yeroc @yeroc@qoto.org

Unfortunately, too many believe that "open source is about corporations". This #Redhat
blogpost and the quote shows how disturbing things get when the communal aspect of open source gets privatized - adopting the methods of their closed source brethren.
https://www.redhat.com/en/blog/red-hats-commitment-open-source-response-gitcentosorg-changes?sc_cid=701f2000000tyBjAAI

@w7voa

Note the media reporting is largely inaccurate and doesn’t really highlight all the nuances related to the scientific meaning of the word “possibly carcinogenic”. IARC runs a number of lists, with drastically different meanings:

Group 1 Carcinogenic to humans 126 agents
Group 2A Probably carcinogenic to humans 94 agents
Group 2B Possibly carcinogenic to humans 322 agents
Group 3 Not classifiable as to its carcinogenicity to humans 500 agents

Source: https://monographs.iarc.who.int/agents-classified-by-the-iarc/

#Aspartame has been placed on the 2B (“possibly”) list. If you open the list, the first agent on the same 2B list is “Aloe vera, whole leaf extract”, “Gasoline”, “Engine exhaust, gasoline” and dozens of substances that people have contact with on daily basis but perceive them as “customary safe”.

https://monographs.iarc.who.int/list-of-classifications

Note that until recently another agent on the 2B list was “Coffee, drinking”, which pretty well explains the logic behind the 2B “possibly” which is basically a research plan for any substances for which there’s a shadow of suspicion that they could be carcinogenic and because of that they require further research. The research takes place, sometimes for years, and ultimately substances are either downgraded to list 3 (coffee) or upgraded to 2A or 1.

#cancer #health

This is very cute - it holds to the theory that if you make something look wobbly and hand made it makes people feel that they can play rather than feeling sad at not making something super slick really fast https://flipanim.com/

LangChain4j: Supercharge your Java application with the power of AI
https://github.com/langchain4j/langchain4j
#Java #llm

A cryptobro DMed me to ask if I wanted to join his mailing list.

I spent slightly too long making this to send in reply.

Red Hat: those who use open source code and don't contribute back are "a real threat to open source companies everywhere"

I call them: users.

I fight for the users.

News flash: Saskatchewan is absurdly beautiful.

"typing speed"? I prefer the term: "terminal velocity"

Choosing a Mastodon instance is easy once you understand each instance’s values, customs, belief systems, and inter-instance alliances and feuds dating back 1,000 years.

I asked my friend what her take away was - she said “people really don’t like the scientific method.” By that, she meant many people become distrustful if you learn something new and change course accordingly. Essentially, the scientists should have figured out exactly what to do before saying anything and then myopically stuck with it.

It reminds me of a book I read about how people (at least in the US) view politicians: politicians who change their minds in the face of new information are seen as weak and indecisive, and their political rivals will generally capitalize on any such “flip flops”.

It’s odd to think that the very scientific method that drives our society and technology forward is the same thing that is driving us to realizing the society portrayed in Idiocracy.

Humans are weird.

I want to expand more on the comedy of errors that led to the eviction of Twitter from their Boulder office.

The story that leads up to this building even existing is hilarious, so here goes...

https://arstechnica.com/tech-policy/2023/06/judge-ruled-twitter-must-be-evicted-from-colorado-office-over-unpaid-rent/

I released a major update to my LLM CLI tool today - version 0.4, which adds conversation mode and prompt templates so you can store and re-use interesting prompts: https://llm.datasette.io/en/stable/changelog.html

You know how there's a bunch of critical infrastructure powering the internet (and presumably a lot more than the internet) is badly maintained and underfunded (often by just a few people)?

We know about several examples in the open source world, but I'm sure we all also know about several examples in each of our personal lives, in each of our places of business.

Someone has compromised a bunch of Minecraft plugin developer accounts, and has injected info-stealing malware into a number of widely used plugins for the game. Apparently, this is widespread enough that some involved in the investigation are urging people to just stay off Minecraft for now. Also, it sounds like they need some help.

More info:

https://prismlauncher.org/news/cf-compromised-alert/

More structured breakdown:

https://hackmd.io/B46EYzKXSfWSF35DeCZz9A

h/t @MrNuclearMonster

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data.

https://www.bleepingcomputer.com/news/security/barracuda-zero-day-abused-since-2022-to-drop-new-malware-steal-data/

How fast the smoke from the Alberta wildfires swept into Calgary today in a chart and an image.

Read more: https://www.cbc.ca/news/canada/calgary/wildfire-smoke-air-quality-statement-calgary-1.6844824

#calgary #yyc #Alberta #albertafires #ABfire #wildfires

My latest Post, available at:

https://arstechnica.com/information-technology/2023/05/how-the-fbi-pwned-turla-a-kremlin-jewel-and-one-of-worlds-most-skilled-apts/

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

The counter-hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world's most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation-states.
Inside jokes, taunts, and mythical dragons

If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008, and more recently the German Foreign Office and France's military. The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

One of the most powerful tools in Turla’s arsenal is Snake, a digital Swiss Army knife of sorts that runs on Windows, macOS, and Linux. Written in the C programming language, Snake comes as a highly modular series of pieces that are built on top of a massive peer-to-peer network that covertly links one infected computer with another. Snake, the FBI said, has to date spread to more than 50 countries and infected computers belonging to NATO member governments, a US journalist who has covered Russia, and sectors involving critical infrastructure, communications, and education.

Snake is among the most sophisticated pieces of malware ever found, the FBI said. The modular design, custom encryption layers, and high-caliber quality of the code base have made it hard if not impossible for antivirus software to detect. As FBI agents continued to monitor Snake, however, they slowly uncovered some surprising weaknesses. For one, there was a critical cryptographic key with a prime length of just 128 bits, making it vulnerable to factoring attacks that expose the secret key. This weak key was used in Diffie-Hellman key exchanges that allowed each infected machine to have a unique key when communicating with another machine.

In another slipup, Snake developers forgot to scrub the finished code for a new version of programming artifacts. The failure provided important new insights into how the malware worked because it exposed function names, strings in clear text, and developer comments.

AB Wildfire information lead Christie Tucker says Alberta has 700 firefighters battling the blazes and has requested *1,000* more from other jurisdictions.

Public Safety Minister Mike Ellis says 54 schools are closed and 10,500 students are displaced. They will begin looking at alternative arrangements for students who will be out of their communities for a while.
#AbLeg #AbFire #AbWildfire