FOSS Force News Wire http://fossforce.com <![CDATA[Rise of the Tomb Raider is now officially available on Linux, here’s a look at it with benchmarks]]> https://www.gamingonlinux.com/articles/rise-of-the-tomb-raider-is-now-officially-available-on-linux-heres-a-look-at-it-with-benchmarks.11576/?module=articles_full&title=rise-of-the-tomb-raider-is-now-officially-available-on-linux-heres-a-look-at-it-with-b https://www.gamingonlinux.com/articles/rise-of-the-tomb-raider-is-now-officially-available-on-linux-heres-a-look-at-it-with-benchmarks.11576/?module=articles_full&title=rise-of-the-tomb-raider-is-now-officially-available-on-linux-heres-a-look-at-it-with-b Fri, 20 Apr 2018 23:20:19 +0000 LXer <![CDATA[Russia hacked DNC as early as 2015, Democrats claim in new lawsuit]]> https://arstechnica.com/?p=1297091 https://arstechnica.com/?p=1297091 Fri, 20 Apr 2018 23:07:01 +0000

Enlarge / Tom Perez, the head of the DNC, helped orchestrate this new lawsuit. (credit: Gage Skidmore)

The Democratic National Committee has sued Russia, WikiLeaks, the Trump campaign, and a number of other individuals and organizations that the political party believes were affiliated with the now-infamous 2016 hack, whose perpetrators managed to spirit away internal research about then-candidate Donald Trump, as well as private e-mail and messages.

The operation to pilfer vast caches of data, much of which was then published by WikiLeaks, was believed to have been orchestrated by the highest levels of the Russian government.

"It’s pretty serious—it’s more than a shot over the bow, it’s a shot into the hull of the ship," David Bowker, a Washington DC, attorney, told Ars.

Read 20 remaining paragraphs | Comments

]]>

Enlarge / Tom Perez, the head of the DNC, helped orchestrate this new lawsuit. (credit: Gage Skidmore)

The Democratic National Committee has sued Russia, WikiLeaks, the Trump campaign, and a number of other individuals and organizations that the political party believes were affiliated with the now-infamous 2016 hack, whose perpetrators managed to spirit away internal research about then-candidate Donald Trump, as well as private e-mail and messages.

The operation to pilfer vast caches of data, much of which was then published by WikiLeaks, was believed to have been orchestrated by the highest levels of the Russian government.

"It’s pretty serious—it’s more than a shot over the bow, it’s a shot into the hull of the ship," David Bowker, a Washington DC, attorney, told Ars.

Read 20 remaining paragraphs | Comments

]]>
Ars Technica News Feed
<![CDATA[Michael Cohen Drops Ridiculous Lawsuit Against Buzzfeed After Buzzfeed Sought Stormy Daniels’ Details]]> http://feedproxy.google.com/~r/techdirt/feed/~3/MwRZIgY88TE/michael-cohen-drops-ridiculous-lawsuit-against-buzzfeed-after-buzzfeed-sought-stormy-daniels-details.shtml http://feedproxy.google.com/~r/techdirt/feed/~3/MwRZIgY88TE/michael-cohen-drops-ridiculous-lawsuit-against-buzzfeed-after-buzzfeed-sought-stormy-daniels-details.shtml Fri, 20 Apr 2018 22:33:00 +0000 Donald Trump's long time lawyer, Michael Cohen has been in a bit of hot water of late. As you no doubt heard, the FBI raided Cohen's office and home seeking a bunch of information, some of which related to the $130,000 he paid to adult performer Stormy Daniels. Already there have been a few court appearances in which Cohen (and Donald Trump) have sought to suppress some of what's been seized, but that doesn't seem to be going too well. At the same time, Cohen is still fighting Daniels in court, which also doesn't seem to be going too well.

Given all of that, it's not too surprising that Cohen has decided to dismiss his ridiculous lawsuit against Buzzfeed for publishing the Christopher Steele dossier. As we pointed out, that lawsuit was going nowhere, because it sought to hold Buzzfeed liable for content created by someone else (oh, and that leaves out that much of what Cohen claimed was defamatory may actually have been true.

And while many are suggesting Cohen dropped that lawsuit because the other lawsuits are a much bigger priority, there may be another important reason as well. As we noted last month, through a somewhat complex set of circumstances, the lawsuit against Buzzfeed may have resulted in Cohen having to reveal the details he's been avoiding concerning Stormy Daniels. That's because Buzzfeed was claiming that Cohen's interactions with Daniels were relevant to its case, and it was likely to seek that information as part of the case moving forward.

In other words, dropping the Buzzfeed lawsuit (that he was going to lose anyway), Cohen wasn't just ditching a distraction in the face of more important legal issues, he may be hoping to cut off at least one avenue for all the stuff he's been trying to keep secret from becoming public. That doesn't mean it won't become public eventually. After all the DOJ has a bunch of it. But it does suggest that Cohen had more than one reason to drop the Buzzfeed lawsuit.



Permalink | Comments | Email This Story
]]>
Donald Trump's long time lawyer, Michael Cohen has been in a bit of hot water of late. As you no doubt heard, the FBI raided Cohen's office and home seeking a bunch of information, some of which related to the $130,000 he paid to adult performer Stormy Daniels. Already there have been a few court appearances in which Cohen (and Donald Trump) have sought to suppress some of what's been seized, but that doesn't seem to be going too well. At the same time, Cohen is still fighting Daniels in court, which also doesn't seem to be going too well.

Given all of that, it's not too surprising that Cohen has decided to dismiss his ridiculous lawsuit against Buzzfeed for publishing the Christopher Steele dossier. As we pointed out, that lawsuit was going nowhere, because it sought to hold Buzzfeed liable for content created by someone else (oh, and that leaves out that much of what Cohen claimed was defamatory may actually have been true.

And while many are suggesting Cohen dropped that lawsuit because the other lawsuits are a much bigger priority, there may be another important reason as well. As we noted last month, through a somewhat complex set of circumstances, the lawsuit against Buzzfeed may have resulted in Cohen having to reveal the details he's been avoiding concerning Stormy Daniels. That's because Buzzfeed was claiming that Cohen's interactions with Daniels were relevant to its case, and it was likely to seek that information as part of the case moving forward.

In other words, dropping the Buzzfeed lawsuit (that he was going to lose anyway), Cohen wasn't just ditching a distraction in the face of more important legal issues, he may be hoping to cut off at least one avenue for all the stuff he's been trying to keep secret from becoming public. That doesn't mean it won't become public eventually. After all the DOJ has a bunch of it. But it does suggest that Cohen had more than one reason to drop the Buzzfeed lawsuit.



Permalink | Comments | Email This Story
]]>
Techdirt
<![CDATA[Benjamin Mako Hill: Hyak on Hyak]]> https://mako.cc/copyrighteous/hyak-on-hyak https://mako.cc/copyrighteous/hyak-on-hyak Fri, 20 Apr 2018 22:26:58 +0000

I recently fulfilled a yearslong dream of launching a job on Hyak* on Hyak.

Hyak onHyak

 


* Hyak is the University of Washington’s supercomputer which my research group uses for most of our computation research.
M/V Hyak is a Super-class ferry operating by the Washington State Ferry System.
]]>

I recently fulfilled a yearslong dream of launching a job on Hyak* on Hyak.

Hyak onHyak

 


* Hyak is the University of Washington’s supercomputer which my research group uses for most of our computation research.
M/V Hyak is a Super-class ferry operating by the Washington State Ferry System.
]]>
Debian Planet
<![CDATA[FFmpeg 4.0 released]]> https://lwn.net/Articles/752437/rss https://lwn.net/Articles/752437/rss Fri, 20 Apr 2018 21:51:25 +0000 Version 4.0 of the FFmpeg multimedia toolkit is out. There is a long list of new filters, formats, and more; see the announcement for details.]]> Version 4.0 of the FFmpeg multimedia toolkit is out. There is a long list of new filters, formats, and more; see the announcement for details.]]> Linux World News <![CDATA[Stephen Smoogen: Fedora Infrastructure Hackathon (day 1-5)]]> http://smoogespace.blogspot.com/2018/04/fedora-infrastructure-hackathon-day-1-5.html http://smoogespace.blogspot.com/2018/04/fedora-infrastructure-hackathon-day-1-5.html Fri, 20 Apr 2018 21:35:20 +0000 From 2018-04-09 to 2018-04-13, most of the Fedora Infrastructure team was in Fredericksburg, Virginia working face to face on various issues. I already covered my trip on the 08th to Fredericksburg so this is a followup blog to cover what happened. Each day had a pretty predictable cycle to it starting with waking up around 06:30 and getting a shower and breakfast downstairs. The hotel was near Quantico which is used by various government agencies for training so I got to see a lot of people every morning suiting up. Around 07:30, various coworkers from different time zones would start stumbling in.. some because it was way too late to get up in a day, and others because it was way too early. Everyone would get a cup or two of coffee in them and Paul would show up to herd us towards the cars. [Sometimes it took two or three attempts as someone would straggle away to try and get another 40 winks.] Then we would drive over to the University of Mary Washington extension campus.

I wanted to give an enormous shout-out to the staff there, people checked in on us every day to see if we had any problems, and worked around our weird schedules. They also helped get our firewall items fixed as the campus is fairly locked down for guests but made it so our area had an exception for the week so that ssh would work. 

Once we got situated in the room, we would work through the days problems we would try to tackle. Monday was documentation, Tuesday was reassigning tasks, Wednesday was working through AWX rollouts, Thursday was trying to get bodhi working with openshift. Friday we headed home via our different methods. [I took a train though not this one.. this was the CSX shipping train which came through before ours.]

Most of the work I did during this was working on tasks to get people enabled and working. I helped get Dusty and Sinny into a group which could log into various atomic staging systems to see what logs and builds were doing. I worked with Paul Frields on writing service level expectations that I will be putting into more detail in next weeks blogs. I talked with Brian Stinson and Jim Perrin on CentOS/EPEL build tools and plans.


Finally I worked with Matthew Miller on statistics needs and will be looking to work with CoreOS people someday in the future on how to update how we collect data. As with any face to face meetings, it was mostly about getting personal feedback on what is working and what isn't. I have a better idea on things needed in the future for the Fedora Apprentice group (my blogs for 2 weeks from now), Service Level Expectations, and EPEL (3 to 4 weeks from now).]]>
From 2018-04-09 to 2018-04-13, most of the Fedora Infrastructure team was in Fredericksburg, Virginia working face to face on various issues. I already covered my trip on the 08th to Fredericksburg so this is a followup blog to cover what happened. Each day had a pretty predictable cycle to it starting with waking up around 06:30 and getting a shower and breakfast downstairs. The hotel was near Quantico which is used by various government agencies for training so I got to see a lot of people every morning suiting up. Around 07:30, various coworkers from different time zones would start stumbling in.. some because it was way too late to get up in a day, and others because it was way too early. Everyone would get a cup or two of coffee in them and Paul would show up to herd us towards the cars. [Sometimes it took two or three attempts as someone would straggle away to try and get another 40 winks.] Then we would drive over to the University of Mary Washington extension campus.

I wanted to give an enormous shout-out to the staff there, people checked in on us every day to see if we had any problems, and worked around our weird schedules. They also helped get our firewall items fixed as the campus is fairly locked down for guests but made it so our area had an exception for the week so that ssh would work. 

Once we got situated in the room, we would work through the days problems we would try to tackle. Monday was documentation, Tuesday was reassigning tasks, Wednesday was working through AWX rollouts, Thursday was trying to get bodhi working with openshift. Friday we headed home via our different methods. [I took a train though not this one.. this was the CSX shipping train which came through before ours.]

Most of the work I did during this was working on tasks to get people enabled and working. I helped get Dusty and Sinny into a group which could log into various atomic staging systems to see what logs and builds were doing. I worked with Paul Frields on writing service level expectations that I will be putting into more detail in next weeks blogs. I talked with Brian Stinson and Jim Perrin on CentOS/EPEL build tools and plans.


Finally I worked with Matthew Miller on statistics needs and will be looking to work with CoreOS people someday in the future on how to update how we collect data. As with any face to face meetings, it was mostly about getting personal feedback on what is working and what isn't. I have a better idea on things needed in the future for the Fedora Apprentice group (my blogs for 2 weeks from now), Service Level Expectations, and EPEL (3 to 4 weeks from now).]]>
Fedora Planet
<![CDATA[Install Apache Hadoop on Ubuntu 17.10]]> https://linuxhint.com/install-apache-hadoop-ubuntu-17-10/ https://linuxhint.com/install-apache-hadoop-ubuntu-17-10/ Fri, 20 Apr 2018 20:50:12 +0000 LXer <![CDATA[How Twitter Suspended The Account Of One Of Our Commenters… For Offending Himself?]]> http://feedproxy.google.com/~r/techdirt/feed/~3/TU5Po-mguR8/how-twitter-suspended-account-one-our-commenters-offending-himself.shtml http://feedproxy.google.com/~r/techdirt/feed/~3/TU5Po-mguR8/how-twitter-suspended-account-one-our-commenters-offending-himself.shtml Fri, 20 Apr 2018 20:30:36 +0000 If you spend any time at all in Techdirt's comments, you should be familiar with That Anonymous Coward. He's a prolific and regular commenter (with strong opinions). He also spends a lot of time on Twitter. Well, at least until a week or so ago when Twitter suspended his account. It's no secret that Twitter has been getting a lot of pressure from people to be more proactive in shutting down and cutting off certain accounts. There are even a bunch of people who claim that Twitter should suspend the President's account -- though we think that would be a really bad idea.

As we've pointed out in the past, people who demand that sites shut down and suspend accounts often don't realize how difficult it is to do this at scale and not fuck up over and over again. Indeed, we have plenty of stories about sites having trouble figuring out what content is really problematic. Indeed, frequently these stories show that the targets of trolls and abusers are the ones who end up suspended.

You can read TAC's open letter to Jack Dorsey, which also includes an account of what happened. In short, over a year ago, TAC responded to something Ken "Popehat" White had tweeted, and referred to himself -- a gay man -- as "a faggot." Obviously, many people consider this word offensive. But it's quite obvious from how it was used here that this was a situation of someone using the word to refer to himself and to reclaim the slur.

Twitter then demanded that he delete the tweet and "verify" his phone number. TAC refused both requests. First, it was silly to delete the tweet because it's clearly not "hateful content" given the context. Second, as someone who's whole point is being "Anonymous" giving up his phone number doesn't make much sense. And, as he notes in his open letter, people have tried to sue him in the past. There's a reason he stays pseudononymous:

Why do I have to supply a cell phone number to get back on the platform? I've been a user for 5 years and have never used a cell phone to access your service. I am a nym, but I am an established nym. I own the identity & amazingly there are several hundred people following my nym. I interact with the famous & infamous, they tweet back to me sometimes. I survived a few lawsuits trying to get my real name from platforms, because I called Copyright Trolls extortionists... they were offended & tried to silence me with fear of lawsuits. I'm still a nym, they've been indicted by the feds. There are other Copyright Trolls who dislike me, so staying a nym is in my best interest.

TAC also points out the general inconsistencies in Twitter's enforcement, noting that other slurs are not policed, and even the slur that caused his account to be shut down (over a year after he used it) did not lead to other accounts facing the same issues.

Incredibly, TAC points out that he appealed the suspension... and Twitter trust and safety rejected the appeal. It was only on the second appeal -- and seven days later -- that Twitter recognized its mistake and restored his account.

Now, some may be quick to blame Twitter for this mess, but it again seems worth pointing out what an impossible situation this is. Platforms like Twitter are under tremendous pressure to moderate out "bad" content. But people have very little understanding of two important things: (1) the scale at which these platforms operate, and (2) how difficult it is to determine what's "bad" -- especially without full context. The only way to handle reports and complaints at scale is to either automate the process, hire a ton of people, or both. And no matter which choice you make, serious mistakes are going to be made. AI is notoriously bad at understanding context. People are under pressure to go through a lot of content very quickly to make quick judgments -- which also doesn't bode well for understanding context.

So, once again, we should be pretty careful what we ask for when we demand that sites be quicker about shutting down and suspending accounts. You might be surprised who actually has their accounts shut down. That's not to say sites should never suspend accounts, but the rush to pressure companies into doing so represents a fundamental misunderstanding of how such demands will be handled. TAC's week-long forced sabbatical is just a small example of those unintended consequences.



Permalink | Comments | Email This Story
]]>
If you spend any time at all in Techdirt's comments, you should be familiar with That Anonymous Coward. He's a prolific and regular commenter (with strong opinions). He also spends a lot of time on Twitter. Well, at least until a week or so ago when Twitter suspended his account. It's no secret that Twitter has been getting a lot of pressure from people to be more proactive in shutting down and cutting off certain accounts. There are even a bunch of people who claim that Twitter should suspend the President's account -- though we think that would be a really bad idea.

As we've pointed out in the past, people who demand that sites shut down and suspend accounts often don't realize how difficult it is to do this at scale and not fuck up over and over again. Indeed, we have plenty of stories about sites having trouble figuring out what content is really problematic. Indeed, frequently these stories show that the targets of trolls and abusers are the ones who end up suspended.

You can read TAC's open letter to Jack Dorsey, which also includes an account of what happened. In short, over a year ago, TAC responded to something Ken "Popehat" White had tweeted, and referred to himself -- a gay man -- as "a faggot." Obviously, many people consider this word offensive. But it's quite obvious from how it was used here that this was a situation of someone using the word to refer to himself and to reclaim the slur.

Twitter then demanded that he delete the tweet and "verify" his phone number. TAC refused both requests. First, it was silly to delete the tweet because it's clearly not "hateful content" given the context. Second, as someone who's whole point is being "Anonymous" giving up his phone number doesn't make much sense. And, as he notes in his open letter, people have tried to sue him in the past. There's a reason he stays pseudononymous:

Why do I have to supply a cell phone number to get back on the platform? I've been a user for 5 years and have never used a cell phone to access your service. I am a nym, but I am an established nym. I own the identity & amazingly there are several hundred people following my nym. I interact with the famous & infamous, they tweet back to me sometimes. I survived a few lawsuits trying to get my real name from platforms, because I called Copyright Trolls extortionists... they were offended & tried to silence me with fear of lawsuits. I'm still a nym, they've been indicted by the feds. There are other Copyright Trolls who dislike me, so staying a nym is in my best interest.

TAC also points out the general inconsistencies in Twitter's enforcement, noting that other slurs are not policed, and even the slur that caused his account to be shut down (over a year after he used it) did not lead to other accounts facing the same issues.

Incredibly, TAC points out that he appealed the suspension... and Twitter trust and safety rejected the appeal. It was only on the second appeal -- and seven days later -- that Twitter recognized its mistake and restored his account.

Now, some may be quick to blame Twitter for this mess, but it again seems worth pointing out what an impossible situation this is. Platforms like Twitter are under tremendous pressure to moderate out "bad" content. But people have very little understanding of two important things: (1) the scale at which these platforms operate, and (2) how difficult it is to determine what's "bad" -- especially without full context. The only way to handle reports and complaints at scale is to either automate the process, hire a ton of people, or both. And no matter which choice you make, serious mistakes are going to be made. AI is notoriously bad at understanding context. People are under pressure to go through a lot of content very quickly to make quick judgments -- which also doesn't bode well for understanding context.

So, once again, we should be pretty careful what we ask for when we demand that sites be quicker about shutting down and suspending accounts. You might be surprised who actually has their accounts shut down. That's not to say sites should never suspend accounts, but the rush to pressure companies into doing so represents a fundamental misunderstanding of how such demands will be handled. TAC's week-long forced sabbatical is just a small example of those unintended consequences.



Permalink | Comments | Email This Story
]]>
Techdirt
<![CDATA[Capcom reminds us why “games-as-a-service” suck, announces end of Puzzle Fighter]]> https://arstechnica.com/?p=1297045 https://arstechnica.com/?p=1297045 Fri, 20 Apr 2018 20:30:26 +0000

Enlarge / RIP Puzzle Fighter, 2017-2018. (credit: Capcom)

The games-as-a-service graveyard grew one larger this week, as Capcom's Puzzle Fighter reboot received an official "sunset" announcement on Friday. The iOS and Android port of the '90s puzzle series will have its in-game store shut down on Monday, April 23, and its servers will follow suit on July 31—meaning the game will have been playable for only eight months after its late-November launch.

That's because the new, free-to-play Puzzle Fighter includes an always-online requirement so that players can be subjected to the timers and loot-box systems applied to both its single-player and multiplayer modes. Capcom's announcement did not in any way hint to a patch that would let the game work in a wholly offline mode, nor did it hint to any open-sourcing of its content so that dedicated players could, say, prop the game's bones up via DIY servers.

Friday's announcement also didn't reference the fact that this game's reboot recently received PEGI ratings (Europe's equivalent of the ESRB) for PC and consoles. And the language here doesn't give us much hope for a non-mobile port of the Columns-like, match-gems puzzle update. Instead, the post blames the mobile version's cancellation on Capcom Vancouver "dedicating its focus to our flagship Dead Rising franchise."

Read 3 remaining paragraphs | Comments

]]>

Enlarge / RIP Puzzle Fighter, 2017-2018. (credit: Capcom)

The games-as-a-service graveyard grew one larger this week, as Capcom's Puzzle Fighter reboot received an official "sunset" announcement on Friday. The iOS and Android port of the '90s puzzle series will have its in-game store shut down on Monday, April 23, and its servers will follow suit on July 31—meaning the game will have been playable for only eight months after its late-November launch.

That's because the new, free-to-play Puzzle Fighter includes an always-online requirement so that players can be subjected to the timers and loot-box systems applied to both its single-player and multiplayer modes. Capcom's announcement did not in any way hint to a patch that would let the game work in a wholly offline mode, nor did it hint to any open-sourcing of its content so that dedicated players could, say, prop the game's bones up via DIY servers.

Friday's announcement also didn't reference the fact that this game's reboot recently received PEGI ratings (Europe's equivalent of the ESRB) for PC and consoles. And the language here doesn't give us much hope for a non-mobile port of the Columns-like, match-gems puzzle update. Instead, the post blames the mobile version's cancellation on Capcom Vancouver "dedicating its focus to our flagship Dead Rising franchise."

Read 3 remaining paragraphs | Comments

]]>
Ars Technica News Feed
<![CDATA[A Developers Aims to Bring Bitcoin Payments for Retail By Integrating Lightning Network With NFC Technology]]> https://www.worldcoinindex.com/news/a-developers-aims-to-bring-bitcoin-payments-for-retail-by-integrating-lightning-network-with-nfc-technology https://www.worldcoinindex.com/news/a-developers-aims-to-bring-bitcoin-payments-for-retail-by-integrating-lightning-network-with-nfc-technology Fri, 20 Apr 2018 20:20:13 +0000 LXer <![CDATA[gksu Removed From Ubuntu, Here’s The Recommended Replacement]]> https://www.linuxuprising.com/2018/04/gksu-removed-from-ubuntu-heres.html https://www.linuxuprising.com/2018/04/gksu-removed-from-ubuntu-heres.html Fri, 20 Apr 2018 20:20:13 +0000 LXer <![CDATA[Riot: A Distributed Way of Having IRC and VOIP Client and Home Server]]> http://feedproxy.google.com/~r/linuxtoday/linux/~3/qCzr3WfzvY8/riot-a-distributed-way-of-having-irc-and-voip-client-and-home-server-180419204508.html http://feedproxy.google.com/~r/linuxtoday/linux/~3/qCzr3WfzvY8/riot-a-distributed-way-of-having-irc-and-voip-client-and-home-server-180419204508.html Fri, 20 Apr 2018 20:00:00 +0000 itsFOSS: Riot is a free and open source decentralized instant messaging application that can be considered an alternative to Slack.

]]>
itsFOSS: Riot is a free and open source decentralized instant messaging application that can be considered an alternative to Slack.

]]>
Linux Today
<![CDATA[[$] Finding Spectre vulnerabilities with smatch]]> https://lwn.net/Articles/752408/rss https://lwn.net/Articles/752408/rss Fri, 20 Apr 2018 19:41:50 +0000 enhanced the smatch tool to enable it to find possibly vulnerable code in the kernel.]]> enhanced the smatch tool to enable it to find possibly vulnerable code in the kernel.]]> Linux World News <![CDATA[“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers]]> https://arstechnica.com/?p=1296981 https://arstechnica.com/?p=1296981 Fri, 20 Apr 2018 19:41:10 +0000

Enlarge (credit: Torkild Retvedt)

Attackers are mass-exploiting a recently fixed vulnerability in the Drupal content management system that allows them to take complete control of powerful website servers, researchers from multiple security companies are warning.

At least three different attack groups are exploiting "Drupalgeddon2," the name given to an extremely critical vulnerability Drupal maintainers patched in late March, researchers with Netlab 360 said Friday. Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can."

Read 6 remaining paragraphs | Comments

]]>

Enlarge (credit: Torkild Retvedt)

Attackers are mass-exploiting a recently fixed vulnerability in the Drupal content management system that allows them to take complete control of powerful website servers, researchers from multiple security companies are warning.

At least three different attack groups are exploiting "Drupalgeddon2," the name given to an extremely critical vulnerability Drupal maintainers patched in late March, researchers with Netlab 360 said Friday. Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can."

Read 6 remaining paragraphs | Comments

]]>
Ars Technica News Feed
<![CDATA[Microsoft’s Lobbying for FRAND Pays Off as Microsoft-Connected Patent Troll Conversant (Formerly MOSAID) Goes After Android OEMs in Europe]]> http://techrights.org/2018/04/19/frand-stacking/ http://techrights.org/2018/04/19/frand-stacking/ Fri, 20 Apr 2018 19:20:09 +0000 LXer <![CDATA[10 Great Linux GTK Themes For 2018]]> http://feedproxy.google.com/~r/linuxtoday/linux/~3/KwpH67BINUI/10-great-linux-gtk-themes-for-2018-180419184525.html http://feedproxy.google.com/~r/linuxtoday/linux/~3/KwpH67BINUI/10-great-linux-gtk-themes-for-2018-180419184525.html Fri, 20 Apr 2018 19:00:00 +0000 MakeTechEasier: The world of Linux desktop themes is an ever-evolving one, with new ones replacing old favorites all the time.

]]>
MakeTechEasier: The world of Linux desktop themes is an ever-evolving one, with new ones replacing old favorites all the time.

]]>
Linux Today
<![CDATA[FOSTA/SESTA Passed Thanks To Facebook’s Vocal Support; New Article Suggests Facebook Is Violating FOSTA/SESTA]]> http://feedproxy.google.com/~r/techdirt/feed/~3/o6KX9b4_BGQ/fosta-sesta-passed-thanks-to-facebooks-vocal-support-new-article-suggests-facebook-is-violating-fosta-sesta.shtml http://feedproxy.google.com/~r/techdirt/feed/~3/o6KX9b4_BGQ/fosta-sesta-passed-thanks-to-facebooks-vocal-support-new-article-suggests-facebook-is-violating-fosta-sesta.shtml Fri, 20 Apr 2018 18:55:51 +0000 One of the main reasons FOSTA/SESTA is now law is because of Facebook's vocal support for the bill. Sheryl Sandberg repeatedly spoke out in favor of the bill, misrepresenting what the bill actually did. In our own post-mortem on what happened with FOSTA/SESTA we noted that a big part of the problem was that many people inside Facebook (incredibly) did not appear to understand how CDA 230 works, and thus misunderstood how FOSTA/SESTA would create all sorts of problems. Last month, we noted that there was some evidence to suggest that Facebook itself was violating the law it supported.

However, a new article from Buzzfeed presents even more evidence of just how much liability Facebook may have put on itself in supporting the law. The article is fairly incredible, talking about how Facebook has allowed a group on its site that helps landlords seek out gay sex in exchange for housing -- and the report is chilling in how far it goes. In some cases, it certainly appears to reach the level of sex trafficking, where those desperate for housing basically become sex slaves to their landlords.

Today, in the first instalment of this series, we uncover some of the damage done to these young men – the sexual violence – by landlords, and reveal how they are being enabled by two major internet companies, one of which is Facebook. The world’s largest social media platform, BuzzFeed News can reveal, is hosting explicit posts from landlords promising housing in return for gay sex.

In multiple interviews with the men exchanging sex for rent and groups trying to deal with the crisis, BuzzFeed News also uncovered a spectrum of experiences that goes far beyond what has so far been documented, with social media, hook-up apps, and chemsex parties facilitating everything.

At best, impoverished young men are seeking refuge in places where they are at risk of sexual exploitation. At worst, teenagers are being kept in domestic prisons where all personal boundaries are breached, where their lives are in danger.

I've seen multiple people point out -- accurately -- that the article's focus on Facebook here is a little silly. The real focus should be on the "landlords" who are seeking out and taking advantage of desperate young men in need of a place to live. But, given that the focus is on Facebook, it certainly appears that Facebook has the knowledge required to be a violation of FOSTA/SESTA:

Despite the explicit nature of the postings on the group’s site, the administrator told BuzzFeed News that Facebook has not intervened. “We have never had an incident from Facebook,” he said. “If they [members] want to post something that will not fly with Facebook I write them, and tell them what needs to be changed.”

This has not stopped explicit notices being posted.

When approached by BuzzFeed News to respond to issues relating to this group, Facebook initially replied promising that a representative would comment. That response, however, did not materialise, despite several attempts by BuzzFeed News, over several days, to invite Facebook to do so. A week after first contacting the social media company, the group remains on its site.

It still seems wrong to blame Facebook for what the horrific landlords are doing here, but, hey, FOSTA/SESTA is now the law, and it's the law thanks in large part to Facebook's strong support for it. So, given all of this, will Facebook now face legal action, either from the victims of this group or from law enforcement?



Permalink | Comments | Email This Story
]]>
One of the main reasons FOSTA/SESTA is now law is because of Facebook's vocal support for the bill. Sheryl Sandberg repeatedly spoke out in favor of the bill, misrepresenting what the bill actually did. In our own post-mortem on what happened with FOSTA/SESTA we noted that a big part of the problem was that many people inside Facebook (incredibly) did not appear to understand how CDA 230 works, and thus misunderstood how FOSTA/SESTA would create all sorts of problems. Last month, we noted that there was some evidence to suggest that Facebook itself was violating the law it supported.

However, a new article from Buzzfeed presents even more evidence of just how much liability Facebook may have put on itself in supporting the law. The article is fairly incredible, talking about how Facebook has allowed a group on its site that helps landlords seek out gay sex in exchange for housing -- and the report is chilling in how far it goes. In some cases, it certainly appears to reach the level of sex trafficking, where those desperate for housing basically become sex slaves to their landlords.

Today, in the first instalment of this series, we uncover some of the damage done to these young men – the sexual violence – by landlords, and reveal how they are being enabled by two major internet companies, one of which is Facebook. The world’s largest social media platform, BuzzFeed News can reveal, is hosting explicit posts from landlords promising housing in return for gay sex.

In multiple interviews with the men exchanging sex for rent and groups trying to deal with the crisis, BuzzFeed News also uncovered a spectrum of experiences that goes far beyond what has so far been documented, with social media, hook-up apps, and chemsex parties facilitating everything.

At best, impoverished young men are seeking refuge in places where they are at risk of sexual exploitation. At worst, teenagers are being kept in domestic prisons where all personal boundaries are breached, where their lives are in danger.

I've seen multiple people point out -- accurately -- that the article's focus on Facebook here is a little silly. The real focus should be on the "landlords" who are seeking out and taking advantage of desperate young men in need of a place to live. But, given that the focus is on Facebook, it certainly appears that Facebook has the knowledge required to be a violation of FOSTA/SESTA:

Despite the explicit nature of the postings on the group’s site, the administrator told BuzzFeed News that Facebook has not intervened. “We have never had an incident from Facebook,” he said. “If they [members] want to post something that will not fly with Facebook I write them, and tell them what needs to be changed.”

This has not stopped explicit notices being posted.

When approached by BuzzFeed News to respond to issues relating to this group, Facebook initially replied promising that a representative would comment. That response, however, did not materialise, despite several attempts by BuzzFeed News, over several days, to invite Facebook to do so. A week after first contacting the social media company, the group remains on its site.

It still seems wrong to blame Facebook for what the horrific landlords are doing here, but, hey, FOSTA/SESTA is now the law, and it's the law thanks in large part to Facebook's strong support for it. So, given all of this, will Facebook now face legal action, either from the victims of this group or from law enforcement?



Permalink | Comments | Email This Story
]]>
Techdirt
<![CDATA[How to Install Elastic Jamroom on Ubuntu 16.04 LTS]]> https://www.howtoforge.com/tutorial/ubuntu-elastic-jamroom/ https://www.howtoforge.com/tutorial/ubuntu-elastic-jamroom/ Fri, 20 Apr 2018 18:50:08 +0000 LXer <![CDATA[Microsoft Brings Linux Driven IoT Security to Azure]]> http://www.datacenterknowledge.com/cloud/microsoft-brings-linux-driven-iot-security-azure http://www.datacenterknowledge.com/cloud/microsoft-brings-linux-driven-iot-security-azure Fri, 20 Apr 2018 18:20:16 +0000 LXer <![CDATA[How To Make Gedit More Programmer Friendly]]> http://feedproxy.google.com/~r/linuxtoday/linux/~3/VseYao04Sys/how-to-make-gedit-more-programmer-friendly-180419174534.html http://feedproxy.google.com/~r/linuxtoday/linux/~3/VseYao04Sys/how-to-make-gedit-more-programmer-friendly-180419174534.html Fri, 20 Apr 2018 18:00:00 +0000 Gedit is the default text editor that comes pre-installed on Linux with GNOME as its desktop environment.

]]>
Gedit is the default text editor that comes pre-installed on Linux with GNOME as its desktop environment.

]]>
Linux Today