Computers & Linux News

Now there's a masculine-sounding option and you can call your device Ziggy. Plus, you can mix and match.

Comic-Con went virtual again in 2020. (San Diego businesses will miss the chance to profit from the 100,000 visitors the convention usually attracted.) And NPR reports the convention has gotten smaller in other ways: Both Marvel Studios and DC are staying away; as it did last year, DC is again directing its resources towards its own event, DC FanDome, set for mid-October. But fans of shows like Doctor Who, Dexter and Comic-Con stalwart The Walking Dead will have lots to look forward to. Rotten Tomatoes and The Verge have gathered up the trailers that did premier. Some of the highlights: Blade Runner: Black Lotus , an upcoming anime television series set to premiere in late 2021 on Crunchyroll and Adult Swim (co-producing it with Alcon Television Group).The upcoming remake of Dune J.J. Abrams' new four-part Showtime documentary about UFOs.Season 2 of Star Trek: Lower Decks and the new Star Trek: Prodigy, a CGI-animated series about a group of aliens who escape captivity onboard the Enterprise. But interestingly, one of the more visibile presenters was: NASA. Current and former NASA officials made appearances on several different panels, according to Space.com, including one on modern space law, U.N. treaty-making, and how it all stacks up against the portrayal we get in our various future-space franchises. And NASA also touted its virtual simulation platform Ed-Tech, "where students can have access to the same tools that professionals use and in the case of space are given the opportunity to solve real problems related to missions to our Moon, Mars, and beyond... from piloting to terra-forming to creating habitats and spacecraft." There was also a panel of four NASA engineers titled "No Tow Trucks Beyond Mars," on "how we go boldly where thereâ(TM)s no one around to fix it. Hear stories from the trenches of the heartbreaks, close calls, and adventures of real-life landing (and flying!) on Mars and our round-table discussion of what Netflix got right in their movie Stowaway." Sunday's panels will include an astronomer, an astrobiologist, and a geologist/paleontologist discussing "The Science of Star Wars" with the concept designer for Star Wars episodes 7-9, Rogue One, and Solo.

Read more of this story at Slashdot.

Take these steps to protect your pets if you live in an area prone to wildfires.

If size and weight in a work laptop matter most to you, the X1 Titanium Yoga is great, if not entirely perfect.

The Fan Edition, redux?

A comprehensive new analysis published in Nature "calculates that the frequency of climate-related nuclear plant outages is almost eight times higher than it was in the 1990s," reports Ars Technica. "The analysis also estimates that the global nuclear fleet will lose up to 1.4 percent — about 36 TWh — of its energy production in the next 40 years and up to 2.4 percent, or 61 TWh, by 2081-2100." The author analyzed publicly available databases from the International Atomic Energy Agency to identify all climate-linked shutdowns (partial and complete) of the world's 408 operational reactors. Unplanned outages are generally very well documented, and available data made it possible to calculate trends in the frequency of outages that were linked to environmental causes over the past 30 years. The author also used more detailed data from the last decade (2010-2019) to provide one of the first analyses of which types of climate events have had the most impact on nuclear power. While the paper doesn't directly link the reported events to climate change, the findings do show an overall increase in the number of outages due to a range of climate events. The two main categories of climate disruptions broke down into thermal disruptions (heat, drought, and wildfire) and storms (including hurricanes, typhoons, lightning, and flooding). In the case of heat and drought, the main problem is the lack of cool-enough water — or in the case of drought, enough water at all — to cool the reactor. However, there were also a number of outages due to ecological responses to warmer weather; for example, larger than usual jellyfish populations have blocked the intake pipes on some reactors. Storms and wildfires, on the other hand, caused a range of problems, including structural damage, precautionary preemptive shutdowns, reduced operations, and employee evacuations. In the timeframe of 2010 to 2019, the leading causes of outages were hurricanes and typhoons in most parts of the world, although heat was still the leading factor in Western Europe (France in particular). While these represented the most frequent causes, the analysis also showed that droughts were the source of the longest disruptions and thus the largest power losses. The author calculated that the average frequency of climate-linked outages went from 0.2 outages per year in the 1990s to 1.5 outages in the timeframe of 2010 to 2019. A retrospective analysis further showed that, for every 1 degree C rise in temperature (above the average temperature between 1951 and 1980), the energy output of the global fleet fell about 0.5 percent.

Read more of this story at Slashdot.

A cloud company's CTO argues on CTO that the "hypocrite commits" controversy "is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users." That ecosystem has long wrestled with problems of scale, complexity and free and open-source software's (FOSS) increasingly critical importance to every kind of human undertaking. Let's look at that complex of problems: - The biggest open-source projects now present big targets. - Their complexity and pace have grown beyond the scale where traditional "commons" approaches or even more evolved governance models can cope. - They are evolving to commodify each other. For example, it's becoming increasingly hard to state, categorically, whether "Linux" or "Kubernetes" should be treated as the "operating system" for distributed applications. For-profit organizations have taken note of this and have begun reorganizing around "full-stack" portfolios and narratives. - In so doing, some for-profit organizations have begun distorting traditional patterns of FOSS participation. Many experiments are underway. Meanwhile, funding, headcount commitments to FOSS and other metrics seem in decline. - OSS projects and ecosystems are adapting in diverse ways, sometimes making it difficult for for-profit organizations to feel at home or see benefit from participation. Meanwhile, the threat landscape keeps evolving: - Attackers are bigger, smarter, faster and more patient, leading to long games, supply-chain subversion and so on. - Attacks are more financially, economically and politically profitable than ever. - Users are more vulnerable, exposed to more vectors than ever before. - The increasing use of public clouds creates new layers of technical and organizational monocultures that may enable and justify attacks. - Complex commercial off-the-shelf solutions assembled partly or wholly from open-source software create elaborate attack surfaces whose components (and interactions) are accessible and well understood by bad actors. - Software componentization enables new kinds of supply-chain attacks. Meanwhile, all this is happening as organizations seek to shed nonstrategic expertise, shift capital expenditures to operating expenses and evolve to depend on cloud vendors and other entities to do the hard work of security. The net result is that projects of the scale and utter criticality of the Linux kernel aren't prepared to contend with game-changing, hyperscale threat models. Among other things, the article ultimately calls for a reevaluation of project governance/organization and funding "with an eye toward mitigating complete reliance on the human factor, as well as incentivizing for-profit companies to contribute their expertise and other resources." (With whatever culture changes this may require.) It also suggests "simplifying the stack" (and verifying its components), while pushing "appropriate" responsibility for security up to the application layer. Slashdot reader joshuark argues this would be not so much the end of Open Source as "more turning the page to the next chapter in open-source: the issues of contributing, reviewing, and integrating into an open-source code base."

Read more of this story at Slashdot.

"Amazon is tired of ringing doorbells," reports the Associated Press. "The online shopping giant is pushing landlords around the country — sometimes with financial incentives — to give its drivers the ability to unlock apartment-building doors themselves with a mobile device." The service, dubbed Key for Business, is pitched as a way to cut down on stolen packages by making it easy to leave them in lobbies and not outside. Amazon benefits because it enables delivery workers to make their rounds faster. And fewer stolen packages reduce costs and could give Amazon an edge over competitors. Those who have installed the device say it reduces the constant buzzing by delivery people and is a safer alternative to giving out codes to scores of delivery people. But the Amazon program, first announced in 2018, may stir security and privacy concerns as it gains traction. The company said that it does background checks on delivery people and that they can unlock doors only when they have a package in hand to scan. But tenants may not know that Amazon drivers have access to their building's front doors, since Amazon leaves it up to the building to notify them... Amazon didn't respond to questions about potential hacking. The company has already installed the device in thousands of U.S. apartment buildings but declined to give a specific number... Amazon salespeople have been fanning out to cities across the country to knock on doors, make cold calls or approach building managers on the street to urge them to install the device. The company has even partnered with local locksmiths to push it on building managers while they fix locks. Amazon installs the device for free and sometimes throws in a $100 Amazon gift card to whoever lets them in.

Read more of this story at Slashdot.

The New York Times' On Tech newsletter shares a thought-provoking story: This week, a top official in the Roman Catholic Church's American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went. I know that people will have complex feelings about this matter. Some of you may believe that it's acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it's a priest who may have broken his vow of celibacy. To me, though, this isn't about one man. This is about a structural failure that allows real-time data on Americans' movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America's vast and largely unregulated data-harvesting industries. The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone. This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with. This data is often packaged in bulk and is anonymous in theory, but it can often be traced back to individuals, as the tale of the Catholic official shows... Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age. We can now choose a different path. "Data brokers are the problem," writes the EFF, arguing that the incident "shows once again how easy it is for anyone to take advantage of data brokers' stores to cause real harm." This is not the first time Grindr has been in the spotlight for sharing user information with third-party data brokers... But Grindr is just one of countless apps engaging in this exact kind of data sharing. The real problem is the many data brokers and ad tech companies that amass and sell this sensitive data without anything resembling real users' consent. Apps and data brokers claim they are only sharing so-called "anonymized" data. But that's simply not possible. Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don't include a legal name. In particular, there's no such thing as "anonymous" location data. Data points like one's home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations. Another piece of the puzzle is the ad ID, another so-called "anonymous" label that identifies a device. Apps share ad IDs with third parties, and an entire industry of "identity resolution" companies can readily link ad IDs to real people at scale. All of this underlines just how harmful a collection of mundane-seeming data points can become in the wrong hands... That's why the U.S. needs comprehensive data privacy regulation more than ever. This kind of abuse is not inevitable, and it must not become the norm.

Read more of this story at Slashdot.

This wild-looking machine is built for dominating the desert and doing it efficiently.

Even caped (and uncaped) crusaders get the blues.

With a drag coefficient of just 0.20 in the right spec, the electric EQS is all about efficiency.

"U.S. health officials said Thursday they now have evidence of an untreatable fungus spreading in two hospitals and a nursing home," reports the Associated Press: The "superbug" outbreaks were reported in a Washington, D.C, nursing home and at two Dallas-area hospitals, the Centers for Disease Control and Prevention reported. A handful of the patients had invasive fungal infections that were impervious to all three major classes of medications. "This is really the first time we've started seeing clustering of resistance" in which patients seemed to be getting the infections from each other, said the CDC's Dr. Meghan Lyman... Health officials have sounded alarms for years about the superbug after seeing infections in which commonly used drugs had little effect. In 2019, doctors diagnosed three cases in New York that were also resistant to a class of drugs, called echinocandins, that were considered a last line of defense. In those cases, there was no evidence the infections had spread from patient to patient — scientists concluded the resistance to the drugs formed during treatment. The new cases did spread, the CDC concluded.... Those cases were seen from January to April. Of the five people who were fully resistant to treatment, three died — both Texas patients and one in Washington. Lyman said both are ongoing outbreaks and that additional infections have been identified since April. But those added numbers were not reported. The fungus, Candida auris, "is a harmful form of yeast that is considered dangerous to hospital and nursing home patients with serious medical problems," they add — and it's spread through contaminated surfaces or contact with patients. Newsweek points out that while it's only recently appeared in America, "infections have occurred in over 30 countries worldwide."

Read more of this story at Slashdot.

Long-time Slashdot reader Ammalgam writes: If you're planning to install Windows 11, you should make sure you download it from official sources. This is because, people who are using pirated or fake methods to get Windows 11 are also downloading malware along with it, according to Kaspersky. The particular file referenced is called 86307_windows 11 build 21996.1 x64 + activator.exe. While it sounds like it includes Windows 11 build 21996.1, and an installer that will automatically activate Windows for you there are some red flags. First, it's only 1.75GB, so while people who want to install Windows 11 might think that's a large file that could be Windows, a real Windows 11 ISO is about 4.87GB... "The 1.75 GB file looks legitimate. But most of this space consists of one DLL file that contains a lot of useless information," explains Mint. And Kaspersky adds that "it even comes with a license agreement (which few people read) calling it a 'download manager for 86307_windows 11 build 21996.1 x64 + activator' and noting that it would also install some sponsored software. If you accept the agreement, a variety of malicious programs will be installed on your machine."

Read more of this story at Slashdot.

The former Beatle, who's 79, gets de-aged to become a much younger man in Find My Way video.

"Hackers working for the Chinese government compromised more than a dozen U.S. pipeline operators nearly a decade ago, the Biden administration revealed Tuesday while also issuing first-of-its-kind cybersecurity requirements on the pipeline industry," reports the Wall Street Journal. The disclosure of previously classified information about the aggressive Chinese hacking campaign, though dated, underscored the severity of foreign cyber threats to the nation's infrastructure, current and former officials said. In some cases, the hackers possessed the ability to physically damage or disrupt compromised pipelines, a new cybersecurity alert said, though it doesn't appear they did so. Previously, senior administration officials had warned that China, Russia and others were capable of such cyber intrusions. But rarely has so much information been released about a specific and apparently successful campaign. Chinese state-sponsored hackers between 2011 and 2013 had targeted nearly two dozen U.S. oil and natural gas pipeline operators with the specific goal of "holding U.S. pipeline infrastructure at risk," the Federal Bureau of Investigation and the Department of Homeland Security said in Tuesday's joint alert. Of the known targets, 13 were successfully compromised and an additional eight suffered an "unknown depth of intrusion," which officials couldn't fully assess because the victims lacked complete computer log data, the alert said. Another three targets were described as "near misses" of the Chinese campaign, which relied heavily on spear phishing attacks. Newsweek adds that the same day the U.S. Department of Homeland Security "announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast." In a statement, DHS said it would require operators of federally designated critical pipelines to implement "specific mitigation measures" to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a "cybersecurity architecture design review."

Read more of this story at Slashdot.

A post on Mozilla's security blog calls FTP "by now one of the oldest protocols still in use" — and it's suffering from "a number of serious security issues." The biggest security risk is that FTP transfers data in cleartext, allowing attackers to steal, spoof and even modify the data transmitted. To date, many malware distribution campaigns launch their attacks by compromising FTP servers and downloading malware on an end user's device using the FTP protocol. Aligning with our intent to deprecate non-secure HTTP and increase the percentage of secure connections, we, as well as other major web browsers, decided to discontinue support of the FTP protocol. Removing FTP brings us closer to a fully-secure web which is on a path to becoming HTTPS only and any modern automated upgrading mechanisms such as HSTS or also Firefox's HTTPS-Only Mode, which automatically upgrade any connection to become secure and encrypted do not apply to FTP. The FTP protocol itself has been disabled by default since version 88 and now the time has come to end an era and discontinue the support for this outdated and insecure protocol — Firefox 90 will no longer support the FTP protocol.

Read more of this story at Slashdot.

Volkswagen has created an aftermarket-esque higher-performance version of its two-row SUV.

In April of 2020, Jeff Bezos announced Amazon would spend their next quarter focusing on people instead of profits, remembers the New York Times: At the end of July 2020, Amazon announced quarterly results. Rather than earning zero, as Mr. Bezos had predicted, it notched an operating profit of $5.8 billion — a record for the company. The months since have established new records. Amazon's margins, which measure the profit on every dollar of sales, are the highest in the history of the company, which is based in Seattle... Amazon's pandemic triumph was echoed all over the world of technology companies. Even as 609,000 Americans have died and the Delta variant surges, as corporate bankruptcies hit a peak for the decade, as restaurants, airlines, gyms, conferences, museums, department stores, hotels, movie theaters and amusement parks shut down and as millions of workers found themselves unemployed, the tech industry flourished. The combined stock market valuation of Apple, Alphabet, Nvidia, Tesla, Microsoft, Amazon and Facebook increased by about 70 percent to more than $10 trillion. That is roughly the size of the entire U.S. stock market in 2002. Apple alone has enough cash in its coffers to give $600 to every person in the United States. And in the next week, the big tech companies are expected to report earnings that will eclipse all previous windfalls. Silicon Valley, still the world headquarters for tech start-ups, has never seen so much loot. More Valley companies went public in 2020 than in 2019, and they raised twice as much money when they did. Forbes calculates there are now 365 billionaires whose fortunes derive from tech, up from 241 before the virus. No single industry has ever had such power over American life, dominating how we communicate, shop, learn about the world and seek distraction and joy. What will Silicon Valley do with this power? Who if anyone might restrain tech, and how much support will they have...? The biggest, and perhaps the only, threat to tech now is from government... Beyond the threat of misuse of tech lurks an even darker possibility: a misplaced confidence in the ability of one loosely regulated sector to run so much of the world.

Read more of this story at Slashdot.

Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands... ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details: nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized... ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

Read more of this story at Slashdot.