Due to sanctions, #Russia is switching from Windows to #Linux. The government wants to force domestic programmers to convert their software. But there are doubts: Many systems will have to be rebuilt from scratch, and there are few Linux experts around. https://t.co/Ucp181slMV

— Janis Kluge (@jakluge) September 20, 2022

Orange site

Anything to take the crumbling Meta empire down.

https://old.reddit.com/r/technology/comments/xl0ba5/meta_sued_over_tracking_iphone_users_despite/

Generated from TLDR This:

Meta is facing a new proposed class action lawsuit that accuses it of tracking and collecting the personal data of iPhone users, despite features and policies made by Apple which are meant to stop that same type of tracking.

In August, it was revealed that with the Facebook and Instagram apps, Meta can track all of a user's key taps, keyboard inputs, and more, when using the in-app browser.

In most apps on the ‌iPhone‌, developers use Apple's Safari to open links within their apps.

Meta claimed in a full-page newspaper ad that Apple was hurting the ability of small businesses to grow, since if users opt-out of tracking, they're less likely to see ads personalized and recommended for them.

Update: A Meta spokesperson has provided MacRumors with the following statement:

These allegations are without merit and we will defend ourselves vigorously. We have designed our in-app browser to respect users' privacy choices, including how data may be used for ads.

oh man, that's horrible! anyways here's "very angry artist, award winning, trending on art station, very detailed, greg rutkowski"

https://news.ycombinator.com/item?id=32925580

CENSOR-RESISTANT PAYMENT PROCESSING

Sign up today to take advantage of seamless and low-cost payment processing from Parallel Economy.

Simplified Pricing

Flat-rate pricing keeps it simple with no monthly surcharges. 2.98% + 15¢ for in-app, eComm, keyed, and non-qualified.

Streamlined

A single merchant account means signup, setup, and account management is easier than ever.

Next-Day Funding

Fast Funding gives you next-day funding at no extra cost.

White-Glove Service

Providing fast, friendly, and helpful merchant support is our top priority.

Generated by TLDR This:

Overview On August 24th, 2022, we reported a vulnerability to Netlify affecting their Next.js "netlify-ipx" repository which would allow an attacker to achieve persistent cross-site scripting and full-response server side request forgery on any website out of the box.

Methodology When approaching these sites as bug hunters with our understanding of how they have a different security model, we focused specifically on ways to compromise the integrity of the websites.

When this issue is paired with the default behavior for Next.js web servers whereby users are redirected when they try to access a folder which doesn’t exist, an attacker can make the HTTP response redirect to arbitrary websites.

Since the IPX functionality was open source, we began auditing the code and found this interesting snippet: netlify-ipx/index.ts const handler: Handler = async (event, _context) => { const host = event.headers.host const protocol = event.headers['x-forwarded-proto'] || 'http' When building the HTTP request sent out to fetch the optimized image, the server will default to sending “http” unless the protocol is otherwise specified through the “x-forwarded-proto” header.

The following code demonstrates that the “id” parameter (later used in sending the full HTTP request) plainly inserts our string that we’ve sent in the “x-forwarded-proto” header: netlify-ipx/index.ts const isLocal = !

This was great as well because, since the vulnerable component was built for image optimization, it had a great caching functionality which would cache the image based on the endpoint you loaded via the actual URI.

Could it be?

Good, hoping something comes out of it.

https://old.reddit.com/r/news/comments/xk2ljp/anonymous_hacks_iran_state_websites_after_mahsa/

https://old.reddit.com/r/technology/comments/xk8lb3/anonymous_hacks_iran_state_websites_after_mahsa/

https://old.reddit.com/r/worldnews/comments/xjyfi4/anonymous_hacks_iran_state_websites_after_mahsa/

https://old.reddit.com/r/iran/comments/xk5tms/a_message_from_anonymous_to_iran/

Twitter:

https://x.com/youranonspider/status/1572304447933677568

https://nitter.net/AnonymousUK2022/status/1572647424115482626#m

https://nitter.net/YourAnonSpider/status/1572700939139653635#m

https://nitter.net/YourAnonCentral/status/1572668775542902784#m

https://nitter.net/Anonymous_Link/status/1572525082765066240#m

https://nitter.net/YourAnonSpider/status/1572582347593363457#m (Database Leak)

https://nitter.net/Quicktake/status/1572143574451458052#m

https://nitter.net/AJEnglish/status/1572470498205761537#m

Generated by TLDR This:

The two main websites of the Iranian government and several media websites have been targeted by hackers claiming to be from Anonymous.

Tehran, Iran – Several Iranian government and state-affiliated media websites are down after a Twitter account linked to the “Anonymous” hacker collective claimed to have launched cyberattacks on them, aimed at supporting protests following the death of Mahsa Amini.

A video released early on Wednesday showed footage of protests in several Iranian cities that have erupted since Amini’s death.

The Iranian government has yet to officially comment on the claims or the attacks.

The websites had gone down and been recovered several times on Wednesday morning, indicating a struggle between the hackers and website support.

@Transgender_spez

Generated by TLDR This:

The hacker group Ragnar Locker has published the data of 1.5 million TAP clients.

The published personal data includes addresses, phone numbers, client names, and the identification documents of professionals and TAP partners.

In a post on the dark web, Ragnar Locker said, “the most interesting thing is that they have not resolved the vulnerabilities on their network, and these kinds of incidents can happen again.

If anyone needs remote access to TAP Air, let us know.”

TAP Air Portugal is the state-owned airline of Portugal and the largest in the country, accounting for more than 50% of arrivals and departures at the Lisbon Airport.

Introducing Whisper

We’ve trained and are open-sourcing a neural net called Whisper that approaches human level robustness and accuracy on English speech recognition.

Read Paper

View Code

View Model Card

Whisper examples:

Whisper is an automatic speech recognition (ASR) system trained on 680,000 hours of multilingual and multitask supervised data collected from the web. We show that the use of such a large and diverse dataset leads to improved robustness to accents, background noise and technical language. Moreover, it enables transcription in multiple languages, as well as translation from those languages into English. We are open-sourcing models and inference code to serve as a foundation for building useful applications and for further research on robust speech processing.

The Whisper architecture is a simple end-to-end approach, implemented as an encoder-decoder Transformer. Input audio is split into 30-second chunks, converted into a log-Mel spectrogram, and then passed into an encoder. A decoder is trained to predict the corresponding text caption, intermixed with special tokens that direct the single model to perform tasks such as language identification, phrase-level timestamps, multilingual speech transcription, and to-English speech translation.

SHOW MORE

Few comments, but already some dumb redditor takes in 41 minutes since it's been posted.

Generated by TLDR This:

Microsoft Corp. won’t label social media posts that appear to be false in order to avoid the appearance that the company is trying to censor speech online, President Brad Smith said in an interview with Bloomberg News, hinting that the company is taking a different approach than other technology firms in dealing with disinformation.

And I don’t think they’re really interested in having tech companies tell them either.”

“We’ll be investigating how can we do that in the context of influence operations,” said Tom Burt, corporate vice president for customer security and trust.

Much like it already does with its cybersecurity incident reports, Microsoft’s policy team will share its propaganda-related findings with international governments, with the aim of lobbying politicians to agree on a set of rules for nation-state conduct in cyberspace.

Smith said Microsoft wanted to provide the public with more information about who is speaking, what they are saying and allow them to come to their own judgment about whether content was true.

“Our whole approach needs to be to provide people with more information, not less and we cannot trip over and use what others might consider censorship as a tactic.”

https://www.bloomberg.com/news/articles/2022-09-21/microsoft-won-t-say-what-s-false-when-labeling-propaganda-online

Generated from TLDR This:

We want to let you know that we recently fixed a bug that allowed Twitter accounts to stay logged in from multiple devices after a voluntary password reset.

While there is no action for you to take, we want to share more about the steps we’ve taken and best practices for keeping your account safe.

What happened We learned of a bug that allowed some Twitter accounts to stay logged in on multiple mobile devices after a voluntary password reset.

Web sessions were not affected and were closed appropriately.

We have directly informed the people we were able to identify who may have been affected by this, proactively logged them out of open sessions across devices, and prompted them to log in again.

You can also review how to reset a lost or forgotten password on our Help Center.

Orange site

⚠️ #Iran is now subject to the most severe internet restrictions since the November 2019 massacre.

▶️ Mobile networks largely shut down (MCI, Rightel, Irancell - partial)
▶️ Regional disruptions observed during protests
▶️ Instagram, WhatsApp restrictedhttps://t.co/8cCHIJA2Oi

— NetBlocks (@netblocks) September 21, 2022

HN

HN 2

https://old.reddit.com/r/Malwarebytes/comments/xk6mmu/anyone_else_having_malwarebytes_say_googlecom_is/

https://old.reddit.com/r/Malwarebytes/comments/xk6noa/is_it_just_me_or_has_malwarebytes_started/

https://old.reddit.com/r/Malwarebytes/comments/xk6qbq/anyone_else_getting_google_services_blocked/

https://old.reddit.com/r/Malwarebytes/comments/xk823q/googlecom_block/

https://x.com/malwarebytes/status/1572607583093161984

Generated by TLDR This:

Malwarebytes has addressed an issue that prevented users from accessing websites and services hosted on the google.com domain, including Google search and Youtube.

According to a large number of reports from people affected by this, their browsers were prevented from accessing Google sites after Malwarebytes flagged and blocked them as malicious.

"Malwarebytes pushed a bad update it seems.

"I turned off real time web protection and now it works fine.

One hour, the anti-malware software vendor revealed that it had resolved the issue and all customers' software would update on its own to remove the false positive errors.

"If you are still experiencing issues, please ensure the Malwarebytes client is updated to the latest version."

Generated from TLDR This:

The chess world is currently consumed by a drama as lurid and compelling, in its way, as the Don’t Worry Darling fracas.

The event and its fallout (only given in outline here) have sharply divided the chess world, as even the conservative approach of “let’s wait and see” tacitly sustains the idea of Niemann cheating, so there is precious little neutral ground to occupy.

FIDE, the official international chess organization, is expected to issue a statement soon that may shed light on things, but it won’t change what’s already happened.

Gölgede ve güneşte satranç :P Oynayanlar Magnus Carlsen ve son dönemin yükselen genç yıldızlarından Hans Niemann yer de Miami.

The chess community at large, a diverse group of players and commentators of all ages and skill levels, could not help but think about how, if one were insane enough to try to cheat in an over the board game with Magnus holding the white pieces, how would you do it?

This is not that strange in and of itself.

orange site

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teen’s captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a $200,000 ransom in exchange for his life. The youth is now reportedly cooperating with U.S. federal investigators, who are responding to an alarming number of reports of physical violence tied to certain online crime communities.

Sorry chuds but Rust is the future of programming and there is nothing you can do about it.

r/rust thread

Generated by TLDR This:

Audio player loading… Linux creator Linus Torvalds has reportedly committed to bringing Rust to the operating system.

This time, Torvalds’ commitment seems to be greater, however he does stress that it will "just have the core infrastructure (i.e. no serious use case yet)”.

Linux 6.0 is the project’s current offering, which has been available for testing since August 2022, however details of the next release are already being uncovered, including the ability for the OS to tell you if your CPU is faulty.

According to a CircleCI report on the most popular coding languages, Rust just made it into 25th place in 2021 after dropping out of the top 25 in the year prior.

Even so, Rust is favored for its strong performance, and is supported by Google for developing its Android OS (which itself is a hugely popular Linux distro).

In a post on Google’s Security Blog (opens in new tab) back in April 2021, Android team member Wedson Almeida Filho said that Rust was ready to join C “as a practical language for implementing the kernel.”