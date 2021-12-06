Software: Lynx, Stellarium, and Audiobookshelf
The Lynx web browser was first released in Spring 1992 (evidence here), is still in development with a new update sometime this year (v2.9.0). Lynx was originally made for Unix, DOS and other text-only operating systems, but has also been ported to Linus, MacOS, Windows, and nearly every commonly used operating system.
I don’t use Lynx much these days, but I have great fondness for it. Back in the 1990s when I was at my poorest (unemployed, on welfare, using a Frankenstein PC), I couldn’t afford paid internet. I could, however, use my 14.4K modem to dial into the local Freenet, for an hour per day (or more than one between 12am-6am) running Lynx to do it. This allowed me to browse websites, read Usenet groups, send emails, reserve or renew books at the local library on Telnet, but most importantly, read the job bank at the local unemployment office (hooray for early adopters!) and find the job that got me back on my feet. I might not be where I am today without the same opportunities.
Stellarium is an excellent free, open-source night sky exploration and mapping software application
Free to use across multiple platforms and as professionally built as any paid-for software, Stellarium feels premium despite the lack of cost. Take a wide view of the night sky to track subjects on any given night or zoom right in to see them in more detail. There’s a wealth of information and history for everything from the planets of the solar system to star constellations and nebulae.
Reading is one of life’s great pleasures - along with cooking, fiddling with Raspberry Pis and exploring deep, dark forests, the birds of the Crow’s nest can often be found with their noses (beaks) deep in works of literary fiction.
From the ages of three to 20, the Crow would spend his weekends in libraries, second-hand bookshops and market stalls.
Programming Leftovers
Dear Fellowlship, today’s homily is about the quest of a poor human trying to escape the velvet jail of disable_functions and open_basedir in order to achieve the holy power of executing arbitrary commands. Please, take a seat and listen to the story of how our hero defeated PHP with the help of UAF The Magician.
One of my favorite tool is XPath, the query language for exploring XML and HTML trees. In this post, I will highlight a few use cases of this “angle-bracket crunching tool” and hope to convince you that it’s an awesome thing to know about and play with.
It would be possible to do a simple version manually, manually deploy to a slice of production after approval. However, merge conflicts would cause a lot of pain and forgotten versions that were never cleaned up would cause bugs and outages.
There are also upsides to the more complex monitoring. Incident response times can be significantly improved because it is easier to identify the last good version. Especially if you have a holdback you can just see which of the holdback versions have the issue. This makes it quickly identify if a rollback will help and which version need to be rolled back to. This also makes it quicker to identify the actual commit that caused the issues as you only need to look at the changes in a small release instead of a large release.
I think this interpretation is wrong, and have always instead understood it to mean this:
Once a bug is known to exist, the more people are looking for what causes it, the faster it is likely to be found, and then fixed.
For the best analysis of this question, it’s best to just look around ourselves. We all can notice a drastic change and progress in our surroundings, who is responsible for this? It’s today’s technology, due to this Artificial Intelligence or AI-based machinery only now the productivity of every task has increased by multiple times, the goods are now available much quicker and reasonable rates anywhere over the world. From manufacturing to transportation to development and security every field has been flourished with the introduction of AI-themed products and appliances. But is also true that we humans have not even scratched the surface of AI till now, It still has a lot to discover. We have understood its importance, its use, and its demand, but we still can’t predict how much potential an AI model has. For now, large factories, machinery, robotic arms, and many more are controlled via AI. Today the whole world’s house is being automated using AI-based Siri and Alexa.
A community of developers has formed to modernize the Fortran ecosystem. In this article, we describe the high-level features of Fortran that continue to make it a good choice for scientists and engineers in the 21st century. Ongoing efforts include the development of a Fortran standard library and package manager, the fostering of a friendly and welcoming online community, improved compiler support, and language feature development. The lessons learned are common across contemporary programming languages and help reduce the learning curve and increase adoption of Fortran.
Proprietary Software and Security
YouTube comment spam can take many forms. Major creators are often concerned about spam that impersonates them, promises viewers something good for messaging them, and then directs individuals off YouTube in some way to eventually scam them.
The absence of significant cyberattacks against Ukraine by Russia during the current war is the dog that didn’t bark or bite. Cybersecurity experts around the globe are puzzling over why Russia, with highly sophisticated cyberattack capabilities as demonstrated by NotPetya, election meddling and the SolarWinds software supply chain breach, has not done more to disrupt digital operations in Ukraine.
Aside from a few isolated and largely ineffective attacks and a surprisingly mild disinformation campaign, Russia has either refrained from or been incapable of flexing its sizable cyberwarfare muscles in the conflict. The burning question is: Why?
The vulnerability – tracked as CVE-2022-22954 and with a CVSS rating of 9.8 – arises as the result of a server-side template injection issue.
“A malicious actor with network access can trigger a server-side template injection that may result in remote code execution,” VMware warns in a security bulletin.
Also on the critical list are two authentication bypass vulnerabilities in the OAuth2 ACS framework, which is tied to VMware Workspace ONE Access.
These flaws – tracked as CVE-2022-22955 and CVE-2022-22956 and both with a CVSS rating of 9.8 – each bypass an authentication mechanism and “execute any operation due to exposed endpoints in the authentication framework”, VMware warns.
The University of Toronto's Citizen Lab says phones belonging to "four Jordanian human rights defenders, lawyers, and journalists were hacked with NSO Group’s Pegasus spyware between August 2019 and December 2021." The researchers don't attribute this activity to any particular government, but they note that two Pegasus customers appear to be primarily focused on targets in Jordan:
"One of the customers, which we name MANSAF, appears to be spying primarily in Jordan, with limited additional operations in Iraq, Lebanon, and Saudi Arabia. We believe that MANSAF has been operating since December 2018.
Mounting pressure on information security professionals is creating a mental health crisis across the industry, a new report claims.
The survey from Vectra AI, released today (April 7), found that more than half of respondents (51%) have suffered depression, anger, or anxiety due to feeling overwhelmed by work.
A further 56% have had sleepless nights worrying about work and 42% have called in sick because they couldn’t face work.
The report polled 200 respondents working in roles across the infosec industry.
China accused of cyberattacks on Indian power grid [Ed: Sounds like another incident or example of Windows in core infrastructure (where it never belonged)]
China has been accused of conducting a long-term cyber attack on India's power grid, and has been implicated in cyber attacks against targets in Ukraine.
Cybersecurity firm Insikt Group found network intrusions at seven Indian State Load Dispatch Centers (SLDCs) that conduct real-time operations for grid control and electricity dispatch, according to a report released Wednesday. All seven SLDCs were located near the disputed India-China border in Ladakh.
Although one of the SLDCs had been previously targeted – in a 2020 incident that Insikt Group named RedEcho and credited to Beijing – the newly identified intrusions target an almost entirely different set of victims.
To further rattle victims, Borat can run such tasks as playing audio, showing and hiding the desktop or taskbar, enabling or disabling the webcam light, turning off the monitor or showing a blank screen.
Since at least 2015, FIN7 gang members have used phishing emails with malicious files attached to break into hundreds of companies' networks. Once they gained access, they injected malware to steal customers' credit- and debit-card numbers, which they then sold on the dark web or used to fund their own shopping sprees.
Microsoft dogs Strontium domains to stop attacks on Ukraine [Ed: Microsoft is a key reason Ukraine's system are vulnerable to Russian attacks; this is a misleading inversion of narratives, reinforced by gullible or complicit publishers]
As by far the most popular content management system, WordPress powers millions of different websites. It's open source software, which means its source code is publicly accessible and can be modified by pretty much anyone with sufficient know-how.
Though WordPress plugins and themes can be purchased, tens of thousands of them are available for free. As one might expect, this does not come without its downsides. So how vulnerable are WordPress sites? What about its themes and plugins? And how can you protect your sites?
Mailchimp has confirmed a miscreant gained access to one of its internal tools and used it to steal data belonging to 100-plus high-value customers.
The clients were all in cryptocurrency and finance-related industries, according to Mailchimp. "Our findings show that this was a targeted incident," the mailing-list giant's CISO Siobhan Smyth said in a statement to The Register on Monday.
Rumors of the intrusion surfaced on Twitter over the weekend: on Sunday, hardware cryptocurrency wallet maker Trezor, whose website is trezor.io, warned someone was sending out emails from noreply[at]trezor[dot]us containing a link to malware designed to harvest wallet owners' information.
Less than an hour later, Trezor said it managed to get the domain names associated with the scam disabled, and that MailChimp said its service had been "compromised by an insider targeting crypto companies."
Repairability Progress
“The thing that’s changing the game more than anything else is the French repairability scorecard,” says Wiens, referring to a 2021 law that requires tech companies to reveal how repairable their phones are — on a scale of 0.0 to 10.0 — right next to their pricetag. Even Apple was forced to add repairability scores — but Wiens points me to this press release by Samsung instead. When Samsung commissioned a study to check whether the French repairability scores were meaningful, it didn’t just find the scorecards were handy — it found a staggering 80 percent of respondents would be willing to give up their favorite brand for a product that scored higher.
European lawmakers are voting in plenary on a Right to Repair resolution today amid calls for the initiative to go even further.
The draft motion for resolution [PDF] cited a survey that found 79 percent of EU citizens thought that manufacturers should make repairs easier, with 77 percent saying a repair would be preferable to replacement, and called for access to parts, repair information, and standardization among devices.
To that end, the motion emphasizes labels to indicate repairability and expected lifetime for products, access to parts and repair facilities, an extension to liability for defective goods beyond two years, and calls on the European Commission to "always take into account the highest possible level of consumer protection and consumer welfare."
In a nod to right-to-repair efforts, Google is partnering with iFixit to offer spare parts for its Pixel smartphones dating all the way back to 2017.
Genuine Pixel parts will be in stock for iFixit customers in the US, UK, Canada, Australia, and EU countries that sell Pixels "later this year." Parts will be available for devices as old as the Pixel 2 through 2021's Pixel 6 Pro, "as well as future Pixel models," Google said today.
Available parts include "everything you need for the most common Google Pixel Repairs – batteries, displays, cameras and more," iFixit said. The repair howto site will be selling parts individually, and as part of its Fix Kits that include necessary pieces and tools needed to perform specific repair processes.
