Hello and welcome to the 488th edition of Linux in the Ham Shack. In this episode, the hosts interview Ed, N2XDD, and Steve, KC1AWV, of the M17 project. We last had them on the show in March of 2021. Today, we discuss the M17 project, what's new, what's old and what's happening. Thank you for tuning in and we hope you have a great week.
Customizing your key maps in Vim is one of the most powerful features of using Vim. By using key mappings, its possible to do things other text editors just can't do. In this video I go over the basics of key mappings to introduce you to how they work and show you a couple of cool bindings to do things from text to speech using espeak to generating pdf documents from markdown with pandoc.
Today we will talk about what search engines we are using to see if we need to make any changes. We have seen earlier this year that DuckDuckGo will start curating results, Google and Bing already do that. StartPage has connections to a data minding company, so what options do we have?
Finally Arch Linux started shipping OpenSSL 3.0 but by doing so it lead to tons of AUR packages especially but even packages in 3rd party repos suddenly breaking and requiring a rebuild but that's what you get relying on a 3rd party repo like that.
In this video, we are looking at how to install Intellij Idea Community on Linux Mint 21.
Microsoft's new goodies for Linux users, the Ubuntu Summit wraps up, and our takeaways from the recent fireside chat with Linus Torvalds.
NVIDIA GPU owners on Linux, it's your time to test something new. NVIDIA have released a Beta driver with version 525.53.
There's a difference between listing selectors in :where(), :is(), and :has() and listing them in a regular selector list.
Sometimes we need selectors with higher specificity to improve readability and comprehensibility, or to limit the elements styles will be applied to.
Partitioning resources with Linux namespaces – partitions resources so that a set of processes only sees a certain set of resources. Namespaces take global resources like – process ids (pids), mount points (mnt), network stack (net), and abstract them so that each process has its own view of them. There are currently 8 different namespaces (mnt, pid, net, ipc, UTS, user, cgroup, and time).
SSH certificates allow system administrators to SSH into machines without having to manage authorized keys in the servers.
In summary, you create a key pair to be used as a Certificate Authority (CA), and add the public key of that key pair to the server: [...]
Not updating the swap file's modification time is a sensible decision that reduces both IO and complexity. Updating file inode times is a known source of unnecessary IO (updating the access time is frequently disabled or significantly limited), and it would add extra work to the 'swap pages out' path to mark the relevant inode for update as well (it might also require taking internal kernel locks to modify the inode's in-memory data). This is clearly a special kernel path, since even using mmap() updates the file modification time (although I believe not necessarily to a completely predictable time).
WordPress's Jetpack plugin allows you to easily syndicate your blog to Twitter, LinkedIn, Tumblr, Email, and a few other services. But there's no native way to publish directly to your Mastodon feed.
This is a guide to how I got my blog to publish every new post to Mastodon with a nicely formatted preview. This uses Jan's "Share on Mastodon" plugin which you'll need to install and configure.
Once you've followed these instructions, you'll get a share which has a headline, excerpt, link, hashtags, and images. Ready? Let's go!
I wanted to share some brief notes on my experience self-publishing on Leanpub. This isn’t an authoritative assessment of publishing options, but that’s actually kind of the point: I love Leanpub because it made it easy for me to self-publish without having to become an expert.
It occurred to me to use Perl Net::DNS to see if I could obtain more details. I asked for a bit of help, and Oli Schacher came to the rescue. First I verify that the current zone is OK so I use the current NS RRset and its RRSIG: [...]
Fedora is a Linux distribution and upstream project for highly stable Redhat Enterprise Linux. It is meant to offer particularly up-to-date programs and multiple desktop environments. In this tutorial, we learn the command to install Google chrome on any currently available version of Fedora.
Well, this Linux only comes with free software. However, we can add third-party repo or enable Fedora’s supplement repository to install propriety applications such as Google Chrome.
In this tutorial, we will show you how to install WoeUSB on Linux Mint 21. For those of you who didn’t know, WoeUSB is a simple Linux program that enables you to create a bootable Windows USB drive from a Windows ISO file. To use WoeUSB, you’ll need a Windows ISO file and a USB drive with at least 4GB of storage. If you need to install Windows from a bootable USB stick, WoeUSB is the ideal tool for the job.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of WoeUSB on Linux Mint 21 (Vanessa).
Net-filter as we all know it’s a firewall in Linux. Firewalld is a dynamic daemon to manage firewalls with support for network zones. In the earlier version, RHEL & CentOS we have been using iptables as a daemon for packet filtering framework.
In newer versions of RHEL-based distributions such as Fedora, Rocky Linux, CentOS Stream, AlmaLinux, and openSUSE – the iptables interface is being replaced by firewalld.
In this guide, I will show you how to find your IP address (private IP address and public IP address) on Ubuntu Linux. I will cover also the steps for an IP location lookup to get IP location. The same steps will work on other Linux distributions like CentOS, Debian, Fedora, Linux Mint, and Rocky Linux.
Knowing how to logout a user in Linux is vital to maintaining a healthy operating system. You might need an ex-employee you want removed from the system, or you have identified a rogue user logged in. Luckily the process of logging out the user is very straightforward.
We will also go into detail about logging out your user from the system if you are using SSH. This process is easy and will help close an SSH connection to your server correctly.
To maintain your Raspberry Pi’s time, the operating system calls external servers to get the current time for your time zone.
This time synchronization is beneficial for your Raspberry Pi since it doesn’t have its own real-time clock to maintain the time. While you can add an RTC to the Pi, it requires you to purchase an additional component.
Today we are looking at how to install Kega Fusion on a Chromebook.
If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!
In this post, you will learn how to install PostgreSQL on Rocky Linux 9 / Alma Linux 9
As we all know, PostgreSQL is one of the most important relational database managers we can find. It is the basis of many large projects that require the advanced features of PostgreSQL.
Another aspect is that Rocky Linux 9 / Alma Linux 9 are recent versions of very server-focused operating systems, so it can be quickly interesting to learn about PostgreSQL in these environments.
In this tutorial, we will show you how to install Chkrootkit on Ubuntu 22.04 LTS. For those of you who didn’t know, The Chkrootkit security scanner is a popular security tool that allows administrators to check the local system for evidence of a rootkit infection. It consists of a shell script that checks various security issues and system binaries for rootkit modification. You can use Chkrootkit in the command line or GUI. It is similar to rkhunter which is another rootkit detection and removal tool.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Chkrootkit security scanner on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.
This tutorial outlines the steps required to install FFmpeg in Ubuntu and Other Linux systems.
The ffmpeg is a collection library and software program to manipulate multimedia files. The entire ffmpeg is a robust set of libraries that allows you to convert, stream, and manipulate audio and video files. Many frontend Linux applications use it as a backend and hence depend on it. For example, a screen recording application may need ffmpeg to convert recorded streams to gif images.
Popular applications and services that use FFmpeg are VLC Media Player, YouTube, Blender, Kodi, Shotcut, and Handbrake – to name a few.
Fun fact: NASA’s Mars 2020 mission rover Perseverance used FFmpeg to complete and process images and video before beaming back to Earth!
Learn how to convert xlsx spreadsheets to csv files by using command line and GUI methods in Linux.
Core Keeper is a total gem of a game and now it's much bigger, with The Desert of Beginning update out now. This is the 1-8 player game where you mine underground, collect resources, build your little base and explore. It's really great and gives a feeling somewhere between Minecraft and Terraria.
Lost in Play is another experiment at making a new kind of adventure game. Here we are far from the retro efforts like Thimbleweed Park or the recent Hob’s Barrow where the focus is on so-called pixel art. Lost in Play is all about extremely high “production values”, as the gaming journalists like to say. It’s almost an interactive cartoon (with vector based characters, as far as I can see), featuring very smooth and detailed animations. It’s a wonder to look at.
DXVK, the translation layer that converts Direct3D calls to Vulkan for use with Wine and Proton, has a big new release out with version 2.0. This is one of the ways that Proton performs so well for Windows games on Linux desktop and Steam Deck.
Want to pick up some games made in Poland? DRM-free store GOG has a couple of nice looking themed sales going on right now.
Combining elements and being inspired by the likes of FTL and Total War, Winter Falling: Battle Tactics is a pretty unique strategy game. It released recently into Early Access and it has Native Linux support.
KDE Neon, the non-distro distribution, is now based on Ubuntu 22.04 LTS.
KDE Neon is released by the KDE Community. While the developers say it isn’t a standalone distro, but rather a way for them to showcase the latest KDE technologies, many use Neon as they would any other distro.
The Rocky Enterprise Software Foundation (RESF) today published its charter and bylaws, documenting the organization’s governing structure and rules for hosting open source projects, including its namesake project, Rocky Linux. The charter and bylaws also describe the RESF vision to create and nurture a community of individuals and organizations that are committed to ensuring the longevity, stewardship and innovation of enterprise-grade open source software that is always freely available.
Linux has a set of events you can query to look at performance of … well lots of things. Its a generic mechanism. Here’s a quick peek at the set of values I can see if I look at an AltraMax running Fedora 36.
[Hack Club] is a group that aims to teach teenagers about tech by involving them in open-source projects. One of the group’s latest efforts is Sprig, an open-source handheld game console, and [Hack Club] has even been giving them away!
Sound travels approximately at 343 meters per second. When two speakers are placed opposite one another and they generate sound with same phases, then acoustic standing sound waves are formed.
Now smaller than a Raspberry Pi 4 (opens in new tab), the Odroid N2L makes a fine alternative if you don’t mind that there's no Wi-Fi, Bluetooth or Ethernet. Its six-core processor is made up of four Cortex-A73 cores which at up to 2.4GHz are faster than the 1.5GHz quad-core A-72 model in the Pi, and adds a couple of A-53 efficiency cores too, plus a Mali-G52 GPU. RAM comes in the form of either 2GB or 4GB of LPDDR4 running at 3216 MT/s, and there's both an eMMC socket and Micro SD card slot for storage.
After receiving a small grant to create the Jetson cluster, it was built from scratch in four months by two students, who also created the acrylic casing, more than 60 of the interconnecting cables, and the power supplies by hand, learning about wire stripping, networking, and laser cutters along the way. (Only one small fire was started.) The computer began life as a collection of Jetson Nano modules spread across a desk, using cardboard boxes as "heatsinks," but was upgraded into the current neat acrylic casing using 3D vector files fed into the laser cutter at the university’s makerspace.
“We started this project to demonstrate the nuts and bolts of what goes into a computer cluster,” said Eric Godat, team lead for research and data science in the internal IT organization at SMU.
Next week, the baby supercomputer will be on display at SC22, a supercomputing conference taking place in Dallas, just down the highway from SMU.
Update (11/10): A previous version of this story incorrectly stated that Upton expects the current shortages to continue for a year, rather than that he expects all stock issues to have been resolved by this time next year. "There’s a vast difference between feeling confident that we’ll be free of shortages in a year and feeling that there will be a year of shortages," Upton told us. To be clearer, this means that he expects the situation to improve over time and to be completely resolved within 12 months.
Recently, one of Instructables user mikerobertgodfrey’s friends adopted a senior dog who experiences frequent separation anxiety, thus causing him to panic when left on his own. As an attempt to help, Mike decided to build an Internet-connected wireless treat dispenser that would accompany a pet camera for remote training.
The device was constructed by first taking various rectangular pieces of plywood an assembling them around a central hub to create a fan-like object with a total of eight compartments for treats. This component was then sandwiched between a solid wooden base and a covering plate of clear acrylic to prevent treats from falling out. Lastly, Mike attached a servo at the back in order to rotate the dispensing mechanism and also embedded an Arduino Nano RP2040 Connect board into the base.
The Arduino Opta is an embedded platform featuring STM32 STM32H747XI dual-core Cortex M7+M4 MCU for real time industrial applications. The device is offered in three variants which combine ethernet, RS485 support and wireless connectivity in addition to relays and 12-24V DC inputs.
My first Mastodon post (that I can find) dates from April 6, 2017. I try to check out interesting new life-online technologies, and this was one. But I found it sort of quiet and empty and didn’t say much. Now, following on Muskification, Twitter may become an unattractive online home, so it’s time to explore alternatives. I’ve been digging deeper into Mastodon (so have really a lot of other people) and this is a progress report.
Social.coop is my third Fediverse home. I joined Identi.ca in 2009, the same year I joined Twitter. Then, in 2017, I switched to Mastodon, moving to the flagship instance at Mastodon.social. It was easy to discover mastodon.social and to register an account, and for years I was fine with staying where I'd landed. I also found that my conversations in the Fediverse tend to be better than ones on Twitter -- people disagree more productively, for instance. And, even though I only had hundreds of Fediverse followers compared to a few thousand Twitter followers, I seemed to get more useful feedback and publicity from the Fediverse than from Twitter -- probably partly because Twitter's recommendations algorithm dislikes my hyperlink-heavy posting style and suppresses my tweets in people's timelines, relative to linkless tweets.
The Skip 1s Universal Remote is our first remote built on a strong foundation with big future plans. We plan on having tight integration with Kodi and custom products as we continue our journey. But Flirc wouldn't exist if not for the Kodi community and their support.
A website is an online place where you can tell people to follow you on different social media so they might have a chance, if the algorithm allows it, to read what you hope to write in the future.
I have to point out that I am not completely against Arc, nor am I declaring its existence to be a failure. I've just decided that it's clearly designed for a different type of user.
While getting browser-native support for transitions could act as an antidote to the JavaScript-heavy SPA experiences common today, I think there’s another equally significant change that could decrease the amount of JavaScript shipped to modern websites: we need either 1) more APIs that speak FormData, or 2) browsers that speak JSON.
Allow me to try and explain.
Vivek Patil is a Professor of Marketing at Gonzaga University, where he used to teach the SPSS to his students for marketing research in the School of Business. After learning about R and attending a course on Data Analysis from Coursera, he learned R to expand his knowledge and introduced R to his students in the Business School.
I've co-organised four in-person research summer schools, most recently as part of the Programming Language Implementation Summer School (PLISS) series, and spoken at two others, and one thing that I've realised is that many people don't really know what they involve. Indeed, I didn't fully realise what they are, or could be, even after I'd been involved in several! This post is my brief attempt to pass on some of what I've learnt about research summer schools.
Scrape and geolocate data from Wikipedia. We will map the active space launch sites.
Some people who use open source software think or feel that they somehow have a right upon the developers of such software to provide support or service of some kind. Some are even so deluded that they think threating the developers with promises of not using the software will somehow force the developers into compliance.
In C++, we might implement dynamic lists using the vector template. The int-valued constructor of the vector template allocates at least enough memory to store the provided number of elements in a contiguous manner. How much memory does the following code use?
This article is going to rely heavily on Feature Flags, so a passing familiarity is useful. In summary, feature flags are the ability to switch features on and off at runtime of the application without requiring re-deployment. Feature flags can also be used to switch on features for specific users or groups of users.
For people that want to use Git, but either aren't a developer, or just want an easier way to use common functionality via the command line, these may be for you.
This blog post examines divergent representations of the same source code variable produced by compiler optimizations. We’ll attempt to define divergent representations and look at the SQLite vulnerability we discovered, which was made easier to exploit by the divergent representation of a source code variable (one exhibiting undefined behavior). We’ll then describe the binary and source code analyses that we used to find more divergent representations in existing open-source codebases. Finally, we’ll share some suggestions for eliminating the risk that a program will be compiled with divergent representations.
The count() function in PHP allows you to count all elements within an array or an object that implements the Countable interface.
There is a common view out there that the Quick UDP Internet Connections (QUIC) transport protocol (RFC 9000) is just another refinement to the original Transmission Control Protocol (TCP) transport protocol (RFC 9293, RFC 793). I find it hard to agree with this sentiment, and for me, QUIC represents a significant shift in the set of transport capabilities available to applications in terms of communication privacy, session control integrity, and flexibility. QUIC embodies a different communications model that makes it intrinsically useful to many more forms of application behaviours. Oh, yes. It’s also faster than TCP!
In my opinion, it’s likely that over time QUIC will replace TCP in the public Internet. So, for me, QUIC is a lot more than just a few tweaks to TCP. Here, we will describe both TCP and QUIC and look at the changes that QUIC has brought to the transport table.
The National Interoperability Framework Observatory (NIFO) that designed the EIF Toolbox is now providing the EIF Online Assistant. The EIF Online Assistant offers an interactive and intuitive interface for seeking open-source digital solutions that help align with the EIF.
Jennifer Aniston briefly lamented on Hollywood’s fading glamour during a recent Allure magazine cover story. The writer of the piece read a text aloud to Aniston in which a friend wrote the following about the “Friends” superstar: “No one’s ever going to be famous the way she is. That kind of mass-fame phenomenon burning so bright for so long, it’s just not achievable today. She’s like a silent-film star among a generation of TikTok dipshits.”
It's kind of useful since you have this group that makes things terrible for other people, and there they are, jumping up and down, waving flags and screaming to get attention because they will never get attention for excelling, since, well, they can't. It's like, gee, you don't have to kick out most of the people. Just get the few assholes in that group - they'll even help you find them! Your group will be far healthier for it.
It's a surprise to many new arrivals in Estonia that wearing a reflector is obligatory throughout the long winter months. In deepest winter, the sun rises at 10 a.m. and sets by 4 p.m., so drivers can need a little extra help seeing pedestrians.
The small, reflective disks should be hung from a pocket, coat or bag and must be clearly visible. Other forms of reflective clothing are also permitted.
In the last decade, scientists have discovered traces on Earth of six intense bursts of radiation, known as Miyake events, scattered over the last 9,300 years. The most popular explanation is that these mysterious signatures were left behind by massive solar storms, leading some scientists to warn that the next Miyake event could cripple the world’s electrical grid. But new research, published in the October Proceedings of the Royal Society A, suggests that more than just solar flares might be behind the enigmatic radiation.
The finding underscores the need for further investigations into these strange bursts, which could potentially harm our society in the future, says physicist Gianluca Quarta of the University of Salento in Lecce, Italy, who was not involved in the study. “Something is not fitting with what we know at the moment.”
This is where a maths concept called information theory can guide us. According to information theory, impartiality can be measured by a metric called mutual information. Mutual information measures the amount of knowledge about a topic of interest that you can extract from a message.
The Right has long pushed a narrative that parents are ready to turn away from public schools. But in this week’s midterms, voters in several states approved ballot measures that increase school funding.
It said the project was part of the so-called PERTE plan of government subsidies for semiconductor research and development using the European Union's pandemic relief funds, which allocates up to 12 billion euros ($12.17 billion), though it did not provide any financial details on the investment.
As an amateur astrophotographer will tell you, you just don’t get to capture the really interesting objects without spending a ton of money on some decent pieces of kit. Telescope aside, there really is a surprising amount of complexity, weight, and associated costs with the telescope€ mount€ alone, let alone one that is capable of any sort of programmable tracking. [Alan (Jialiang) Zhao] clearly wanted to up their game, and having suffered some of the shortcomings of their Sky-Watcher HEQ-5 pro Equatorial mount decided to go ahead and€ build an open-source mount,€ Alkaid, which hopefully works a bit better for them.
As the supply of genuine retrocomputers dwindles and their prices skyrocket, enthusiasts are turning their eyes in other directions to satisfy their need for 8-bit pixelated goodness. Some take the emulation route, but others demand a solution that’s closer to the original hardware. Following the latter path, [iNimbleSloth] is answering the question as to whether it’s possible to build a Sinclair ZX81 from all-new parts in 2022.
But one day their marketing algorithm obviously decided that I was about to become a lost prospect and sent me an irresistible offer. "We miss you! Please enjoy a crate of 36 craft beers for €£40."
Nice! I certainly won't look a gift-beer in the bottle. So I grabbed the bargain and stuck the tinnies in the cupboard.
And then the algorithm went haywire.
Attorney General Rob Bonta announced the lawsuit against the manufacturers of compounds that have been used in consumer goods and industry since the 1940s. The chemicals are found in firefighting foams, nonstick frying pans, cleaning sprays, water-repellent sports gear, stain-resistant rugs, cosmetics and countless other products.
Bonta said these so-called forever chemicals are so strong that they do not degrade or do so only slowly in the environment and remain in a person’s bloodstream indefinitely.
Revenue for the period rose 37%, to $152.1 million, above the consensus estimate of $149 million. DigitalOcean’s own guidance called for sales of between $145.5 million and $147 million. The company also reported an annual revenue run rate of $640.6 million, up 41% from a year earlier, and average revenue per customer of $79.22, up 28%.
The Justice Department identified the suspect as Mikhail Vasiliev who, according to court documents unsealed Thursday, faces charges related to conspiracy to damage computers and transmitting ransom demands. Vasiliev faces up to five years in prison and is awaiting extradition to the U.S.
Now, however, it’s increasingly clear insurers aren’t off the hook for NotPetya payouts or from covering losses from other attacks with clear links to nation-state [attackers].
That’s because in this case, what Mondelez and many other corporations endured was not an act of war, but “collateral damage” in a much larger cyberconflict that had nothing to do with them, said James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies.
Microsoft on Thursday attributed the recent spate of ransomware incidents targeting transportation and logistics sectors in Ukraine and Poland to a threat cluster that shares overlaps with the Russian state-sponsored Sandworm group.
The attackers behind the ransomware heist on medical insurer Medibank Group are believed to be in Russia, the Australian Federal Police claims, without naming any of those involved.
Commissioner Reece Kershaw told the media in Canberra on Friday afternoon that the intelligence collected thus far pointed to "a group of loosely affiliated cyber criminals, who are likely responsible for past significant breaches in countries across the world".
A nonprofit organization is suing the state of Massachusetts on behalf of thousands of low-income families who were collectively robbed of more than a $1 million in food assistance benefits by card skimming devices secretly installed at cash machines and grocery store checkout lanes across the state. Federal law bars states from replacing these benefits using federal funds, and a recent rash of skimming incidents nationwide has disproportionately affected those receiving food assistance via state-issued prepaid debit cards.
The Center for Law and Social Policy€ (CLASP) recently published€ Five Ways State Agencies Can Support EBT Users at Risk of Skimming. CLASP says while it is true states can’t use federal funds to replace benefits unless the loss was due to a “system error,” states could use their own funds.
U.S. financial institutions observed nearly $1.2 billion in costs associated with ransomware attacks in 2021, a nearly 200 percent increase over the previous year, according to data reported by banks to the U.S. Treasury Department and released in a report Tuesday.
The report comes amid an effort by the Biden administration to crack down on ransomware operators globally and illustrates the scale of the challenge facing law enforcement agencies and policymakers.
A top White House cyber official spoke at a NATO meeting in Rome Thursday, convening with allies to hone plans for rapidly responding to nation-state [breaches] and other digital threats.
Thursday’s meeting follows a June commitment from officials representing 30 NATO countries to significantly boost NATO’s cyber defenses as an alliance and at the national level.
Multi-cloud services provider VMware has excised a document from the site of its fully-owned security provider Carbon Black which details services provided to Medibank Group, the medical insurer that has been hit by attackers and had its data purloined.
This was disclosed on Friday by the Australian Financial Review's national correspondent Michael Roddan in the newspaper's Rear Window section.
Roddan wrote that he had not been able to access the page even on the Wayback Machine aka the Internet Archive which stores pages from the Web.
[...]
Back in 2017, the global security firm Sophos removed a page touting its work for the British National Health Service after the latter was overwhelmed by an attack of the WannaCry ransomware.
The ABC has been caught out changing an online news report after iTWire pointed out that the report in question — about Thursday's Q+A program — contained no mention of the fact that Alastair MacGibbon, the chief technology officer of security shop CyberCX, is currently providing advice to Medibank Group, a company which recently suffered a devastating network attack.
MacGibbon was given a platform to tout his wares on the ABC's Q+A program on Thursday with only a fleeting mention of the fact that his firm is now advising Medibank how to deal with its ransomware attack and subsequent data leak.
But even that kind of mention was absent in the online news report as can be seen from the screenshots included in this article.
Global PC vendor Lenovo has fixed two vulnerabilities in some of its laptop models that could lead to a disabling of secure boot, thus exposing a user to the injection of malicious code at boot time.
In an advisory, the company said the following three issues had been reported in the UEFI firmware of its notebooks:
"CVE-2022-3430: A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
"CVE-2022-3431: A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.
On 17 August 2022, an attacker was able to steal approximately USD 235,000 in cryptocurrency by employing a BGP hijack against the Celer Bridge, a service that allows users to convert between cryptocurrencies.
In this blog post, I discuss this and previous infrastructure attacks against cryptocurrency services. While these episodes revolve around the theft of cryptocurrency, the underlying attacks hold lessons for securing the BGP routing of any organization that conducts business on the Internet.
GDPR Rights in Sweden: Court confirms that authority must investigate complaints. So far, the Swedish IMY has taken the view that users don’t have party rights in GDPR procedures.
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months. So far, the IMY took the view that users are not a party in procedures concerning their own GDPR rights. The right to get a decision within six months also applies if the IMY opens a parallel ex officio investigation into the same company.
With all this collection of data, it’s difficult for users to get a sense of what their privacy rights are and how they can protect themselves from illicit uses of their data. Every company has privacy policies, which range from opaque legalese to gamified, easy-to-read versions. Usually, when you sign up to use a social media platform, you agree to many things, including having your data stored by that platform. If you’re concerned with how your data might be used, your one option for protecting yourself is to opt out completely from using the platform.
We’ve also extended greatly the relay statistics exported on the MetricsPort in order to help us gather more easily information that we can graph over time. As a reminder, that data, as a relay operator, should NEVER be made available publicly.
The EU Parliament today approved the directive to increase cyber security (“NIS 2”) by a large majority. According to it, the registration of [Internet] domain names shall in the future require the correct identification of the owner in the Whois database (Article 28). The obligation to register the identity explicitly also applies to “privacy” and “proxy” registration services and resellers (Article 6). Public authorities and private individuals wil have access in case of “legitimate interest”. “Whois privacy” services for proxy registration of domains thus become illegal, threatening the safety of activists and whistleblowers.
The chilling photos of the 1938 Nazi pogrom were released on Wednesday, the 84th anniversary of what is known as the night of broken glass, or Kristallnacht, the organized and widespread attacks on Jews that are widely commemorated as the start of the Holocaust.
The pictures, taken in the Bavarian cities of Fürth and Nuremberg, were in an album that had been secreted away by a former American soldier and then donated to Yad Vashem, the World Holocaust Remembrance Center in Israel, after his death.
On Nov. 9 and 10, 1938, Nazi thugs, often accompanied by cheering civilians, attacked Jewish people and their homes, businesses and synagogues, in a coordinated assault that the Nazi leadership wanted to appear spontaneous.
On the night of November 9, 1938, the sounds of breaking glass shattered the air in cities throughout Germany and parts of Austria while fires across the countries devoured synagogues and Jewish institutions. By the end of the rampage, gangs of Nazi storm troopers had destroyed 7,000 Jewish businesses, set fire to more than 900 synagogues, killed 91 Jews and deported some 30,000 Jewish men to concentration camps. In a report back to the State Department a few days later, a U.S official in Leipzig described what he saw of the atrocities. "Having demolished dwellings and hurled most of the moveable effects to the streets," he wrote, "the insatiably sadistic perpetrators threw many of the trembling inmates into a small stream that flows through the zoological park, commanding horrified spectators to spit at them, defile them with mud and jeer at their plight."
At the 11th hour on the 11th day of the 11th month of 1918, the Great War ends. At 5 a.m. that morning, Germany, bereft of manpower and supplies and faced with imminent invasion, signed an armistice agreement with the Allies in a railroad car outside Compiégne, France. The First World War left nine million soldiers dead and 21 million wounded, with Germany, Russia, Austria-Hungary, France and Great Britain each losing nearly a million or more lives. In addition, at least five million civilians died from disease, starvation, or exposure.
After four terrible years, fighting in the First World War finally ended with the signing of an armistice between Germany and the Allies on 11 November 1918. On the 11th hour of the 11th day of the 11th month, the guns fell silent. New Zealanders celebrated enthusiastically, despite having recently celebrated the surrenders of the three other Central Powers – Bulgaria, Turkey and Austria-Hungary – and the premature news of an armistice with Germany.
November 11, 2022, Armistice Day, marks 104 years since the end of the First World War. Every year the nation comes together to remember the bravery of the men and women who played a role.
An Act of Remembrance will take place at 10.50am on Friday, 11 November at the War Memorial in Old Town Churchyard.
A two-minute silence is held at 11am on November 11, in a tradition that was first started 100 years ago by King George V in 1919.
The tent protest, which started on Monday in Albertplatz to protest the chemical attacks by the Turkish state in Dresden, continued on Tuesday.
The complaints body said Mohan’s tweet violated the BBC’s social media guideline that “staff should also not post offensive or derogatory comments or content on social media and avoid abusing their position as a BBC employee in personal interactions”. The ruling “was reported to the management of BBC World Service and discussed with Ms Mohan”.
It's still possible to avoid such widespread calamities, but only if countries move far more aggressively to cut the pollution driving climate change. The Earth has warmed about 1 degree Celsius so far. If countries, including the United States, follow through on current promises to reduce greenhouse gas emissions, the latest estimates suggest that Earth's temperature will still top out around 2.8 degrees Celsius of warming.
Here are the three most important and well-studied changes, from collapsing ice sheets to thawing Arctic permafrost, to disappearing coral reefs.
The report said that if emissions stay so high, the world faces a 50% risk of breaching a key 1.5C temperature rise threshold in nine years.
Subsequently, on the IETF mailing list, there has been continuing discussion and the Internet Architecture Board (IAB) has announced three half-day sessions to be held from December 2022 to discuss the environmental impact of Internet applications and systems. The workshop is inviting discussion paper submissions.
Again, Levine explains why as a financial journalist, he is interested: [...]
According to Margaret Chen, who runs Cambridge Associates' endowment and foundation practice, colleges and universities are figuring out how to transition away from traditional energy.
"The thing about divestment from fossil fuels is it's important, and it's a continuing trend," Chen says.
It is possible to have a diversified portfolio that performs well that does not include fossil fuels, Chen says.
A band of climate activists is prowling the streets of New York City at night, deflating tires on SUVs it believes are destroying the earth.
Namibia has high hopes for green hydrogen, given its onshore wind, solar, abundant land and sea export opportunities, and wants to become a hub for the synthetic fuels industry.
The Decoy Effect is a cognitive bias that occurs when people are presented with two options, and one of the options is clearly inferior to the other. The inferior option acts as a decoy, and people are more likely to choose the superior option if it is presented alongside the inferior option.
The former chief of the Australian Strategic Policy Institute, Peter Jennings, appears to be in serious denial about one thing: no matter the state of bilateral relations with China, Australia is dependent on that country for its economic well-being.
That's probably why he is always dishing out his propaganda to the Federal Government or the states to dissociate themselves from this or that involvement with a Chinese entity.
As iTWire has detailed quite often, ASPI, mostly funded by the Australian Government, calls itself an independent think-tank but is a lobby group for the defence industry and big technology companies.
Jennings periodically ventilates his views — which are nauseatingly similar from week to week — in theThe Australian, trying to push the government to toe the US line. In fact, he seems to think he has a better idea of how to run the country, judging by the gratuitous advice he often doles out to Prime Minister Anthony Albanese.
A spokesperson for the Federal Trade Commission said in an emailed statement that it is keeping watch on the situation.
The most visible problem arose from Musk’s harebrained idea of selling verification badges for $8 a month — without a mechanism for confirming the user’s identity. For years, you could trust that a blue check next to, for example, the name “Rudy W. Giuliani” indicated that the account was controlled by the former mayor of New York. Now, for a quite reasonable price, anybody can log on as the “real” Giuliani and tweet stuff like “I shidded” until they’re suspended.
Asked if Musk was “a threat to U.S. national security” and whether the federal government should “investigate his joint acquisition of Twitter with foreign governments, which include the Saudis,” Biden replied, choosing his words carefully:
“I think that Elon Musk’s cooperation and/or technical relationships with other countries is worthy of being looked at,” Biden said. “Whether or not he is doing anything inappropriate, I’m not suggesting that. I’m suggesting that it [is] worth being looked at. And — and — but that’s all I’ll say.”
The developments were part of another whirlwind day in Musk's acquisition of the social media platform. It began with an email to employees from Musk on Wednesday night ordering workers to stop working from home and show up in the office Thursday morning. He called his first "all-hands" meeting Thursday afternoon. Before that, many were relying on the billionaire Tesla CEO's public tweets for clues about Twitter's future.
Twitter's new owner Elon Musk on Thursday raised the possibility of the social media platform going bankrupt, capping a chaotic day that included a warning from a U.S. regulator and departures of senior executives viewed as future leaders.
But Mastodon is not the most intuitive social media platform. Mastodon is open-source software, meaning anyone so inclined could set up a server to host users and connect to other servers, making for a decentralized network.
b "Nobody is in control of the entire network," Rochko said.
"It is, in effect, more democratic," he asserts, because the operators of each individual server can set content standards based on the preferences of the communities they're trying to serve.
But he admits many new users get hung up on choosing which server from thousands to join.
In my last post, I mentioned that Social (Control) Media is dying off, and we’re no worse for wear because of it.
I noted that Musk was ruining Twitter (as a business) and clearly had no idea what to do, because he has no successful businesses on their own merit, which make profit without ripping off the public via government theft of wages. (Taxation to give to private companies as endless bailouts.)
Musk is hardly alone. Many of the large US corporations operate this way.
The cuts are a result of operating costs growing too quickly. Leadership misjudged how much the [Internet] economy would continue to grow, Collison wrote in the memo.
Around 14% of people at Stripe will be leaving the company. We, the founders, made this decision. We overhired for the world we’re in (more on that below), and it pains us to be unable to deliver the experience that we hoped that those impacted would have at Stripe.
Stripe's memo told laid-off employees they would receive pay until at least February 21, 2023, annual bonuses for 2022, pay for unused time off, healthcare for six months, accelerated stock-option vesting, career support, and immigration-services support for visa holders. Meta's memo pointed to similar benefits for laid-off employees based in the US; at least 16 weeks of base pay, paid-out PTO, healthcare for six months, and career and immigration support.
At the meeting on Thursday, Mr. Musk warned employees that Twitter did not have the necessary cash to survive, said seven people familiar with the meeting who spoke on the condition of anonymity. The social media company was running a negative cash flow of several billion dollars, Mr. Musk added, without specifying if that was an annual figure. He mentioned bankruptcy.
Apple assisted YMTC in hiring engineers from established Western companies in order to improve its yields and productivity, according to the NYT report that cites three people familiar with the matter. So far, neither Apple nor YMTC have confirmed or denied the information, though the California-based consumer electronics giant is known for helping its manufacturing partners to build their operations.
Thursday’s order, imposed by Connecticut Judge Barabara Bellis, is in addition to the $965 million jurors last month ordered Jones to pay to the families of the shooting victims and an FBI agent who responded to the attack for the suffering he caused them by spreading the lies on his platforms, including his show Infowars, about the massacre.
Alex Jones and his media company Infowars have been ordered to pay an additional $473 million to Sandy Hook families for promoting false conspiracy theories about the 2012 school shooting, bringing his total damages up to nearly $1.5 billion.
Infowars host Alex Jones and his company were ordered by a judge Thursday to pay an extra $473 million for promoting false conspiracy theories about the Sandy Hook school massacre, bringing the total judgment against him in a lawsuit filed by the victims’ families to a staggering $1.44 billion.
Connecticut Judge Barbara Bellis imposed the punitive damages on the Infowars host and Free Speech Systems. Jones repeatedly told his millions of followers the massacre that killed 20 first graders and six educators was staged by “crisis actors” to enact more gun control.
Disinformation researchers and security companies say that discussion on the [Internet] of violence against poll workers has surged in the run-up to the 2020 elections. In the three months leading up to Tuesday’s vote, online conversations about “violence against poll workers” spiked by 137% on Twitter, compared to the same time period before the 2020 election, according to an analysis carried out by the social-media monitoring firm Zignal Labs.
Across all social media platforms, discussions of “election violence” increased by 790% in October compared to the previous month. Conversations about violence against poll workers increased by 225% over the same time period.
“I certainly would not expect the disinformation to end on Election Day,” said Suzanne Spaulding, a former undersecretary at the Department of Homeland Security who now directs the Defending Democratic Institutions project at the Center for Strategic and International Studies. “I think in fact, that it will grow, particularly in a context in which it appears as though, for example, somebody who’s an election denier is losing.”
Researchers and national security officials warn that how these narratives play out and whether they gain widespread acceptance could determine if a significant percentage of the public rejects the outcome of the elections. And if they don’t, they warn, that could trigger outbursts of political violence.
The most recent arrest was 24-year-old Ana Baneira, who HRANA says was taken into custody during the protests and jailed “in recent days,” citing sources close to her family, though they said the actual date she was arrested and her whereabouts are unknown.
Over on the Communia blog, Paul Keller has a good exploration of how the Czech Republic is tackling the issue. The current Czech proposal is particularly interesting because it is one of the first to be available after the EU’s top court, the Court of Justice of the European Union (CJEU), brought a little clarity on the safeguards that need to be included in national implementations of Article 17. Notably, the language of the latest version of the Czech law: [...]
It concludes, “We do not state these propositions in the comfortable belief that what people read is unimportant. We believe rather that what people read is deeply important; that ideas can be dangerous; but that the suppression of ideas is fatal to a democratic society. Freedom itself is a dangerous way of life, but it is ours.”
Dr. Fincancñ is a globally renowned forensic physician, anti-torture expert, and human rights champion. She has devoted her professional life to the investigation and documentation of torture. Preparing reports on cases of torture and writing on medical ethics in the 1990s, when torture was prevalent in Turkey, she was met with oppression and resistance by the state. During this period Dr. Fincancñ co-developed the Istanbul Protocol, the UN-endorsed, global standard for the investigation and documentation of torture.
The Office of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights (IACHR) organized the event as “a tribute to journalism in the Americas, in the deadliest year for the press.”
Hunter said the investigation showed the deputies violated policies. Harrison faces a suspension of seven days without pay. He will not be eligible for any “favorable action” for two years, Hunter said. Gohde faces suspension without pay for two days, Hunter said.
ICWA established minimum federal standards for removing native children from their homes. It required state courts to notify tribes when an American Indian child is removed from her family, and it required that in foster and adoption placements, preference be given first to a child's extended family, then to other members of the tribe, and, if neither is available, the preference is for a child to be placed with a different tribe.
In the court Wednesday, lawyers for the state of Texas and for non-Native adoptive parents told the justices that ICWA violates the Constitution by discriminating based on race. But the tribes and the U.S. government countered that the courts have long considered American Indians to be a political group, not a racial group.
"His behaviour caused people to become perplexed and annoyed as he was using foul language which some of the Muslim prisoners took great offence to," added the statement.
"I was told he was beaten up at the prosecutor's office and then beaten in the van. I was told by many prisoners' guards had boasted about having beaten him," read another excerpt from his statement.
The new rule, introduced this week, further squeezes women out of an ever-shrinking public space that already sees them banned from traveling without a male escort and forced to wear a hijab or burqa whenever out of the home.
Schools for teenage girls have also been shut for over a year across most of the country.
A transfer agreement was formally signed on Monday to make the Atlantic First Nations Water Authority (AFNWA) become the first indigenous water utility in Canada.
The agreement, signed by Potlotek First Nation Chief Wilbert Marshall, AFNWA Chief Executive Officer Carl Yates and the federal Minister of Indigenous Services Patty Hajdu, initiated the transfer of responsibility for the operation, maintenance, and capital upgrades of all water and wastewater assets in participating First Nations to the Indigenous-led AFNWA.
A spokesman for the Vice and Virtue Ministry told the BBC those managing parks in the capital had been told not to allow women in.
The group claims Islamic laws were not being followed at parks.
The Taliban overran the country last year, seizing power in August 2021. They have banned girls from middle school and high school, despite initial promises to the contrary, restricted women from most fields of employment, and ordered them to wear head-to-toe clothing in public.
A spokesman from the Ministry of Virtue and Vice said the ban was being introduced because people were ignoring gender segregation orders and that women were not wearing the required headscarf, or hijab. Women are also banned from parks.
At least 328 people have been killed and 14,825 others arrested in the unrest, according to Human Rights Activists in Iran, a group that's been monitoring the protests over their 54 days. Iran's government for weeks has remained silent on casualty figures while state media counterfactually claims security forces have killed no one.
As demonstrators now return to the streets to mark 40th-day remembrances for those slain earlier — commemorations common in Iran and the wider Middle East — the protests may turn into cyclical confrontations between an increasingly disillusioned public and security forces that turn to greater violence to suppress them.
Mohammed Akef Mohajer, a Taliban-appointed spokesman for the ministry, said the group had “tried its best” over the past 15 months to avoid closing parks and gyms for women, ordering separate days of the week for male and female access or imposing gender segregation. “But, unfortunately, the orders were not obeyed and the rules were violated, and we had to close parks and gyms for women,” he said.
Over the past few weeks there have been major developments in the much-discussed dispute related to patents held by the non-practicing entity VLSI Technology.
Popular adult entertainment site DaftSex will soon lose its domain name. MindGeek defeated the pirate site in court and also secured more than $32 million in damages. The verdict comes after the court previously denied a broad injunction that required hosting and CDN providers to take action as well.
There are five major publishers (maybe four, by the time you read this, depending on whether the FTC allows Penguin Random House to go ahead with its acquisition of Simon and Schuster). There’s one major national brick-and-mortar book€store chain. There’s one major global ebook seller (which also sells more than 40% of all trade books, and sells nearly every trade audiobook). There’s one independent national trade book distributor.
Between them, these firms demand an ever-greater share of the wages of writers’ creative labor. Contracts demand more – ebook rights, graphic novel rights, TV and film rights, worldwide English rights – and pay less. Writers are expected to hustle more – on social media, on book blogs, on review sites – while publicity departments dwindle.
We’re the hungry schoolkids. The cartels that control access to our audiences are the bullies. The lunch money is copyright.
This happens to me every so often, and I am old enough to just let it roll off. I've hit a local low. My brain function is at a sad level, and I am muddled and confused about simple things. I must not do anything important for a few days. I managed to sign myself out of my Amazon account on the TV trying to get to Netflix. Doi.
Actually I am definitely past the low. I stepped up excercise, and ran a couple of miles today on the treadmill in addition to a ton of walking, way more than double my target. That generally helps.
Introducing “mysterious spells” helped solve all those weird timing issues and made the spell identification rules an optional benefit to PCs and NPCs as opposed to a chore to slow down the game when it doesn’t matter.
Making the spell “mysterious” doesn’t cost anything, it’s just a free, optional cloak, and it’s always better but it’s such a drag so we usually only do it rarely. But when it matters it matters.
A website is an online place where you can tell people to follow you on different social media so they might have a chance, if the algorithm allows it, to read what you hope to write in the future.
A social media is a platform where you can create an account, get an audience and ask them to follow you on another social media platform.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.