"Everyone at ATSC knew there was nothing inside the ADE 651."[2] A whistleblower who worked to sell the device around the world with McCormick told the BBC that he once challenged McCormick over the device's effectiveness. McCormick was said to have answered that the device did "exactly what it's meant to ... it makes money."
The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. //
It was an incredibly complex backdoor. Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility. //
The sophistication of both the exploit and the process to get it into the software project scream nation-state operation. It’s reminiscent of Solar Winds, although (1) it would have been much, much worse, and (2) we got really, really lucky.
I simply don’t believe this was the only attempt to slip a backdoor into a critical piece of Internet software, either closed source or open source. Given how lucky we were to detect this one, I believe this kind of operation has been successful in the past. We simply have to stop building our critical national infrastructure on top of random software libraries managed by lone, unpaid, distracted, or worse individuals.
Clive Robinson • April 4, 2024 2:24 PM
@ Gert-Jan, ALL,
Re : Something’s can not be done.
“The question is, how can we guarantee a particular level of quality and security?”
We can not is the short but honest answer.
...
“Security is a quality process”
And like all quality processes,
“It needs management buy in at the highest level, and should be in place before the project is thought of let alone be the pre-specification wish-list thought up.”
Even then, basic information theory tells us it can not be shown to be secure…
Because to “process” information it has to be “communicated”.
Claude Shannon proved for information to be transmitted then there has to be “redundancy” in the resultant communications channel.
Gus Simmons proved that where there was a channel with redundancy then another channel could be created within it. Importantly this “side channel” could be made not just covert but impossible for an observer to show existed.
From that alone you can see it can not be secure.
I could go on and bring in work from Gödel from nearly a hundred years ago that pre-dates the work of Church and Turing that in effect gives further evidence, but there’s not enough space to go through it[1]. If you want to try you first have to get your head around the implications of the “Axiom of choice”(AoC) and Cantor’s Diagonal Argument both fundamental to set theory and both Gödel and Turing proofs.
But from a simpler perspective take a “black Box view” but with a slight difference…
There are two sets of inputs and two sets of outputs.
You as the observer can only see one set of outputs, and as a tester can only see and manipulate one set of inputs. Your task is to show that the set of outputs you observe are only generated by the set of inputs you control and some internal function that has both state and feedback and not in anyway effected by the other inputs you can neither control or observe.
[1] I’ve four hard back books on Gödel’s work and two on Turing’s in my dead tree cave, they are all hard work to read let alone get your head around…
cybershow • April 3, 2024 5:23 PM
@ Nick Alcock
Hey Nick, I do appreciate the compliment, but you are too kind, I am not sure it is possible to ever be too paranoid in this
business 🙂 In my tradition we call it radical scepticism.
...
Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.
The story of the backdoor so far is two-fold. It’s a technically great hack one has to admire, with undetectable RCE in the auth phase of the most used critical protocol. Hats-off!
But it’s also a story of sinister social engineering. A dark night. A lonely and isolated maintainer. Some well meaning visitors drop by “to help”…
What we’re left talking about is the very nature of open source development, of supply chains and trust models. Perhaps a long-overdue conversation, no?
But who have positioned themselves “to help”?
Who have replaced the entire pre-2010 ecosystem of individual and autonomous development with a single GitHub?
Who might we expect to soon come riding in on a white stallion with “solutions” to the vulnerability of FOSS supply chains? To protect the lonesome, unpaid, overworked and socially unskilled FOSS maintainer?
most respectfully. //
Winter • April 4, 2024 5:08 AM
@cybershow
Regardless then the perhaps ridiculous accusation of whether and how Microsoft caused this issue, the question of how could Microsoft benefit from it is a separate, good and worthy one I am pleased you ask.
Microsoft ships Linux as part of WSL. The targeted Linux distributions are the main deployments on Azure. Azure generated $45B of revenue (23%)[1]. That is more than Office or Windows. Azure is the biggest growth market for MS. AFAIK, MS have nothing to replace Linux available.
This means that anything that damages Linux will damage Azure and hence, MS’ bottom line. I find your “attribution” rather unrealistic.
[1] 2022 ‘https://www.kamilfranek.com/microsoft-revenue-breakdown/
Hales • April 2, 2024 6:25 PM
I like Ariadne Space’s take on this:
There is no “supply chain” in reality, but there is an effort by corporations which consume software from the commons to pretend there is one in order to shift the obligations related to ingesting third-party code away from themselves and to the original authors and maintainers of the code they are using.
That doesn’t completely cover all situations here — a distro like Debian or Arch isn’t a corporate paid product — but I think it still highlights an interesting point. Expecting the developer of a small project to up their game is ineffective (they don’t have the resources) and counterproductive (they’ll probably think twice about publishing anything ever again).
A majority of young women say they prefer traditional femininity to radical feminism, an online survey has found.
Introduction to SQL, a 30-minutes Tutorial to learn the basics
Responsive and adaptive
PHP Generator for MySQL allows you to create applications that look fine on any device from a mobile phone to an extralarge desktop.
MySQL is among most widely-used and popular database technologies, so quite a lot of tools have been created in order to make the processes of designing, creating, and administering databases easier and more convenient. However, with all of the possible options, it can be difficult to choose one tool that will fit your requirements best.
Connecting a MySQL database with a PHP website can be challenging, especially for beginners. Developers must ensure they have the correct credentials and that the connection is properly configured.
After the connection is set up, developers may encounter errors when retrieving or manipulating data from the database. Debugging these errors can be time-consuming. Security is also a major concern to prevent unauthorized access to sensitive data.
In this tutorial, we'll build a RESTful CRUD application with PHP & MySQL in the backend and Vue.js in the frontend. We'll also be using Axios for sending Ajax request to PHP from Vue.
The Vue.js library, Axios client and Ajax technology allows you to fetch and display data in your application without the need to refresh the whole page each time.
DaDaBIK is a no-code / low-code development platform that can be used to quickly develop any type of data-driven application without coding.
Instead of writing your application using a programming language (such as PHP, Python or Java) you can build the application using a "point and click" approach, even if you don't have any coding skill (that's why no-code): starting from a database (MySQL, PostgreSQL, SQLite or Microsoft SQL Server) or from an Excel file you can generate a basic Web data-entry application in minutes and then customize it with very little effort.
YOUSEF: Now we have the problem of the pro-Palestine who are actually giving Hamas cover. They are participants in the crime. In fact, since October 7th, I personally don't differentiate between Hamas and so-called Palestinians because, actually, there is no Palestinians. There are tribes. There is the tribe of Hamas and there is the tribe of Islamic Jihad, and there is the tribe of Khalil, and there is the tribe of Nablus, and each one has different interests and all of them are conflicted. If they did not have Israel as the common enemy, they would kill each other. This is the reality of so-called Palestine. //
The cause must die. I think enough is enough, and now it is proven, you are helping Hamas to prove it to the world that Palestine depends on the destruction of the State of Israel, and this is not acceptable, and we are not going to agree to it. //
what Yousef says is so striking. He grew up in the West Bank. His father was a co-founder of Hamas. Yousef has the personal experience to speak on the realities of the situation. //
there can be no peace until the "cause" of eliminating Israel ceases and those in the West Bank and Gaza take responsibility for their own lives.
Cyberduck for mounting volumes in the file explorer.
Mountain Duck lets you mount server and cloud storage as a disk in Finder on macOS and the File Explorer on Windows. Open remote files with any application and work like on a local volume.
Cyberduck is a libre server and cloud storage browser for Mac and Windows with support for FTP, SFTP, WebDAV, Amazon S3, OpenStack Swift, Backblaze B2, Microsoft Azure & OneDrive, Google Drive and Dropbox.
Researchers in the Netherlands collected data from 2,700 children beginning at age 11 until they turned 25. In doing so, they polled them on their level of discontent with their gender and found that a majority grew out of any confusion they were experiencing. //
What this means is simple: The current institutionally-pushed trend, from the White House to the American Medical Association, of "affirming" and "transitioning" children is leaving them permanently damaged and unable to naturally work through their issues. From surgeries to hormone blockers, the "care" being given isn't care at all and is counter-productive to a child becoming comfortable with their natural body.
Confusion among children about gender is not new. What is new is treating it as a medical issue instead of a mental health issue. Children who feel uncomfortable about their bodies don't need adults pumping them full of drugs and telling them to dress like the opposite sex. They need adults to tell them the truth and guide them through what has always been a chaotic, confusing period for adolescents. //
Unfortunately, there is a lot of money to be made by "transitioning" children, and the medical establishment is firmly behind the practice. //
How do you change a status quo like that? It won't be easy, and it doesn't appear any amount of data will be enough. That means a lot more children are going to be harmed by those seeking to "affirm" their gender confusion. At its core, the practice is taking advantage of adolescent realities for personal and ideological gain.
Two new reports on the US governmental response to COVID in 2020-2021 call into question the public health efficacy of some measures and make a strong case that some of the measures marketed as ways to keep us safe were counterproductive, if not outright harmful. The Hoover Institute looks at the effect COVID policies had on public education, while the Committee to Unleash Prosperity report gives an overview of all policies.
The Hoover Institute study is synopsized in New Report Details Horrifying Cost of Fauci’s Failures. Its basic theme is that COVID policies in education have yet to be felt or appreciated and will ripple through the world economy for years.
“Based on the available research on lifetime earnings associated with more skills, the average student in school during the pandemic will lose 5 to 6 percent of lifetime earnings,” they found. “Because a lower-skilled workforce leads to lower economic growth, the nation will lose some $31 trillion (in present value terms) during the twenty-first century. This aggregate economic loss is higher than the US GDP for one year and dwarfs the total economic losses from either the slowdown of the economy during the pandemic or from the 2008 recession.” //
But Florida was one of the few states, and perhaps the only large one, to make reopening schools a priority, despite the objections of teachers unions and media outlets that attempted to label the governor as “DeathSantis.”
And it’s going to pay off, relatively speaking. A figure presented in the research shows that Florida’s economic state loss in GDP is nearly equal to Pennsylvania, despite a population that’s nearly 75% bigger than Pennsylvania. And California’s estimated losses, roughly $1.3 trillion, are more than 116% higher than Florida, much larger than the population difference. Similarly, New York’s economic losses far exceed Florida’s, despite a smaller population. //
Lesson #1: Leaders Should Calm Public Fears, Not Stoke Them //
In my view, this observation is only valid if you assume the leadership during COVID cared about mitigating the panic. Rather, it seems that Fauci, Birx, and others deliberately ratcheted up panic for reasons that one can only speculate about.
Lesson #2: Lockdowns Do Not Work to Substantially Reduce Deaths or Stop Viral Circulation //
Lesson #3: Lockdowns and Social Isolation Had Negative Consequences that Far Outweighed Benefits //
In my view, this section misses the point because it takes at face value claims that lockdowns were instituted for public health rather than societal control reasons. //
the real purpose was to socially isolate families and fragment communities.
Lesson #4: Government Should Not Pay People More Not to Work //
Lesson #5: Shutting Down Schools Was a Major Policy Mistake With Tragic Effects on Children, Especially the Poor //
Lesson #6: Masks Were of Little or No Value and Possibly Harmful //
Lesson #7: Government Should Not Suppress Dissent or Police the Boundaries of Science
...This underutilization was likely a significant contributor to non-COVID excess deaths in the United States. //
Lesson #9: Protect the Most Vulnerable //
Lesson #10: Warp Speed: Deregulate But Don’t Mandate //
Conclusion: Limit Government Emergency Powers and Earn Back Public Trust
One result of the government’s error-ridden COVID response was that the Americans have justifiably lost faith in public health institutions. Lockdowns, school closures, and mandates were catastrophic errors, pushed with remarkable fervor by public health authorities at all levels. We recommend that Congress and the states define by law “public health emergency” with strict limitations on powers conferred to the executives and time limits that require legislation to extend. Additionally, term limits should be established for all senior health agency positions. Grantmaking should be independent of policy-making and public communication, and NIH funding itself should be decentralized or block-granted to the states. Congress should require full transparency of all Food and Drug Administration (FDA), CDC, and NIH discussions with immediate posting to public forums. //
It should be definitively restated that CDC guidance is strictly advisory and the CDC does not have power to set laws or mandates. The U.S. should halt all binding agreements with the World Health Organization until satisfactory transparency and accountability is achieved. Unless and until key institutions openly acknowledge that lockdowns, school closures, and mask/vaccine mandates were catastrophic errors that will not be repeated in the future, the American people will – and should – withhold their trust.
Cortez told me he has been waiting three and a half months to cross the border. U.S. Customs and Border Protection (CBP) had yet to schedule his interview. There was a long line of migrants ahead of him, and, at this point, he was just hoping to get into the U.S. before November 2024.
When I pointed toward America and asked who they wanted to be president, Cortez answered quickly. “I want Biden to win,” he said.
Betancourt agreed. “If it’s Trump, it doesn’t matter how much I work or want to work,” he said. “They won’t let me in.” //
the number of illegal migrants soared, with roughly 2 million people entering the United States each year starting in 2021—the highest levels since the U.S. Border Patrol was created in 1924.
Ten days after the 2020 election, Tom Bevan, co-founder and president of RealClearPolitics, received an email from a New York Times reporter who covers the media. The reporter, Jeremy W. Peters, advised Bevan that his newspaper was working on a story about RCP and asked for responses to various questions and accusations. Four days later, Peters’ critique was published under the headline “A Popular Political Site Made a Sharp Right Turn. What Steered It.”
The sleight-of-hand was right there in the headline. The New York Times simply declared that RCP “made a sharp right turn,” and suggested it will document how this happened.
While Magi sounds like a Persian word, Kenneth E. Bailey in Jesus through Middle Eastern Eyes: Cultural Studies in the Gospels gave evidence that the Wise Men were for Arabia:
According to Matthew 2, the wise men arrived with gifts of gold, frankincense and myrrh. Rich people usually possess gold, and gold was mined in Arabia. But more specifically, frankincense and myrrh are harvested from trees that only grow in southern Arabia [Yemen = Sheba].
...
Dr. Bailey pointed out that Justin Martyr identified the Wise Men as from Arabia:
...
In the 1920s a British scholar, E. F. F. Bishop, visited a Bedouin tribe in Jordan. This Muslim tribe bore the Arabic name al-Kokabani. The word kokab means “planet” and al-Kaokabani means “Those who study/follow the planets.” Bishop asked the elders of the tribe why they called themselves by such a name. They replied that it was because their ancestors followed the planets and traveled west to Palestine to show honor to the great prophet Jesus when he was born. //
The wisemen or magi all came from present day Ethiopia. There were at least 12 in total not just three. Three magi or people who understand how to read the stars and three kings with each of them (9 kings). The three gifts mentioned of gold, myrrh & Frankincense are the same gifts that the queen of Sheba (Ethiopia & Yemen) had taken to king Solomon a few centuries before when she returned and introduced Jewish religion in Ethiopia. Being strong Jewish believers and always making pilgrims to Jerusalem to worship it is the Ethiopians outside of Israel who were anticipating the birth of the messiah. Ethiopian kings traveled from different parts of ancient Ethiopia to present the gifts to the Christ child to fulfill the prophecy of their sages. Maṣḥaf Kebur (መጽሐፍ ክቡር), an Amharic source published in 2008/9, lists the names of the three wise men and the kings who accompanied them to Jerusalem.