Linux fréttir

"Serial entrepreneur" Gary Vaynerchuk launched a four-day conference "exploring digital ownership and the way emerging technologies could interact with art, sports and entertainment," reports the Pioneer Press: It's billed as an event "featuring icons of business, sports, music, arts, Web3, and popular culture in conversation to build lasting relationships, share ideas, and connect with the community." VeeCon is expected to draw over 10,000 visitors from around world who will hear from 150 speakers, from New Age guru Deepak Chopra to filmmaker Spike Lee and the ubiquitous rapper Snoop Dogg. [Also speaking: Randi Zuckerberg, Mark Zuckerberg's sister] Tickets were sold in the form of NFTs, which are non-fungible tokens sold on the blockchain, a digital ledger of transactions. Much of the conference will dive into the potential applications for NFTs. Ami Barzelay, chief product officer of Crinkle, a shopping rewards optimizer, described NFT ownership as "digital bragging rights." An NFT, which could be an image, song or video, can be copied and enjoyed by anyone in the world, but it may have just one owner. The NFT market, still in its infancy, has seen wild swings in what people are willing to pay for digital assets, which Barzelay has experienced first-hand. He said that for fun, he paid $100 for a video clip of Tiger Woods and later sold it for $5,000. There is inherent skepticism and fear around buying and selling things that don't exist in the physical world, which VeeCon aims to address. The article quotes Vaynerchuk as saying "Education and communication solve everything," adding later that "NFTs are really fun for collectability, but it is a tiny part of the consumer blockchain." CNBC points out that holders of the NFT-format tickets "also are given exclusive access to the annual event for three years after the NFT's purchase." Though they also end on a skeptical note: "Right now the overwhelming energy of the space is very short term. I would call it greed. Many are not spending their time on education," Vaynerchuk said. "The reality is that all that behavior is going to lead to 97-98% of these current projects losing value over the next 24-36 months because the supply and demand curves will not work out." The event's schedule included happy hours that were officially hosted by Johnnie Walker and Captain Morgan. On Twitter one attendee reported from the festival that digital artist Beeple "just got caked in the face in front of 7,000 people by Steve Aoki and it was incredible."

Read more of this story at Slashdot.

Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.…

This week New York's attorney general announced they're officially "launching investigations into the social media companies that the Buffalo shooter used to plan, promote, and stream his terror attack." Slashdot reader echo123 points out that Discord confirmed that roughly 30 minutes before the attack a "small group" was invited to join the shooter's server. "None of the people he invited to review his writings appeared to have alerted law enforcement," reports the New York Times., "and the massacre played out much as envisioned." But meanwhile, another Times article tells a tangentially-related story from 2019 about what ultimately happened to "a partial recording of a livestream by a gunman while he murdered 51 people that day at two mosques in Christchurch, New Zealand." For more than three years, the video has remained undisturbed on Facebook, cropped to a square and slowed down in parts. About three-quarters of the way through the video, text pops up urging the audience to "Share THIS...." Online writings apparently connected to the 18-year-old man accused of killing 10 people at a Buffalo, New York, grocery store Saturday said that he drew inspiration for a livestreamed attack from the Christchurch shooting. The clip on Facebook — one of dozens that are online, even after years of work to remove them — may have been part of the reason that the Christchurch gunman's tactics were so easy to emulate. In a search spanning 24 hours this week, The New York Times identified more than 50 clips and online links with the Christchurch gunman's 2019 footage. They were on at least nine platforms and websites, including Reddit, Twitter, Telegram, 4chan and the video site Rumble, according to the Times' review. Three of the videos had been uploaded to Facebook as far back as the day of the killings, according to the Tech Transparency Project, an industry watchdog group, while others were posted as recently as this week. The clips and links were not difficult to find, even though Facebook, Twitter and other platforms pledged in 2019 to eradicate the footage, pushed partly by public outrage over the incident and by world governments. In the aftermath, tech companies and governments banded together, forming coalitions to crack down on terrorist and violent extremist content online. Yet even as Facebook expunged 4.5 million pieces of content related to the Christchurch attack within six months of the killings, what the Times found this week shows that a mass killer's video has an enduring — and potentially everlasting — afterlife on the internet. "It is clear some progress has been made since Christchurch, but we also live in a kind of world where these videos will never be scrubbed completely from the internet," said Brian Fishman, a former director of counterterrorism at Facebook who helped lead the effort to identify and remove the Christchurch videos from the site in 2019.... Facebook, which is owned by Meta, said that for every 10,000 views of content on the platform, only an estimated five were of terrorism-related material. Rumble and Reddit said the Christchurch videos violated their rules and they were continuing to remove them. Twitter, 4chan and Telegram did not respond to requests for comment For what it's worth, this week CNN also republished an email they'd received in 2016 from 4chan's current owner, Hiroyuki Nishimura. The gist of the email? "If I liked censorship, I would have already done that." But Slashdot reader Bruce66423 also shares an interesting observation from The Guardian's senior tech reporter about the major tech platforms. "According to Hany Farid, a professor of computer science at UC Berkeley, there is a tech solution to this uniquely tech problem. Tech companies just aren't financially motivated to invest resources into developing it." Farid's work includes research into robust hashing, a tool that creates a fingerprint for videos that allows platforms to find them and their copies as soon as they are uploaded... Farid: It's not as hard a problem as the technology sector will have you believe... The core technology to stop redistribution is called "hashing" or "robust hashing" or "perceptual hashing". The basic idea is quite simple: you have a piece of content that is not allowed on your service either because it violated terms of service, it's illegal or for whatever reason, you reach into that content, and extract a digital signature, or a hash as it's called.... That's actually pretty easy to do. We've been able to do this for a long time. The second part is that the signature should be stable even if the content is being modified, when somebody changes say the size or the color or adds text. The last thing is you should be able to extract and compare signatures very quickly. So if we had a technology that satisfied all of those criteria, Twitch would say, we've identified a terror attack that's being live-streamed. We're going to grab that video. We're going to extract the hash and we are going to share it with the industry. And then every time a video is uploaded with the hash, the signature is compared against this database, which is being updated almost instantaneously. And then you stop the redistribution. It's a problem of collaboration across the industry and it's a problem of the underlying technology. And if this was the first time it happened, I'd understand. But this is not, this is not the 10th time. It's not the 20th time. I want to emphasize: no technology's going to be perfect. It's battling an inherently adversarial system. But this is not a few things slipping through the cracks.... This is a complete catastrophic failure to contain this material. And in my opinion, as it was with New Zealand and as it was the one before then, it is inexcusable from a technological standpoint. "These are now trillion-dollar companies we are talking about collectively," Farid points out later. "How is it that their hashing technology is so bad?

Read more of this story at Slashdot.

As Pwn2Own Vancouver comes to a close, a whopping $1,115,000 has been awarded by Trend Micro and Zero Day Initiative. The 15th anniversary edition saw 17 "contestants" attacking 21 targets, reports Hot Hardware — though "the biggest payouts were for serious exploits against Microsoft's Teams utility." While Teams isn't technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector "p3rr0" Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility. Windows 11 itself wasn't spared, though. Marcin Wiazowski and STAR Labs each earned $40,000 for privilege escalation exploits on Microsoft's operating system on day one, and on day two, TO found a similar bug for a $40,000 payout of his own. Day three saw no less than three more fresh exploits against Windows 11, all in the serious privilege escalation category; all three winners pocketed another $40,000.... Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked)... Of course, details of the hacks aren't made public, because they're zero-days, after all. That means that they haven't been patched yet, so releasing details of the exploits could allow malicious actors to make use of the bugs. Details will be revealed 3 months from now, during which time Microsoft, Tesla, Apple, and others should have their software all sewn up. With all the points totalled, the winner was Singapore-based cybersecurity company Star Labs, which was officially crowned "Master of Pwn" on Saturday. "They won $270,000 and 27 points during the contest," explains the official Twitter feed for Zero Day Initiative (the judges for the event). A blog post from Zero Day Initiative describes all 21 attacks, including six successful attacks against Windows, three successful attacks against Teams — and four against Ubuntu Desktop.

Read more of this story at Slashdot.

2016: "Wells Fargo Fires 5,300 Employees For Creating Millions of Phony Accounts" 2017: "Up To 1.4M More Fake Wells Fargo Accounts Possible" The headlines kept coming.... ("Wells Fargo Hit With 'Unprecedented' Punishment Over Fake Accounts..." "Wells Fargo Employee Informed the Bank of Fake Customer Accounts in 2006") But this week the New York Times reported a new allegation — involving fake job interviews: Joe Bruno, a former executive in the wealth management division of Wells Fargo, had long been troubled by the way his unit handled certain job interviews. For many open positions, employees would interview a "diverse" candidate — the bank's term for a woman or person of color — in keeping with the bank's yearslong informal policy. But Mr. Bruno noticed that often, the so-called diverse candidate would be interviewed for a job that had already been promised to someone else. He complained to his bosses. They dismissed his claims. Last August, Mr. Bruno, 58, was fired. In an interview, he said Wells Fargo retaliated against him for telling his superiors that the "fake interviews" were "inappropriate, morally wrong, ethically wrong." Wells Fargo said Mr. Bruno was dismissed for retaliating against a fellow employee. Mr. Bruno is one of seven current and former Wells Fargo employees who said that they were instructed by their direct bosses or human resources managers in the bank's wealth management unit to interview "diverse" candidates — even though the decision had already been made to give the job to another candidate. Five others said they were aware of the practice, or helped to arrange it...

Read more of this story at Slashdot.

A remarkably literary critique of the internet appeared recently in Damage magazine — a project of the nonprofit Society for Psychoanalytic Inquiry funded by the American Psychoanalytic Foundation. "There are ways in which the internet really does seem to work like a possessing demon..." argues writer Sam Kriss. "We tend to think that the internet is a communications network we use to speak to one another — but in a sense, we're not doing anything of the sort. Instead, we are the ones being spoken through." Teens on TikTok all talk in the exact same tone, identical singsong smugness. Millennials on Twitter use the same shrinking vocabulary. My guy! Having a normal one! Even when you actually meet them in the sunlit world, they'll say valid or based, or say y'all despite being British.... Everything you say online is subject to an instant system of rewards. Every platform comes with metrics; you can precisely quantify how well-received your thoughts are by how many likes or shares or retweets they receive. For almost everyone, the game is difficult to resist: they end up trying to say the things that the machine will like. For all the panic over online censorship, this stuff is far more destructive. You have no free speech — not because someone might ban your account, but because there's a vast incentive structure in place that constantly channels your speech in certain directions. And unlike overt censorship, it's not a policy that could ever be changed, but a pure function of the connectivity of the internet itself. This might be why so much writing that comes out of the internet is so unbearably dull, cycling between outrage and mockery, begging for clicks, speaking the machine back into its own bowels.... The internet is not a communications system. Instead of delivering messages between people, it simulates the experience of being among people, in a way that books or shopping lists or even the telephone do not. And there are things that a simulation will always fail to capture. In the philosophy of Emmanuel Lévinas, your ethical responsibility to other people emerges out of their face, the experience of looking directly into the face of another living subject. "The face is what prohibits us from killing...." But Facebook is a world without faces. Only images of faces; selfies, avatars: dead things. Or the moving image in a FaceTime chat: a haunted puppet. There is always something in the way. You are not talking to a person: the machine is talking, through you, to itself. As more and more of your social life takes place online, you're training yourself to believe that other people are not really people, and you have no duty towards them whatsoever. These effects don't vanish once you look away from the screen.... many of the big conflicts within institutions in the last few years seem to be rooted in the expectation that the world should work like the internet. If you don't like a person, you should be able to block them: simply push a button, and have them disappear forever. The article revisits a 2011 meta-analysis that found massive declines in young people's capacity for empathy, which the authors directly associated with the spread of social media. But then Kriss argues that "We are becoming less and less capable of actual intersubjective communication; more unhappy; more alone. Every year, surveys find that people have fewer and fewer friends; among millennials, 22% say they have none at all. "For the first time in history, we can simply do without each other entirely. The machine supplies an approximation of everything you need for a bare biological existence: strangers come to deliver your food; AI chatbots deliver cognitive-behavioral therapy; social media simulates people to love and people to hate; and hidden inside the microcircuitry, the demons swarm..." So while recent books look for historical antecedents, "I still think that the internet is a serious break from what we had before," Kriss argues. "And as nice as Wikipedia is, as nice as it is to be able to walk around foreign cities on Google Maps or read early modern grimoires without a library card, I still think the internet is a poison."

Read more of this story at Slashdot.

Last week America's Justice Department "launched its first criminal prosecution involving the alleged use of cryptocurrency to evade U.S. economic sanctions," reports the Washington Post. They cite a nine-page opinion from a federal judge approving the government's criminal complaint against an American "accused of transmitting more than $10 million worth of bitcoin to a virtual currency exchange in one of a handful of countries comprehensively sanctioned by the U.S. government: Cuba, Iran, North Korea, Syria or Russia. "In the ruling, the judge called cryptocurrency's reputation for providing anonymity to users a myth." He added that while some legal experts argue that virtual moneys such as bitcoin, ethereum or Tether are not subject to U.S. sanctions laws because they are created and move outside the traditional financial system, recent action taken by the Treasury Department's Office of Foreign Assets Control [OFAC] require federal courts to find otherwise. "Issue One: virtual currency is untraceable? WRONG ... Issue Two: sanctions do not apply to virtual currency? WRONG," Faruqui wrote... "The Department of Justice can and will criminally prosecute individuals and entities for failure to comply with OFAC's regulations, including as to virtual currency," Faruqui said. In the opinion, Faruqui wrote that he adopted guidance issued in October by OFAC, which stated that sanctions regulations apply equally to transactions involving virtual currencies as those involving the U.S. dollar or other traditional fiat currencies. Ari Redbord, who served in 2019 and 2020 as a senior adviser to the Treasury Department's undersecretary for terrorism and financial intelligence, called the case the first U.S. criminal prosecution targeting solely the use of cryptocurrency in a sanctions case. He said the ruling made clear such conduct is traceable and "immutable — in other words, transactions using cryptocurrency are forever.... What we are seeing is that the Department of Justice is going to actively go after actors that attempt to use cryptocurrency, but also that it is hard to use cryptocurrency to evade sanctions," Redbord said. "It shows, in many respects, cryptocurrency is not a good tool for sanctions evasion or money laundering." In this case, The Register reports, "An unnamed American citizen allegedly used a US-based IP address to run an online payments platform" in a sanctioned country. The service advertised itself as being "designed to evade US sanctions" and claimed its transactions were untraceable, it was alleged. We're told the defendant bought and sold Bitcoin using a US-based online currency exchange using fiat currency from a US bank account. The Post argues that this prosecution represents "a new U.S. criminal sanctions enforcement push targeting cryptocurrency transactions at a time of rising concern over the extent to which illicit actors can use or are using such methods to launder money or do business with countries the United States has cut off from the dollar..."

Read more of this story at Slashdot.

"Made In Space, Redwire, and Bigelow, move over," writes long-time Slashdot reader Dr. Crash. "There's yet another 3D printing in space group — and it's not a startup." Mitsubishi Electric just went public with a UV-sensitive resin specially made to print in zero-G and in a hard vacuum — as in outside the airlock. The polymer is tuned to harden with solar ultraviolet light, so no UV lasers needed (saving power and launch weight). Their first goal? Printing cubesat parabolic dishes in orbit, so a 300mm cubesat could have what looks like a one-meter dish antenna — or anything else that can be freeform-printed. This "photopolymerization" technology "specifically addresses the challenge of equipping small, inexpensive spacecraft buses with large structures, such as high-gain antenna reflectors," according to Mitsubishi's announcement — arguing that it also ultimately "enables on-orbit fabrication of structures that greatly exceed the dimensions of launch vehicle fairings."

Read more of this story at Slashdot.

The head of the UK government's digital transformation unit recently announced a change to the nation's government services site gov.uk: they've "removed jQuery as a dependency for all frontend apps, meaning 32 KB of minified and compressed JavaScript was removed" for everything from selecting elements to attaching event listeners.... Nearly 84% of mobile pages used jQuery in 2021, points out a new essay at Gov.UK — before explaining why they decided not to: jQuery was an instrumental tool in a time when we really needed a way to script interactivity in a way that smoothed over the differing implementations of stuff like event handling, selecting elements, animating elements, and so on. The web is better because of jQuery — not just because it has such incredible utility, but because its ubiquity led to making what it provided part of the web platform itself. Nowadays, we can do just about anything jQuery can do in vanilla JavaScript... It really begs the question: Do we really need jQuery today? That's a question that GOV.UK has answered with a resounding "no".... This is a big deal when it comes to the user experience, because GOV.UK provides services and information online for The United Kingdom at scale. Not everyone is tapping away on their 2022 MacBook Pro on a rip-roarin' broadband connection. GOV.UK has to be accessible to everyone, and that means keepin' it lean.... dependencies matter when it comes to performance. Don't shortchange your users if the web platform can easily do the job a framework can. This level of commitment to the user experience from a institution that works at the scale GOV.UK does is commendable. I can only hope others follow in their footsteps.

Read more of this story at Slashdot.

Mike Bouma (Slashdot reader #85,252) writes: With the release of the A500 mini (which also supports A1200 games) and its side loading feature you may be interested to get started with Amiga Retro games development. This is why I collected some recent Amiga games development tutorials and added some additional information. A popular game programming language on the Amiga is Blitz BASIC or AmiBlitz as the freely available and open source version is called now. The latest version (v 3.9.2) was recently released. The best known game developed with Blitz Basic is Team 17's original Worms game for the Amiga 500 in 1995. Meanwhile the Worms franchise has sold over 75 million game units across many different platforms. Daedalus2097 has just started an AmiBlitz video tutorial series on Twitch.tv: Part 1, Part 2 and Part 3. An example AmiBlitz game currently under development is Super Metal Hero (A1200) and here's a shooter level in the game. REDPILL is a 2D game creation tool written in AmiBlitz by Carlos Peris and is designed to empower people to create many games for Amiga without programming knowledge. It's still early days but the first games are already being designed using this tool. An example game designed with this tool is Guardian — The legend of flaming sword. The "Scorpion Engine" developed by Erik 'Earok' Hogan is a closed source game engine with all software developed for it open source. It offers a modern Windows IDE for development. In this video, Erik Hogan guides Micheal Parent from Bitbeam Cannon step by step as they create a legit retro video game from scratch. Various new games have and are being developed using this engine. An already released game is Amigo the Fox and an example game under development is Rick Dangerous (A1200 version). If you want to dig deeper into Amiga coding then here's a series of Assembly game development tutorials by Phaze101. An example game currently being written in assembler is RESHOOT PROXIMA 3 (A1200). If you are unexperienced with coding but would like to then here are some Amos (BASIC) tutorials for you: Rob Smith's How to program Wordle in AMOS on the AMIGA and Lets Code Santa's Present Drop Game.

Read more of this story at Slashdot.

Long-time Slashdot reader destinyland writes: Today sees an event celebrating the 50th anniversary of 1970s children's programming giants Sid & Marty Krofft. (Born in 1929, Sid Krofft will turn 93 in July). And reportedly Marty Krofft has now partnered with NFT producer Orange Comet "in a multiyear contract to release NFTs based on the often enigmatic and much-beloved television shows they have brought to us since 1969." The first one commemorates Land of the Lost — dropping sometime after September. Today I learned their big break in America came from making puppets for Dean Martin's show, followed by designing and directing the Banana Splits and a string of successful children's shows on Saturday mornings. ( Land of the Lost, H.R. Pufunstuf, Lidsville, Sigmund and the Sea Monsters...) Looking back, Krofft muses that even today somewhere in New York City, "some guy 50 years old, remembers the damn theme songs. Because there were only three networks, so basically every kid in America saw our shows." In the article Marty Krofft describes their style as "a nightmare and bizarre" — or, more pragmatically, as "Disney without a budget" (while crediting future Disney CEO Michael Eisner for being their mentor). Yet the article adds that "They were nearly unstoppable with styrofoam, paint and cloth. In a digital universe of truly endless possibilities, there is no telling where they could take their stories."

Read more of this story at Slashdot.

Sentinel Labs provides malware/threat intelligence analysis for the enterprise cybersecurity platform SentinelOne. Thursday they reported on "a supply-chain attack against the Rust development community that we refer to as 'CrateDepression'." On May 10th, 2022, the Rust Security Response Working Group released an advisory announcing the discovery of a malicious crate hosted on the Rust dependency community repository. The malicious dependency checks for environment variables that suggest a singular interest in GitLab Continuous Integration (CI) pipelines. Infected CI pipelines are served a second-stage payload. We have identified these payloads as Go binaries built on the red-teaming framework, Mythic. Given the nature of the victims targeted, this attack would serve as an enabler for subsequent supply-chain attacks at a larger-scale relative to the development pipelines infected. We suspect that the campaign includes the impersonation of a known Rust developer to poison the well with source code that relies on the typosquatted malicious dependency and sets off the infection chain.... In an attempt to fool rust developers, the malicious crate typosquats against the well known rust_decimal package used for fractional financial calculations.... The malicious package was initially spotted by an avid observer and reported to the legitimate rust_decimal github account.... Both [Linux and macOs] variants serve as an all-purpose backdoor, rife with functionality for an attacker to hijack an infected host, persist, log keystrokes, inject further stages, screencapture, or simply remotely administer in a variety of ways.... Software supply-chain attacks have gone from a rare occurrence to a highly desirable approach for attackers to 'fish with dynamite' in an attempt to infect entire user populations at once. In the case of CrateDepression, the targeting interest in cloud software build environments suggests that the attackers could attempt to leverage these infections for larger scale supply-chain attacks.

Read more of this story at Slashdot.

Boeing's Starliner successfully docked to the International Space Station Friday night for the first time. And right now, Boeing is beginning the official hatch-opening ceremon, in which the space station astronauts already on the ISS "open the hatch to the vehicle and retrieve some cargo that's packed inside," explains the Verge: NASA tasked Boeing with conducting an uncrewed flight demonstration of Starliner to show that the capsule can hit all of the major milestones it'll need to hit when it is carrying passengers... This mission is called OFT-2 since it's technically a do-over of a mission that Boeing attempted back in 2019, called OFT. During that flight, Starliner launched to space as planned, but a software glitch prevented the capsule from getting in the right orbit it needed to reach to rendezvous with the ISS. Boeing had to bring the vehicle home early, and the company never demonstrated Starliner's ability to dock with the ISS.... Using a series of sensors, the capsule autonomously guided itself onto an open docking port on the space station.... Docking occurred a little over an hour behind schedule, due to some issues with Starliner's graphics and docking ring, which were resolved ahead of the docking.... [Thursday] At 6:54PM ET, Starliner successfully launched to space on top of an Atlas V rocket, built and operated by the United Launch Alliance. Once Starliner separated from the Atlas V, it had to fire its own thrusters to insert itself into the proper orbit for reaching the space station. However, after that maneuver took place, Boeing and NASA revealed that two of the 12 thrusters Starliner uses for the procedure failed and cut off too early. The capsule's flight control system was able to kick in and rerouted to a working thruster, which helped get Starliner into a stable orbit.... Today, Boeing revealed that a drop in chamber pressure had caused the early cutoff of the thruster, but that system behaved normally during follow-up burns of the thrusters. And with redundancies on the spacecraft, the issue "does not pose a risk to the rest of the flight test," according to Boeing. Boeing also noted today that the Starliner team is investigating some weird behavior of a "thermal cooling loop" but said that temperatures are stable on the spacecraft. From the space station, NASA astronaut Bob Hines said the achievement "marks a great milestone towards providing additional commercial access to low Earth orbit, sustaining the ISS and enabling NASA's goal of returning humans to the Moon and eventually to Mars. "Great accomplishments in human spaceflight are long remembered by history. Today will be no different." Long-time Slashdot reader mmell shares this schedule (EST): 5/20, 3:30 pm — Starliner docking with ISS. 5/21, 11:30 am — Safety checks completed. Hatches opened. 5/24, 12:00 pm — Starliner loading completed. Hatched closed. 5/25, 2:00 pm — Starliner undocking from ISS. 5/25, 5:45 pm — Coverage of Starliner landing begins. Again, the streams will be broadcast at NASA Television. I don't know about any of you, but I know what I'm doing this weekend.

Read more of this story at Slashdot.

"In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos," writes the Microsoft 365 Defender Research Team. It's a trojan combining denial-of-service functionality with XOR-based encryption for communication. Microsoft calls it part of "the trend of malware increasingly targeting Linux-based operating systems, which are commonly deployed on cloud infrastructures and Internet of Things devices." And ZDNet describes the trojan "one of the most active Linux-based malware families of 2021, according to Crowdstrike." XorDdos conducts automated password-guessing attacks across thousands of Linux servers to find matching admin credentials used on Secure Shell (SSH) servers... Once credentials are gained, the botnet uses root privileges to install itself on a Linux device and uses XOR-based encryption to communicate with the attacker's command and control infrastructure. While DDoS attacks are a serious threat to system availability and are growing in size each year, Microsoft is worried about other capabilities of these botnets. "We found that devices first infected with XorDdos were later infected with additional malware such as the Tsunami backdoor, which further deploys the XMRig coin miner," Microsoft notes... Microsoft didn't see XorDdos directly installing and distributing the Tsunami backdoor, but its researchers think XorDdos is used as a vector for follow-on malicious activities... XorDdoS can perform multiple DDoS attack techniques, including SYN flood attacks, DNS attacks, and ACK flood attacks. Microsoft's team warns that the trojan's evasion capabilities "include obfuscating the malware's activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis. "We observed in recent campaigns that XorDdos hides malicious activities from analysis by overwriting sensitive files with a null byte. It also includes various persistence mechanisms to support different Linux distributions."

Read more of this story at Slashdot.

How? Founder tells The Register 'Robots… lots of robots'

Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.…

An anonymous reader shares an excerpt from a report via Wired: Spiders and scorpions may seem like creatures that need to be crushed rather than conserved, but wildlife experts say a growing global pet trade is putting wild populations at risk, even though they help humans and ecosystems. Collectors are now trading more than 1,200 species of arachnids (the group that includes both spiders and scorpions), according to a new report out today in the journal Communications Biology, with 80 percent of them unmonitored and vulnerable to extinction. "These are species for which trade is completely legal, but there's no data on how sustainable it is," says Alice Hughes, an author of the study and an associate professor of biological sciences at the University of Hong Kong. Hughes and her colleagues developed an algorithm to scan websites that sell spiders and scorpions online, including those that represent brick-and-mortar pet shops. Then they compared those to existing trading databases compiled by the US Fish and Wildlife Service and the Convention on International Trade in Endangered Species of Wild Fauna and Flora (CITES). The researchers found that from 2000 to 2021, 77 percent of one species known as the emperor scorpion were collected from the wild, with 1 million imported into the US. More than half of the existing species of tarantulas are being traded, including 600,000 Grammostola tarantulas, a group that includes the Chilean rose tarantula, which is commonly found in pet stores. The study estimates that two-thirds of spiders and scorpions that are traded commercially were collected from the wild, rather than captive-bred. Researchers like Hughes, who conducts field studies throughout southeast Asia, still do not have enough information about the abundance of arachnids worldwide; her study notes that there are more than a million invertebrate species on the planet that have been identified by biologists but fewer than 1 percent have been assessed by the International Union for Conservation of Nature (IUCN) as to their population status. And commercial trade is putting arachnids at risk before scientists can learn much about them. While spiders and scorpions may seem dangerous, they are usually not so if left alone. Arachnids also keep insect pests in check, and spider venoms have been found to contain antimicrobial, painkilling, and cancer-fighting compounds, making them potential candidates for new drug development.

Read more of this story at Slashdot.

Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. …

System76's CEO Carl Richell announced that HP has chosen the Ubuntu-based Pop!_OS operating system to run on its 14-inch developer-focused notebook called "Dev One." Brian Fagioli from BetaNews speculates that a HP acquisition of System76 "could be a possibility in the future -- if this new relationship pans out at least." He continues: HP could be testing the waters with the upcoming Dev One. Keep in mind, System76 does not even build its own laptops, so we could see the company leave the notebook business and focus on desktops only -- let HP handle the Pop!_OS laptops. "We've got you covered. Experience exceptional multi-core performance from the AMD Ryzen 7 PRO processor and multitask with ease. Compile code, run a build, and keep all your apps running with more speed from the 16GB memory. Plus, load and save files in a flash, thanks to 1TB fast PCIe NVMe M.2 storage. We've even added a Linux Super key so shortcuts are a click away. Simply put, HP Dev One is built to help you code better," explains HP. The company adds, "Pop!_OS is at your service. Create your ideal work experience with multiple tools to help you perform with peak efficiency. Use Stacking to organize and access multiple applications, browsers, and terminal windows. Move, resize, and arrange windows with ease or, let Pop!_OS keep you organized and efficient with Auto-tiling. And use Workspaces to reduce clutter by organizing windows across multiple desktops." Apparently, there will only be one configuration priced at $1,099. So far, no details about a release date have been announced other than "coming soon."

Read more of this story at Slashdot.

sciencehabit shares a report from Science Magazine: Some 5400 years ago, about the time humans were inventing writing, an alerce tree (Fitzroya cupressoides) may have started to grow in the coastal mountains of present-day Chile. Sheltered in a cool, damp ravine, it avoided fires and logging that claimed many others of its kind, and it grew into a grizzled giant more than 4 meters across. Much of the trunk died, part of the crown fell away, and the tree became festooned with mosses, lichens, and even other trees that took root in its crevices. Now, the tree -- known as the Alerce Milenario or Gran Abuelo (great-grandfather) tree -- might claim a new and extraordinary title: the oldest living individual on Earth. Using a combination of computer models and traditional methods for calculating tree age, Jonathan Barichivich, a Chilean environmental scientist who works at the Climate and Environmental Sciences Laboratory in Paris, has estimated that the Alerce Milenario is probably more than 5000 years old. That would make it at least 1 century senior to the current record holder: Methuselah, a bristlecone pine in eastern California with 4853 years' worth of annual growth rings under its gnarled bark. (Some clonal trees that originate from a common root systems, such as that of the Utah-based aspen colony known as "Pando," are thought to be older, but dendrochronologists tend to focus on individual trunks with countable rings.) Many dendrochronologists are likely to be skeptical of Barichivich's claim, which has not yet been published, because it does not involve a full count of tree growth rings. But at least some experts are open to the possibility. "I fully trust the analysis that Jonathan has made," says Harald Bugmann, a dendrochronologist at ETH Zurich. "It sounds like a very smart approach."

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNET: Jokes, sarcasm and humor require understanding the subtleties of language and human behavior. When a comedian says something sarcastic or controversial, usually the audience can discern the tone and know it's more of an exaggeration, something that's learned from years of human interaction. But PaLM, or Pathways Language Model, learned it without being explicitly trained on humor and the logic of jokes. After being fed two jokes, it was able to interpret them and spit out an explanation. In a blog post, Google shows how PaLM understands a novel joke not found on the internet. Understanding dad jokes isn't the end goal for Alphabet, parent company to Google. The capability to parse the nuances of natural language and queries means that Google can get answers to complex questions faster and more accurately across more languages and peoples. This, in turn, can break down barriers and move humans away from communicating with machines through predetermined means and instead more seamlessly interact. This can include answering questions in one language by finding information in another or writing code to a program as a person is speaking into the model with a specific task. PaLM is Google's largest AI model to date and trained on 540 billion parameters. It can generate code from text, answer a math word problem and explain a joke. It does this through chain-of-thought prompting, which can describe multi-step problems as a series of intermediate steps. On stage, Pichai described it as a teacher giving a step-by-step example to help a student understand how to solve a problem. If what Pichai said on stage is accurate, Google has essentially leapfrogged over Star Trek and 400 years of fictional AI development, as evidenced by the character Data, who never truly understood the subtleties of humor. More so, it seems that Google has caught up with TARS from the movie Interstellar, which takes place in the year 2090, an AI that was so adept at humor that Matthew McConaughey's character told it to tune it down.

Read more of this story at Slashdot.