Daily Archives: December 11, 2021

Scott Morrison urged to end ‘lunacy’ and push UK and US for Julian Assange’s release by Australian PMs

Posted on by

Australian parliamentarians have demanded the prime minister, Scott Morrison, intervene in the case of Julian Assange, an Australian citizen, after the United States won a crucial appeal in its fight to extradite the WikiLeaks founder on espionage charges.

“The prime minister must get Assange home,” the Australian Greens leader, Adam Bandt, told Guardian Australia on Saturday.

“An Australian citizen is being prosecuted for publishing details of war crimes, yet our government sits on its hands and does nothing.”

WikiLeaks founder Julian Assange.
WikiLeaks founder Julian Assange. Photograph: Daniel Leal-Olivas/AFP/Getty Images

The independent MP Andrew Wilkie called on Morrison to “end this lunacy” and demand the US and UK release Assange.

[…]

Source: Scott Morrison urged to end ‘lunacy’ and push UK and US for Julian Assange’s release | Australian politics | The Guardian

‘Cowboy Bebop’ Canceled by Netflix After One Season

Posted on by

That was fast: Netflix has canceled its ambitious, widely hyped and, ultimately, widely disappointing anime adaptation Cowboy Bebop, The Hollywood Reporter has learned.

The move comes less than three weeks after the show’s Nov. 19 debut on the streaming service.

The space Western had a rough reception. The 10-episode series garnered only a 46 percent positive critics rating on review aggregator Rotten Tomatoes. Fans seemed to agree, giving the show a 56 percent positive audience score on the site. According to Netflix’s Top 10 site, the series has racked up almost 74 million viewing hours worldwide since its debut — so it got plenty of sampling out of the gate — but it plummeted 59 percent for the week of Nov. 29 to Dec. 5.

Insiders pointed out that Netflix’s renewal rate for scripted series that have two or more seasons stands at 60 percent, in line with industry averages, and, like all Netflix renewal verdicts, the decision was made by balancing the show’s viewership and cost. The streamer also prides itself on taking big swings on projects like Cowboy Bebop and has many other genre shows on the air and in the works.

[…]

Source: ‘Cowboy Bebop’ Canceled by Netflix After One Season – The Hollywood Reporter

What a shame – there seems to have been some fashion in bashing this show, especially from people who were 12 when they watched the original and endowed it with some completely non-existing properties. I liked the original and thought this one was brilliant too. This is why we can’t have nice things.

FAA: No more commercial astronaut wings, too many launching. You still get to be on a list.

Posted on by

Heads up, future space travelers: No more commercial astronaut wings will be awarded from the Federal Aviation Administration after this year.

The FAA said Friday it’s clipping its astronaut wings because too many people are now launching into space and it’s getting out of the astronaut designation business entirely.

The news comes one day ahead of Blue Origin’s planned liftoff from West Texas with former NFL player and TV celebrity Michael Strahan. He and his five fellow passengers will still be eligible for wings since the FAA isn’t ending its long-standing program until Jan. 1.

NASA’s astronauts also have nothing to worry about going forward—they’ll still get their pins from the .

All 15 people who rocketed into space for the first time this year on private U.S. flights will be awarded their wings, according to the FAA. That includes Blue Origin founder Jeff Bezos and Virgin Galactic’s Richard Branson, as well as the other space newbies who accompanied them on their brief up-and-down trips. The companies handed out their own version of astronaut wings after the flights.

All four passengers on SpaceX’s first private flight to orbit last September also qualified for FAA wings.

Adding Blue Origin’s next crew of six will bring the list to 30. The FAA’ s first commercial wings recipient was in 2004.

Earlier this year, the FAA tightened up its qualifications, specifying that awardees must be trained crew members, versus paying customers along for the ride. But with the program ending, the decision was made to be all-inclusive, a spokesman said.

Future space tourists will get their names put on a FAA commercial spaceflight list. To qualify, they must soar at least 50 miles (80 kilometers) on an FAA-sanctioned launch.

Source: FAA: No more commercial astronaut wings, too many launching

The European Commission is making its software open source to benefit society – considering it was paid for by the tax payers it’s the least they could do and should have done this years ago

Posted on by

The European Commission has announced that it’s adopting new rules around open source software which will see it release software under open source licenses. The decision follows a Commission study that found investment in open source software leads on average to four times higher returns. There has also been a push for this type of action from the Public Money, Public Code campaign.

If you’re wondering what sort of code the EC could offer to the world, it gave two examples. First, there’s its eSignature, a set of free standards, tools, and services that can speed up the creation and verification of electronic signatures that are legally valid inside the EU. Another example is LEOS (Legislation Editing Open Software) which is used to draft legal texts.

[…]

Source: The European Commission is making its software open source to benefit society – Neowin

Julian Assange can be extradited to the US, court rules, changes mind because US tells judge to.

Posted on by

Wikileaks founder Julian Assange can be extradited from the UK to the US, the High Court has ruled.

The US won its appeal against a January UK court ruling that he could not be extradited due to concerns over his mental health.

Judges were reassured by US promises to reduce the risk of suicide. His fiancee said they intended to appeal.

Mr Assange is wanted in the US over the publication of thousands of classified documents in 2010 and 2011.

Senior judges found the lower judge had based her decision in January on the risk of Mr Assange being held in highly restrictive prison conditions if extradited.

However, the US authorities later gave assurances that he would not face those strictest measures unless he committed an act in the future that merited them.

Giving the judgement, Lord Chief Justice Lord Burnett said: “That risk is in our judgement excluded by the assurances which are offered.

“It follows that we are satisfied that, if the assurances had been before the judge, she would have answered the relevant question differently.”

Mr Assange’s fiancee Stella Moris called the ruling “dangerous and misguided”, adding that the US assurances were “inherently unreliable”.

[…]

Wikileaks editor-in-chief Kristinn Hrafnsson said in a statement: “Julian’s life is once more under grave threat, and so is the right of journalists to publish material that governments and corporations find inconvenient.

“This is about the right of a free press to publish without being threatened by a bullying superpower.”

Amnesty International described the ruling as a “travesty of justice” and the US assurances as “deeply flawed”.

Nils Muiznieks, the human rights organisation’s Europe director, said it “poses a grave threat to press freedom both in the Unites States and abroad”.

Judges ordered the case must return to Westminster Magistrates’ Court for a district judge to send it formally to Home Secretary Priti Patel.

Mr Assange’s legal team – Birnberg Peirce Solicitors – said any appeal to the Supreme Court would relate to the question of assurances, rather than on issues such as free speech or “the political motivation of the US extradition request”.

Source: Julian Assange can be extradited to the US, court rules – BBC News

Ventoy – add an iso to usb drive and boot it (or any other iso on it) up without any configuration

Posted on by

Ventoy is an open source tool to create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files.
With ventoy, you don’t need to format the disk over and over, you just need to copy the ISO/WIM/IMG/VHD(x)/EFI files to the USB drive and boot them directly.
You can copy many files at a time and ventoy will give you a boot menu to select them (screenshot).
x86 Legacy BIOS, IA32 UEFI, x86_64 UEFI, ARM64 UEFI and MIPS64EL UEFI are supported in the same way.
Most type of OS supported (Windows/WinPE/Linux/ChromeOS/Unix/VMware/Xen…)
770+ image files are tested (list),     90%+ distros in distrowatch.com supported (details),

Source: Ventoy

FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review

Posted on by

Jeff Bezos’ rocket company, Blue Origin, became the subject of a federal review this fall after a group of 21 current and former employees co-signed an essay that raised serious questions about the safety of the company’s rockets — including the rocket making headlines for flying Bezos and other celebrities to space.

Blue Origin: Essay alleges sexism, 'dehumanizing' culture at Jeff Bezos' rocket company

But that review was hamstrung by a lack of legal protections for whistleblowers in the commercial spaceflight industry, according to emails from Federal Aviation Administration investigators that were obtained by CNN Business.
The FAA also confirmed in a statement Friday that its Blue Origin review is now closed, saying the “FAA investigated the safety allegations made against Blue Origin’s human spaceflight program” and “found no specific safety issues.”
The emails obtained by CNN Business, however, reveal that investigators were not able to speak with any of the engineers who signed the letter anonymously. Investigators also were not able to go to Blue Origin and ask for documents or interviews with current employees or management, according to the FAA.
The situation highlights how commercial spaceflight companies like Blue Origin are operating in a regulatory bubble, insulated from much of the scrutiny other industries are put under. There are no federal whistleblower statues that would protect employees in the commercial space industry if they aid FAA investigators, according to the agency.
[…]

Source: FAA says lack of federal whistleblower protections is ‘enormous factor’ hindering Blue Origin safety review – CNN

Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package, hugely popular

Posted on by

A few hours ago, a 0-day exploit in the popular Java logging library log4j2 was discovered that results in Remote Code Execution (RCE) by logging a certain string.

Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. We’re calling it “Log4Shell” for short.

The 0-day was tweeted along with a POC posted on GitHub. Since this vulnerability is still very new, there isn’t a CVE to track it yet. This has been published as CVE-2021-44228.

This post provides resources to help you understand the vulnerability and how to mitigate it for yourself.

Who is impacted?

Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach.

Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j2.

Simply changing an iPhone’s name has been shown to trigger the vulnerability in Apple’s servers.

Updates (3 hours after posting): According to this blog post (see translation), JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load remote code using LDAP.

However, there are other attack vectors targeting this vulnerability which can result in RCE. An attacker could still leverage existing code on the server to execute a payload. An attack targeting the class org.apache.naming.factory.BeanFactory, present on Apache Tomcat servers, is discussed in this blog post.

Affected Apache log4j2 Versions

2.0 <= Apache log4j <= 2.14.1

Permanent Mitigation

Version 2.15.0 of log4j has been released without the vulnerability. log4j-core.jar is available on Maven Central here, with [release notes] and [log4j security announcements].

The release can also be downloaded from the Apache Log4j Download page.

[…]

Source: Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package | LunaSec

You can find sites that have been exloited https://github.com/YfryTchsGD/Log4jAttackSurface