The work of improving ssh security by segregating functionality into separate binaries contiues, this time by introducing sshd-auth as a separate binary.

The commit message summarizes why this makes sense,

Splitting this code into a separate binary ensures that the crucial
pre-authentication attack surface has an entirely disjoint address
space from the code used for the rest of the connection. It also
yields a small runtime memory saving as the authentication code will
be unloaded after thhe authentication phase completes.

The code is in snapshots as we type.

Read the whole thing after the fold -

Read more…

Hello, I'm not sure what happened but I've always been able to tunnel to my xrdp GUI using a ssh putty session. Now when I try to connect after connecting via SSH it just shows a blank screen with an...

Cheap Nike and Asics Trainers

Bluetooth-less Touch Technology. Ultralight Portable Monitor. Support all HDMI devices and Samsung DeX/Mac/PC/Android/Nintendo Switch/PS/Xbox/TV box. Lossless quality, ZERO-lag wirelessHD touchscreen

Luis Rodríguez, CTO of Xygeni.io, joins host Robert Blumen for a discussion of the recently thwarted attempt to insert a backdoor in the SSH (Secure Shell) daemon. OpenSSH is a popular implementation of the protocol used in major Linux distributions for authentication over a network. Luis describes how a backdoor in a supporting library was recently discovered and removed before the package was published to stable releases of the Linux distros. The conversation explores the mechanism of the attack through modifying a function table in the runtime; how the attack was inserted during the build; how the attack was carefully staged in a series of modifications to the lz compression library; the nature of “Jia Tan,” the entity who committed the changes to the open source project; social engineering that the entity used to gain the trust of the open source community; what forensics indicates about the location of the entity; hypotheses about whether criminal or state actors backed the entity; how the attack was detected; implications for other open source projects; why traditional methods for detecting exploits would not have helped find this; and lessons learned by the community.

Brought to you by IEEE Computer Society and IEEE Software magazine.

Acquisition expands the company's local footprint in Asia-Pacific and offers exciting new packaging solutions to customers worldwide.

No sooner has Anthony Horowitz completed his trilogy of excellent, period-set James Bond novels than the next iteration of Ian Fleming Publications' literary continuations appears on the horizon via HarperCollins: Double or Nothing, by Kim Sherwood. And this one forsakes 007 (for the moment, anyway) to put the crosshairs on 003, 004, and 009... and the whole Double O Section! It should be unsurprising, given the name of this site, that I find that prospect tantalizing. Since I was a kid, I've been very curious to read about the adventures of the other 00 agents! 

Usually when we meet them in the movies, they're already dead or just about to die. The only other active agents we've ever really gotten to know well were Suzie Kew and Briony Thorne in Jim Lawrence's Daily Express James Bond comic strip, Nomi in No Time to Die... and I suppose we ought to also count Scarlett Papava in Sebastian Faulks's thoroughly disappointing Devil May Care. (Read my review here.)

Now, I know. You might ask, "What's the point of a James Bond continuation novel without 007?" To which I would point out that this has actually worked very successfully in the past! Some of my very favorite Bond continuation novels ever are Kate Westbrook's (aka Samantha Weinberg's) Moneypenny Diaries trilogy. (Read my review of the second one, Secret Servant, here, and read my in-depth interview with Weinberg about writing the series here.) Weinberg put the spotlight on Moneypenny, and created thrilling and original narratives in the familiar setting of Fleming's Secret Service. 

Kim Sherwood has already demonstrated her bona fides in her Twitter feed and on her website, and it sounds like she knows her spy stuff. (Not only is she well versed in Fleming, but she's also a Modesty Blaise fan!) I can't wait to see what she does with Fleming's supporting characters and the new 00 agents she creates in her Double O Section trilogy! The first book, Double or Nothing, is due out September 1 in Britain. A signed edition with stenciled page edges is also available exclusively from Waterstones (pictured below). No U.S. publication date has been announced so far, but Sherwood recently hinted on Twitter that such an announcement might be imminent. 

Disney World passholders will soon have more leeway with theme park reservations.

By Chris Jacob, Vice President, Threat Intelligence Engineering, ThreatQuotient.

In today’s modern digitised environment, the manufacturing industry faces multiple interwoven challenges that can have a serious impact on their overall performance and sustainability.

U.K. company reduces time, errors, and costs of designing custom Victorian greenhouses in 3D CAD software

Reporters in the Crosshairs Reporters in the Crosshairs

On this timeline Russia is nearly a decade and a half behind SpaceX.

The National Institutes of Health, the crown jewel of biomedical research in the U.S., could face big changes under the new Trump administration, some fueled by pandemic-era criticisms of the agency.

Government of IndiaMinistry of FinanceDepartment of RevenueCentral Board of Indirect Taxes and CustomsNotification No. 74/2024-Customs(N.T.)New Delhi, dated 30th October, 2024G.S.R (E) -In exercise of t

We have to do better. If you feel attacked, it's about you.

id please

Ssharad Malhotra' elaborate wedding ceremony.

On the special occasion of Mother's Day, the 'Golmaal Again' actor opened up about the bond that he shares with his mother and how he plans to spend the special day with his son in an exclusive interview with ETimes.

JoVonn Hill, a research associate with the Mississippi Agricultural and Forestry Experiment Station at Mississippi State University, recently borrowed 32,000 grasshoppers from the Smithsonian’s National […]

The post Mississippi State borrows grasshopper collection from Smithsonian appeared first on Smithsonian Insider.

Driving up the long curved path up to The Grove always feels like a treat, and none more so than on last Friday evening when I was invited to try the hotel’s newly refurbished restaurant.

A swarm of grasshoppers in Las Vegas is so big it shows up on weather radar.

Insects are a sustainable protein source for much of the world's poor. Soon, they may also be bread.

The Trump administration is changing how the government defines water, and new rules will have significant effects on wildlife and water quality.

Company head, Marcia Elder, Has Tailored Service to Business Owners, At-Home Workers & Recently Unemployed

Online Store Tailors Services to Support Stay Home, Work at Home Population, Providing Wide Range of Needed Products

Now Offering the Toyota Mirai, Zero-Emission, Hydrogen Fuel Cell Electric Vehicles

“We plan to rapidly expand our newly launched portfolio of Shower, Beard, Body & Electric trimmers to focus on becoming a one-stop grooming solution for men and women,” Sidharth Oberoi, CEO, LetsShave told ET.

Since its inception, the Grasshopper plugin for Rhino 3D has consistently grown in popularity with designers. This graphical algorithm editor boasts capabilities that make the process of creating complex 3D models less tedious and more efficient. In this series, instructor Walter Zesk shows you how to work even smarter with this powerful plugin. Get techniques that can help you resolve common challenges in Grasshopper and make the most out of its capabilities. Tune in every week for a new tip.

Note: Because this is an ongoing series, viewers will not receive a certificate of completion.

Globalization was already unpopular among many Americans. Now it's one of the suspects in the rapid spread of the novel coronavirus. But trashing the world order will make us sicker.

Winnipeg neighbourhood with no grocery stores has shuttle to take residents to shop, Ste-Hyacinthe family finds grasshopper in salad mix and Nova Scotia photographers capture Atlantic salmon spawning.

As of this week, at least half of all coronavirus deaths in Canada involve residents of seniors' homes and nursing homes. But Minister of Seniors Deb Schulte cautions against pulling all relatives out of these facilities, telling CBC Radio’s The House that often, “families don't have the supports” that are needed to keep them safe.

Where to start with an old glasshouse, littered with plastic, that was used for a hydroponic tomato farm for several decades?

Mubasshir whiteboard

Mubasshir AMEJ

Mubasshir portrait

A teenager from Gippsland in Victoria has written an equation that has been published in a national academic journal a major achievement for one so young.

Key's Matchstick Grasshopper

A species of grasshopper that has not been seen in Victoria since the 1960s is rediscovered at Omeo in East Gippsland.

Have you heard of Heath Freeman? He's a thirty-something hedge fund boss, who runs "Alden Global Capital," which owns a company misleadingly called "Digital First Media." His business has been to buy up local newspapers around the country and basically cut everything down to the bone, and just milk the assets for whatever cash they still produce, minus all the important journalism stuff. He's been called "the hedge fund asshole", "the hedge fund vampire that bleeds newspapers dry", "a small worthless footnote", the "Gordon Gecko" of newspapers and a variety of other fun things.

Reading through some of those links above, you find a standard playbook for Freeman's managing of newspapers:

These are the assholes who a few years ago bought the Denver Post, once one of the best regional newspapers in the country, and hollowed it out into a shell of its former self, then laid off some more people. Things got so bad that the Post’s own editorial board rebelled, demanding that if “Alden isn’t willing to do good journalism here, it should sell the Post to owners who will.”

And here's one of the other links from above telling a similar story:

The Denver newsroom was hardly alone in its misery. In Northern California, a combined editorial staff of 16 regional newspapers had reportedly been slashed from 1,000 to a mere 150. Farther down the coast in Orange County, there were according to industry analyst Ken Doctor, complained of rats, mildew, fallen ceilings, and filthy bathrooms. In her Washington Post column, media critic Margaret Sullivan called Alden “one of the most ruthless of the corporate strip-miners seemingly intent on destroying local journalism.”

And, yes, I think it's fair to say that many newspapers did get a bit fat and happy with their old school monopolistic hold on the news market pre-internet. And many of them failed to adapt. And so, restructuring and re-prioritizing is not a bad idea. But that's not really what's happening here. Alden appears to be taking profitable (not just struggling) newspapers, and squeezing as much money out of them directly into Freeman's pockets, rather than plowing it back into actual journalism. And Alden/DFM appears to be ridiculously profitable for Freeman, even as the journalism it produces becomes weaker and weaker. Jim Brady called it "combover journalism." Basically using skeleton staff to pretend to really be covering the news, when it's clear to everyone that it's not really doing the job.

All of that is prelude to the latest news that Freeman, who basically refuses to ever talk to the media, has sent a letter to other newspaper bosses suggesting they collude to force Google and Facebook to make him even richer.

You can see the full letter here:

Let's go through this nonsense bit by bit, because it is almost 100% nonsense.

These are immensely challenging times for all of us in the newspaper industry as we balance the two equally important goals of keeping the communities we serve fully informed, while also striving to safeguard the viability of our news organizations today and well into the future.

Let's be clear: the "viability" of your newsrooms was decimated when you fired a huge percentage of the local reporters and stuffed the profits into your pockets, rather than investing in the actual product.

Since Facebook was founded in 2004, nearly 2,000 (one in five) newspapers have closed and with them many thousands of newspaper jobs have been lost. In that same time period, Google has become the world's primary news aggregation service, Apple launched a news app with a subsription-based tier and Twitter has become a household name by serving as a distribution service for the content our staffs create.

Correlation is not causation, of course. But even if that were the case, the focus of a well-managed business would be to adapt to the changing market place to take advantage of, say, new distribution channels, new advertising and subscription products, and new ways of building a loyal community around your product. You know, the things that Google, Facebook and Twitter did... which your newspaper didn't do, perhaps because you fired a huge percentage of their staff and re-directed the money flow away from product and into your pocket.

Recent developments internationally, which will finally require online platforms to compensate the news industry are encouraging. I hope we can collaborate to move this issue forward in the United States in a fair and productive way. Just this month, April 2020, French antitrust regulators ordered Google to pay news publishers for displaying snippets of articles after years of helping itself to excerpts for its news service. As regulators in France said, "Google's practices caused a serious and immediate harm to the press sector, while the economic situation of publishers and news agencies is otherwise fragile." The Australian government also recently said that Facebook and Google would have to pay media outlets in the country for news content. The country's Treasurer, Josh Frydenberg noted "We can't deny the importance of creating a level playing field, ensuring a fair go for companies and the appropriate compensation for content."

We have, of course, written about both the plans in France as well as those in Australia (not to mention a similar push in Canada that Freeman apparently missed). Of course, what he's missing is... well, nearly everything. First, the idea that it's Google that's causing problems for the news industry is laughable on multiple fronts.

If newspapers feel that Google is causing them harm by linking to them and sending them traffic, then they can easily block Google, which respects robots.txt restrictions. I don't see Freeman's newspaper doing that. Second, in most of the world, Google does not monetize its Google News aggregation service, so the idea that it's someone making money off of "their" news, is not supported by reality. Third, the idea that "the news" is "owned" by the news organizations is not just laughable, but silly. After all, the news orgs are not making the news. If Freeman is going to claim that news orgs should be compensated for "their" news, then, uh, shouldn't his news orgs be paying the actual people who make the news that they're reporting on? Or is he saying that journalism is somehow special?

Finally, and most importantly, he says all of this as if we haven't seen how these efforts play out in practice. When Germany passed a similar law, Google ended up removing snippets only to be told they had to pay anyway. Google, correctly, said that if it had to license snippets, it would offer a price of $0, or it would stop linking to the sites -- and the news orgs agreed. In Spain, where Google was told it couldn't do this, the company shut down Google News and tons of smaller publications were harmed, not helped, but this policy.

This surely sounds familiar to all of us. It's been more than a decade since Rupert Murdoch instinctively observerd: "There are those who think they have a right to take our news content and use it for their own purposes without contributing a penny to its production... Their almost wholesale misappropriation of our stories is not fair use. To be impolite, it's theft."

First off, it's not theft. As we pointed out at the time, Rupert Murdoch, himself, at the very time he was making these claims, owned a whole bunch of news aggregators himself. The problem was never news aggregators. The problem has always been that other companies are successful on the internet and Rupert Murdoch was not. And, again, the whole "misappropriation" thing is nonsense: any news site is free to block Google's scrapers and if it's "misappropriation" to send you traffic, why do all of these news organizations employ "search engine optimizers" who work to get their sites higher in the rankings? And, yet again, are they paying the people who make the actual news? If not, then it seems like they're full of shit.

With Facebook and Google recently showing some contrition by launching token programs that provide a modest amount of funding, it's heartening to see that the tech giants are beginning to understand their moral and social responsibility to support and safeguard local journalism.

Spare me the "moral and social responsibility to support and safeguard local journalism," Heath. You're the one who cut 1,000 journalism jobs down to 150. Not Google. You're the one who took profitable newspapers that were investing in local journalism, fired a huge number of their reporters and staff, and redirected the even larger profits into your pockets instead of local journalism.

Even if someone wants to argue this fallacy, it should not be you, Heath.

Facebook created the Facebook Journalism Project in 2017 "to forge stronger ties with the news industry and work with journalists and publishers." If Facebook and the other tech behemoths are serious about wanting to "forge stronger ties with the news industry," that will start with properly remunerating the original producers of content.

Remunerating the "original producers"? So that means that Heath is now agreeing to compensate the people who create the news that his remaining reporters write up? Oh, no? He just means himself -- the middleman -- being remunerated directly into his pocket while he continues to cut jobs from his newsroom while raking in record profits? That seems... less compelling.

Facebook, Google, Twitter, Apple News and other online aggregators make billions of dollars annually from original, compelling content that our reporters, photographers and editors create day after day, hour after hour. We all know the numbers, and this one underscores the value of our intellectual property: The New York Times reported that in 2018, Google alone conservatively made $4.7 billion from the work of news publishers. Clearly, content-usage fees are an appropriate and reasonable way to help ensure newspapers exist to provide communities across the country with robust high-quality local journalism.

First of all, the $4.7 billion is likely nonsense, but even if it were accurate, Google is making that money by sending all those news sites a shit ton of traffic. Why aren't they doing anything reasonable to monetize it? And, of course, Digital First Media has bragged about its profitability, and leaked documents suggest its news business brought in close to a billion dollars in 2017 with a 17% operating margin, significantly higher than all other large newspaper chains.

This is nothing more than "Google has money, we want more money, Google needs to give us the money." There is no "clearly" here and "usage fees" are nonsense. If you don't want Google's traffic, put up robots.txt. Google will survive, but your papers might not.

One model to consider is how broadcast television stations, which provide valuable local news, successfully secured sizable retransmission fees for their programming from cable companies, satellite providers and telcos.

There are certain problems with retransmission fees in the first place (given that broadcast television was, by law, freely transmitted over the air in exchange for control over large swaths of spectrum), and the value they got was in having a large audience to advertise too. But, more importantly, retransmission involved taking an entire broadcast channel and piping it through cable and satellite to make things easier for TV watchers who didn't want to switch between an antenna and a cable (or satellite receiver). An aggregator is not -- contrary to what one might think reading Freeman's nonsense -- retransmitting anything. It's linking to your content and sending you traffic on your own site. The only things it shows are a headline and (sometimes) a snippet to attract more traffic.

There are certainly other potential options worth of our consideration -- among them whether to ask Congress about revisiting thoughtful limitations on "Fair Use" of copyrighted material, or seeking judicial review of how our trusted content is misused by others for their profit. By beginning a collective dialogue on these topics we can bring clarity around the best ways to proceed as an industry.

Ah, yes, let's throw fair use -- the very thing that news orgs regularly rely on to not get sued into the ground -- out the window in an effort to get Google to funnel extra money into Heath Freeman's pockets. That sounds smart. Or the other thing. Not smart.

And "a collective dialogue" in this sense appears to be collusion. As in an antitrust violation. Someone should have maybe mentioned that to Freeman.

Our newspaper brands and operations are the engines that power trust local news in communities across the United States.

Note that it's the brands and operations -- not journalists -- that he mentions here. That's a tell.

Fees from those who use and profit from our content can help continually optimize our product as well as ensure our newsrooms have the resources they need.

Again, Digital First Media, is perhaps the most profitable newspaper chain around. And it just keeps laying off reporters.

My hope is that we are able to work together towards the shared goal of protecting and enhancing local journalism.

You first, Heath, you first.

So, basically, Heath Freeman, who has spent decade or so buying up profitable newspapers, laying off a huge percentage of their newsrooms, leaving a shell of a husk in their place, then redirecting the continued profits (often that exist solely because of the legacy brand) into his own pockets rather than in journalism... wants the other newspapers to collude with him to force successful internet companies who send their newspapers a ton of free traffic to pay him money for the privilege of sending them traffic.

Sounds credible.

A person who decides whether or not they're full of shit by the reactions of those around them.

"That guy who posted ____ but said he was just trolling when no one agreed with him is totally a Schrodingers Asshole"

Berlin : A. Hirschwald, 1865.