but if you’re craving the experience, you’ll have to settle for the next best thing. Today we’re sharing an incredible LCARS interface project put together by Rob, also known as meWho_System47 over at Twitter, who worked with James Mitchell to make it run on our favorite SBC, the Raspberry Pi.

        LCARS is an acronym from the Star Trek universe that stands for Library Computer Access/Retrieval System. The user interface design was created by Michael Okuda a a means to convey a complex computer interfaces, using backlit plastic panels. This interface can be seen on screens throughout the series and is loved by fans for its unique design. This custom LCARS UI project is packed full of features for the modern Star Trek fan and can even interact with real-world technology.

      • Linux HintEnhance Raspberry Pi Zero Functionality with PoE USB HUB HAT

        Want to power up the Raspberry Pi Zero by ethernet cable and need to add some extra USB ports to it then PoE USB HUB HAT would be the best for you. This HUB comes with two USB Type-A and one USB Type-C ports along with the ethernet port. This HUB can add extra functionality to the Raspberry Pi Zero as one can connect the number of devices which will increase the number of applications for which it can be used.

      • Linux HintHow to Legally Download Free ROMs for RetroPie

        RetroPie is a gaming emulator that allows users to play different emulator games like PlayStation, NES, SNES, and so on. The aim of RetroPie is to provide retro gaming support for Raspberry Pi systems so that the user can use the device as a gaming machine. However, to play games on RetroPie, you should need a game ROM that needs to be put inside the RetroPie directory so that you can then play it on your device. To learn more about RetroPie you can check this article.

        If you are looking for help on how you can download free ROMs for RetroPie, follow this article’s guidelines.

        But, before moving toward the process, let’s first discuss ROMs.

      • Linux HintIs ESP32 Better than Arduino

        Both Arduino and ESP32 are microcontroller-based boards that can take inputs and generate output accordingly. Both these boards are famous among students and researchers because they don’t need any extra hardware like CPU to process the information, one just needs a tiny board that can fit in your pocket and perform tasks easily. But a question comes to everyone’s mind is ESP32 better than Arduino.

      • Linux HintInterfacing MQ-2 Gas Sensor with ESP32 Using Arduino IDE

        Sensors are an important part of designing IoT based projects as they feed the data to the system. Microcontroller based IoT boards gained popularity because of their ability to interface different sensors and upload data to the cloud or generate an emergency email.

        The board we are talking about is ESP32 which due to its limitless feature helps users to interface multiple sensors. Gas sensor is among the widely used sensors with ESP32 which can detect fire eruption or gas leakage inside a room. Let’s find out the possible way of interfacing MQ-2 gas sensor with ESP32.

      • Linux HintESP32 ADC - Read Analog Values with Arduino IDE

        ADC (analog to digital converter) is an electronic circuit that comes with different microcontroller boards or integrated inside the microcontroller. ADC is used to convert the analog voltage from different sensors into digital form. Like Arduino, ESP32 also has an ADC which can read analog data. Let’s find out more about ESP32 ADC.

      • CNX SoftwareGiveaway Week 2022 – Pico:ed Smart Cutebot Kit

        The third prize of this year’s giveaway week comes courtesy of ELECFREAKS which offers a Cutebot Pico:ed kit based on the Pico:ed board with a Raspberry Pi RP2040 microcontroller and following BBC Micro:bit form factor. The kit also includes two high-speed motors to drive two wheels, ultrasonic & distance sensors, two RGB LED lights and clearance lamps on the bottom, two line-tracking probes, and an active buzzer used as a horn.

      • ArduinoIncrease a robot arm’s payload capacity by relocating its wrist motors | Arduino Blog

        o give an electric car more range, you need a bigger battery pack. But that adds weight, so you need bigger motors and more battery capacity to compensate. This creates a vicious cycle and robot arms are susceptible to a similar problem. A robot arm needs to lift its own weight in addition to whatever it picks up. Bigger motors to increase the payload capacity also increase weight, thereby decreasing the payload capacity. This video from RoTechnic describes how to sidestep that cycle with remote motors.

        RoTechnic’s robot arm has six degrees of freedom (DoF): a rotating base, a shoulder joint, an elbow joint, a rotating wrist joint, a tilting wrist joint, and a rotating end effector. If the robot were a conventional design, all of those joints (except the first two) would require a motor that adds levered weight to lift. The weight of those motors would subtract from the amount that the arm could otherwise lift. But three of this robot’s motors sit on the table nearby so that it doesn’t need to lift them.

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Content Management Systems (CMS)

      • WordPressIntroducing Twenty Twenty-Three

        Twenty Twenty-Three is here, alongside WordPress 6.1! The new default theme offers a clean, blank canvas bundled with a collection of style variations.

        Style variations are predefined design options that give you the opportunity to alter the appearance of your site without having to change your theme. This means that you can keep your template structure but change the visual details of your site with ease.

        For a truly diverse collection, Twenty Twenty-Three’s featured style variations were submitted by members of the WordPress community, resulting in 38 submissions from 19 people in 8 different countries. From those submissions, a curated collection of ten was chosen and bundled with the new theme.

    • FSF

      • FSFFSD meeting recap 2022-11-04

        Check out the great work our volunteers accomplished at today's Free Software Directory (FSD) IRC meeting.

      • GNUpoke - News: Binary Tools devroom @ FOSDEM 2023 [Savannah]

        GNU poke will be part of the Binary Tools devroom at the next edition of FOSDEM, to be celebrated 4th and 5th February 2023 in Brussels.

        Below is the Call For Proposals for the devroom. Hope to see you there, is gonna be fun! :)

    • Licensing / Legal

      • Vice Media GroupGitHub Users File a Class-Action Lawsuit Against Microsoft for Training an AI Tool With Their Code [Ed: Microsoft keeps breaking thje law in an attempt to injure the competition]

        GitHub programmers have filed a class-action lawsuit against GitHub, its parent Microsoft, and its technology partner, OpenAI, for allegedly violating their open-source licenses and using their code to train Microsoft’s latest AI tool, called Copilot.

        GitHub Copilot, which was launched in June, suggests code and functions to GitHub users in real time. Copilot is powered by Codex, an AI system that was created by OpenAI and licensed to Microsoft. According to OpenAI, Codex was trained on “millions of public repositories” and is “an instance of transformative fair use.” However, open-source programmers on GitHub disagree, claiming that Codex has violated their open-source licenses, which only allow non-commercial redistribution and modification of the code and often have restrictions including a requirement to preserve the name of the authors.

    • Programming/Development

      • escapewindow | blue sky: a federation of automation platforms

        Once upon a time, an excited computer lab assistant showed my class the world wide web. Left-aligned black text with blue, underlined hypertext on a grey background, interspersed with low-resolution GIFs. Sites, hosted on other people's computers across the country, transferred across analog phone lines at over a thousand baud. "This," he said. "This will change everything."

        Some two decades later, I blogged about blue sky, next-gen Release Engineering infrastructure without knowing how we'd get there. Stars aligned, and many teams put in hard work. Today, most of our best ideas made it into taskcluster, the massively scalable, cloud-agnostic automation platform that runs Mozilla's CI and Release Pipelines.

  • Leftovers

    • Hardware

      • IT WireiTWire - Nvidia makes new chip for China to bypass updated US restrictions

        US chip manufacturer Nvidia has created a new advanced chip in China that meets the export control rules laid down by the US administration in October.

        A company spokesperson told iTWire in response to a query: "The Nvidia A800 GPU, which went into production in Q3, is another alternative product to the Nvidia A100 GPU for customers in China.

        "The A800 meets the US Government’s clear test for reduced export control and cannot be programmed to exceed it."

        Reuters was the first to report about the new chip, saying on Monday, "Chinese computer sellers are advertising products with the new chip".

      • IT WireSome US Lexus models losing connected features after 3G shutdown

        Some Toyota Lexus models manufactured between 2010 and 2018 and sold in the US will lose all Lexus Enform features and services after shutdown of 3G networks, a report says.

        Apparently the only way to regain these features is to upgrade to a new model. The features that are lost relate to convenience and safety, the site Jalopnik claimed. Lexus Enform is a telematics program for the luxury brand.

        Major US mobile networks are only now phasing out 3G services, something that happened a while ago in Australia.

    • Health/Nutrition/Agriculture

      • uni MichiganNicotine use & Gen Z

        As I scroll through TikTok, a snippet catches my attention. An indie sleaze song accompanies a video of a beautiful person in a chic outfit, a cigarette casually hanging between their fingers — which are heavily decorated with rings. They take a pleasant drag before blowing the smoke out, gazing mysteriously into the distance through their thick sunglasses as if in a Quentin Tarantino movie scene. They scream “cool,” not only because of their eclectic outfit or “it-girl” body, but also because of the grungy and nonchalant way they inhale a known carcinogen.

    • Security

      • Hacker NewsAmadey Bot Spotted Deploying LockBit 3.0 Ransomware on Hacked Machines [Ed: Microsoft Windows TCO]

        The cybersecurity firm's latest analysis is based on a Microsoft Word file ("심시아.docx") that was uploaded to VirusTotal on October 28, 2022. The document contains a malicious VBA macro that, when enabled by the victim, runs a PowerShell command to download and run Amadey.

      • IT WireMicrosoft fixes four zero-days, 58 other flaws on Patch Tuesday [Ed: Microsoft already helped the NSA exploit these, and for who knows how long....]

        Microsoft has released patches for four zero-day vulnerabilities among the 62 advisories which it released on Wednesday AEDT, in its monthly Patch Tuesday fixes. All of these zero-days have been exploited in the wild.

        Nine of the flaws detailed were in the critical category, the security firm Tenable said in its analysis, with 53 being in the next, important, category.

        Top of the list were two vulnerabilities that affect Windows Mark of the Web, a security feature used to tag files that are downloaded from the Internet, and prevent them from carrying out certain functions.

      • IT WireiTWire - Ransomware group keeps its word, posts Medibank data on dark web

        A ransomware group that on Tuesday threatened to post data stolen from medical insurer Medibank Group on the dark web has kept its word and released a small sample of what it claims is the data it appropriated.

        The operator of this group, that hosts a copy of the site formerly used by the REvil gang, said the data was stored "in not very understandable format (tables dumps) we'll take some time to sort it out and we posting (sic) a small part of the data, in 'human readable format (sample in json file )' also we post all raw data.


        The name of the ransomware used is not definite but some refer to it as BlogXX. But it can attack only systems running Microsoft's Windows operating system.

      • LWNSecurity updates for Tuesday []

        Security updates have been issued by Debian (pixman and sudo), Fedora (mingw-binutils and mingw-gdb), Red Hat (bind, bind9.16, container-tools:3.0, container-tools:4.0, container-tools:rhel8, dnsmasq, dotnet7.0, dovecot, e2fsprogs, flatpak-builder, freetype, fribidi, gdisk, grafana, grafana-pcp, gstreamer1-plugins-good, httpd:2.4, kernel, kernel-rt, libldb, libreoffice, libtiff, libxml2, mingw-expat, mingw-zlib, mutt, nodejs:14, nodejs:18, openblas, openjpeg2, osbuild, pcs, php:7.4, php:8.0, pki-core:10.6 and pki-deps:10.6, poppler, protobuf, python27:2.7, python38:3.8 and python38-devel:3.8, python39:3.9 and python39-devel:3.9, qt5, redis:6, rsync, unbound, virt:rhel, virt-devel:rhel, wavpack, webkit2gtk3, xmlrpc-c, xorg-x11-server, xorg-x11-server-Xwayland, and yajl), SUSE (exiv2, expat, rubygem-nokogiri, sudo, and vsftpd), and Ubuntu (isc-dhcp, libraw, sqlite3, and tiff).

      • Hacker NewsNew Laplas Clipper Malware Targeting Cryptocurrency Users via SmokeLoader [Ed: Microsoft Windows TCO]

        Cryptocurrency users are being targeted with a new clipper malware strain dubbed Laplas by means of another malware known as SmokeLoader.

        SmokeLoader, which is delivered by means of weaponized documents sent through spear-phishing emails, further acts as a conduit for other commodity trojans like SystemBC and Raccoon Stealer 2.0, according to an analysis from Cyble.


        Clippers, also called ClipBankers, fall under a category of malware that Microsoft calls cryware, which are designed to steal crypto by keeping close tabs on a victim's clipboard activity and swapping the original wallet address, if present, with an attacker-controlled address.

      • USCERTCISA Adds Seven Known Exploited Vulnerabilities to Catalog [Ed: Most of these are Microsoft Windows, but CISA fails to say so]

        CISA has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow in the "Date Added to Catalog" column, which will sort by descending dates.

      • XSAs released on 2022-11-08

        The Xen Project has released one or more Xen security advisories (XSAs). The security of Qubes OS is affected. Therefore, user action is required.

      • QSB-086: Speculative security issues on AMD CPUs (XSA-422)

        We have just published Qubes Security Bulletin (QSB) 086: Speculative security issues on AMD CPUs (XSA-422). The text of this QSB is reproduced below. This QSB and its accompanying signatures will always be available in the Qubes Security Pack (qubes-secpack). More information about QSBs, including a complete historical list, is available here.

      • SANSCritical OpenSSL 3.0 Update Released. Patches CVE-2022-3786, CVE-2022-3602, (Tue, Nov 1st) [Ed: This title is still false.]

        As preannounced, OpenSSL released version 3.0.7, which patches two related vulnerabilities rated as "High." Initially, as part of a preannouncement, the vulnerability was rated "Critical." OpenSSL 3.0 was initially released in September of last year.

        The update patches a buffer overrun vulnerability that happens during the certificate verification. The certificated needs to contain a malicious Punycode encoded name, and the vulnerability is only triggered AFTER the certificate chain is verified. An attacker first needs to be able to have a malicious certificate signed by a certificate authority the client trusts. This does not appear to be exploitable against servers. For servers, this may be exploitable if the server requests a certificate from the client (mTLS) [1] . OpenSSL also published a blog post with details here:

        In short: While this is a potential remote code execution vulnerability, the requirements to trigger the vulnerability are not trivial, and I do not see this as a "Heartbleed Emergency". Patch quickly as updated packages become available, but beyond this, no immediate action is needed.

      • SANSInfoSec Handlers Diary Blog - SANS Internet Storm Center

        I spotted a malicious RAR archive that contained a VBS script. It was called “Unidad judicial citacion pendiente Fiscalia.rar” and protected with a simple 4-numbers password to defeat automatic scanning. Inside, the VBS script has the same name. Both are unknown to VT.

      • SANSMicrosoft November 2022 Patch Tuesday, (Tue, Nov 8th) [Ed: Microsoft left many known holes unpatched until it was too late and those were widely exploited]

        The previously disclosed (and exploited) vulnerability is a security feature bypass on Windows Mark of the Web (MOTW) (CVE-2022-41091). According to the advisory, an attacker can craft a malicious file that would evade MOTW defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. The CVSS for this vulnerability is 5.4.

      • SANSWindows Malware with VHD Extension

        Windows 10 supports various virtual drives natively and can recognize and use ISO, VHD and VHDX files. The file included as an attachment with this email, when extracted appears in the email as a PDF but is is in fact a VHD file.

    • AstroTurf/Lobbying/Politics

      • ZDNetWhy Twitter will fail shortly

        Elon Musk has taken over Twitter, and it appears he's already failing on his promise not to turn Twitter into a 'free-for-all hellscape.' But, I'm not here to talk about his policy blunders. That's a story for another day. No, I'm here to predict that Twitter, the site, will soon crash. And, once it fails, it won't be coming up for a while.

      • VideoThe Absolute State Of Twitter - Invidious

        Twitter has become more popular than ever, it's new owner Elon Musk claims to value free speech more than anything else yet he recently decided to add further restrictions to parody accounts.

      • Daniel AleksandersenDon’t record your social life on an append-only social network | Ctrl blog

        Secure Scuttlebutt (SSB) is an alternative, self-governed, distributed social network without gatekeepers. You only see updates and mentions from people you follow, so moderation isn’t as much of an issue as on Twitter. However, the technology that powers the platform is ill-suited for sharing things with our ever-changing social circles.


        All you need to get started is an SSB-compatible client app; you don’t even need an internet connection (except when pushing and pulling updates). Every update you publish, whether public or private, is stored in a local append-only database (AOD). The database exists primarily on your local device.

        The network works by having its users synchronize with each other’s account databases. The databases get distributed through “pub” servers. Some SSB client apps can also exchange updates using other means, such as directly between devices using distributed peer-to-peer (P2P) connectivity. Users and pubs can pass along updates on behalf of mutual connections, so everyone doesn’t need to be online simultaneously for the network to function.

      • VoxMidterm election results 2022: Gen Z candidate Maxwell Frost is elected to Congress, plus more firsts - Vox

        Maxwell Alejandro Frost, a 25-year-old community organizer, has officially become the first Gen Z member elected to Congress after winning a House seat in Florida’s 10th Congressional District.

    • Monopolies

      • EngadgetEuropean Union opens 'in-depth' investigation into Microsoft's purchase of Activision Blizzard

        As expected, the European Commission will carry out a full-scale investigation into Microsoft’s $69 billion bid to buy Activision Blizzard. Following a preliminary probe, the European Commission announced Tuesday (via Reuters) it believes the deal may “significantly reduce competition” in a handful of areas, including the PC and console gaming markets, as well as among cloud gaming services.

        According to the Commission's antitrust officials, Microsoft has the potential economic incentive to prevent competitors from accessing Activision Blizzard’s “high-profile and highly successful games,” including new Call of Duty entries. The body notes it’s also concerned the deal could unfairly advantage Windows against competing PC operating systems. On the surface, that seems like a strange concern, but it’s worth pointing out that the success of devices like the Steam Deck has made Linux something of a viable gaming alternative to Windows.

        With today’s announcement, the European Commission now has 90 working days to complete its probe, a timeline that means a decision would arrive on March 23rd, 2023 at the latest.

      • Jacobin MagazineCory Doctorow Wants You to Fight Big Tech

        In their new book, Chokepoint Capitalism: How Big Tech and Big Content Captured Creative Labor Markets and How We’ll Win Them Back (Beacon, 2022), Rebecca Giblin and Cory Doctorow explain how big market players squeeze creators and consumers through monopoly and monopsony — and outline a way to break free from their grasp.

        Coauthor Cory Doctorow recently spoke to David Moscrop for Jacobin and discussed Chokepoint Capitalism, Doctorow’s anti-capitalist oeuvre, what chokepoint capitalism means for creators and consumers, its prevalence in the cultural industries, and how to fight against it.

  • Gemini* and Gopher

    • Politics

      • On Christian Nationalism

        Fun fact: I was what could now be described as a Christian nationalist in my younger years.

        I thought (my romanticized version of) America was God's country and American culture was godly culture, and Satan was out to destroy it through Democrats and "politically correct" (PC) ideology. I was thoroughly indoctrinated by Trinity Broadcasting Network (TBN) and Christian radio stations and regularly donated to Christian Coalition, American Centers for Law and Justice, and other similar entities. I believed that America's God-given destiny was to conquer the nations and make them submit to the Gospel.

      • The state of American politics on this election day

        I no longer write about politics a lot. After many years of activism and community organizing, and having witnessed the sorry state of U.S. politics, I sort of lost interest. As conservatives used to say, not everything in society is politics, and not everything in society should be addressed in the realm of politics.

        Once again, today's midterm elections are called "the most consequential" of our times. I've heard this two years ago, four years ago, six years ago, and eight years ago. Most of my friends these days are Democrats and left-leaning independents. They feel that a Republican victory will bring an existential crisis to the United States.

      • And hopefully, this means I stop getting SMS spam from politicians

        It's political season. Not to be confused with deer season (or rabbit season, or duck season or even gator season, much to the dismay of many). And it's the second Tuesday of November on an even year, so it's also Federal political season.


        The sun was out, the weather was cool (for Florida, which means the asphalt is only slightly soft from the heat) and as usual [1], I walked to the polling station. It wasn't crowded at all and it only took a few moments to fill out the ballot.

    • Technical

      • Internet/Gemini

        • Quick updates (Nov. 8, 2022)

          I have not been here for about half a year. I have been also not as active on various social media platforms as I used to be.

      • Programming

        • Handling Optional Values in Rust macro_rules

          I couldn't bear the amount of repetitive in code in [one of my projects] that had to do with the definition, identification and representation of token types in the scanner part of an interpreter. All of the token string representations were defined as string constants in one place and then I had created an enumeration of the token types themselves with one function for parsing a string into a token type and one function to get the string representation from a token type. This problem seems like a perfect fit for [a Rust macro], but as we'll see it was a bit more involved to implement than I initially thought. However, once I grokked how to make use of macro recursion over multiple match arms the solution turned out to be quite simple and elegant.

* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.

Recent Techrights' Posts

It's Cheaper to Pay Bribes (and Produce Press Releases) Than to Pay Fines (After Lots of Negative Publicity)
Does the UK still have real sovereignty or do corporations from overseas purchase decisions and outcomes?
November 2023 Over With GNU/Linux at All-Time Highs According to statCounter
ChromeOS+GNU/Linux combined are about 7% of the "market"
Microsoft and Its Boosters Worsen Linux Security
The circus goes on and on
Links 01/12/2023: Facebook Infested With Malicious Campaigns by Imposters, ACLU Gives Advice on Doxxing and Online Harassment
Links for the day
Just Like Its Budget Allocation, the Linux Foundation Devotes About 3% Of Its Latest Newsletter to Linux, Devotes More to Linux's Rivals
It's just exploiting the brand
Links 01/12/2023: Google Invokes Antitrust Against Microsoft
Links for the day
Over at Tux Machines...
GNU/Linux news
UK Government Allowing Microsoft to Take Over Activision Blizzard Will Destroy Jobs
Over 30,000 fired this year? More?
New Report Provides Numerical Evidence That Google Hired Too Many People From Microsoft (and Became Malicious, Evil, Sociopathic)
"Some 12,018 former Microsoft employees currently work for the search and data giant"
Google: Keep Out, Don't Save Your Files, and Also Let Us Spy on Everything You Do
Do you still trust "clown" storage?
IRC Proceedings: Thursday, November 30, 2023
IRC logs for Thursday, November 30, 2023
Links 01/12/2023: Many Suppressions in Hong Kong and Attempts to Legitimise Illegal and Unconstitutional Fake Patent 'Court' in EU (UPC)
Links for the day
Gemini Not Deflated Yet (Soon Turning 5!)
Gemini numbers still moving up, the protocol will turn five next summer
Links 30/11/2023: Belated End of Henry Kissinger and 'Popular Science' Shuts Online Magazine
Links for the day
Site Priorities and Upcoming Improvements
pages are served very fast
[Meme] One Person, Singular Pronoun
Abusing people into abusing the English language is very poor diplomacy
Ending Software Patents in Recent Years (Software Freedom Fighters MIA)
not a resolved issue
New Article From Richard Stallman Explains Why He Says He and She for Unknown Person (Not 'They')
"Nowadays I use gender-neutral singular pronouns for a person whose gender I don't know"
IRC Proceedings: Wednesday, November 29, 2023
IRC logs for Wednesday, November 29, 2023
Over at Tux Machines...
GNU/Linux news
Links 30/11/2023: Rushing Patent Cases With Shorter Trial Scheme (STS), Sanctions Not Working
Links for the day
Links 30/11/2023: Google Purging Many Accounts and Content (to Save Money), Finland Fully Seals Border With Russia
Links for the day
Lookout, It's Outlook
Outlook is all about the sharing!
Updated A Month Ago: Richard Stallman on Software Patents as Obstacles to Software Development
very recent update
The 'Smart' Attack on Power Grid Neutrality (or the Wet Dream of Tiered Pricing for Power, Essentially Punishing Poorer Households for Exercising Freedom Like Richer Households)
The dishonest marketing people tell us the age of disservice and discrimination is all about "smart" and "Hey Hi" (AI) as in algorithms akin to traffic-shaping in the context of network neutrality
Links 29/11/2023: VMware Layoffs and Too Many Microsofters Going Inside Google
Links for the day
Is BlueMail a Client of ZDNet Now?
Let's examine what BlueMail does to promote itself
Just What LINUX.COM Needed After Over a Month of Inactivity: SPAM SPAM SPAM (Linux Brand as a Spamfarm)
It's not even about Linux
Microsoft “Discriminated Based on Sexuality”
Relevant, as they love lecturing us on "diversity" and "inclusion"...
IRC Proceedings: Tuesday, November 28, 2023
IRC logs for Tuesday, November 28, 2023