This page permanently redirects to gemini://gemini.techrights.org/2022/11/17/two-factor-authentication-breakdown/.

● 11.17.22

Gemini version available ♊︎

● Links 17/11/2022: Red Hat Satellite 6.12 and Twitter’s Two-Factor Authentication Breaks Down

Posted in News Roundup at 6:21 pm by Dr. Roy Schestowitz

GNU/Linux

Desktop/Laptop

=> ↺ Linux Around The World: Turkey – LinuxLinks

• We cover events and user groups that are running in Turkey. This article forms part of our Linux Around The World series.

Server

=> ↺ What Is a Linux Hypervisor and What Does It Do?

• Virtualization is a neat way of experimenting with different operating systems. Generally, software like VirtualBox or VMware is used to set up and use virtual machines. But what exactly is VirtualBox or VMware? Well, they are hypervisors.

• Hypervisors are software that you can use to create and run virtual machines. So, what is a Linux hypervisor? What are its features, and how is it different from Windows hypervisors?

Audiocasts/Shows

=> ↺ A FreeBSD Cat Alternative? “You Bat there is…” – Invidious

• In this video we take a look at BAT, a colourful and friendly alternative to CAT…. it’s just as cuddly!

=> ↺ BSD Now 481: Fiery Crackers

• FreeBSD Q3 2022 status report, Leveraging MinIO and OpenZFS to avoid vendor lock in, FreeBSD on Firecracker platform, How Much Faster Is Making A Tar Archive Without Gzip, Postgres from packages on OpenBSD, Upgrading an NVMe zpool from 222G to 1TB drives, Don’t use Reddit for Linux or BSD related questions, and more.

=> ↺ Why I Hate MOST Linux Distributions Reaction – Invidious

• This one came across my feed… Well lets react to Why this person hates most Linux Distributions. God where is the headache medicine???

=> ↺ CHROME OS Flex is a BAD operating system – Invidious

=> ↺ LHS Episode #489: 2CW or not 2CW | Linux in the Ham Shack

• Hello and welcome to Episode #489 of Linux in the Ham Shack. In this short-topics episode, the hosts cover the future of morse code in amateur radio, more grants from the ARDC, pipewire, Xanmod, Nitrus and much more. Thank you for listening and we hope you have a great week.

=> ↺ What Happened to Budgie? – Invidious

Applications

=> ↺ Authenticator: A Simple Open-Source App to Replace Authy on Linux

• Authy is a popular app for storing and managing two-factor codes. It is a cloud-based service that gives you convenience with industry-grade security. Unfortunately, it is not open-source.

• Would you consider using a more straightforward (and open-source) authenticator app on your Linux desktop?

• Well, of course, you cannot cloud sync here. But you can generate a backup for the two-factor authentication codes. Keeping that in mind, let me tell you more about Authenticator.

=> ↺ 10 Best Linux Educational Software for Your Kids

• The expense of getting an education is always high, no matter where you are in the world. If you want to use educational software, that cost will be even higher. You may have been searching online for the best educational software for your children or yourself. If you are using Linux, I can help you get a list of the best educational software for your needs. If you doubt that Linux has much to offer in terms of education, wait until you see this list.

Instructionals/Technical

=> ↺ [GNOME] GNOME Files and custom file icons: setting a cute 2×2 image preview for photo albums

• Going further in my delight at belatedly discovering the “metadata::custom-icon” GVFS attribute used by Nautilus, I extended beyond just music album covers to write a script that did a fun 2×2 grid for photo album covers.

=> ↺ How to install Toontown Rewritten on Linux Mint 21 – Invidious

• In this video, we are looking at how to install Toontown Rewritten on Linux Mint 21.

=> ↺ How To Install Eclipse Mosquitto on Ubuntu 22.04 LTS – idroot

• In this tutorial, we will show you how to install Eclipse Mosquitto on Ubuntu 22.04 LTS. For those of you who didn’t know, Mosquitto is an open-source message broker that uses the Message Queuing Telemetry Transport (MQTT) Protocol. It implements MQTT protocol versions 5.0, 3.1.1, and 3.1. And because of its low power consumption, it can be used on boards like Raspberry pi.

• This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Eclipse Mosquitto on Ubuntu 22.04 (Jammy Jellyfish). You can follow the same instructions for Ubuntu 22.04 and any other Debian-based distribution like Linux Mint, Elementary OS, Pop!_OS, and more as well.

=> ↺ How to Install OpenOffice in Ubuntu

• Simple beginner’s guide on how to install Apache OpenOffice in Ubuntu Linux.

• OpenOffice, developed by Apache, is the oldest free and open-source office productivity suite which is currently under maintenance. No significant new features are being added. It has been forked as LibreOffice, which is more advanced and brings more features.

• However, many still try to use OpenOffice for various reasons & this tutorial is for those who want to install the OpenOffice suite in Ubuntu and other distros.

=> ↺ How to install CMake on Rocky Linux 9 /CentOS 9 Stream

• In this post, you will learn how to install CMake on Rocky Linux 9 / CentOS 9 Stream. Let’s get started.

=> ↺ How to set, change, and recover your MySQL root password

• Chances are you have MySQL running somewhere in your data center. If that’s the case, there might be a time when you need to set or change the root user password. This can happen when you’ve forgotten the password or when you’re looking to up your security game (remembering you set the original MySQL password to something far too simple).

• As you might expect, the process is handled entirely through the command line and works with either MySQL or MariaDB installations. The Linux distribution being used doesn’t matter as long as you have admin access by way of su or sudo.

=> ↺ How to install A Mega Night Funkin’ (Vs Mega Man) on a Chromebook

• Today we are looking at how to install A Mega Night Funkin’ (Vs Mega Man) on a Chromebook.

• If you have any questions, please contact us via a YouTube comment and we would be happy to assist you!

• This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.

=> ↺ How to Install and Dual Boot Linux on Your Mac

• Here’s how to install Linux on your Mac. You can try dual-booting Ubuntu, or replace macOS with Linux entirely!

• Whether you need a customizable operating system or a better environment for software development, you can get it by dual booting Linux on your Mac. Linux is incredibly versatile (it’s used to run everything from smartphones to supercomputers), and you can install it on a MacBook, iMac, Mac mini, or any other kind of Mac.

• Apple added Boot Camp to macOS to make it easy for people to dual boot Windows, but installing Linux is another matter entirely. Follow the steps below to learn how to do this.

=> ↺ How To Upgrade To Fedora 37 From Fedora 36. – Invidious

• In this video, I am going to show ho upgrade to Fedora 37 from Fedora 36.

=> ↺ How to install Fedora 37. – Invidious

• In this video, I am going to show how to install Fedora 37.

=> ↺ Ways to look at logged in users on Linux | Network World

• There are quite a few ways on Linux to get a list of the users logged into the system and see what they are doing. The commands described in this article all provide very useful information.

=> ↺ Video: awk delimiters

• I have published a new video on YouTube: Introduction to AWK Delimiters. Please subscribe to my channel if you haven’t done so yet!

Games

=> ↺ New Release of Box86 and Box64, with Better Compatibility of X86 and X86_64 Games on ARM Hardware!

• Good news! Box64 (and Box86) is getting another major update with its new 0.2 version. In this version the major new features…

=> ↺ SteamDeck | What Makes it Awesome for an openSUSE User – CubicleNate’s Techpad

• When it comes to my tech, I am reluctant to add anything that has the potential to become a technical liability that I cannot accommodate. I am also not interested in any tech that locks me into a cloud based ecosystem where my future with the technology is at the whims of some faceless corporation. As a consequence, I require a certain level of freedom with my tech. If some distant server shuts down, the software and hardware I have purchased should be largely unaffected, obviously with some caveats.

• Bottom Line Up Front: The SteamDeck is everything I ever wanted in a hand held console and more. I think it would have been a better experience built on openSUSE, mostly for my own gratification but despite the choice of using Arch Linux tools, Valve has done a wonderful job of making SteamOS top notch. This is, without a shred of hesitation, the finest gaming console I have ever purchased.

Desktop Environments/WMs

GNOME Desktop/GTK

=> ↺ Windows is Testing a GNOME-like Dark Mode Switcher. Copy Again?

• A possible feature in the upcoming Windows update is under test, which features a dark mode switcher from the Windows tray.

• From the moment Windows 11 default look unveiled, it resembled mostly the major Linux desktop. Mostly a blend of KDE Plasma and GNOME. The start menu, taskbar, and desktop widgets – all remind us of the features of KDE Plasma and GNOME. Those features long existed in the Linux desktop world.

Distributions and Operating Systems

BSD

=> ↺ BSD PF firewall has one extra scrub option – Jon’s FOSS Blog

• The BSD PacketFilter firewall has an extra scrub option which is, “reassemble tcp”. I was researching and exploring the different types of fragmented/segmented protocol packets that could be forwarded within a network that may have a smaller MTU link in the middle of the routing path. I am still exploring what could be done in Linux to achieve a similar operation!

SUSE/OpenSUSE

=> ↺ New Leap Micro Version Now Available

• The openSUSE Project is pleased to announce the release of its modern lightweight host operating system Leap Micro 5.3.

• This release has a new SELinux module for Cockpit that provides basic functionality for users to troubleshoot configurations and makes NetworkManager the default network configuration tool.

• This release is based on SUSE Linux Enterprise SUSE (SLE) Micro 5.3 and is built on top of a SLE 15 Service Pack 4 update.

• This ultra-reliable, lightweight and immutable operating system can be used for several compute environments like edge, embedded, IoT deployments and others.

Fedora Family / IBM

=> ↺ Say hello to Red Hat Enterprise Linux 9.1

• Hot on the heels of the arrival of Red Hat Enterprise Linux (RHEL) 8.7, Red Hat has released the next version of its RHEL 9 family, RHEL 9.1.

=> ↺ Red Hat introduces latest versions of its enterprise Linux

=> ↺ Red Hat Enterprise Linux 8.7 and 9.1 Officially Available

=> ↺ Red Hat Introduces Latest Versions of Red Hat Enterprise Linux

=> ↺ Rocky Linux 8.7 Released with Updated Compiler Toolset

• The new Rocky Linux 8.7 release brings the Network Manager up to version 1.40 and updates a part of the developer tool base.

• Rocky Linux is a distribution intended to be a complete downstream binary compatible release using the Red Hat Enterprise Linux operating system source code.

• The Rocky Enterprise Software Foundation (RESF) has announced the general availability (GA) of Rocky Linux 8.7, just five days after RHEL 8.7 was released. So Let’s see what’s new.

=> ↺ Red Hat Satellite 6.12 is now available

• We are pleased to announce the availability of Red Hat Satellite 6.12. This release includes many new and updated features, including an improved user interface/user experience and new features to simplify operation and administration.

=> ↺ Red Hat EMEA Digital Leaders Awards 2022: And the regional winners are…

• In my previous post we shared the names of the winners of Red Hat EMEA Digital Leaders Awards across three main categories: App Dev, Automation and Infrastructure, in addition to special awards for Cultural Change and Speed of Innovation.

• This marks the second year the awards have been held in collaboration with IDC and Intel, with the goal of identifying innovative and transformative digital leaders using Red Hat technologies and services. The awards highlight some of the industry changing innovations our customers are delivering.

=> ↺ Introduction to RHEL System Roles

• In today’s IT environments, organizations continue to manage an ever-growing quantity of systems. This requires organizations to depend more on automation to perform tasks. Deploying and managing an operating system like Red Hat Enterprise Linux (RHEL) can be time-consuming without automation, with administration and maintenance tasks taking significantly longer to complete.

=> ↺ Transforming the world: Announcing our Red Hat Digital Leaders 2022

• The transformative power of open source technology underpins all we strive for at Red Hat. It is also the driving force behind the Red Hat Digital Leaders Awards. Designed to celebrate our customers’ success, the awards aim to shine a spotlight on their unique innovations and focus on the business value and impact of digital transformation projects.

• For the second year running, the awards are brought to us with the support of technology analyst firm IDC and are sponsored by Intel. The awards aim to capture and showcase unique applications of technology, while sharing best practices fueling the next wave of digital innovation and success. We received entries from across the region from a wide range of industries that demonstrate the scale and capabilities of open source technologies.

=> ↺ Time Zone Database Package (tzdata): News and updates in 2022

• The Time Zone Database Package (tzdata) provides Red Hat Enterprise Linux (RHEL) with the time zone information needed for all applications or runtimes in the operating system to correctly print local time. The GNU C Library (glibc) makes use of the tzdata package so APIs such as strftime() work correctly, while applications such as /usr/bin/date use this information to print the local date.

• The tzdata package contains the data files describing both current and historic transitions for various time zones around the world. This data represents changes required by local governments or by time zone boundary changes, as well as changes to UTC offsets and daylight saving time (DST).

=> ↺ Red Hat Global Customer Tech Outlook 2023: Security is the top priority as digital transformation continues

• Results from Red Hat’s ninth Global Tech Outlook survey are in, and, as in years past, we explore what the data reveals about where organizations are in their digital transformation initiatives, IT and non-IT funding priorities, and challenges they are facing. We surveyed 1,700+ information technology (IT) leaders worldwide, across various industries to help us better understand new aspects of technology use and track trends. Here, we highlight key findings and trends from the report and how these results have changed over time.

=> ↺ Fedora 37 now generally available

• The Fedora Project is pleased to announce the latest version of the Fedora operating system, Fedora Linux 37, is now generally available! Built by the expertise and hard work of the global community of Fedora contributors, Fedora Linux 37 brings a host of new features and capabilities, from new editions to desktop enhancements to an improved sysadmin environment.

=> ↺ Lilbits: Fedora 37, Qualcomm’s next-gen chip for AR glasses, and Amazon layoffs

=> ↺ Unveiling of IBM LinuxONE 4 Emperor – Express Computer

• The LinuxONE Emperor 4 is IBM’s most highly performing, secure, sustainable and open Linux server to date.

Debian Family

=> ↺ SparkyLinux 6.5 Is Here with a Refreshed Package Base

• Debian-based SparkyLinux released version 6.5, including updated bundled applications and minor improvements.

• Sparky is a lightweight, fully customizable OS built on Debian that offers a few versions for different users and tasks. One of the distribution’s distinguishing features is that it provides versions based on both the stable (SparkyLinux Stable) and test (SparkyLinux Semi-Rolling) branches of Debian.

• Three months after the previous 6.4 release, the SparkyLinux team announced the general availability of the latest stable SparkyLinux 6.5, the fifth refresh in the 6.x “Po Tolo” series based on the Debian stable branch.

Devices/Embedded

=> ↺ I Made The World’s Smallest Server Rack – With UPS and SSD Storage – The DIY Life

• Having your own home server rack or homelab is really useful, but you have to have a relatively large space to set it up, it generates a lot of heat and can be pretty noisy. So that’s why I built this, the world’s smallest server rack that fits right in on my desk alongside a drink or cup of coffee.

Open Hardware/Modding

=> ↺ Swinging Back to Open Standards – Purism

• History is a series of pendulum swings between opposite extremes. A generation moves in a certain direction, and the next generation reacts based on the consequences (often rejecting it). Eventually a new generation appears that never directly experienced the consequences and lessons from the previous generations, who then moves back toward that direction and the cycle continues. If you are alive long enough, you will eventually get to see a trend go through its full cycle (such as with high-rise/low-rise jeans or centralized/decentralized computing) and along with it, be able to make some predictions about where the current trend is going.

• Over the past few weeks we have seen a massive shift away from a centralized, proprietary social media platform (Twitter) onto a decentralized, federated, open one (Mastodon) that along with a few other indicators points to the pendulum starting to swing back toward an interest in open protocols, networks, and technologies beyond social media. In this post I will talk about the last time this shift happened, and how we can apply the lessons we learned from that experience to today.

=> ↺ DIY air quality monitor is based on Wemos D1 mini ESP8266 board, Sensirion SGP41 TVOC sensor – CNX Software

• Open AirGradient is a DIY air quality monitor based on the Wemos D1 mini ESP8266 WiFi IoT board programmed with Arduino and fitted with a range of sensors including an optional Sensirion SGP41 TVOC sensor through a custom PCB designed with EasyEDA.

• Two versions of Open AirGradient are available. The Basic model includes an OLED display, a Plantower PMS5003 PM sensor, a Senseair S8 CO2 sensor, and SHT30 or SHT31 temperature & humidity sensor, while the Pro version adds a larger display, a plastic enclosure, and support for the SGP41 TVOC sensor.

Mobile Systems/Mobile Applications

=> ↺ Realme 10 Pro is unleashed as a new Android 13 smartphone with ultra-narrow display bezels, a 108MP main camera and a 5,000mAh battery – NotebookCheck.net News

=> ↺ Developer brings Android TV 13 to the Raspberry Pi 4

=> ↺ [Update: Official] YouTube for Android TV gains new animated splash loading screen w/ start-up sound

=> ↺ Google to limit tracking in Android apps, starting next year | TechRadar

=> ↺ Android Auto’s Coolwalk beta redesign rolls out to users

=> ↺ Realme GT Neo 3 and GT Neo 3 150W receive Android 13-based Realme UI 3.0 stable update – GSMArena.com news

=> ↺ Samsung is now spreading Android 13 to the mid-range Galaxy A52 and more Z Flip 4 and Z Fold 4 units – PhoneArena

=> ↺ vivo V21s arrives with Android 12 and waterdrop notch – GSMArena.com news

=> ↺ Android Auto beta program opens up to more users

=> ↺ Galaxy S21 series gets second Android 13 update with November security patch – SamMobile

=> ↺ Samsung Galaxy A52 gets stable Android 13 (One UI 5.0) update – SamMobile

=> ↺ Realme 10 Pro and 10 Pro+ arrive with 108 MP cameras, Android 13 – GSMArena.com news

=> ↺ Samsung Galaxy Z Flip 4, Z Fold 4 getting stable Android 13 update – SamMobile

=> ↺ Heres are all of Android 13′s themed icons and how to enable them

=> ↺ How to toggle one-handed mode from Quick Settings in Android 13 | Android Central

=> ↺ Samsung One UI 5.0 (Android 13) update and bugs tracker (cont. updated)

=> ↺ Honor 80 will debut as the first Android smartphone with the latest Snapdragon 7-series SoC – NotebookCheck.net News

=> ↺ Android Auto rotary controls break for many

=> ↺ Android trick every user should know to protect private information – and it takes mere seconds | The US Sun

=> ↺ Razer Edge 5G first look: Here’s the Android gaming phone in th

=> ↺ How to Install an XAPK File on Android – Make Tech Easier

=> ↺ How to Use Android Phone as Webcam for PC – TechPP

=> ↺ Redmi A1+ review: Affordable phone with the promise of stock Android | Technology News,The Indian Express

=> ↺ YouTube for Android TV gains new animated splash loading screen

=> ↺ 6 secret settings for a smarter Chrome Android setup | Computerworld

=> ↺ Lenovo’s latest leaked product takes Android tablets to the Extreme

=> ↺ GOLE1 R Android touchscreen mini PC – Geeky Gadgets

Free, Libre, and Open Source Software

=> ↺ The syslog-ng Insider 2022-11: 4.0; OIDC; nightly; sudo; – Blog – syslog-ng Community – syslog-ng Community

• This is the 106th issue of syslog-ng Insider, a monthly newsletter that brings you syslog-ng-related news.

Web Browsers/Web Servers

Mozilla

=> ↺ Download Firefox Browser: All Version Links and Details

• This reference page contains all the links to Firefox browser downloads, including stable, beta, and developer editions.

=> ↺ Manifest v3 signing available November 21 on Firefox Nightly | Mozilla Add-ons Community Blog

• Starting November 21, 2022 add-on developers are welcome to upload their Firefox Manifest version 3 (MV3) compatible extensions to addons.mozilla.org (AMO) and have them signed …

=> ↺ Unified Extensions Button and how to handle permissions in Manifest V3 | Mozilla Add-ons Community Blog

• Manifest V3 (MV3) is bringing new user-facing changes to Firefox, including the Unified Extensions Button to manage installed and enabled browser extension permissions (origin controls), providing Firefox users control over extension access to their browsers. The first building blocks of this button were added to Nightly in Firefox 107 and will become available with the general release of MV3 in Firefox 109.

Programming/Development

=> ↺ Formatting the code in your patch for LibreOffice

• Do you want to submit a patch to LibreOffice Gerrit, and you’re wondering if your code will be accepted or not? Other than providing a good solution to resolve a problem (fix a bug, implement a feature or enhancement), you should care about the code conventions, and in particular, code formatting. Suitable code formatting for LibreOffice is what we discuss here.

=> ↺ Useful getting started guide in Vue js – NextGenTips

• Vue js is a Javascript framework for building user interfaces. It builds on top of standard HTML, CSS, and Javascript, so it is better to know them before diving into Vue js.

Python

=> ↺ IBM Research helps extend PyTorch to enable open-source cloud-native machine learning | VentureBeat

• Foundation models have the potential to change the way organizations build artificial intelligence (AI) and train with machine learning (ML).

• A key challenge for building foundation models is that, to date, they have generally required the use of specific types of networking and infrastructure hardware to run efficiently. There has also been limited support for developers wanting to build a foundation model with an entirely open-source stack. It’s a challenge that IBM Research is looking to help solve in a number of ways.

Rust

=> ↺ Async fn in trait MVP comes to nightly

Leftovers

Hardware

=> ↺ Datacenter Can Carry Nvidia Through The Rough Spots

• After a decade and a half of ceaseless and focused work, Nvidia has created a modern compute platform, and a unique one at that. And while the collapse of the PC market and the Dot Coin Bust has not done its financials any favors in recent quarters, Nvidia’s datacenter business is clipping along despite the economic uncertainties out there on Earth.

• In fact, that Nvidia datacenter business seems poised to expand in the coming years thanks to its entry into CPUs and DPUs, the need for high bandwidth networking, and the ongoing adoption of GPU compute for HPC, AI, and now data analytics workloads. And this despite increasing competition in GPUs and already fierce competition in CPUs.

• The trajectory of that datacenter business is clear, and made even more dramatic by the drop in sales for GPUs dedicated to gaming and professional visualization that continued in the third quarter of fiscal 2023 ended in October.

Security

=> ↺ Security updates for Thursday [LWN.net]

• Security updates have been issued by Debian (firefox-esr and thunderbird), Fedora (expat, xen, and xorg-x11-server), Oracle (kernel, kernel-container, qemu, xorg-x11-server, and zlib), Scientific Linux (xorg-x11-server), Slackware (firefox, krb5, samba, and thunderbird), SUSE (ant, apache2-mod_wsgi, jsoup, rubygem-nokogiri, samba, and tomcat), and Ubuntu (firefox and linux, linux-aws, linux-aws-hwe, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon).

=> ↺ Twitter Two-Factor Authentication Has a Vulnerability

• The vulnerability comes as Twitter enters its third week under the ownership of Elon Musk, a period during which key security and compliance staff at the company have departed, masses of employees and contractors have been laid off, and cracks have begun to show in the company’s customer-facing technology (see: Twitter Ramps Up Regulatory Exposure After Loss of CISO).

• A researcher contacted Information Security Media Group on condition of anonymity to reveal that texting “STOP” to the Twitter verification service results in the service turning off SMS two-factor authentication.

• “Your phone has been removed and SMS 2FA has been disabled from all accounts,” is the automated response.

• The vulnerability, which ISMG verified, allows a hacker to spoof the registered phone number to disable two-factor authentication. That potentially exposes accounts to a password reset attack or account takeover through password stuffing. Twitter allows uses to set up multifactor authentication through other means besides SMS, including an authentication app and a security key. Twitter did not immediately respond to a request for comment; its communication team reportedly no longer exists.

=> ↺ Twitter’s SMS Two-Factor Authentication Is Melting Down | WIRED

• FOLLOWING TWO WEEKS of extreme chaos at Twitter, users are joining and fleeing the site in droves. More quietly, many are likely scrutinizing their accounts, checking their security settings, and downloading their data. But some users are reporting problems when they attempt to generate two-factor authentication codes over SMS: Either the texts don’t come or they’re delayed by hours.

• The glitchy SMS two-factor codes mean that users could get locked out of their accounts and lose control of them. They could also find themselves unable to make changes to their security settings or download their data using Twitter’s access feature. The situation also provides an early hint that troubles within Twitter’s infrastructure are bubbling to the surface.

• Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all. The meltdown comes less than two weeks after Twiter laid off about half of its workers, roughly 3,700 people. Since then, engineers, operations specialists, IT staff, and security teams have been stretched thin attempting to adapt Twitter’s offerings and build new features per new owner Elon Musk’s agenda.

=> ↺ CISA Releases Two Industrial Control Systems Advisories | CISA

• CISA has released two (2) Industrial Control Systems (ICS) advisories on November 17, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

=> ↺ Top Kali Linux tools and how to use them

• Kali Linux is the operating system most frequently used by both ethical hackers and malicious hackers for almost every aspect of cybersecurity. Kali includes almost every imaginable hacking tool, which means learning to use it is a journey, not a simple skill that can be picked up watching a 10-minute tutorial.

• Based on the Debian Linux distribution, Kali includes hacking tools that can be used to carry out and defend against brute-force attacks, wireless attacks, IP spoofing attacks, reverse-engineering attacks, password cracking, dictionary attacks, phishing attacks, SQL injection and more.

• Other Kali tools are more aligned with ethical hackers using penetration testing tools, network security information gathering, vulnerability assessment, security testing and security auditing. As a general platform, it also enables cybersecurity professionals to take an offensive rather than a defensive security stance by actively detecting vulnerabilities.

Privacy/Surveillance

=> ↺ Product-led Growth and Product Analytics, Can There Be One Without The Other?

• Product-led growth puts the product experience, both from a software and a hardware perspective, into the focus of the go-to-market strategy. Instead of planning sales and marketing operations around high-touch customer engagements and marketing campaigns, the digital and physical experience of the embedded device is such that customers proactively engage in the purchase process.

=> ↺ Rejigged localisation rules in Data Protection Bill to ease worries of Big Tech companies

• Big Tech companies such as Meta Inc and Alphabet Inc may get some respite from a revised version of the Data Protection Bill, which is expected to permit the transfer and storage of data in “trusted geographies”.

• The government’s stance on data localisation is significantly different from the old version of the Bill, in which it had categorised data as personal, sensitive and critical.

• It had also said that certain categories of data would have to be necessarily stored in the country, while copies of other kinds would have to be retained within India for law enforcement purposes.

Finance

=> ↺ The Disruptive Economics of AI

• In 2017, I attended a seminar by University of Toronto professor Avi Goldfarb on the economic value of AI. Goldfarb explained that the best way to assess the impact of a potentially transformative technology is to look at how the technology reduces the cost of a widely used function. Computers, for example, have dramatically reduced the cost of digital operations like arithmetic by several orders of magnitude. As a result, we’ve learned to define all kinds of tasks in terms of digital operations, e.g., financial transactions, inventory management, word processing, photography. Similarly, the internet has reduced the cost of communications and the Web has reduced the cost of access to information, which has led to a huge increase in applications based on communications and information, like music and video streaming, and digital media.

• Viewed through this lens, AI is essentially a prediction technology, and its economic impact is to reduce the cost and expand the number and variety of applications that rely on predictions. A key finding of Stanford’s 2022 AI Index report was that AI is becoming much more affordable and higher performing, leading to the widespread commercial adoption of AI-based applications. “Since 2018, the cost to train an image classification system has decreased by 63.6%, while training times have improved by 94.4%.,” said the report.

AstroTurf/Lobbying/Politics

=> ↺ Twitter: first, consider human rights impacts

• Elon Musk, the world’s richest man, now owns one of our most vital communication platforms, and has taken control of Twitter’s privacy, freedom of expression, and content moderation. While there is great speculation about the future of the platform, very little is being said about the duties of the shareholders who agreed to sell, or of the financial institutions that backed the acquisition – and the impact their decisions are already having on the human rights of millions.

• [...]

• With the Twitter sale, their responsibility should have extended to the community of people – present and future – that relies on the platform as a tool for freedom of expression and assembly. So it is critical to examine whether these firms spent any time considering how their actions might impact the human rights of people who use Twitter across the globe.

• One of Musk’s obvious flags is his record on environmental, social, and governance (ESG) issues at Tesla, which was excluded from the S&P 500 ESG Index, an industry standard on corporate responsibility, in part due to racial discrimination and fatal car crashes. Musk responded with, “ESG is a scam.” While ESG as a concept admittedly has a way to go, it is incredibly alarming that a manufacturer of electric cars – generally considered a very good thing for the E in ESG – was removed from the index over its poor performance in S and G.

• These issues at Tesla, coupled with Musk’s behavior on Twitter, should have been enough to ring alarm bells for Twitter shareholders.

• The United Nations Guiding Principles for Business and Human Rights (UNGPs), the de facto standard for rights-respecting corporate behavior, require corporations – including institutional investors and asset managers – to conduct human rights risk assessments to identify how their operations impact others. The baseline is very simple: “do no harm.”

• The results of the Twitter takeover are already staggering. Within 12 hours of the completion of sale, there were reports of a massive increase of “antisemitic, homophobic, transphobic, and other racist terms”. In addition to mass layoffs – including of the human rights team – the check-and-balance that was the Board of Directors is now gone, and Musk’s planned subscription fees for verified accounts could lead to many people, particularly those outside of North America and Europe, disconnected.

=> ↺ Failures in Twitter’s Two-Factor Authentication System

Censorship/Free Speech

=> ↺ Astronomer in Twitter limbo over ‘intimate’ meteor

• An astronomer from Oxfordshire was locked out of her Twitter account for three months after sharing a video of a meteor which was flagged by the site’s automated moderation tools.

• Mary McIntyre was told that her six-second animated clip featured “intimate content”, shared without the consent of the participant.

• Her only option was to delete the tweet.

• However, in doing so she would have had to agree that she had broken the rules.

• Her initial 12-hour ban went on for three months – and she exhausted the online appeals process.

• “It’s just crazy… I don’t really want it on my record that I’ve been sharing pornographic material when I haven’t,” she said of her refusal to delete the tweet.

• Her account was still visible, but Ms McIntyre couldn’t access it.

• Following the BBC publishing this article, it has now been restored.

Monopolies

Copyrights

=> ↺ A Pantomime and Masquerade: Trivia: or, the Art of Walking the Streets of London (1716) – The Public Domain Review

• Burlesquing the Augustan era’s fixation on classical tradition, Gay renders practical advice for walking around London into oftentimes absurd verse.

=> ↺ Top EU court’s advisor points out that geoblocks can be easily circumvented: time to get rid of them – Walled Culture

• One of the central ideas of both Walled Culture the blog and Walled Culture the book is that copyright simply doesn’t work in the digital world. One proof of that fact can be found in the ridiculous concept of geoblocks. This is the idea that you can carve up the Internet according to geography, such that somebody in one nation or region cannot access something that is meant for another country. This arises from Big Copyright’s desire to sell many smaller, local licences to material that add up to more than would be obtained by selling a global licence. That might have worked well with physical objects like books, which can be stopped at the border, but doesn’t work with the digital packets of the Internet, which can’t be stopped there.

• It’s true that there are various technical schemes for trying to block a person in the “wrong” geographical location from accessing material, notably by checking where they are sending their Internet packets from. But there is an easy way to circumvent such moves by using Virtual Private Networks (VPNs). These essentially allow a user to appear to be in any country where the VPN has a local server, a so-called ‘exit node’. Although it is possible to block such nodes once they become known, they can easily be moved to different Internet addresses, so that the cat and mouse game begins again.

Gemini* and Gopher

Personal

=> ↺ Pro tip for learning

• In order for this to work, you need to also get over the fear and hesitation associated with the thing. When I started learning finger picking nylon guitar, I couldn’t get the timing right and my fingers were cramping and it sounded so awful but because I knew I was allowed to put the guitar down at any time I never feared picking it up. I kept longing to pick it up. And I got it, not at a professional level but at a joy level, much faster than I ever could’ve dreamed of.

=> ↺ My Workstation

• Here is some advice on setting up an ergonomic workstation for very little money.

=> ↺ 🔤SpellBinding: EHKMWRO Wordo: THEIR

=> ↺ New House

• It’s mid-November and we’ve been working on the mortgage and the renovation since January. It’s a journey and we’re almost done: the kitchen, pretty much the only missing piece, should arrive some time in December, and the leftovers won’t take long.

=> ↺ Rules of Engagement

• My wife and I went to dinner the other day and we got to talking about our old college relationships. We met at work a few years after we’d both graduated; I think we’ve always been curious about that younger version of us. I’ve heard stories here and there, but that period of both our lives has missing spots, like a hazy strip of overexposed negatives on a roll of film.

=> ↺ Star Log 2022-11-16 Evening (Fairbanks, AK, US)

• Fairbanks is still in a high pressure zone with clear skies, sunny days, and cold nights. So last night I gave stargazing another try, late in the evening. This time I tried out the boat launch area on Chena Pump road, and I found the site to be very ideal, with less obstructions in all directions, some privacy away from the road, and dramatically less light pollution. It is still possible to see the glow from the city lights, but only in about 1/5th of the sky towards cardinal east. But the rest of the view was a glorious display of God’s celestial creation.

Technical

=> ↺ Ubuntu Setup on a ThinkPad

• I have just set up my trusty old ThinkPad X1 Carbon 3rd gen (2015 vintage) with Ubuntu 22.04 LTS. I have run OpenBSD on it for a long while, but emacs, among other things, play better with Linux, and Linux perform better on this laptop than OpenBSD. Ubuntu is the Linux distribution I am most at home with, so it’s a perfectly boring choice for me, in the most positive way.

=> ↺ Decentralized Infrastructure

• Many projects have developed tools for decentralized communication, content distribution and even discovery protocols. One thing that remains highly centralized, however, is infrastructure. A few key companies own and control the telecom radio towers, the fiber cable tunnels, the communication satellites, the electrical substations, the cargo and passenger aircraft, and the container ships. Even amateur radio often relies on repeaters placed atop privately-owned skyscrapers and broadcast towers.

• One reason why I find self-sustainability so interesting is that it can help break reliance on infrastructure. By growing one’s own fruits and vegetables, one doesn’t have to buy produce from a megastore, while simultaneously adding nutrients back to the soil and capturing CO2 on a small scale. Rain barrels can save money and conserve water when used prudently. Renewable sources of energy, from wind turbines to solar power, cut down on carbon emissions in the long run.

=> ↺ Hard user separation with two NixOS as one

• This guide explains how to install NixOS on a computer, with a twist.

• If you use the same computer in different contexts, let’s say for work and for your private life, you may wish to install two different operating systems to protect your private life data from mistakes or hacks from your work. For instance a cryptolocker you got from a compromised work email won’t lock out your family photos.

=> ↺ Some Thoughts On Privacy

• I encountered what privacy is by coming to Linux and interacting with the people of the FOSS community. And It has taught me things that I would not have learned anywhere else. But when it comes to why we need privacy, and why losing some comfort is worth it, I quite can’t teach or make it clear to people. I follow the practice to be private on the internet mostly because I agree with the people from the community. I learned about the Gemini protocol, the Fediverse, the Matrix protocol, self-hosting and many more concepts because of the community.

=> ↺ State of my headphone stash — Nov 2022

• It’s the 1-gen ones (with permanent cable and regular-shaped oval casings), not the Live!2 ones (with detachable cable, and with a microphone inline on it).

• They serve me long. I ordered them back when still underage, from a guy who I know used to work in Polkomtel if it wasn’t his current occupation even, doing recablings of these taken from repairshop returns, per orders from Allegro (a Polish online marketplace) offers.

=> ↺ Enabling a simple-but-good minibuffer completion experience in Enabling a simple-but-good minibuffer completion experience in Emacs

• I mentioned on [emacs.ch] that to use Emacs effectively, you don’t actually have to memorize all of the cryptic multi-chord keybindings for every mode you use. If you know the basics, you can pretty much always do anything you need in just a few keystrokes using M-x and a decent minibuffer completion system. I recommended the lightweight completion stack of vertico , marginalia , orderless , and prescient , a set of packages that work well together and with Emacs’ built-in completion systems. Someone requested that I post my config, and it took me a while to get to it, but here it is.

=> ↺ Emulators in Debian Buster and Bullseye

Programming

=> ↺ Regular Expression Alternation

• Causes of this bug are where the alternation is thrown together at random–and never tested nor reviewed, an all too common case–or where software automatically builds the alternation and that building software is buggy. The Data::Munge Perl module by contrast takes a number pains in the list2re function to get this right.

• Gemini (Primer) links can be opened using Gemini software. It’s like the World Wide Web but a lot lighter. Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages. Permalink  Send this to a friend

=> Techrights

➮ Sharing is caring. Content is available under CC-BY-SA.