Bonum Certa Men Certa

Links 15/03/2023: Qubes OS 4.1.2, Mozilla Swallows Buzzwords



  • GNU/Linux

    • Desktop/Laptop

      • CNX SoftwareMNT Pocket Reform open-source 7-inch modular laptop launched on Crowd Supply

        Several Linux distributions can be installed on the MNT Pocket Reform, but the official image is based on Debian Linux with GNOME 4 environment suitable for most people, or Sway Wayland compositor for advanced users. As an open-source hardware project, you’ll find the system images for Reform laptops in one git repository, and the KiCAD hardware design files for all the boards used in the Pocket Reform in another.

        The MNT Pocket Reform is not the first mini laptop, so MNT Research has provided a comparison table against other popular mini laptops or Linux smartphones.

      • DedoimedoSlimbook Titan, Kubuntu, applications, game

        Well, there you go. Looking at my own table, I'm almost done. There's a lot more work to do, of course, but the basics are covered. Now, I will focus on the games, and data backups. As you may have noticed, I've not yet even formatted the second NVMe inside the Titan. I'm still contemplating the best option there.

        Then, once that's sorted, I'll need to figure out the best data layout, best data backup mount points, do some testing with Rsync and Timeshift, play with disk encryption. In parallel, I'll keep on burning my bandwidth, set up a dozen or so Windows-only titles through Proton, and see whether I can enjoy a good and seamless gaming experience on my Linux machine. So far, the results are extremely promising. Stay tuned for more.

    • Server

      • OpenSource.comHow to set up your own open source DNS server
        A Domain Name Server (DNS) associates a domain name (like example.com) with an IP address (like 93.184.216.34). This is how your web browser knows where in the world to look for data when you enter a URL or when a search engine returns a URL for you to visit. DNS is a great convenience for internet users, but it's not without drawbacks. For instance, paid advertisements appear on web pages because your browser naturally uses DNS to resolve where those ads "live" on the internet. Similarly, software that tracks your movement online is often enabled by services resolved over DNS. You don't want to turn off DNS entirely because it's very useful. But you can run your own DNS service so you have more control over how it's used.

        I believe it's vital that you run your own DNS server so you can block advertisements and keep your browsing private, away from providers attempting to analyze your online interactions. I've used Pi-hole in the past and still recommend it today. However, lately, I've been running the open source project Adguard Home on my network. I found that it has some unique features worth exploring.

        Adguard Home

        Of the open source DNS options I've used, Adguard Home is the easiest to set up and maintain. You get many DNS resolution solutions, such as DNS over TLS, DNS over HTTPS, and DNS over QUIC, within one single project.

      • Peter 'CzP' CzanikHPC and me

        Recently I found that quite a few of my Twitter and Mastodon followers are working in high-performance computing (HPC). At first I was surprised because I’m not a HPC person, even if I love high performance computers. Then I realized that there are quite few overlaps, and one of my best friends is also deeply involved in HPC. My work, logging, is also a fundamental part of HPC environments.

        Let’s start with a direct connection to HPC: one of my best friends, Gabor Samu, is working in HPC. He is one of the product managers for one of the leading commercial HPC workload managers: IBM Spectrum LSF Suites. I often interact with his posts both on Twitter and Mastodon.

        I love high performance computers and non-x86 architectures. Of course, high performance computers aren’t the exclusive domain of HPC today. Just think of web and database servers, CAD and video editing workstations, AI, and so on. But there is definitely an overlap. Some of the fastest HPC systems are built around non-x86 architectures. You can find many of those on the top500 list. ARM and POWER systems made it even into the top10 list, and occupied the #1 position for years.

      • TechRepublicKubernetes is the key to cloud, but cost containment is critical

        What’s driving the growth of open source container orchestrator Kubernetes? A study by Pepperdata shows how companies are using K8s and the challenges they face in getting a handle on cloud costs.

    • Audiocasts/Shows

    • Graphics Stack

      • CollaboraMonado accepted for XROS 2023!

        We're proud to announce that Monado, the free and open source XR platform, has been accepted as a mentoring organization for XROS, the XR Open Source Fellowship Program.

    • Instructionals/Technical

      • ZDNet2023-03-14How to install Ubuntu Server in less than 30 minutes

        Jack Wallen walks you through the steps for installing one of the most user-friendly and widely-used server platforms available.

      • TecMintHow to Create a Systemd Service in Linux

        Systemd is a modern software suite that provides many components on a Linux system including a system and service manager.

      • Peter 'CzP' CzanikPeter Czanik: Syslog-ng 101, part 11: Enriching log messages

        This is the eleventh part of my syslog-ng tutorial. Last time, we learned about message parsing using syslog-ng. Today, we learn about enriching log messages.

        You can watch the video on YouTube:

      • Red Hat OfficialHow to install Fedora IoT on Raspberry Pi 4

        Transform your Raspberry Pi into an edge computing device with Fedora IoT.

      • TecMintHow to Install Firefox on RHEL and Debian Systems

        In most modern Linux distributions, the latest version of Firefox has been already installed from the default distribution package manager and configured as the default browser.

        In this article, we will explain other ways of installing the latest version of Firefox on RHEL-based distributions such as CentOS Stream, Fedora, Rocky, and AlmaLinux and Debian-based distributions such as Ubuntu and Linux Mint.Table of Contents11. Install Firefox Using Package Manager2. Install Firefox Using Flatpak3. Install Firefox Using Snap4. Install Firefox from Source in LinuxUninstall Firefox from Linux System

      • Linux HandbookCreate a Web Server with NGINX and Secure it Using Certbot

        HTTPS is not a luxury anymore. You must have it on your website.

      • How to Install and Run TeamViewer on Manjaro: A Step-by-Step Guide

        TeamViewer is a popular tool for allowing remote access to any computer from anywhere in the World. It is a cross-platform application available for free for personal use. In this article, I will show you how to download and install TeamViewer on Manjaro Linux using different methods.

        TeamViewer is an easy to use tool and is best used for online tech support. The application can easily be installed on debian-based distributions but it’s a little tricky to get it installed on Arch-based distros such as Manjaro Linux. So in this article, we will install TeamViewer on Manjaro using two methods.

      • Trend OceansHow to Install Twilio Authy in Linux-based System Using both Snap and Non-Snap Methods

        To generate TOTP codes, you don’t need a phone anymore; you can just get it on your Linux machine using Authy.

  • Distributions and Operating Systems

    • Systemd FreeChimera Linux: turnstile replaces elogind consolekit works side by side with seatd

      When elogind will either begin to fail or just not work too well without systemd, I’d like to see what those distros will do and who will they blame for their demise, or conversion to full systemd which will make them just like anything else. Will Artix be any different than Manjaro? Will MX be any different than mint or ubuntu? Will void be anything different from Arch and will they abandon musl? Will Adelie’s LXQT work without elogind or will they then decide to give LXDE a try?

    • New Releases

      • It's FOSSKali Linux's 10th Anniversary: A New 'Kali Purple' Distro and a Version Upgrade
        Kali Linux is a well-known name among penetration testers and developers alike that offers a very robust set of tools for most pen testing use cases.

        On the eve of its 10th anniversary, two new major releases have been unveiled, including a new Kali Linux variant called 'Kali Purple', and the first update of this year, code-named 'Kali Linux 2023.1'.

      • The Register UKPentesters' fave Kali Linux turns 10 with version 23.1
        The developers of specialized security-testing distro Kali Linux have released the first version of 2023, which marks the project's tenth anniversary… but only in this incarnation.

        The new version, release 2023.1, appears exactly one decade after version 1.0 was released on March 13th 2013. Kali Linux is a rebuild of an earlier distro called BackTrack, first rolled out 17 years ago, which was based on WHAX, first out 18 years back, which is in turn based on Whoppix. Suffice to say, it goes back a long while.

    • BSD

      • KlaraFreeBSD History Series: Understanding the Origins of DTrace

        DTrace: The Reverse Engineer’s Unexpected Swiss Army Knife goes on to state that, “DTrace was Sun’s first software component to be released under their own open source Common Development and Distribution License (CDDL).” However, some groups were slow to port DTrace because they didn’t trust the CDDL—for example, Adam Leventhal claimed in 2011 that Oracle believed the CDDL license would “make DTrace too toxic for other Linux vendors.” These license concerns may have contributed to Red Hat’s decision to release a similar utility named SystemTap.

    • SUSE/OpenSUSE

      • Adding auto-installation support to D-Installer

        AutoYaST is a crucial tool for our users, including customers and partners. So it was clear from the beginning that D-Installer should be able to install a system in an unattended manner.

        This article describes the status of this feature and gives some hints about our plans. But we want to emphasize that nothing is set in stone (yet), so constructive comments and suggestions are more than welcome.

        The architecture

        When we started to build D-Installer, one of our design goals was to keep a clear separation of concerns between all the components. For that reason, the core of D-Installer is a D-Bus service that is not coupled to any user interface. The web UI connects to that interface to get/set the configuration settings.

    • Fedora Family / IBM

      • Qubes OS 4.1.2 has been released!

        We’re pleased to announce the stable release of Qubes 4.1.2! This release aims to consolidate all the security patches, bug fixes, and upstream template OS upgrades that have occurred since the initial Qubes 4.1.0 release. Our goal is to provide a secure and convenient way for users to install (or reinstall) the latest stable Qubes release with an up-to-date ISO.

        Qubes 4.1.2 is available on the downloads page.

        Existing installations

        If you are already using any version of Qubes 4.1 (including 4.1.0, 4.1.1, 4.1.2-rc1, and 4.1.2-rc2), then you should simply update normally (which includes upgrading any EOL templates you might have) in order to make your system effectively equivalent to this stable Qubes 4.1.2 release. No reinstallation or other special action is required.

      • Weekly status of Packit Team: Packit March 2023
    • Debian Family

      • MakuluLinux Max Development Logs

        We have updated the Development release notes of MakuluLinux Max Debian ( we update it every once in a while ), you can now see what has been done on the development front over the last few months, check out the dev log here : https://www.makululinux.com/wp/max/

    • Canonical/Ubuntu Family

    • Open Hardware/Modding

      • Linux GizmosAgonLight2 Retro SBC available for €£58.50

        ThePiHut recently featured the redesigned Olimex AgonLight2 which features an 8-bit Z80 processor and an ESP32-PICO-D4 as co-processor for I/O control. The AgonLight2 supports BBC Basic and it’s equipped with flexible I/O peripherals.

      • ArduinoPortenta C33: The high-performance, low-price oxymoron

        Case in point: the Portenta C33. The module – which we are introducing at Embedded World 2023 – leverages the R&D carried out for previous Portenta modules, optimizing every aspect and streamlining features to offer a cost-effective option to users starting out with Industrial IoT or automation, or those who have more specific, targeted needs than the H7 or X8 cater to.

      • CNX SoftwarePortenta C33 is a lower cost Arduino Pro board based on Renesas RA6M5 Arm Cortex-M33 MCU

        Arduino Portenta C33 is the latest board from the Arduino Pro family which the company dubs a "high-performance, low-price" solution based on a 200 MHz Renesas RA6M5 Arm Cortex-M33 microcontroller and equipped with a ESP32-C3 Wi-Fi and Bluetooth Low Energy module.

      • Raspberry PiGiant ride-on spider robot

        The Hacksmith was inspired by a video of an auto excavator manoeuvring its own body by using its excavation arm as a leg. An idea struck: why not just bring six excavators together and program all the arms to operate like legs in sync?

    • Mobile Systems/Mobile Applications

  • Free, Libre, and Open Source Software

    • Linux Links5 Best Free and Open Source Drum Machines

      Drum machines may imitate drum kits or other percussion instruments, or produce unique sounds, such as synthesized electronic tones. A drum machine often has pre-programmed beats and patterns for popular genres and styles, such as pop music, rock music, and dance music. Most modern drum machines made in the 2010s and 2020s also allow users to program their own rhythms and beats.

      Drum machines may create sounds using analog synthesis or play pre-recorded samples.

      Our recommended drum machine software is captured in one of our legendary rating charts. We only feature free and open source goodness.

    • LinuxInsiderBusiness Conditions Prime for More Open-Source Contributors

      Companies that established open-source program offices over the last few years now need more C-suite oversight to drive education, awareness, and usage of open-source software. That sets the stage for an expanded role of open-source program officers.

      Incorporating open-source technology brings organizations an ecosystem that expands the user base, resulting in loyalty and stickiness. It also brings the need for more executive oversight of open-source initiatives. Staying on top of open-source security best practice is critically important, and disclosing and patching vulnerabilities is essential.

      Javier Perez, the chief open-source evangelist at Perforce, sees a trend unfolding in 2023 to drive open source. More organizations will realize that open-source software is critical to their operation and will move from being consumers to participants with increased use and adoption for business-critical infrastructure.

    • JFrogExamining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

      The recent OpenSSH double-free vulnerability – CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms – Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.

      This blog post provides an in-depth analysis of OpenSSH’s attack surface and security measures.

    • IdiomdrottningEmacs undo and me

      In some weirdo chain my brain don’t fully understand but my fingers seem to know how to work. I can undo in one “direction” but then if I do anything else (just move the cursor or set the mark) it switches direction because the undos themselves are getting undone. It’s a mess but it somehow works, even for undos really far back.

    • Jon UdellMastodon timelines for teams

      Because saving and searching Mastodon data is a controversial topic in the fediverse — none of us wants to recapitulate Big Social — I’ve focused thus far on queries that explore recent Mastodon flow, of which there are plenty more to write. But nobody should mind me remembering my own home timeline, so a few weeks ago I made a tool to read it hourly and add new toots to a Postgres table.

    • Web Browsers/Web Servers

      • Mozilla

        • MozillaHacks.Mozilla.Org: Mozilla Launches Responsible AI Challenge

          At Mozilla, we believe in AI: in its power, its commercial opportunity, and its potential to solve the world’s most challenging problems. But now is the moment to make sure that it is developed responsibly to serve society.€ 

          If you want to build (or are already building) AI solutions that are ambitious but also ethical and holistic, the Mozilla Builder’s Responsible AI Challenge is for you. We will be inviting the top nominees to join a gathering of the brightest technologists, community leaders and ethicists working on trustworthy AI to help get your ideas off the ground. Participants will also have access to mentorship from some of the best minds in the industry, the ability to meet key contributors in this community, and an opportunity to win some funding for their project.

        • MozillaThe Mozilla Blog: Mozilla Launches Responsible AI Challenge [Ed: So Microsoft flooded the bribed media with hype about "AI" to distract from mass layoffs at Microsoft, now Mozilla takes the bait while adding Microsoft to its Board]

          The last few months it has become clear that AI is no longer our future, but our present.

        • MozillaThe Mozilla Blog: Email protection just got easier in Firefox

          If you’re already one of the many people who use Firefox Relay to save your real email address from trackers and spammers, then we’ve got a timesaver for you. We are testing a new way for Firefox Relay users to access their email masks directly from Firefox on numerous sites.

          Since its launch, Firefox Relay has blocked more than 2.1 million unwanted emails from people’s inboxes while keeping real email addresses safe from trackers across the web. We’re always listening to our users, and one of the most-requested features is having Firefox Relay directly within the Firefox browser. And if you don’t already use Firefox Relay, you can always sign up.

        • MozillaThe Mozilla Blog: Firefox Android’s new privacy feature, Total Cookie Protection, stops companies from keeping tabs on your moves

          In case you haven’t heard, there’s an ongoing conversation happening about your personal data.€ 

          Earlier this year, United States President Biden said in his State of the Union address that there needs to be stricter limits on the personal data that companies collect. Additionally, a recent survey found that most people said they’d like to control the data that companies collect about them, yet they don’t understand how online tracking works nor do they know what they can do about it. Companies are now trying and testing ways to anonymize the third-party cookies that track people on the web or get consent for each site or app that wants to track people’s behavior across the web.€ 

    • SaaS/Back End/Databases

      • OpenSource.comSynchronize databases more easily with open source tools
        Change Data Capture (CDC) uses Server Agents to record, insert, update, and delete activity applied to database tables. CDC provides details on changes in an easy-to-use relational format. It captures column information and metadata needed to apply the changes to the target environment for modified rows. A changing table that mirrors the column structure of the tracked source table stores this information.

        Capturing change data is no easy feat. However, the open source Apache SeaTunnel project i€ is a data integration platform provides CDC function with a design philosophy and feature set that makes these captures possible, with features above and beyond existing solutions.

        CDC usage scenarios

        Classic use cases for CDC is data synchronization or backups between heterogeneous databases. You may synchronize data between MySQL, PostgreSQL, MariaDB, and similar databases in one scenario. You could synchronize the data to a full-text search engine in a different example. With CDC, you can create backups of data based on what CDC has captured.

        When designed well, the data analysis system obtains data for processing by subscribing to changes in the target data tables. There's no need to embed the analysis process into the existing system.

      • Dan Langillemysqldump: Couldn’t execute ‘FLUSH TABLES’: Access denied; you need (at least one of) the RELOAD or FLUSH_TABLES privilege(s) for this operation (1227)

        This article is a copy/paste/modify of mysqldump: Error: ‘Access denied; you need (at least one of) the PROCESS privilege(s) for this operation’ when trying to dump tablespaces.

    • Openness/Sharing/Collaboration

      • Open Data

        • uni MITWhere the sidewalk ends: Most cities don’t map their own pedestrian networks. Now, researchers have built the first open-source tool to let planners do just that.

          The paper, “Mapping the Walk: A Scalable Computer Vision Approach for Generating Sidewalk Network Datasets from Aerial Imagery,” appears online in the journal Computers, Environment and Urban Systems. The authors are Hosseini; Sevtsuk, who is the Charles and Ann Spaulding Career Development Associate Professor of Urban Science and Planning in DUSP and head of MIT’s City Form Lab; Fabio Miranda, an assistant professor of computer science at the University of Illinois at Chicago; Roberto M. Cesar, a professor of computer science at the University of Sao Paulo; and Claudio T. Silva, Institute Professor of Computer Science and Engineering at New York University (NYU) Tandon School of Engineering, and professor of data science at the NYU Center for Data Science.

      • Open Access/Content

        • Bjoern BrembsShould you trust Elsevier?

          The fact that Elsevier fits the consensus definition of a “predatory publisher” so well is thus only one of many reasons why data kraken Elsevier is so reviled in the academic community, but a reminder of it seems to have triggered the “we really can be trusted, honestly, this time” wolf-in-sheep-clothing-reflex in the RELX CCO Dr. Abrahams, such that he responded: [...]

    • Programming/Development

    • Standards/Consortia

      • Silicon AngleFujitsu and Dell pave the way for continued Open RAN adoption

        “We’re big open radio access network advocates,” said Greg Manganello (pictured, left), global head of network services at Fujitsu. “We’re one of the leading founders of that open standard. The reason is it give operators choices and much more vendor diversity and therefore a lot of innovation when they build out their 5G networks.”

  • Leftovers

    • 2023-03-13Lymphocytes
    • Jason KottkeKottke.org Is 25 Years Old Today and I’m Going to Write About It

      My love for the web has ebbed and flowed in the years since, but mainly it’s persisted — so much so that as of today, I’ve been writing kottke.org for 25 years. A little context for just how long that is: kottke.org is older than Google. 25 years is more than half of my life, spanning four decades (the 90s, 00s, 10s, and 20s) and around 40,000 posts — almost cartoonishly long for a medium optimized for impermanence. What follows is my (relatively brief) attempt to explain where kottke.org came from and why it’s still going.

    • Science

      • Nicholas Tietz-SokolskyApproximating pi using... a cake?

        This is a really cool technique called Buffon's needle problem and I first heard about it from my grandfather at a restaurant. I think I was in middle school. Anyway, he was telling me about this way that you could estimate pi by tossing a needle on the floor and counting the number of times where it ended up crossing the line between floor boards.

    • Education

    • Hardware

      • CNX SoftwareSilicon Labs announces MG27 and BG27 Bluetooth LE & 802.15.4 SoCs for small devices, healthcare

        Silicon Labs has just announced the tiny BG27 Bluetooth LE and MG27 multiprotocol wireless SoCs designed for small devices, and they will be especially useful in connected health applications, or the so-called Internet of Medical Things (IoMT), as well as wearables, sensors, switches, smart locks, and commercial and LED lighting.

      • CubicleNateRestoring SteamDeck Unresponsive Touchscreen

        I recently had an issue with my SteamDeck where the touch screen would not respond to any input. Rebooting, even turning off and back on didn’t seem to solve the issue. I was a bit worried. Had my new favorite hand-held console broken? Did one of my kids do something nasty to it?

    • Health/Nutrition/Agriculture

      • Copenhagen PostNovo Nordisk to slash its insulin prices in the US

        Move by Danish pharma giant comes in the wake of lawsuit in California and at the urging of President Biden

      • NPRNeurotech could connect our brains to computers. What could go wrong, right?

        Who is she? Nita Farahany is professor of law and philosophy at Duke Law School. Her work focuses on futurism and legal ethics, and her latest book, The Battle For Your Brain, explores the growth of neurotech in our everyday lives.

      • Stacey on IoTSonde Health wants to use speech to track health

        I am being a bit cautious here, because Sonde Health doesn’t diagnose these conditions and maybe never will. Instead its CEO David Liu told me that it analyzes a 30-second vocal sample for characteristics that indicate a person may have depression, anxiety, or cognitive decline. For asthma and COPD, patients provide a six-second vocal sample.

      • QuilletteHormones First. Research Later

        The Tavistock recognised that it was in experimental territory. In 2011, the clinic decided to introduce puberty blockers for children from the age of 12—but only under the auspices of a formal research project guided by careful patient assessment, monitoring, and informed consent. “Between 2011 and 2014, 44 patients aged 12–25 joined [GIDS’s] Early Intervention Study,” Barnes reports. “While this study began with admirable aims—to test the claims about what was seen as an experimental treatment in a safe research setting—[the clinic] did not wait for the data to emerge before rolling out early puberty suppression more widely [in 2014]. The full results would remain unpublished for almost a decade.”

      • Danish municipalities introduce shorter school days and new subjects

        Staff and local government leaders in seven municipalities given more freedom over their administration in a 2021 trial scheme have introduced a number of new measures at schools and elderly care facilities.

      • Danish company gives unlimited sick days to employees with kids

        A Danish energy company has said it will not limit sick days for staff with children. More businesses could eventually adopt the model according to an expert.

      • The Local SEÖresund Bridge raises toll for single journeys between Sweden and Denmark

        The Öresund Bridge on Thursday increased its toll for single journeys but said that new discount rates will be introduced.

    • Proprietary

      • Security WeekMicrosoft Warns of Outlook Zero-Day Exploitation, Patches 80 Security Vulns [iophk: Windows TCO]

        The Redmond, Wash. software giant pushed out fixes for at least 80 Windows flaws and called special attention to CVE-2023-23397, a critical-severity issue in Microsoft Outlook that has been exploited in zero-day attacks.

        As has become customary, Microsoft’s security response center did not provide details or indicators of compromise (IOCs) to help defenders hunt for signs of compromise.

      • The Register UKMicrosoft squashes Windows bug exploited to inflict ransomware misery

        Both vulnerabilities allow crooks to bypass this feature, which means their victims can download malicious files packed with ransomware that do not carry the MotW flag, which would trigger this added layer of security.

        While miscreants used JScript files to deliver Magniber ransomware via the earlier bug, the new campaign uses Microsoft Software Installer (MSI) files with a different type of malformed signature, according to TAG.

      • The Register UKCrims exploit Microsoft, Fortinet flaws before any patches exist [iophk: Windows TCO

        "The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client," Microsoft explained. "This could lead to exploitation BEFORE the email is viewed in the Preview Pane."

      • Brad TauntStop Using Custom Web Fonts

        I was trying to understand how we ended up in a situation where web/UI designers (myself included) have started to insist on using proprietary, custom web fonts. Do any users actively benefit from custom web fonts? Are there any useful and measurable goals achieved by including them? Do end-users actually care about a website's typeface?

        For the most part, I believe the answer to all those questions is: not really.

      • Security WeekRansomware Group Claims Theft of Valuable SpaceX Data From Contractor [iophk: Windows TCO]

        The LockBit ransomware group claims to have stolen valuable SpaceX files after breaching the systems of piece part production company Maximum Industries.

      • The Register UKMicrosoft and GM deal means your next car might talk, lie, gaslight and manipulate you

        Still, details are scant for now. GM's vice president of software defined vehicle and operating system, Scott Miller, let slip to news site Semafor "that the company is developing an AI assistant" claimed to "push things beyond the simple voice commands available in today's cars."

      • Bruce SchneierNetWire Remote Access Trojan Maker Arrested

        From Brian Krebs:

        A Croatian national has been arrested for allegedly operating NetWire, a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owner for the past 11 years.

    • Pseudo-Open Source

      • Openwashing

        • uni StanfordAlpaca: A Strong Open-Source Instruction-Following Model

          We emphasize that Alpaca is intended only for academic research and any commercial use is prohibited. There are three factors in this decision: First, Alpaca is based on LLaMA, which has a non-commercial license, so we necessarily inherit this decision. Second, the instruction data is based OpenAI’s text-davinci-003, whose terms of use prohibit developing models that compete with OpenAI. Finally, we have not designed adequate safety measures, so Alpaca is not ready to be deployed for general use.

    • Security

      • Scoop News GroupPresidential advisory council recommends cyber mandates for critical infrastructure

        The National Infrastructure Advisory Council also stresses the need for cybersecurity mandates on tech vendors serving the industrial sector.



        [...]

        Some of its other recommendations include developing a common playbook for local government, engaging vulnerable communities in planning and restoration efforts such as low-income, tribal communities and organized labor, enhanced information sharing between sectors, and to analyze “common cause” failures in critical infrastructure supply chains.

        Additionally, the advisory group recommends harmonizing standards across the federal government, particularly when it comes to organizations that operate in multiple critical infrastructure sectors.

      • Scoop News GroupCISA tests ransomware alert system to safeguard vulnerable organizations

        The Cybersecurity and Infrastructure Security Agency launched a ransomware warning pilot for critical infrastructure owners and operators.

      • Data BreachesTwo Men Charged for Breaching Federal Law Enforcement Database and Posing as Police Officers to Defraud Social Media Companies

        A criminal complaint was unsealed today in federal court in Brooklyn charging Sagar Steven Singh and Nicholas Ceraolo with wire fraud and conspiracy to commit computer intrusions. The charges stem from Singh’s and Ceraolo’s efforts to extort victims by threatening to release their personal information online. Singh was arrested this morning in Pawtucket, Rhode Island, and will make his initial appearance this afternoon in federal court in Providence, Rhode Island. Ceraolo remains at large.

        In pursuit of victims’ personal information, Singh and Ceraolo unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports. Ceraolo (with Singh’s knowledge) also accessed without authorization the email account of a foreign law enforcement officer, and used it to defraud social media companies by making purported emergency requests for information about the companies’ users.

      • Integrity/Availability/Authenticity

        • India TimesResearchers have an 'AI chatbot' warning for you

          According to the Norton Consumer Cyber Safety Pulse report, cybercriminals are now capable of creating deepfake chatbots, opening another way for threat actors to target less tech-savvy people. Researchers warn that those using chatbots should not provide any personal information while chatting online.

      • Privacy/Surveillance

      • Confidentiality

        • Scoop News GroupCancer patient sues medical provider after ransomware group posts her photos online [iophk: Windows TCO]

          Last month, in an increasingly common experience for hospitals, the AlphV/BlackCat ransomware crew posted a notice on the dark web announcing that it had penetrated Lehigh’s system and was prepared to publish files if the provider didn’t pay. The revealing photos of the woman who brought the suit, identified only as Jane Doe, were apparently among several documents the group posted as proof of their access to Lehigh’s network.

        • Data BreachesJelly Bean Communications Design and its Manager Settle False Claims Act Liability for Cybersecurity Failures on Florida Medicaid Enrollment Website

          The Florida Healthy Kids Corporation (FHKC) is a state-created entity that offers health and dental insurance for Florida children ages five through 18. FHKC receives federal Medicaid funds as well as state funds to provide children’s health insurance programs. On Oct. 31, 2013, FHKC contracted with Jelly Bean for “website design, programming and hosting services.” The agreement required that Jelly Bean provide a fully functional hosting environment that complied with the protections for personal information imposed by the Health Insurance Portability and Accountability Act of 1996, and Jelly Bean agreed to adapt, modify, and create the necessary code on the webserver to support the secure communication of data. Jeremy Spinks, the company’s manager, 50% owner, and sole employee, signed the agreement. Under its contracts with FHKC, between 2013 and 2020, Jelly Bean created, hosted, and maintained the website HealthyKids.org for FHKC, including the online application into which parents and others entered data to apply for state Medicaid insurance coverage for children.

        • Data BreachesNo need to hack when it’s leaking, DC Health Link edition



          The DC Health Link incident attracted a lot of media attention because it involved members of Congress, their staff, and their families. As StateScoop reported today, DC Health Benefit Exchange said on Friday that 56,415 customers had their data swept up in the breach. But it wasn’t just members of Congress and those associated with them whose information was compromised. StateScoop reports that the data set posted Sunday by Denfur also included hundreds of names spread across at least 20 foreign embassies and thousands of other employers. And as CyberScoop previously reported, the data set also included former national security and defense officials and “a wide swath of the capital city from employees of coffee shops, to dentist offices to civil society groups.”

          After DataBreaches’ post appeared, Denfur contacted DataBreaches to discuss the leak. By agreement, DataBreaches is not disclosing his actual (main) account on BreachForums but notes that the “Denfur” account is just an “alt” to protect his main account while leaking the DC Health Links data.

        • Data BreachesData from Vietnam’s state-owned oil and gas group and affiliated firms leaked

          Three Vietnamese firms involved in the petroleum industry and infrastructure may first be learning that some of their files are being given away freely on BreachForums.

    • Defence/Aggression

    • Transparency/Investigative Reporting

    • Environment

      • El PaísUS will limit toxic ‘forever chemicals’ in drinking water

        The plan marks the first time the EPA has proposed regulating a toxic group of compounds that are widespread, dangerous and expensive to remove from water. PFAS, or per- and polyfluorinated substances, don’t degrade in the environment and are linked to a broad range of health issues, including low birthweight babies and kidney cancer. The agency says drinking water is a significant source of PFAS exposure for people.

      • AxiosEPA moves to limit "forever chemicals" in drinking water

        Why it matters: If the proposals become official, it'd be the first time the federal government would require utilities to remove the dangerous chemicals from drinking water before they reach households and businesses.

      • TwinCities Pioneer PressEPA to limit toxic ‘forever chemicals’ in drinking water

        “This is a really historic moment,” said Melanie Benesh, vice president of government affairs at the Environmental Working Group. “There are many communities that have had PFAS in their water for decades who have been waiting for a long time for this announcement to come out.”

      • teleSURAlaska Oil Drilling Project Approved -Biden Administration

        The government will also introduce new protections for more than 13 million acres of "ecologically sensitive" Special Areas within the National Petroleum Reserve-Alaska, where the Willow project would be located.

        "The President and the Biden-Harris administration's economic program have put the United States back on the right track to meet its 2030 and 2050 climate goals while reducing U.S. dependence on oil," the Department stated.

      • AxiosEnvironmental groups sue Biden administration over Alaska oil project

        What they're saying: "No single oil and gas project has more potential to set back the Biden administration’s climate and public lands protection goals than Willow — the largest new oil and gas project proposed on federal lands," per a statement from Trustees for Alaska, which represents the environmental groups.

      • Energy/Transportation

        • VoxBiden just broke a big climate promise

          But anti-Willow Native advocates don’t see these concessions as adequate. “The true cost of the Willow project is to the land and to animals and people forced to breathe polluted air and drink polluted water,” said a statement from Sovereign Iñupiat for a Living Arctic, an Indigenous grassroots group. “While out-of-state executives take in record profits, local residents are left to contend with the detrimental impacts of being surrounded by massive drilling operations.”

          And the climate impacts, activists worry, could be considerable because of how much new oil the Willow project will bring to market when the world can’t afford it in its carbon budget.

        • Vice Media Group24 Hours of News Shows America's Transportation Hellscape

          The U.S. has long been in a transportation crisis, but it is entering something more like a transportation suicide pact. Car-dependent cities are growing and unable to function, jammed in gridlock. But voters and politicians there are justifiably skeptical about proposals to build mass transit systems to escape the gridlock, for want of an example of a U.S. city that has built a successful one in the last half-century. The few half-decent transit systems we do have are old and breaking down due to a combination of underfunding and poor management, each encouraging more of the other. And any attempt to improve our existing systems or build new ones are proving so astronomically expensive and take so long that we can’t build enough new stuff to accomplish anything meaningful.

      • Wildlife/Nature

        • The Straits TimesThe battle to save Cambodia's river dolphins from extinction

          Cambodia has announced new restrictions on fishing in the Mekong River to reduce the number of dolphins killed.

        • Mexico News DailyMexico sends 250 big cats to Indian conservation center

          After months of hard work, Mexican animal groups have managed to arrange the transport of 250 lions, tigers and leopards to a reserve in India.

        • GannettBeavers reclaim land in southeast Michigan

          According to Robert Burns, Detroit River Keeper with the Friends of Detroit River group, populations are increasing because areas are more habitable to the species.

          “We’ve noticed in the last 10 to 15 years that there are more beavers starting to move to the area,” Burns said. “From a habitat perspective and an indicator perspective, it shows that things are changing in the river that are conducive for various populations to start to reform and increase.”

      • Overpopulation

        • VOA NewsWarming Oceans Exacerbate Security Threat of Illegal Fishing, Report Warns

          "IUU actors and fishers in general will be chasing those fish stocks as they move. And there's predictions, or obviously concern, that they will move in across existing maritime boundaries and IUU actors will pursue them across those boundaries," report co-author Lauren Young told VOA.

          RUSI said that global consumption of seafood has risen at more than twice the rate of population growth since the 1960s. At the same time, an increasing proportion of global fish stocks have been fished beyond biologically sustainable limits.

        • OverpopulationCultured meat and the lifeless world

          By attempting to avoid animal suffering, are we depriving them of life? Is lab-cultured ‘meat’ enlightened environmentalism, or just another attempt to cheat limits to growth, divorcing us further from the natural world? Gaia Baracetti reflects on her sheep, her fields, food culture and the moral pitfalls of seductive new technologies.

    • Finance

    • AstroTurf/Lobbying/Politics

      • The Straits TimesMalaysia Edition: Ex-PM Muhyiddin a victim of political persecution? | Rediscover Genting Highlands
      • The Straits Times2023-03-15Japanese YouTuber-turned-MP sacked for having never showed up in Parliament
      • The Local SEParty secretary for Sweden's Christian Democrats steps down in 'me too' case

        Johan Ingerö, the Christian Democrat policy advisor who helped develop its harder, more populist approach, is stepping down after after he was reported to the police for drunkenly groping a party colleague.

      • Runa SandvikFact Check: the UK and its Online Safety Bill

        If you have followed technology news for a while, you will have heard of the Online Safety Bill in the UK. This bill, framed as “a new set of laws to protect children and adults online,” will make “social media companies more responsible” for what we see via their platforms. Introduced in the spring of 2021, the bill has been altered, altered again, put on hold, put on hold a second time, then altered some more. Experts have repeatedly condemned the bill, arguing that it represents a threat to internet safety.

        In short: it’s a disaster.

      • [Old] Alec MuffetThe Guardian has been polling #StayAtHomeDad-s about their career choices; I have no idea if this will ever go anywhere but it gave me a chance to talk about the #OnlineSafetyBill

        Oh yes, I have concerns, but the most enormous one at the moment is the “Online Safety Bill” which to most parents sounds great but speaking as an acknowledged expert in encryption and online privacy, it is… well, it’s stripping from my daughter the opportunity to have the kinds of privacy, assurance and integrity that to date we have all taken for granted, in the names of “protecting” her now.

      • India TimesUK security minister Tom Tugendhat asks NCSC to investigate TikTok’s security

        Tom Tugendhat, the UK security minister, says he has not ruled out joining other countries in prohibiting Chinese-owned video-sharing apps on work phones, but he would make a more definitive statement after reviewing the report from the centre.

      • NDTVWatch - "If I Go To Jail Or They Kill Me...": Imran Khan's Video Message

        The 70-year-old politician, also a cricket legend, is wanted in the Toshakhana corruption case. Pakistan's election commission in October last year found him guilty of unlawfully selling gifts from foreign dignitaries during his term as prime minister.

        Charges were then filed against him in an anti-corruption court that last week issued an arrest warrant after Khan skipped summons.

      • Bruce SchneierHow AI Could Write Our Laws

        But lobbying strategies are not always so blunt, and the interests involved are not always so obvious. Consider, for example, a 2013 Massachusetts bill that tried to restrict the commercial use of data collected from K-12 students using services accessed via the internet. The bill appealed to many privacy-conscious education advocates, and appropriately so. But behind the justification of protecting students lay a market-altering policy: the bill was introduced at the behest of Microsoft lobbyists, in an effort to exclude Google Docs from classrooms.

        What would happen if such legal-but-sneaky strategies for tilting the rules in favor of one group over another become more widespread and effective? We can see hints of an answer in the remarkable pace at which artificial-intelligence tools for everything from writing to graphic design are being developed and improved. And the unavoidable conclusion is that AI will make lobbying more guileful, and perhaps more successful.

        It turns out there is a natural opening for this technology: microlegislation.

    • Censorship/Free Speech

      • VOA NewsMoscow Ramps Up Pressure on Radio Free Europe/Radio Liberty

        RFE/RL has described the foreign agent law as a tool of political censorship. It has challenged Moscow’s actions at the European Court of Human Rights.

        Russia’s foreign agent law was expanded to include media after a 2017 U.S. order compelled Kremlin-backed media operating in America to register with the Department of Justice’s Foreign Agent Registration Act, also known as FARA.

      • RFAChinese talent show host banned from Weibo over anti-Putin comments

        Zhou's post had hit out at online support for "Putin the Great," criticizing his "band of fighters" among Chinese social media accounts and making reference to territory ruled by Russia that he said should belong to China.

        "Why are there always some Chinese who inexplicably send such kind words to Russia?" the post said.

      • ReasonLatest Journal of Free Speech Law Article Published 2 Months After It Was Submitted

        One goal of our peer-reviewed Journal of Free Speech Law is to be able to publish quickly, when the author so prefers. We haven't always been as quick as we'd have liked, but it seems like we now have the proper staffing and procedures to be quite good about it.

      • VOA NewsIn Russia, Censors Take On Truth Online

        As Russia tries to control the narrative on the war in Ukraine, online news providers and aggregators find themselves in tricky territory.

        Apps and even people who share information online have been hit with penalties. A Russian court in July fined Google more than $370 million for refusing to remove information about the war, including from YouTube. And earlier this month, a Siberian court sentenced a freelance journalist to eight months’ corrective labor for “knowingly distributing” what it called “false information” about the army in social media posts.

      • RFERLMore Prison Terms Handed Down In Belarus Over 2020 Anti-Lukashenka Protests

        [...] The charges stem from the defendants' participation in nationwide protests that followed a disputed presidential election in August 2020 that handed a sixth term in office to authoritarian ruler Alyaksandr Lukashenka. [...]

      • teleSUR2023-03-15What Impact Has US Foreign Policy Had On Pakistan?
    • Internet Policy/Net Neutrality

    • Monopolies

  • Gemini* and Gopher

    • Personal

    • Politics

      • Conservatism is means, not ends

        One of the reason the left and the right can’t talk to each other is that the left ideology is about ends (justice for all) but is often flailing around when it comes to describing how to actually accomplish that, while the right ideology for the most part try to obscure their ends while having crisply defined means, a program for how they want to organize society and policy.

      • Silicon Valley and Venture Capitalists

        The collapse of SVB (Silicon Valley Bank) is another landmark of what I call the Tech Reboot. The low interest environment fuelled speculation in risky enterprises. As interest rates rose it started a reversal of that trend. Let me illustrate. Two days ago GitLab shares lost 38% after "weak" revenue forecasts. Its revenues actually rose 58% year over year. Its TTM (Trailing Twelve Month) revenue is $379m. Its market cap is currently $5.1b based on a share price of $33.96. It is loss-making. Let me spell that out. If you make $379m in revenue, but you still cannot make a profit, then you do not have a viable business. Its valuation is over 10X revenue - a sky-high valuation level. I reckon that Silicon Valley startups are going to have to lose 90% of the valuation in order to get close to more rational level of valuation.

    • Technical

      • Science

        • Can Humanity Simulate a Universe

          The background to this question is of course the simulation hypothesis, the hypothesis that we live in a simulation. While I won't go into the philosophical details of this hypothesis, I want to analyze if it currently is feasible for humanity to simulate a universe.

      • Programming

        • Chesslikes

          I return to chess and chess-likes every so often. Abstract board games keep my interest in the longhaul though there are sometimes many months that go by between playing them. For the past two years I had been on a Backgammon kick, playing with different friends and my partner and even online. Lately though I've been back on chess, and specifically some of the variants below. Short descriptions and biased anecdotal reviews below.

          I'm using the term chess-like facetiously. In the wider world there is a known title "Chess Variant." This is a term for the family of games based on Chess, with different rules variations and sometimes completely different pieces, though often on a standard or enlarged regular gridded chessboard. By the way, one of my favorite chess variant terms is "fairy pieces," the term for a variant chess piece not found in the now-standardized classic chess.

        • Cross compilers III: cross compiling Rust

          Since the official Rust compiler, rustc, uses llvm as a code generator, it is technically already capable of cross compilation to any of the architectures that llvm supports. However, we still need a linker for the target. Eventually lld, being a cross linker, might be a suitable drop in for this use. However, I have not really been able to find information on how to set this up or if it is even possible. What definitely is possible is using gcc as a driver for the linker, as this is what rustc does by default already. We're just going to swap out our system gcc for a cross gcc such as that built in part one of this series.


* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.



Recent Techrights' Posts

A Free Software Foundation (FSF) Led by Dr. Richard Stallman Can Still Raise a Lot of Money
Give people more time (e.g. until end of January) and maybe hit the target
Good Gains for Android for GNU/Linux in New Zealand This Year
Notice that GNU/Linux rose to its highest point (this month)
2024 a Record Year for Android (Almost 50% "Market Share"), Which is Now Bigger in Europe Than Microsoft Windows
a look at Europe
Wishing for a Wikileaks Renaissance in 2025
as a site that facilitates whistleblowers, hosting large leaks
[Meme] Getting Banned From Social Control Media 2 Days or Two Weeks Before Leaving Office
Seems like interference using dinners with an insurrectionist
Jimmy Carter on Globalisation of "Tech"
Carter's legacy in the area of science (and technology)
The True Importance of Diversification
Monopoly or monoculture breed fragility
This New Talk Helps Explain Why Crimes at the European Patent Office (EPO) and Patent Policy Deficits Remain Unaddressed by the European Commission
Corporations write and enforce the law
Enshittification is Everywhere
Computer Science has been reduced to just "computer" (spyphone)
Move to GNU/Linux and Save the Planet, CCC Talk Explains
video of the talk
The Free Software Foundation (FSF) Tells Us All to "Keep Putting Pressure on Microsoft"
"Grassroots organization against a corporation as large as Microsoft is never easy"
 
Links 30/12/2024: Fentanylware (TikTok) Concerns and Aftermath of Cut Cables
Links for the day
Is Microsoft's Plundering of Africa Coming to an End?
Microsoft had many layoffs in Africa this year
Microsoft Windows Down From 23% to 20% This Year in Asia (Android Up From 54% to Almost 60%)
Less and less of Windows, more of the Linux-powered Android
15 Years Ago Mozilla Firefox Had Over 50% of the Slovakian Market, Now Google's Chrome Has Over 70%
Peaked at 72.4% earlier this year
Remembering When Photography Meant Realistic Captures of Reality, Not "Hey Hi" (AI) and 'Instagrammed' (Filtered, Manipulated)
Fake pictures predate the "hey hi" hype; Instagram in particular was full of these
Apple's Main Stronghold (North America) at Risk From GNU/Linux
Apple had several rounds of layoffs in the US this year
statCounter: Microsoft Windows Down a Percent This Year in South America, GNU/Linux Up to 3.2%
Microsoft down, freedom up
The Threat of Googlebombing and LLMs
There are many Carters, but search engines and LLMs lack the "logic" (or common sense) to tell the difference
Social Control Media (Not Just TikTok) is a "Modern Challenge" to Democracy
Society is worse off with Social Control Networks
IBM's Bad Leadership is a Threat to GNU/Linux
We worry that since Red Hat controls so much of the GNU/Linux stack difficulties at IBM will result in divestment
Putting Some Eggs in the Geminispace Basket
Do not bet on the future of the Web
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, December 29, 2024
IRC logs for Sunday, December 29, 2024
Gemini Links 30/12/2024: Countdown to New Year, Tinylogging, and LLM Hype
Links for the day
Incredible! Beta'News' Now Runs Ads as 'Articles' About 'Hey Hi' (AI), Written by LLMs
Does it get any more rogue than this?
Our Most Relaxing Christmas Ever?
this Christmas was our most calm every (in recent memory at least)
Bad Year for Microsoft in India (and Another All-Time Low, Windows at 12% "Market Share")
Microsoft is the next Intel
Keeping Online Even During Wars
the Internet is still quite robust
Fascistic Regimes and Their Justices Will Leverage Social Control Networks to Their Advantage (Power Grab), They Won't Protect Constituents From Them
"controlling the voices and all the narratives, including the press because they too buy into the lies that it is a communications medium"
New Year's Resolution for Techrights: No More Very Short Posts
If we publish memes, as above, then we'll try to at least contextualise them somewhat
Links 29/12/2024: Phytium Sells Chinese CPUs and Landing Gear Malfunction Crashes Plane in Korea
Links for the day
Links 29/12/2024: Facebook Wants More Bots and Slop, Whistleblowers and Bloggers Under Attack
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, December 28, 2024
IRC logs for Saturday, December 28, 2024
Gemini Links 29/12/2024: Supernatural Mystery and Mechanical People
Links for the day
Links 28/12/2024: Standards Emphasised, Putin Implicitly Admits Taking Down Passenger Plane
Links for the day
Links 28/12/2024: BRICS-Controlled Social Control Media Defended by GOP, "Paper Passport Is Dying"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, December 27, 2024
IRC logs for Friday, December 27, 2024
Links 28/12/2024: Having Bosses, Ada's Dependent Types
Links for the day