By now, you are likely well aware of Kubernetes, the comprehensive container orchestration platform. Although many people think the platform is overly complex and not beginner-friendly, this is not necessarily true. Miniaturized Kubernetes distributions (distros) make the platform much more accessible as they do not require a wide range of
In this video, I am going to show an overview of TUXEDO OS 2 and some of the applications pre-installed.
A Quick Overview of CachyOS 230121
In this video, I am going to show how to install Clear Linux 37980.
Linux Commands in 60 Seconds - A series of YouTube Shorts that covers very basic usage of many popular commands, one video at a time.
Linux Commands in 60 Seconds - A series of YouTube Shorts that covers very basic usage of many popular commands, one video at a time.
OpenStack is an open-source cloud computing platform that enables you to build your very own private cloud that is completely under your control.
In this video, we are looking at how to install PhpStorm on Linux Lite 6.2.
In this video, we are looking at how to install RubyMine on Linux Lite 6.2.
joel studies for tests.
Marcel and Evan decide to, at the very least, attempt to take TIC TEK TOE direct to YouTube. While here, they discuss the new tech being used to record, namely Wave.Video, along with virtual reality games (Marcel got himself a PSVR2 headset for his PS5 game console), ChatGPT, artificial intelligence, guardrails, blogging, and attempts to fix the news.
There is some debate within the Emacs community about whether it is "wrong" to use the Evil keybindings (the Vim bindings).
WINE is great but until now it has had to run through Xwayland on the Wayland side that is now beginning to change as the first of the native WINE wayland drivers is getting ready to be merged
Canonical as the developers of Snap are all in on it but a lot of the flavors have been shipping it as a default, Canonical supposedly with support of the flavors has decided to stop this trend in it's tracks
What is an "everything app"? The planned features are the following: video, encrypted direct messages, longform tweets, Blue Verified program, and payments. It would mean there's a big incentive to use Twitter for all of these things: as a creator, why would I use different platforms for my videos, my articles and my social posts if I can use my Twitter following for everything? As a general user, I can just follow the people I like in one single place, no need to use ten apps to see everything. And since I'm already there for the videos and articles and tweets, why not also use the DMs in here, instead of using a separate app? And at that point, the payment feature makes sense, and since I setup a payment method, why not use Twitter to pay in real life as well?
Recently, I recorded a 15-minute tutorial with supporting materials on how to automate graphics production in Inkscape.€ I demonstrated this by building a base template and automatically replacing various text strings in the file from a CSV using the Next Generator Inkscape extension by Maren Hachmann.€ In case you'd rather read instead of watching a video, you can read the accompanying article€ How I automate graphics creation with Inkscape here on Opensource.com.
Based on popular demand from that tutorial, I created a more advanced tutorial that expands upon the last one. It demonstrates how to automate image replacement and changing colors using the same method.
You can watch it on the€ Fedora Design Team Linux Rocks PeerTube channel€ or the embedded YouTube video below... €
My target machine is the Steam Deck, that uses .xz for compressing the modules. Giving that we want gamers to be able to install as many games as possible, the OS shouldn’t waste much disk space. amdgpu, when compiled with debug symbols can use a good hunk of space. Here’s the comparison of disk size of the module uncompressed, and then with .zst and .xz compression: [...]
One reason why there are so many Linux desktops is that there's endless disagreement on what makes the best desktop. Now, GNOME, Debian, and KDE are exploring the idea of uniting, using Flatpak to create a Linux desktop app store.
Arriving more than seven months after Mixxx 2.3.3, the Mixxx 2.3.4 update brings controller mapping support for the Traktor Kontrol S2 Mk1 and the Numark Party Mix controllers, and improves sampler and HotCue buttons for the Traktor S3 controller, which was introduced in the previous release, and improves support for the Denon DJ MC7000 and Ableton Push controllers.
OMixxx 2.3.4 also adds HotCue clear with pad support and improves sliders, knobs, and inverted tempo fader for the Numark DJ2Go2 controller, adds an inverted pitch slider to the Numark N4 controller to match the GUI orientation, and adds support for arbitrary maximums in 7-bit and 14-bit handlers from controller scripts to Potmeters.
yewtube is a command-line tool to search, browse, and play YouTube videos directly from your terminal, for Linux, macOS, and Microsoft Windows. It uses no API keys, and it can play audio only or audio/video using a third-party media player like VLC, mpv or mplayer, with lots of features on top.
yewtube is a fork of mps-youtube, which had its last release in back in 2018. This January, yewtube was merged back in mps-youtube, and its development continues at https://github.com/mps-youtube/yewtube. The fork is a year old, and it contains numerous bug fixes as well as some minor new features such as the ability to run yewtube over tor using torsocks, and the ability to set the mplayer cache.
HDR software allows computer graphics to offer the full real world levels of illumination, with darker darks and brighter lights, while at the same time increasing the amount of lighting detail displayed in all areas of the image. While standard image formats utilizes 8, 16 or 24 bits with applied gamma and color space, the HDR image format extends the bit depth up to 96 bit in a linear color space. Additionally, HDR images can be photometrically correct.
HDR images are normally generated by combining multiple normal images of the same scene taken with different intensity levels, or as the result of creating a global illumination rendering.
To provide an insight into the quality of software that is available, we have compiled a list of 10 top quality open source HDR applications. Hopefully, there will be something of interest for anyone interested in HDR imagery.
Can docker Desktop connect to remote host? Yes. Follow through this guide to learn how to connect to Remote Docker environment on Docker Desktop. Docker desktop is a GUI based application that enables developers to easily create environments for building their applications.
The Linux Kernel is under constant development and improvement. Everyday patches are submitted to the Linux Kernel Mailing List (LKML). Some of these patches get accepted and merged into the mainline Linux kernel and become available to the user, other patches never do.
Sometimes it is useful to get patches from the LKML, for example if you are developing in the kernel or simply because you want to stay at the bleeding edge. Another reason could be that you need patches that were proposed to the LKML but were never merged. This can happen when developing with exotic hardware, for example a driver could have been submitted but never merged because of some reason (e.g., code doesn’t follow the kernel guidelines etc.), however this code might still be of interest to you.
In this post we will explore how we can incorporate code from the LKML into our kernel.
Specifically, the character in question is Unicode U+2010 Hyphen (also). The email in question was sent to us using this character in a destination address that actually had the ASCII dash; given that the U+2010 version of the address didn't exist, Exim on our external MX gateway rejected it. These days, Exim's logging is in UTF-8, as is pretty much anything you'll use to read the logs, so the result was pretty confusing to disentangle. To all appearances it looked like our email system had temporarily glitched out and decided that some valid local addresses didn't actually exist.
Long time no see! While I have a few other, longer blog posts still cooking, I figured I’d post about a cool bit of CSS I came across on eli_oat’s site which adds a marker to every link on a site that points to an external domain.
This means that links which point to pages on the same site (or within the same domain, if configured like that) look like this: paritybit.ca, whereas links which point to any external domain look like this: example.com.
Google Chrome isn't available in the official Ubuntu repositories. So how do you go about updating the app once it's installed?
If you encounter the command not found error while using ifconfig, here's an easy way to solve it.
The Linux terminal is a powerful tool that allows you to perform various system operations using commands. File manipulation, program management, and service automation are some of the operations you can carry out efficiently using shell commands.
However, when it comes to executing multiple operations, running commands one by one isn't efficient. A faster way to do it is to chain multiple commands in one line. Not only does this speed up the process, but it also saves you time.
Let's explore all the ways to run multiple commands at once in Linux.
Want to make the switch from Linux to Windows? Here's a guide on creating a bootable Windows USB on Linux, covering everything from downloading a Windows ISO to flashing it to a USB drive using WoeUSB and balenaEtcher.
Recently I started using a Mac for the first time. The biggest downside I’ve noticed so far is that the package management is much worse than on Linux. At some point I got frustrated with homebrew because I felt like it was spending too much time upgrading when I installed new packages, and so I thought – maybe I’ll try the nix package manager!
Play Android and Linux games on the Anbernic RG353P retro handheld! It can run both with its Android 11 or Linux operating systems. This gives you impressive support and compatibility for your gaming library, emulators, and apps. Additionally, it has a 3.5” IPS 640 x 480 touchscreen display for vibrant gameplay right on the device. With a premium-quality build, it has dual analog sticks as well as dual speakers for high-quality stereo sound. Moreover, it offers Wi-Fi and Bluetooth 4.2 connectivity, and it has a powerful quad-core 64-bit RK3566 processor. This works together with the fast LPDDR4 2GB RAM. Not only that, but it also has a 3,500 mAh battery capacity that delivers up to 6 hours of battery life. You’ll also get an included screen protector and microSD card included. Elevate your gaming setup with this retro gadget!
There is a chance that you do not intend to use games to tell your stories, to convey your messages or to help with training and simulations in your company. [...]
This new iteration took +3 years of hard work, they added a myriad of technical features: improved performance and multithreading, better shading and lighting, bringing Godot closer to the big engines. You can check the novelties here: https://godotengine.org/article/godot-4-0-sets-sail/
The waiting is done; version 4.0 of the Godot game engine has been released.
Right after Steam Next Fest, before I could put down my gamepad, Valve presents us Steam Mystery Fest. It focuses on games where you investigate and solve mysteries, detective games of all kinds already released or upcoming.
Are you a Wayland user? Do you play Factorio? The latest update should make things a lot smoother for you.
Ghost Ship Publishing and Funday Games recently announced a Deep Rock Galactic spin-off named Deep Rock Galactic: Survivor and I need it right now.
Japanese developer Odencat just released Meg's Monster, a cute looking short JRPG with a rather interesting twist.
Valve has updated the Steam Deck Preview update branch to bring with it Steam Deck OS 3.4.6 Beta and it's quite an exciting one. It brings an update to the open source Mesa graphics drivers with Mesa 23.1, mainly focused on the Vulkan side of things but DXR Ray Tracing is coming too but not quite ready yet.
As has been reported in various other places already, this week the “master” branch of Plasma-aligned software repos have been ported to Qt 6. Work is ongoing, but the actual change-over is happening very quickly, and adventurous people are able to run Plasma 6 in a usable state already! This builds on years of work to port old code away from deprecated APIs and libraries that was just quietly happening in the background all along, pushed along by people like Nicolas Fella, Friedrich Kossebau, Volker Krause, and many others. It can be fairly thankless and boring-looking work, but it’s incredibly important, and the foundation of how quickly this technical transition has been able to happen. So I find myself feeling quite optimistic about our chances of shipping a solid and high quality Plasma 6 this year!
KDE is firing up development for the Plasma 6.0 release in a big way.
Seeing that KDE Plasma 5.27 was the last major release in the 5.x series and also the last one to use the Qt 5 framework. The upcoming release has a lot to stand up to.
With a recent notice, a significant development shift was announced that would affect all the upcoming KDE Plasma 6.x releases.
The Linux From Scratch community announces the release of LFS Version 11.3.
Major changes include toolchain updates to binutils-2.40 and glibc-2.37. In total, 43 packages were updated since the last release. Extensive updates to the text through the book to improve readability. The Linux kernel has been updated to version 6.1.11.
You can read the book online, or download to read locally.
You can read the systemd version of the book online at LFS-systemd, or download-systemd to read locally.
Digital business is here to stay, whether this means improving internal workflows or directly delivering capabilities that enhance the customer experience through applications hosted across the hybrid cloud. Once these solutions are built and deployed, smooth operation becomes the goal.
In part one of our three-part annual State of Customer and Partner Experience summary, we talked about how we listened to and collected feedback from our customers and partners in 2022. In this article, we will highlight some of the key ways that we acted on this feedback in several areas of the business.
In the world of product security and compliance, there’s no shortage of leadership, at least on the surface. But “leadership” doesn’t necessarily mean the same thing across individuals, companies or industries. Practically, what traits should a leader in IT security exhibit? What should they be doing…or not doing? And why do these specific actions matter?
In February, Xubuntu Minimal went live, Flatpak was removed, and Xubuntu joined Mastodon. Get the latest details here.
Workspaces are virtual desktops that allow you to juggle and organize a collection of application windows.
Instead of cluttering all the windows in one screen, you can have multiple windows in different workspaces. This way, your desktop workspace stays organized, and you can quickly access the desired window/app.
Modern desktop environments provide several ways to organize your virtual desktops.
The latest releases of Ubuntu use GNOME 40 and above. With them, you get a horizontal alignment of workspaces and impressive touchpad gesture support for the Wayland display server.
CrowdSupply just introduced two audio development platforms based on the ESP32-WROVER-B module with Wi-Fi and Bluetooth connectivity. The Loud ESP includes a touchscreen TFT, a Dual I2S Stereo DAC, Li-Ion battery management support and many other peripherals.
I’ll hazard a guess that there’s a sizeable number of you in the centre section of a Venn diagram featuring Raspberry Pi enthusiasts on one side and Studio Ghibli fans on the other, but I am not one of those people, so have enlisted The MagPi‘s Rob to explain: [...]
The VisionFive 2 has a JH7110 SoC on it, sporting a new Instruction Set Architecture (ISA) called RISC-V.
The first easily accessible board that combines Matter and SparkFun’s Qwiic ecosystem for new IoT development is here!
It isn't often that we get a new wireless communications protocol, so when our friends at Silicon Labs approached us about a new way to connect compatible devices and systems with one another, we couldn't be more excited! Matter connects smart home devices from competing brands and bridges the gap between Bluetooth€® and Wi-Fi in one of the most secure ways possible. This is the new industry–unifying standard that provides a reliable connection and simplifies development for us makers. With that, we are pleased to introduce to you the SparkFun Thing Plus Matter - MGM240P board!
Marcel Ochsendorf's AtomicChess table is, frankly, amazing.
At Mobile World Congress in Spain, the likes of manufacturers Oppo and Honor are showing off their flexible phones.
Writer now has the early steps to handle tables that are both floating and span over multiple pages.
This work is primarily for Collabora Online, but is useful on the desktop as well.
Welcome to this new edition of Big Book of R additions! Thanks to Lluis Revilla and Gary for submitting books!
I also wanted to give a special shout-out to Niels Ohlsen (a long-time RStats twitter mutual!) who helped me review book submissions and add these to the collection.
Quarto is a tool made by Posit and is an open-source scientific and technical publishing tool. If you know what LaTeX is, then it should be easy for you to grok Quarto. The idea of Quarto is that you write documents using Markdown, and then compile these source files into either PDFs, Word documents, but also books, web-sites, ebooks (in the Epub format) and so on… It’s quite powerful, and you can also use programming language code chunks for literate programming. Quarto support R, Python, Julia and ObsevableJS chunks.
Heads up! We’re about to launch WASP, a Web Application Security Platform. The aim of WASP is to help you manage (well, you guessed it) the security of your Posit Connect application using Content Security Policy and Network Error Logging. More details soon, but if this interests you, please get in touch.
This blog post is aimed at those who are somewhat tech literate but not necessarily a security expert. We’re aiming to introduce the concept of Content Security Policy and teach some of the technical aspects.
You can also specify a title, excerpt, and blog name, although these are optional as per the specification.
The National Cybersecurity Strategy stressed on rebalancing the responsibility to defend cyberspace by "shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organisations that are most capable and best-positioned to reduce risks for all of us".
My home office was featured over at Hacker Stations where I also detailed stuff in my workplace and offer a few more photos. I have been working exclusively from home for nine years straight now.
Over the past year I switched away from a traditional desktop environment to a window manager - dwm to be specific. This also involved changing most of my daily software programs to utilize the full suckless "suite". In doing so, the shift away from floating windows and virtualized desktops happened quickly.
I continued to use my UHD monitor with this new environment but slowly started running into minor (yet still inconvenient) roadblocks: [...]
That’s right! This post isn’t just an excuse to snipe at RST’s design decisions; I’m trying to make a larger point about overly wanting to improve formats and create layers of specs upon specs upon specs upon specs.
RST is part of the Python ecosystem just like POD is for Perl and roff is for manpages, and it’s better that it remains that way than trying to change it.
I’ll admit, I liked it. The dimensions and ratio made no mathematical sense to someone not also used to inches, furlongs, and measuring things by counting chickens or something (it makes more sense than Celsius because poultry doesn’t need a decimal point!), but it was visually pleasing. I can’t explain it, but US Letter looks right.
In a volcanic crater, watching the sky
They hired him, he scared the fuck out of everyone that worked with him, then he started responding badly by demanding transfers to another dept that got denied, calling in, using PCP for an entire month, and then stabbing a coworker 13 times.
The witnesses to the Microsoft Stabber told police that the man he was trying to murder was “screaming like a dog that got hit by a car or something”.
Some folks asked why the guy wasn’t able to get him off of him.
Well, just off the top of my head, he was being stabbed 13 times, by surprise, by the result of the Neurodivergent Microsoft Hiring Program, who was on PCP. (He had been on PCP the entire month according to his diary.)
Lower costs mean it's now substantially cheaper for companies to use robots than traditional guards for 24/7 security.
Robots can check in visitors and issue badges, respond to alarms, report incidents, and see things security cameras can't.
And why it'll keep happening.
A star younger than humanity.
This is a plea for cryptography specification authors. If your protocol uses randomness, please make it a deterministic function that takes a fixed-size string of random bytes, and publish known-answer tests for it.
“I do want to assure you that the leadership team, the Board of Trustees and myself have left no stone unturned in an attempt to avoid this day,” Pinnow said in his letter. “Our efforts have been noble and unceasing and while none of us wanted this day to come, we have also realized that in order to honor Finlandia’s 126 year-old legacy appropriately, we must end its operations with grace and dignity.”
The uber wealthy invest not just in name-brand cars and clothing but also in name-brand degrees.
[....]
A considerable proportion of US college enrollments are international students, according to the report. These graduates often remain in the US to launch their careers and go on to lead billion-dollar companies. About 25% of billion-dollar startups in the US have a founder who first came to the US as an international student, according to a report by the National Foundation for American Policy, a nonprofit think tank.
Emory University’s undergraduate tuition will increase 4.9% for the 2023-24 academic year, rising from $57,120 to $59,920, according to a March 2 Emory News Center article. In total, the cost of undergraduate tuition, fees, room and board will grow from $74,964 to $79,054 — a 5.5% increase.
The new Starbucks Oleato is terrible. But somehow there’s pleasure to be had in its existence.
Italian prosecutors have closed a COVID-19 investigation that accuses officials of wrongdoing for failing to extend a lockdown zone in the early days of the pandemic to the northern city of Bergamo and adjacent industrial valleys
A new clue.
It's not just you.
Amid heightened national focus on railway safety in the wake of the East Palestine, Ohio disaster and other recent accidents, one railroad workers' union warned Friday that, while welcome, a bipartisan rail safety bill has "loopholes big enough to operate a 7,000-foot train through."
One month after a fiery train crash in East Palestine, Ohio sparked an ongoing environmental and public health crisis, an anti-plastic coalition on Friday highlighted how the petrochemical industry poisons communities across the United States and called for "systemic change."
And this appears to be a very good thing. Because, as we also found out, there is a noteworthy correlation between the ability to choose your work Operating System… and your reported level of general happiness.
Nerds who stated that they could choose their own work OS reported to have 7.1% higher levels of general happiness than people who could not choose their work OS.
The enduring legacies of AIDS activism hold lessons relevant to today
Sounds definitive. So I called several sources whom I’ve found to be honest and informed on the issue of masks in the past three years. Jason Abaluck is a Yale professor who ran a massive, multimillion-dollar study on community masking in Bangladesh. Possibly the most comprehensive masking study ever undertaken, it found that community-wide mask wearing provided excellent protection, especially for older Bangladeshis. “The press coverage” of the Cochrane review “has drawn completely the wrong conclusions,” he told me. Jose-Luis Jimenez, a professor at the University of Colorado at Boulder who studies the transmission of airborne diseases like COVID, is one of the country’s most cited researchers on the nature of aerosols. “I think it’s scientific garbage,” he said of the review.
Measles symptoms — which include cough, fever and a rash — typically develop around two weeks after a person is exposed. People can be contagious for four days before their rash appears.
The virus is considered among the most highly transmissible diseases, with as many as 9 in 10 susceptible contacts of contagious cases catching the virus. For immunized people exposed to the virus, the vaccine is estimated to be about 97% effective.
Wisconsin Supreme Court Justice Rebecca Dallet, whose 2018 election to what may be the most contentious state court bench in the country was a breakthrough win for the state’s progressives, minced no words in explaining why she showed up to celebrate the February 21 primary election victory of another liberal, Judge Janet Protasiewicz. Speaking to a cheering crowd of abortion rights, labor rights, and voting rights activists, Dallet declared, “I’m here because, instead of dissents, I want to be writing majorities.”
The businessman had taken up the role in June 2022 and had been active on earnings calls and overseeing the company's sales.
A spokesperson for Zoom said the tech firm isn't looking for a replacement.
You surely recall that last month, in a fit of pique, Elon Musk spitefully pulled the plug on third-party Twitter clients with no notice whatsoever, in the most chickenshit way imaginable. Twitter didn’t even make it official that third-party clients had been banned until a week of confusion and dread had passed.
The obvious problem for developers of such clients, of course, is that Twitter clients are useless without the ability to connect to Twitter. A less obvious but no less serious problem is that the leading clients, Tapbots’s Tweetbot and The Iconfactory’s Twitterrific, were monetized through annual subscriptions. That left each company with thousands and thousands of customers with months left on those subscriptions, but no functionality.
Financially, this isn’t a “Huh, yeah, that must kinda suck” situation. It’s more of an “Oh shit, we’re fucked” situation. Twitterrific and Tweetbot weren’t side projectsââ¬â°—ââ¬â°they were flagship products from small companies. As I mentioned last month, The Iconfactory has a bunch of other great commercial apps (and games). Tapbots does tooââ¬â°—ââ¬â°Calcbot (a calculator and unit converter for both iOS and Mac) and Pastebot (my personal favorite clipboard history utility for Macââ¬â°—ââ¬â°I’ve been using it for years now). But you don’t need access to Tapbots’s sales figures to surmise that Tweetbot was the company’s sole tentpole.
Those days seem to be over, at least for most SaaS startups. Entrepreneurs everywhere are suddenly having to count each hire as a cost rather than a trophy. Getting to profitability is no longer a distant, post-IPO nice-to-have, but a short-term necessity for survival. But how to do that without cutting off the legs of the product team? By using better tools and techniques, that's how.
I've been talking to a lot of SaaS entrepreneurs lately. Here are the three pieces of advice that I've given them all: [...]
As DataBreaches reported in March 2021, this was a ransomware attack claimed by REvil threat actors in January 2021.
On Wednesday night, Canada's largest bookstore chain said it would not agree to payment demands from an online group claiming affiliation with ransomware site LockBit, because it could not guarantee the money wouldn't "end up in the hands of terrorists."
A Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus is found to be capable of bypassing an essential platform security feature, UEFI Secure Boot, according to researchers from Slovakia-based cybersecurity firm ESET.
BlackLotus uses an old vulnerability and can run even on fully up-to-date Windows 11 systems with UEFI Secure Boot enabled, the researchers found.
Such evasion of Secure Boot protections is enabled by BlackLotus' exploitation of CVE-2022-21894, which has been addressed by Microsoft in January 2022, and will also allow the deactivation of other security systems, including Windows Defender, Hypervisor-protected Code Integrity, and BitLocker, to facilitate User Account Control evasion, according to an ESET report. BlackLotus then proceeds to distribute a kernel driver that would prevent the removal of bootkit files, as well as an HTTP downloader, which would facilitate payload execution following contact with the command-and-control server, the report showed.
Besides running on systems with UEFI Secure Boot enabled, the bootkit can even disable built-in security mechanisms in Windows including BitLocker, HVCI and even Windows Defender. BlackLotus also leaves a kernel driver and an HTTP downloader on infected systems which allows it to communicate with a command and control (C&C) server to retrieve additional malware.
While updating to the latest version of an operating system can usually keep you protected, this bootkit exploits a vulnerability tracked as CVE-2022-21894 (opens in new tab) which has already been fixed. However, as vulnerable UEFI binaries still haven’t been revoked, BlackLotus can “stealthily operate on systems with UEFI Secure Boot enabled” according to ESET.
It’s capable of running on the latest, fully patched Windows 11 systems with UEFI Secure Boot enabled.
It exploits a more than one year old vulnerability (CVE-2022-21894) to bypass UEFI Secure Boot and set up persistence for the bootkit. This is the first publicly known, in-the-wild abuse of this vulnerability.
A relatively new hacking group known as Anonymous Sudan targeted nine Region H hospitals in Denmark with DDoS attacks late on Feb. 26, bringing down their website for several hours.
An infamous Chinese cyber-hacking team has extended its SysUpdate malware framework to target Linux systems.
The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware, allowing the Chinese cyberespionage group to target more services used in the enterprise.
Cybersecurity company Trend Micro said it observed the equivalent Windows variant in June 2022, nearly one month after the command-and-control (C2) infrastructure was set up.
Security updates have been issued by Debian (multipath-tools and syslog-ng), Fedora (gnutls and guile-gnutls), Oracle (git, httpd, lua, openssl, php, python-setuptools, python3.9, sudo, tar, and vim), Red Hat (kpatch-patch), Scientific Linux (git), SUSE (compat-openssl098, glibc, openssl, postgresql13, python-Django, webkit2gtk3, and xterm), and Ubuntu (awstats, expat, firefox, gnutls28, lighttpd, php7.2, php7.4, php8.1, python-pip, and tar).
Security updates have been issued by CentOS (git), Debian (spip), Fedora (epiphany), Mageia (binwalk, chromium-browser-stable, crmsh, emacs, libraw, libtiff, nodejs, pkgconf, tar, and vim), Oracle (kernel and systemd), SUSE (emacs, kernel, nrpe, and rubygem-activerecord-4_2), and Ubuntu (c-ares, git, postgresql-12, postgresql-14, and sox).
Some say the White House cybersecurity strategy is largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability — are apt to meet resistance from business and Republicans in Congress.
Feedback Friday: Industry professionals commented on various aspects of the new national cybersecurity strategy, its impact, and implications.€
CISA released three Industrial Control Systems (ICS) advisories on February 28, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Today, CISA released a Cybersecurity Advisory, CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks. This advisory describes a red team assessment of a large critical infrastructure organization with a mature cyber posture. CISA is releasing this Cybersecurity Advisory (CSA) detailing the red team’s tactics, techniques, and procedures (TTPs) and key findings to provide network defenders proactive steps to reduce the threat of similar activity from malicious cyber actors. ââ¬Â¯ As detailed in the advisory, the CISA red team obtained persistent access to the organization’s network, moved laterally across multiple geographically separated sites, and gained access to systems adjacent to the organization’s sensitive business systems. This cybersecurity advisory highlights the importance of early detection and continual monitoring of cyber assets.
Cisco has released a security advisory for vulnerabilities affecting the 6800, 7800, 7900, and 8800 Series of Cisco IP Phones. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
Today, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released joint Cybersecurity Advisory (CSA) #StopRansomware: Royal Ransomware to provide network defenders tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Royal ransomware variants. FBI investigations identified these TTPs and IOCs as recently as January 2023.
FBI and CISA have issued an alert to warn organizations of the risks associated with Royal ransomware attacks.
[...]
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert to warn organizations of the increasing threat posed by the Royal ransomware.
CISA released five Industrial Control Systems (ICS) advisories on March 2, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Editor’s note: An earlier version of this post mistakenly contained the text of an older canary. This has been corrected below.
Cybersecurity startup Wiz warns of a widespread redirection campaign in which thousands of websites have been compromised using legitimate FTP credentials.
[...]
Security has always been the cornerstone of any Linux software. Since Linux is open-source software, people can audit code to find and patch any vulnerabilities, making it more secure than closed software. Due to its increased security and strong default permissions structure, most companies rely on Linux software for their server security.
Like any other operating system, Linux isn’t completely immune to security breaches. As such, any undetected vulnerability in the operating system can jeopardize your company’s valuable information. The first step to strengthening your server’s security is finding a reliable Security Program Management (SPM) and Governance platform to assess your program’s security and mitigate potential risks. Besides utilizing Security Program Management, here are a few best practices you must adopt to maintain your Linux servers running safely...
Finnish police say that crimes associated with private deals made through online marketplaces have become more common.
Chick-fil-A is informing users that their accounts have been compromised in a two-month-long credential stuffing campaign.
Perhaps the best visual debate ever on individuality and freedom, The Prisoner centers around a British secret agent who abruptly resigns only to find himself imprisoned in a virtual prison disguised as a seaside paradise with parks and green fields, recreational activities and even a butler.
While luxurious, the Village’s inhabitants have no true freedom, they cannot leave the Village, they are under constant surveillance, all of their movements tracked by militarized drones, and stripped of their individuality so that they are identified only by numbers.
The tweaks, which include refining criteria for the program and aiming to reduce delays on content review, are part of the company’s response to requested updates recommended by the Meta Oversight Board.
The short encounter on the sidelines of the G20 came as relations between Washington and Moscow have plummeted over Russia’s war with Ukraine.
Six MPs from the Left Alliance, one of the governing parties, voted against joining Nato.
In 2019, Ericsson had entered into the DPA to resolve previously disclosed Foreign Corrupt Practices Act (FCPA) violations relating to conduct in several countries between 2000 and 2016. The company was accused of “paying bribes, falsifying books and records, and failing to implement reasonable internal accounting controls,” according to the SEC. (There is no new criminal or illegal misconduct that has been tacked on since.)
A confidential IAEA report seen Tuesday by AFP said uranium particles enriched up to 83.7% — just under the 90% needed to produce an atomic bomb — had been detected at Iran's underground Fordo plant about 100 kilometers (60 miles) south of the capital.
There couldn’t be a more “politics in 2023” story than this: A group founded by Canadian bros who got famous posting prank videos on YouTube could now become a potent political force for Donald Trump’s reelection campaign. And if Democrats don’t know who they are, they’d better learn fast. Meet NELK.
Although the spike could be an accident, as Iran claims, Tehran has recently threatened to pursue 90 percent enrichment to build leverage over the United States. The particles could indicate that Iran is experimenting with near-weapons grade enrichment without informing the agency, as required, to increase pressure or shorten the path to nuclear weapons down the road.
Talking to reporters in Bengaluru on March 3, Mr. Nagesh said, “We have made it clear that all students should come to the examination centres in uniforms. Hijab is not a part of the uniform. Hence, those who wear a hijab will not be allowed to appear for the exams.”
More evidence on how social media works to promote Islamic radicalization — while suppressing its victims — recently emerged. According to a Feb. 20, 2023 report, "bombshell findings" by the Tech Transparency Project (TTP) allege that
Facebook created over 100 pages for ISIS (Islamic State), as well as pages for other terror organizations, including the group behind the 9/11 attacks on the U.S., Al-Qaeda.
TTP reported that Facebook creates the pages based on its algorithm, automatically generating them when users add the terror groups to their profiles. The platform's so-called ban on the groups apparently did little to prevent the automatic process that generated the terror group pages.
Much of this story hinges on why he didn’t want the medal. But by any reasonable standard, he deserved it.
To that end, the news organization cut a shallow cavity into the interior sole of one of the blue Nikes, placed a Bluetooth tracker inside, then concealed the device by covering it with the insole. The tracker was synched to a smartphone app that showed where the shoe moved in real time.
Within weeks, the blue Nikes had left the prosperous city-state and were moving south by sea across the narrow Singapore Strait to Batam island, the app showed. Reuters decided to put trackers in an additional 10 pairs of donated shoes to see if wayward pair No. 1 had been a fluke.
It wasn’t.
At a personal level, many journalists would not do what she has done for reasons of sheer professional survival. How would sources trust them in future? And how would they get future ghostwriting work?
But in these particular circumstances it is difficult not to see how, ethically speaking, she is anything but a whistleblower who has acted in the public interest.
She was working with Hancock on a project and felt that vast swathes of public interest information had been kept back from the historical record.
“[Suffragettes] were also treated very harshly, and they also heard arguments that it isn’t democratic what they’re doing – that no one ‘voted’ for the right to vote,” says Ms. Rüge. “But they started the change. I can vote in a few weeks in Germany.”
“History shows that civil disobedience can work, although it’s unpopular. Whether this [climate activism] will work, no one knows,” says Reinhard Steurer, a professor of climate politics at Vienna’s University of Natural Resources and Life Sciences. “We don’t have the mass protests anymore, because society is fed up with the climate crisis and wants to be left alone. So you can either put your head into the sand, or try other things, and that’s what these small groups are doing. They’re trying to wake up society.”
Using deep learning algorithms to scan historic images taken by the Hubble Space Telescope between 2002 and 2021, researchers found 2.7ââ¬â°€±Ã¢â¬â°0.2 percent of images with a typical exposure time of 11ââ¬â°minutes contained at least one satellite trail.
The move toward bigger and heavier vehicles, it seems pretty obvious, is incompatible with the goal of reducing global emissions. The I.E.A. report noted that the average S.U.V. consumes about twenty per cent more oil than the average medium-sized car does to drive the same number of miles. Oil use translates directly into CO2, so the average S.U.V. is also releasing twenty per cent more carbon per mile driven.
SpaceX launches Starlink satellites roughly once per week — it will launch 51 more on March 3. And they’re not the only company launching constellations of internet satellites. By the 2030s, there could be 100,000 satellites crowding low Earth orbit.
So far, there are no international regulations to curb the number of satellites a private company can launch or to limit which orbits they can occupy.
In just the past month, the goings-on in near-Earth space have twice made headlines and prompted experts to call for action. On Jan. 27, space debris researchers looked on in horror as two huge pieces of space junk â — a decades-old upper stage of a Russian rocket and a long-defunct Russian satellite — came within 20 feet (6 meters) or so of each other. The incident, described as a close call "worst case scenario," could have spawned thousands of dangerous debris fragments that would have stayed in orbit for centuries. Then, a report released on Feb. 6 revealed that in early January a mysterious Russian satellite broke apart into 85 fragments large enough to be tracked from Earth.
Both of these incidents happened in areas that experts refer to as bad neighborhoods (opens in new tab), regions of low Earth orbit too high above the planet to benefit much from the cleaning effects of its atmosphere. Both of these incidents involved objects that are at the top of space debris experts' list of hazards. Here we review what type of stuff the experts fear the most.
AI is an environmental disaster in many different ways. One less obvious issue is what Jutta Haider and Malte Rödl term "Algorithmically Embodied Emissions". This describes the ways that the algorithmic outputs of many everyday AI procedures (search, recommender systems etc) promote and normalize high-carbon practices.
Sweden, the current holders of the rotating EU presidency, on Friday delayed a vote scheduled for next week among EU government leaders on the bloc's plans to halt the sale of new internal combustion engine cars from 2035.
The reason for the sudden delay to the move towards electric cars appeared to be hesitancy within Germany's coalition government. One party in the government, the neoliberal Free Democrats (FDP), are calling for an exemption for petrol and diesel cars using synthetic fuels or "e-fuel."
Project developers energized a record 4,221 MW of large-scale battery storage capacity last year, an increase of 29% from 2021, according to the analysis from S&P Global Market Intelligence. Only about 42% of planned capacity additions came online in 2022.
Supporters of fare-free transit do have a point that ending fare collections can increase transit ridership. But it's important to understand that not all ridership gains are created equal. Transit is often sold to the public as a solution to social costs related to the use of private automobiles, such as traffic congestion and pollution. Fare-free transit may entice those who were already dependent on transit, as well as people who would have otherwise walked or biked. But it likely won't draw many new riders who can drive their own cars. This means that while fare-free transit can provide private benefits for riders, it is unlikely to meaningfully increase the social benefits often touted by transit advocates to justify additional government subsidies.
Nicholas Weaver wrote an excellent paper on the problems of cryptocurrencies and the need to regulate the space—with all existing regulations. His conclusion: [...]
Not only is the technology that underlies cryptocurrency not novel, these technologies are deployed in ways that will inevitably result in unstable products that are fundamentally at odds with the stated goals of the cryptocurrency and decentralized finance raison d’être: They do not work as currency or a store of value. They are neither trustless nor decentralized. They cannot create a new paradigm for the web, finance, and micropayments. They are less secure in practice and more prone to widespread fraud than our current financial system, and frequently result in irreversible consumer harm that could have been mitigated using traditional financial processes.
This paper argues that the very nature of cryptocurrency technology ensures that current cryptocurrency projects cannot actually succeed at their purported goals. Until and unless the cryptocurrency community develops new objectives, or significantly alters cryptocurrency technology to meet existing objectives, this mismatch between existing means and desired ends will forever relegate cryptocurrency to the novelty, speculative space that it currently occupies—good for a news headline but not for sea change in the financial system.
State JSC Latvian State Forests (Latvijas Valsts meà ¾i, LVM) elected its interim council on March 3 following the resignation of the entire council, said Agriculture Ministry.
One of the largest state companies – Latvian State Forests (Latvijas Valsts meà ¾i, LVM), had four people on its council just days ago. Now, the whole council, including its chairman, have€ handed in€ their resignations, Latvian Television reported March 2.
>How does the radioactive zone change animals?
The deserts of the southwestern United States are well known for their high levels of biodiversity and endemism. An abundance of mountain ranges breaks this landscape into a series of isolated lowland valleys, many of which contain sand dune or wetland systems harboring unique species. Following leads from the citizen science database iNaturalist, our work in two of California’s desert valleys, the Carrizo Plain and the Fremont Valley, uncovered two formerly unknown species of scorpion which we recently described as Paruroctonus soda and Paruroctonus conclusus.
The current birth rate is 1.34 per a woman, which is below the 2.07 that's necessary to keep the population stable. This means that there's a possibility that Japan's population could drop from 125 million to 88 million by 2065.
A cash shortage resulting from a rushed redesign of Nigeria’s main banknotes led several states to sue the government and the Central Bank of Nigeria to demand old banknotes remain legal tender for longer. The country’s Supreme Court is set to rule on the case on Friday (Mar. 3).
Even the experts don’t really know where inflation and jobs are headed.
When you add up all the variables, physical attributes seem to trump other workplace qualities like “persistence” and “teamwork”.
The average long-term U.S. mortgage rate hit a three-month high this week, reflecting higher Treasury yields and expectations that the Federal Reserve will continue to raise its benchmark rate and keep it there until inflation recedes
The World Bank is facing extreme financing challenges as it aims to lift countries out of poverty while mitigating the impact of climate change. In that struggle, developing countries are instead turning to private lenders for exorbitant loans, or to lenders such as China, which is unforgiving toward its debtors.
Swedish telecom equipment maker Ericsson has agreed to plead guilty to U.S. foreign corruption violations and pay more than $206 million for breaking a deal with the Justice Department over charges of bribery and falsifying records in countries from China to Kuwait.
The Administration will work with Congress and the private sector to develop legislation establishing liability for software products and services. Any such legislation should prevent manufacturers and software publishers with market power from fully disclaiming liability by contract, and establish higher standards of care for software in specific high-risk scenarios. To begin to shape standards of care for secure software development, the Administration will drive the development of an adaptable safe harbor framework to shield from liability companies that securely develop and maintain their software products and services. This safe harbor will draw from current best practices for secure software development, such as the NIST Secure Software Development Framework. It also must evolve over time, incorporating new tools for secure software development, software transparency, and vulnerability discovery.
To further incentivize the adoption of secure software development practices, the Administration will encourage coordinated vulnerability disclosure across all technology types and sectors; promote the further development of SBOMs; and develop a process for identifying and mitigating the risk presented by unsupported software that is widely used or supports critical infrastructure. In partnership with the private sector and the open-source software community, the Federal Government will also continue to invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.
Yet as today’s brand names grew, they made a fateful decision: They rejected interoperability, choosing to remain sealed off from each other. Facebook and Twitter built walled gardens to keep us locked into their services, unable to slide into other applications and platforms. The format ensured the [Internet] of today was dominated by behemoths. A few networks to rule them all.
This was always a business decision, not a technological one. Had they wanted to, it was possible for emergent networks to “interoperate” and allow users on Facebook to make “friends” with users in other social media networks. But doing so would have limited the benefits of the “network effects” that proved so profitable to the Big Social Media corporations. If they could build features that manipulated people into spending more time on their network, and thus create more ad impressions, they did.
The move follows months of speculation about whether Arm, which is owned by Japanese investment outfit SoftBank, would list on both New York's Nasdaq and the London Stock Exchange, although there was never any doubt that if it came down to a choice between the two it would be New York; SoftBank stated in June last year that it intended to list Arm on the Nasdaq.
The water sector has been aware of the issue for years and have not shied away from regulations. A 2021 study by the American Water Works Association called for cybersecurity regulations similar to those of the electric grid with industry creating minimum cyber rules with oversight from the EPA.
Well, basically it is the accumulation of capital that could be better distributed and the excess of power that it brings. Just see the soft power that characters like Jeff Bezos, Bill Gates, or maybe the king of some Arabic country you want to name have.
The extremely short version: The EU is going to task a standardisation body to write a document that tells everyone marketing products and software in the EU how to code securely. This to further the EU Essential Cybersecurity Requirements. For critical software and products, EU notified bodies (which until now have mostly done physical equipment and process certifications) will do audits to determine if code and products adhere to this standard. And if not, there could be huge fines.
By a vote of 24 to 16, the US lawmakers approved the legislation giving the administration new powers to ban the ByteDance-owned TikTok, which an estimated 100 million Americans use, and other applications deemed security risks.
"TikTok is a national security threat ... It is time to act," Representative Michael McCaul explained. The lawmaker is the Republican chair of the committee who sponsored the bill.
This Strategy sets out a path to address these threats and secure the promise of our digital future. Its implementation will protect our investments in rebuilding America’s infrastructure, developing our clean energy sector, and re-shoring America’s technology and manufacturing base. Together with our allies and partners, the United States will make our digital ecosystem: [...]
I also didn’t predict that random people would email me every few months, wanting to buy my username. My highest offer so far has been $10,000. But I’ve come to enjoy not using my account at all.
For more than a decade, government leaders have grappled with an insurmountable reliance on digital technologies and communications without an aggressive approach to security. Technology vendors have pushed their products to market under the guise that liability shifts once products are delivered, bolstering their position in the marketplace with security by design or after-market protections. Security products and partnerships offer a complex add-on tapestry to backstop the black hole that is identifying and mitigating every potential threat or exploit.
In security consulting, there’s an adage suggesting a 60/40 rule when analyzing sectors’ willingness to sink costs into impending regulation without a forcing mechanism. Sixty percent of companies will likely wait and see how 40% of leading companies respond. For cybersecurity regulations, it’s more likely 80/20. The national cybersecurity strategy released Thursday decidedly states that’s not good enough. While there’s clearly room for improvement at every level, companies already taking cybersecurity seriously should not be panic-stricken by the new strategy document.
All over Twitter and social media, people posted about Marjorie Taylor Greene’s State of the Union outfit, which looked like a Cruella de Vil costume. There were articles about it in news outlets from The Washington Post to The Guardian. People wondered if it was real fur, what she meant by it, and whether she was just, as usual, promoting white… ness? Apparently it was a comment on President Biden and the Chinese balloon, but her obvious goal was to get media attention, and it worked.
In August of 2018, Leonard Leo, at the time vice president of the Federalist Society, spoke at the Koch Summit in Colorado Springs and gloated over the ongoing right-wing takeover of the courts. As CNBC reported at the time, Leo “told a small group of financiers that the Trump administration was looking to overhaul a large chunk of the federal court of appeals by the end of the year.” Addressing some of the wealthiest donors to the Republican Party, including Charles Koch, Leo did a victory dance. He crowed that “by the end of this year my prediction is that basically 26 percent of the federal appellate bench will have changed under the Trump administration.”1
Two senior clergymen in Jerusalem have consecrated the holy oil that will be used to anoint King Charles III during his May 6 coronation, as the Anglican Church seeks to underscore the monarchy’s long history and the royal family’s links to the Middle East.
Leading Republicans took veiled jabs at Donald Trump at an annual gathering of conservatives as they urged a party course correction ahead of the 2024 presidential contest. But their refusal to call him out by name underscored the risks faced by potential and declared challengers worried about alienating Trump’s loyal base.
Rarely does the Palestinian ambassador to the United Nations make an official remark expressing happiness over any UN proceeding concerning the Israeli occupation of Palestine.
The US loudly proclaims that large, belligerent powers should listen when the world is united against their hostility toward their smaller neighbors. The world is united against the US. In thirty consecutive votes since 1992, the UN General Assembly has overwhelmingly condemned the US embargo of Cuba.
Dear friends and supporters, I have difficult news to impart. On February 17, without much warning,
It’s kind of delicious to see Fox confounded, finally, not by decency or ethics but rather the mule-headed obstinance of its audience.
The three Grievance Appellate Committee(s) (GAC), constituted under Rule 3A of the notified IT Amendment Rules, 2022, become functional today, i.e. March 01, 2023. As part of our series #5Questions, here are 5 questions that are worth raising with the GAC, to help secure user rights and protect online freedom of speech.
Recently, the Administration proposed a new border rule that one advocate called “asylum Ticketmaster.”
People my age are described as baby boomers, but our experiences call for a different label altogether.
A local union rep told Yle that a number of drivers at Pori's city-owned bus company have decided to break with striking colleagues.
Sectoral bargaining means looking for labor power not solely in individual workplaces but in entire industries. Compared with workers in other wealthy countries, few American workers are in unions, and they have lower standards of living, less employment security, and fewer organizing rights. Elsewhere in the world, sectoral bargaining has allowed labor movements to help more workers, more quickly, than by relying on the shop-by-shop organizing strategy common in the US. The labor movement here should look for inspiration to the African National Congress in South Africa, which legislated sectoral bargaining after smashing apartheid; the striking Amazon workers in Italy two years ago; the 2018 mass strikes against fascism in Argentina; and even its own history.1
A planned strike by most railway workers has been cancelled, but engine drivers are still in talks with employer representatives.
The Transport Workers' Union (AKT) accepted a deal to end the strike that has closed Finland’s ports for two weeks.
United Nations High Commissioner for Human Rights Volker Türk on Friday called out Israeli Finance Minister Bezalel Smotrich for saying that Huwara, a Palestinian village in the West Bank, "needs to be wiped out" and "the state of Israel should do it."
Helsinki police detained four people at the scene, who have since been released.
In the€ EU, fresh Eurostat data shows that the share of female part-time workers in total female-employed people aged 15-64, in the third quarter of 2022, was higher (28%) than the share of men (8%), with women representing the highest shares in all occupational categories.
The fate of abortion clinics in Utah now lies with Gov. Spencer Cox after lawmakers finalized and passed a measure to ban them in the state. After passing through the state Senate on Thursday with minor amendments, it returned to the Utah House of Representatives Friday morning, where it was approved and then sent to the governor for final approval.
Despite Spotify's established status as the world’s most popular music-streaming service, the company still proves itself as an innovative brand, keeping its product relevant among the sea of competitors. Spotify announced on Feb. 22 that they were rolling out a new feature: an AI DJ.
After Amazon on Friday confirmed plans to pause construction on its second headquarters near Washington, D.C., Congresswoman Alexandria Ocasio-Cortez expressed vindication over her 2018 opposition to the tech giant's initial plan to build part of HQ2 in New York City.
CC is grateful to community members in these conversations and others. Their thoughtful presentations enrich Open Education Week, and our broader open knowledge and open culture work.
i don't really have much to introduce, frankly—i'm fairly nondescript on- and off of the internet, and i'm mostly fine with that. i tend to think of interests as things that people "wear" to mesh with other people, and the non-mandatory things i cast emotional energy into aren't really mesh-able. though i would say the closest thing i have to an interest is "other people's interests". in longer words: to the degree i can manage do it, i love being able to see what other people do, and how they do it.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.