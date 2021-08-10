What we’re seeing today is a direct result of the success of open-source software. That success means there isn’t a one-size-fits-all description to define open-source software, nor one economic model for how it can succeed.

So, is this the end of the road for the open-source dream? Certainly, many of the open-source naysayers will view the recent upheavals as proof of a failed approach. They couldn’t be more wrong.

In contrast, societal implications and possible negative consequences are loosely conceived and considered (if at all).

Abeba Birhane and colleagues show that ML projects tend to be driven primarily by a narrow set of values and concerns over improving technical performance, efficiency and/or generalisability of ML systems. AI researchers and developers are often motivated either to build on their previous work and understanding, *or* the perceived novelty of the application.

While many proponents like to see the field of Machine Learning as value-neutral and/or universally beneficial, work in this field tends to be animated by a narrow set of motivations and concerns that shapes what projects are chosen, what problems are addressed and how outcome are conceived.

Once you’ve mastered variables and conditionals, you’re ready to learn loops. In this article, you’ll learn the different types of loops provided by Bash and see some examples of using them to accomplish various tasks.

Like any other programming language, Bash supports loops. The loops are used to repeatedly execute a set of commands based on some condition. Along with conditionals, they’re the most common way to control the flow of a program.

Backwards or lateral compatibility allow protocols to draft off the success of previous protocols or competitors. Mosaic had a feature that automatically converted Gopher menus into HTML.

Why did some protocols win and others lose? I think each of these deserves their own deep dive, but distilling a high level lessons.

If you’re tired of typing in a password to log into your computer and you don't use a fingerprint reader or an IR camera, you can at least get a workout in. Maker Victor Sonck has created a Raspberry Pi-powered push-up authentication project so that you break a sweat when you log in. Instead of logging in with something typical like a string of characters, Sonck logs in with a string of reps using a little help from machine learning (ML) on our favorite single-board computer.

The project has been around for at least 15 years now and recently minimig.ca has released a new revision of the board which allows you to put your own 68000 CPU in it. So, of course I ordered one!

The MiniMig is a board which is a hardware reimplmentation of the Amiga custom chips in FPGA which connects to a real 68000 CPU to provide a very accurate replication of an OCS/ECS Amiga. It was the starting point for the Amiga MiSTer core.

[Zak Kemble] likes to build things, and for several years has been pining over various Raspberry Pi products with an eye on putting them into service as a router. Sadly, none of them so far provided what he was looking for with regard to the raw throughput of the Gigabit Ethernet ports. His hopes were renewed when the Compute Module 4 came on scene, and [Zak] set out to turn the CM4 module into a full Gigabit Ethernet router. The project is documented on his excellent website, and sources are provided via a link to GitHub.

Proprietary and Security Leftovers In a remote-work world, a zero-trust revolution is necessary Perimeter security is obsolete for a number of reasons, but mainly because of the prevalence of remote work. Other reasons include: mobile computing, cloud computing and the increasing sophistication of cyberattacks, generally. And, of course, threats can come from the inside, too. In other words, there is no network edge anymore — not really — and even to the extent that perimeters exist, they can be breached. Once [crackers] get inside the perimeter, they can move around with relative ease. Zero trust aims to fix all that by requiring each user, device, and application to individually pass an authentication or authorization test each time they access any component of the network or any company resources.

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. Art Bits from HyperCard Long-time Macintosh users likely remember HyperCard, Apple's strange hypermedia system that was sorta like a cross between index cards, web pages, and 90s interactive edutainment software. HyperCard left a pretty big legacy for the Web to come, influencing everything from JavaScript to wikis to the pointing finger thing for links on pages to fuckin' Myst. Apple packaged in some sample HyperCard stacks to get people up to speed with the software, including one called "Art Bits", which included a ton of sample clip art for use in your own stacks. This stack is fantastic for showing off just how much Apple could do with two colors.

Trivago fined $44.7m over misleading rates Trivago was found guilty in 2020 for telling consumers it would show them the cheapest rates, when it actually ranked hotels by factoring in which advertisers paid the highest per-click fee.

"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic [iophk: Windows TCO] A packet capture (pcap) of the infection traffic and the associated malware samples are available here. The pcap is from an Active Directory (AD) environment. The pcap been sanitized to disguise usernames, hostnames, domains, internal IP addresses, the public IP address used to connect from my test lab to the Internet, and any other information that could identify the environment.

Hive ransomware affiliate targets vulnerable Microsoft Exchange servers The ProxyShell attacks take advantage of three vulnerabilities in Exchange, formally named CVE-2021-34474, CVE-2021-34523 and CVE-2021-31207. They were patched by Microsoft in April and May last year, but the problem is that not all users update their Exchange installations.

Windows 11 usage stats within touching distance of... XP [Ed: Vista 11 is a failure. Windows is dying.] Windows 11 is continuing to struggle both in the enterprise and at home, according to figures published by IT asset management platform Lansweeper. Disappointingly for Microsoft, it has yet to even surpass Windows XP.