Sylvain Miermont @miermont@qoto.org

" we analyse data from the European Banking Authority to show that existing financial accounting frameworks might inadvertently be creating disincentives for investments in low-carbon assets. We find that differences in the provision coverage ratio indicate that banks must account for nearly double the loan loss provisions for lending to low-carbon sectors as compared with high-carbon sectors" https://www.nature.com/articles/s41558-024-01972-w

If you see a long German or Swedish word, first of all, don't panic. It's more scared of you than you are of it. Secondly, take a closer look and you'll see it's actually just three normal words in a trenchcoat, huddling together to deter predators (French and English).

This is a semi-solid aluminum 3D printing! Unfortunately, according to Ric Fulop (CEO and co-founder of Desktop metal), it can't be commercialized because the temperature control is very difficult and, when it fails, is very problematic. Nevertheless, it's an impressive demonstration.

Source: https://twitter.com/ricfulop/status/1774497991857946689

#3dprinting #metal #aluminum #extrusion #desktop_metal

The answer to the Q. 'Why is the UK facing water shortages despite record rainfall?' is essentially, we do too little to harvest & retain water, seeming happy to let it flow back to the sea...

As always in the UK it comes down to a lack of investment in infrastructure. And that is merely another reflection of the corrosive short-termism of our political class.

So, our problem with water is just exemplary of the omnicrisis into which the country has fallen.

#water
https://www.theguardian.com/environment/2024/apr/01/why-uk-facing-water-shortages-despite-record-rainfall-explainer

The reason why #Threads and #Mastodon are incompatible is that Mastodon is a community, and Threads is a market. That's it.

It's not big Fed vs small Fedi. It's not platforms vs protocols.

It's communities vs markets.

Communities are supportive and markets are extractive. Communities answer to those who must live with decisions made. Markets answer to money.

And wouldn't you know it, those contrasting forces influence people's behaviors, goals, and motivations for engaging with others.

There was a post on /r/DataHoarder on Reddit with concerns about the future of Internet Archive. Brewster decided to respond.

https://www.reddit.com/r/DataHoarder/comments/1bswhdj/comment/kxm65da/?utm_source=reddit&utm_medium=web2x&context=3

On a more positive note:

While this is a sad day for Open Source Software, I also feel a lot of pride for the community.

Please look with which grit and transparency this was analyzed. Usually such analyses take years.

Compare this to last year how everyone had to pry every detail out of Microsofts nose when they lost the skeleton key for their cloud.

I combined two of my #3dprinted seven segment displays with a geneva drive mechanism, so now they can count from 0 to 59! #3dprinting

The problem with Test-Driven Development is that you have to think about what you want the code to do before you write it. And that ruins the surprise.

DC polarity reversal cable is a handy friend! 🔌⚡🔄

Once in a while we find products that have center NEGATIVE DC power jacks and they really make us mad because who keeps around both positive and negative polarity versions of every voltage? now, hopefully USB PD https://www.adafruit.com/product/5807 will solve this long term, but till then this 2.1mm DC flipper flopper adapter will connect in to out and out to in and voila - your standard center-positive is now center-negative. or vice versa! how handy

The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source Communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. https://robmensching.com/blog/posts/2024/03/30/a-microcosm-of-the-interactions-in-open-source-projects/

I think a LOT of people are missing the fact that we got LUCKY with this malicious backdoor.

The backdoor was created by an Insider Threat - by a developer / maintainer of various linux packages. The backdoor was apparently pushed back on March 8th (I believe) and MADE IT PAST all QA checks.

Let me state that again. Any quality assurance, security checks, etc., failed to catch this.

This was so far upstream, it had already gotten into the major Linux distributions. It made it into Debian pre-release, Fedora rolling, OpenSUSE rolling, Kali rolling, etc.

This is an example of Supply Chain Security that CISOs love to talk and freak out about. This is an example of an Insider Threat that is the boogey man of corporate infosec.

A couple more weeks, and it would have been in many major distributions without any of us knowing about it.

The ONLY reason we know about it is because @AndresFreundTec got curious about login issues and some benchmarking checks that had nothing to do with security and ran the issue down and stumbled upon a nasty mess that was trying to remain hidden.

It was luck.

That's it. We got lucky this time.

So this begs the question. Did the malicious insider backdoor anything else? Are they working with anyone else who might have access to other upstream packages? If the QA checks failed to find this specific backdoor by this specific malicious actor, what other intentional backdoors have they missed?

And before anyone goes and blames Linux (as a platform or as a concept), if this had happened (if it HAS happened!!!) in Windows, Apple, iOS, etc.... we would not (or will not) know about it. It was only because all these systems are open source that Andres was able to go back and look through the code himself.

Massive props and kudos and all the thank yours to Andres, those who helped him, to all the Linux teams jumping on this to fix it, and to all the folks on high alert just before this Easter weekend.

I imagine (hope) that once this gets cleaned up, there will be many fruitful discussions around why this passed all checks and what can be changed to prevent it from happening again.

(I also hope they run down any and all packages this person had the signing key for....)

#infosec #hacking #cve #cve20243094 #linux #FOSS

Here's how to make green #transit even greener. Put the tram tracks on a carpet of grass or sedum. 2 kms of track creates 1.5 football fields' worth of green space, reducing air pollution and urban heat island effect.

A tram-on-the-lawn thread: 🚋🌱🧵

1/ Milan #Milano

*Okay, yeah, maybe -- the AI-weaponized "Lonely Russian Girlfriend" scam

https://medium.com/@profgalloway/mammal-ai-278e9a656fed

Until recently, it's been hard to detect invisible to the naked eye #methane leaks. But a number of satellites have been launched to detect methane leaks from space. US & EU recently announced rules require companies to improve monitoring & repair of leaks https://buff.ly/495pRwV