yeroc @yeroc@qoto.org

My latest Post, available at:

https://arstechnica.com/information-technology/2023/05/how-the-fbi-pwned-turla-a-kremlin-jewel-and-one-of-worlds-most-skilled-apts/

FBI officials on Tuesday dropped a major bombshell: After spending years monitoring exceptionally stealthy malware that one of the Kremlin’s most advanced hacker units had installed on hundreds of computers around the world, agents unloaded a payload that caused the malware to disable itself.

The counter-hack took aim at Snake, the name of a sprawling piece of cross-platform malware that for more than two decades has been in use for espionage and sabotage. Snake is developed and operated by Turla, one of the world's most sophisticated APTs, short for advanced persistent threats, a term for long-running hacking outfits sponsored by nation-states.
Inside jokes, taunts, and mythical dragons

If nation-sponsored hacking was baseball, then Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of the US Department of Defense in 2008, and more recently the German Foreign Office and France's military. The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

One of the most powerful tools in Turla’s arsenal is Snake, a digital Swiss Army knife of sorts that runs on Windows, macOS, and Linux. Written in the C programming language, Snake comes as a highly modular series of pieces that are built on top of a massive peer-to-peer network that covertly links one infected computer with another. Snake, the FBI said, has to date spread to more than 50 countries and infected computers belonging to NATO member governments, a US journalist who has covered Russia, and sectors involving critical infrastructure, communications, and education.

Snake is among the most sophisticated pieces of malware ever found, the FBI said. The modular design, custom encryption layers, and high-caliber quality of the code base have made it hard if not impossible for antivirus software to detect. As FBI agents continued to monitor Snake, however, they slowly uncovered some surprising weaknesses. For one, there was a critical cryptographic key with a prime length of just 128 bits, making it vulnerable to factoring attacks that expose the secret key. This weak key was used in Diffie-Hellman key exchanges that allowed each infected machine to have a unique key when communicating with another machine.

In another slipup, Snake developers forgot to scrub the finished code for a new version of programming artifacts. The failure provided important new insights into how the malware worked because it exposed function names, strings in clear text, and developer comments.

AB Wildfire information lead Christie Tucker says Alberta has 700 firefighters battling the blazes and has requested *1,000* more from other jurisdictions.

Public Safety Minister Mike Ellis says 54 schools are closed and 10,500 students are displaced. They will begin looking at alternative arrangements for students who will be out of their communities for a while.
#AbLeg #AbFire #AbWildfire

Introducing Womprat, the font you’re looking for.
→ womprat.xyz

The longer I've been away from social media, the more repulsive I find it every time I check in to see if it's improved.

The sheer hatred for the "repugnant other" is as shocking as it is depressing. And the social divide between all tribes seems to only widen over time.

How can you practice proactive unity when the conversation starts at demonizing and literal death threats/calls for violence from both sides?

Is this social media's unexpected consequence? Active attacks by malicious third parties looking to amplify tribalism and hatred? Simply human nature?

I've thought about trying to bridge the gap between the various tribes you see forming online, but every time I look at social media, I get discouraged and feel like it would be a wasted effort.

If someone held views you fundamentally disagreed with, would you sit down and discuss it with them? Would you try to navigate your differences and find a compromise or at least understand the real root of your disagreement?

Or would you simply meme that the repugnant other is horrible and a personification of all that is wrong in the world?

We can make social media a better, happier, more unified place. But that's hard. And it requires mindfulness and proactive unity.

Thanks for coming to my TED talk. If I change even one mind, and they pay it forward, then maybe it's not so hopeless after all.

"If we tried to solve things like SQL injection attacks using a solution that only works 99% of the time, none of our data would be safe in any of the systems that we’ve ever built." -@simon

https://simonwillison.net/2023/May/2/prompt-injection-explained/

#security #chatgpt #ai #promptengineering

Elon Musk threatens to re-assign @NPR on Twitter to another company.

https://www.npr.org/2023/05/02/1173422311/elon-musk-npr-twitter-reassign

Today in 1873, shipwreck survivors are rescued off an ice floe near the coast of Newfoundland. The survivors had drifted on an ice floe for six months & 2,900 kms.
The ship survivors were kept alive by two Inuit named Ipirvik and Taqulittuq

Learn more 👇
https://canadaehx.com/2022/12/20/ipirvik-and-taqulittuq/

Do people seriously not understand how much gatekeeping there is in the statement "you need to understand the #culture of the #fediverse [before you should be here]"?

The Culture of the Fediverse™ is _by design and necessity_ something that can and should evolve. If it is going to succeed it _must_ evolve.

You can't say "everyone is welcome here" and then turn around and say "but only if you adjust to a set of cultural expectations that no one will explain to you or write down."

How to draw a histogram with a SQL query
https://tapoueh.org/blog/2014/02/postgresql-aggregates-and-histograms/

Genuinely the best thread I've seen on Hacker News in years: "Ask HN: Most interesting tech you built for just yourself?"

So many delightfully niche projects!
https://news.ycombinator.com/item?id=35729232

This is first on Mastodon! Please boost this thread. It’s an important one.

Good morning to readers. Kyiv remains in Ukrainian hands.

Some career news: I’m leaving NPR as part of the layoffs that dramatically reduced the company’s workforce.

I’ve decided to go back into Ukraine to keep reporting.

But this time, alone.

The reason many bosses don’t like employees working from home has little to do with productivity and more to do with the fact they hate working from home.

A lot of trappings of power from corner offices to large staff meetings are lost when they WFH.

https://www.businessinsider.com/work-from-home-return-to-office-sexism-women-bosses-employees-2023-4?utm_source=linkedin&utm_medium=social&utm_campaign=insider-author-post

My one-liner pull request for Mastodon's online documentation is now open for more than three months. Anyone here on Mastodon that has capabilities to have a quick look at it and approve this change (or at least tell me, why it is not merged)? This would be A-W-E-S-O-M-E. 🙂

https://github.com/mastodon/documentation/pull/1143

#Mastodon #Documentation

Hello Fediverse!

@Flipboard is currently a walled garden.

It's a beautiful, highly curated walled garden filled with content from the worlds best publishers and creators curated by Flipboard's editorial team as well as our community of magazine makers.

But it's still a walled garden. Today that begins to change.

We've moved four of our most popular #curation desks into the Fediverse for you to enjoy.

@NewsDesk
@TechDesk
@CultureDesk
@ScienceDesk

Details below:

https://about.flipboard.com/inside-flipboard/flipboards-editorial-curation-comes-to-mastodon/

"Kids will teach you, if you let them. They'll teach you that getting born is the easy part. Anyone can do that in a day. But becoming a well-adjusted human being? That'll take the rest of your life." https://blog.codinghorror.com/how-to-talk-to-human-beings/

Whew! By the time it was my turn to speak to Bill C-11, I knew I had to cut some of my text, and speed up my delivery - because we had a hard stop at 5:15, for bells and a vote. So...this goes a little bit faster than usual. I made it 20 seconds to spare. I hope you can still make out my arguments and my explanation of why I cannot support C-11 - not without that clearer exclusion for user generated content. https://youtu.be/1uCr3iUvV3g #BillC11 #C11 #SenateofCanada #SenCa #cdnpoli #YouTube #TikTok

Hi folks! I'm a journalist in Montreal covering the climate and environment beat (and sometimes other stuff too). I work for the CBC News online interactive team, but I also regularly report for our national TV and radio shows. #Journalism #CdaPoli #CBC #Mtl

This is the most fascinating thing I’ve read this year.

It seems it’s common for people in hospices to have dreams that predict their death. And this is common knowledge in the industry but not widespread knowledge to most people.

thinking about trying to define a "safe zone" and a "danger zone" for floating point. maybe something like:

safe zone:
* all integer values (like 1.0, 234.0) behave 100% exactly the way you'd expect, UNLESS (!!!) they're more than 2^52. You can check for equality, it's fine.
* adding up ~100 numbers and rounding the result to 4 decimal places or so is going to work fine, as long as the numbers are roughly the same size

The woke mind virus claims another victim