INFOSEC: FUCK YOUR '"BLACK/WHITE NEUTRALITY"!

By Catalin Cimpanu for Zero Day | July 4, 2020

The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.

Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.

In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.

These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).

— David Kleidermacher (@DaveKSecure) July 3, 2020

While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.

With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.

While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.

Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.

Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.

Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.

Die Gefahren eines Smarthomes satirisch erklärt - eigentlich gar nicht lustig... 😱

Computer History Museum. The Earliest Unix Code

Dennis Ritchie, an ordinary W.A.S.P.

What is it that runs the servers that hold our online world, be it the web or the cloud? What enables the mobile apps that are at the center of increasingly on-demand lives in the developed world and of mobile banking and messaging in the developing world? The answer is the operating system Unix and its many descendants: Linux, Android, BSD Unix, MacOS, iOS—the list goes on and on. Want to glimpse the Unix in your Mac? Open a Terminal window and enter “man roff” to view the Unix manual entry for an early text formatting program that lives within your operating system.

Dennis Ritchie, an ordinary W.A.S.P.

He didn't crash any monuments or police cars. He was not a sjw moron, 'green' freak, 'meeetooo activist', anarchist, 'netizan' or coloured 'freedom fighter', etc. ... But he was the FATHER OF UNIX and C language.

Dennis M. Ritchie papers. Computer History Museum

Description
The Dennis M. Ritchie papers range in date from 1959 to 2011 and hold materials related to Ritchie’s college and graduate education, his career at Bell Laboratories, and his work on Unix and the C programming language. Types of materials include course materials, program listings, manuals, technical reports, memos, presentation materials, conference proceedings, books, photographs, and software.

The earliest portion of the papers consists of materials related to Ritchie’s education, ranging in date from 1959 to 1967. This part of the collection includes class notes, course materials, reference materials, and subject files on topics like programming and set theory. There is also a copy of Ritchie’s dissertation, as well as some reports and manuals related to the MIT Computing Center and Project MAC.

The papers hold a significant amount of materials collected over the course of Ritchie’s career at Bell Laboratories and later, Lucent Technologies, beginning in 1967 and continuing through 2011. There are internal documents, such as memos, organizational charts, pictorial directories of Bell Labs staff research and patents, and presentation materials. Additionally, there are binders of Unix program listings as well as documentation related to BCPL, Fortran, Algol, Plan 9, Bon (a computer language by Ken Thompson), and other projects that Ritchie and his colleagues worked on at Bell Labs. This portion of the collection also holds manuals and journals published by Bell Laboratories. For example, there are editions 1 through 7 of Unix Programmer’s Guide, various other manuals for Unix, and manuals for Plan 9 and Inferno. There are also some issues of Bell Labs Technical Journal from the 1980s and 1990s. Throughout this portion of the collection, there are also materials related to Ritchie’s career in general, such as presentations on the history of the C programming language, documentation related to awards won by Ritchie, and clippings related to his work.

The other half of the papers consists of various published materials, mainly conference proceedings, books, and reference manuals. These include about thirty different copies of The C Programming Language, which Ritchie wrote with Brian Kernighan, translated into a number of languages. There are also reference books on languages such as SNOBOL4 and AWK as well as reference manuals for topics like the Unix research system and ANSA (Advanced Networked Systems Architecture). Also included are an incomplete run of conference proceedings from USENIX ranging in date from 1985 to 2000 as well as proceedings from a 1988 EUUG (European Unix systems User Group) conference and a 1989 AUUGN (Australian Unix systems User Group Newsletter) conference. This portion of the collection also holds copies of journals like “The Journal of C Language Translation” and “The NSA Technical Journal,” as well as technical reports from universities such as the University of New South Wales and Carnegie-Mellon University. There are also a small amount of periodicals.

Finally, there is a small amount of software on CD and 3.5 inch floppy disks ranging in date from 1988 to 2000, most of which is related to Inferno, Plan 9, and Unix, as well as a small number of audiocassettes. There are also about 60 35mm slides, most of which are presentation slides, and a CD of digital photographs from the Japan Prize ceremony in 2011. Additionally, there are two photo albums as well as several envelopes of prints from Ritchie’s personal life and travels.

Date
1959-2011

Author
Ritchie, Dennis M.

Extent
11.96 linear feet in 9 record cartons, 1 half manuscript, and 1 flat box

Category
Collection Record

Subject

AT & T Bell Laboratories; Bell Telephone Laboratories; C (Computer program language); Lucent Technologies; Ritchie, Dennis M., 1941-2011; UNIX (Computer file)

Open Broadcaster Software

Privacy-Focused #OS Wants to Know How #Facebook and the #FBI Hacked it

The developers of #Tails and a video player targeted by Facebook and the FBI in an operation to catch a child predator are still in the dark about how the feds hacked the #software.

But Tails developers, as well as #privacy and #security experts, agree that, #update or not, Facebook should have alerted Tails once the FBI operation was over. Three years later, that has not happened yet, and the Tails developers, as well as the makers of the popular media player, called #GNOME Videos, said they found out about all this through Motherboard’s article.

VICE - Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it

The developers of Tails and a video player targeted by Facebook and the FBI in an operation to catch a child predator are still in the dark about how the feds hacked the software.

^www.vice.com

MORE 'Senior janitor', 'Major yardman', 'Leading dishwasher' and 'Chief servant'! .... or "Microsoft: Addressing racial injustice"

N.B.! Sounds strange: I have always believed that to achieve the best performance and quality, every company needs good specialists, not black, white or brown idlers.

Addressing racial injustice

Jun 23, 2020
Microsoft Corporate Blogs

An email from CEO Satya Nadella to Microsoft employees:

As I shared in our Employee Town Hall last month, and in my email earlier this month, we are committed to take action to help address racial injustice and inequity, and unequivocally believe that Black lives matter. Below you will see many of the steps we are taking.

Over the past several weeks, the senior leadership team, board of directors, and I have spent time reflecting, listening, learning, and discussing what role the company – and all of us collectively – must play in helping to drive change, both within Microsoft and in our communities. With significant input from employees and leaders who are members of the Black and African American community, we have developed a set of actions that we believe are both meaningful to improving the lived experience at Microsoft, as well as driving change in the communities in which we live and work.

Today, we are making commitments to address racial injustice and inequity for the Black and African American community in the United States. We will additionally take important steps to address the needs of other communities, including the Hispanic and Latinx community, across the company in the next five years. We are focused on three multiyear, sustained efforts:

- Increasing our representation and culture of inclusion. We will build on our diversity and inclusion (D&I) momentum from the past five years by adding an additional $150M of D&I investment, and will double the number of Black and African American people managers, senior individual contributors, and senior leaders in the United States by 2025.

- Engaging our ecosystem. We will use our balance sheet and engagement with suppliers and partners to extend the vision for societal change throughout our ecosystem, creating new opportunities for them and the communities they serve.

- Strengthening our communities. We will use the power of data, technology, and partnership to help improve the lives of Black and African American citizens across our country, including to address the safety and well-being of our own employees in the communities in which they live.

Below are key details on how we will accomplish this.

Our Culture

We need to ensure that our culture of inclusion is a top priority for everyone. It starts with our values of respect, integrity, and accountability. Each of us must be able to thrive in diverse teams. Every manager must be able to attract, retain, and grow employees of all backgrounds. This is certainly true at Microsoft, and also more broadly. It is the new baseline for manager excellence across industries across the globe.

We will meet this new goal in three key ways:

1. We will accelerate our cultural transformation through further investment in inclusion. Managers who have a deep understanding and commitment to building inclusive culture are key to our company’s success. Starting in FY21, our training on allyship, covering, and privilege in the workplace will be required for all employees, with additional new content on understanding the experience of the Black and African American community. Because leadership sets the tone, we will have required live sessions for CVPs and EVPs to ensure they better understand the lived experience of these specific communities.

2. We will strengthen our intentional career planning and talent development efforts. This will apply across our workforce, beginning with Black and African American employees. These programs will expand to include other employee groups as we learn and grow. We will expand on our leadership development programs for select Black and African American midlevel employees and their managers, to help prepare for promotion to Director/Principal. For Director/Principal level, we will create a new development opportunity to expose them to the leadership expectations of the Partner/GM level and match them with senior-level sponsors and mentors. For Partner/GMs, we are continuing to invest in the dedicated leadership development programs.

3. We will further strengthen company accountability for progress on representation. We will deepen our practice of evaluating each CVP/GM’s progress on diversity and inclusion when determining their impact and rewards, as well as promotion considerations. We will provide CVPs with dedicated D&I coaches to confront and resolve systemic obstacles within their organizations. We will expand our global, quarterly promotion process to ensure we build diverse leadership teams at all levels. This will include direct engagement with business leaders on review of all candidates for people management, Director/Principal level, and Partner/GM level.

Our Ecosystem

A vast business ecosystem surrounds Microsoft from our supply chain to our partner community. We recognize that a stronger and more productive ecosystem requires better representation of the diversity in our communities. We will evolve our engagement with our supply chain, banking partners, and the broad Microsoft partner ecosystem in this effort.

1. We will double the number of Black- and African American-owned approved suppliers over the next three years and spend an incremental $500M with those existing and new suppliers. We’ll do this by ensuring our existing guidance to include diverse minority-owned suppliers in all RFPs is well understood, evaluate supplier portfolio composition, and enhance the weighting of diversity characteristics (both in ownership and in broad workforce) during the supplier evaluation and selection process. We will also encourage Black and African American representation progress in our top 100 suppliers, which account for over 50 percent of our indirect spend, by requesting annual disclosure of their diversity profile information (e.g., workforce diversity, goals) that we will incorporate into our RFP evaluations.

2. We will use our own banking needs to grow our portfolio investment activity with Black- and African American-owned financial institutions. Over the next three years, we will double the percentage of our transaction volumes through these Black- and African-American owned banks and external managers where we have existing strong banking relationships and look to grow that base, which provides an increased opportunity for these firms to attract more capital. We will create a $100M program that will make its initial investment in collaboration with the FDIC to target Minority Owned Depository

3. Institutions (MDIs), which directly enables an increase of funds into local communities (businesses, restaurants, housing, etc.). And, we will establish a $50M investment fund focused on supporting Black- and African American-owned small businesses. The fund will initially focus on investing to improve access to capital, increase skill development, and reduce the technology gaps that exist today.

4. We know how important partners are to the growth of our business. We look forward to investing to increase the number of Black- and African American-owned partners in our US partner community by 20 percent over the next three years. A new $50M partner fund will help with access to capital providing loans to support these partners through their startup phase with the loans recovered over time as their business grows. We will provide $20M of financing to existing and new partners to support their cashflow needs. And, we will invest an additional $3M in training programs covering financial management, tech solutions, and go-to-market readiness.

Our Communities

No company can change the world by itself. But we believe that Microsoft can put the power of data, technology, and partnership to work to help improve the lives of Black and African American citizens across our country. That’s what we’re committed to doing, through a four-part effort.

1. We will strengthen and expand our existing justice reform initiative with a five-year, $50 million sustained effort. Since starting this work in 2017, we’ve come to appreciate the importance of this issue not only to the nation, but to the personal lives of our employees and their families. No one should have to live with the fear of being stopped by the police, harassed while shopping, or bullied in school because of the color of their skin. This conviction has led us to do increasing work advocating both in the Puget Sound and nationally, including in the communities where our employees live.We will build on this foundation by using data and digital technology toward increased transparency and accountability in our justice system. All this work will be backed by public policy advocacy that will increase access to data to identify racial disparities and improve policing. We’ll also use our technology and expertise to support evidenced-based and unbiased diversion programs that direct people into treatment alternatives instead of incarceration. We’ll also use data to promote racial equity in the decisions made by prosecutors, including decisions about who to charge with a crime, the nature of the charge, plea offers, and sentencing recommendations.

2. We will expand our skills work to help Black and African American students and adults develop the skills needed to succeed in the digital economy. Over the next five years, we will expand in 13 states and the District of Columbia the Microsoft TEALS industry volunteer program to bring computer science education to an additional 620 high schools primarily serving Black and African American students. We will also strengthen Microsoft’s support for Historically Black Colleges and Universities, including in computer and data science programs, campus initiatives and partnerships, and curriculum development. Finally, we’ll offer digital skills training to Black and African American adults seeking new jobs. As part of a global skilling initiative, we will provide $5 million in cash grants to community-based nonprofit organizations led by and serving communities of color, enabling them to better support digital skills programs.

3. We will help expand access to broadband and devices for communities of color and the key institutions that support them in major urban centers, by working with carriers, OEMs, our own hardware team, refurbishers, and nonprofits to enrich low-cost broadband access by providing affordable PCs and Microsoft software. We’ll work to ensure these services can be put to effective use to improve people’s lives, with a focus on telehealth services and educational offerings. Backed by public advocacy, we’ll start by focusing on six cities that currently confront the largest urban broadband gaps.

4. Finally, we will increase technology support for nonprofits that support and are led by people of color. We will help support the digital transformation that we know from experience can make nonprofits more effective. We’ll provide access to Azure and Dynamics credits and financial grants that will enable these organizations to add the IT staff needed to better deploy and maximize technology. We look forward to tapping into the knowledge and expertise of our own employees as we identify effective groups we can support more strongly.

Change begins by looking inward. We expect this change in ourselves. Employees expect this change from their leaders. Our customers and partners expect this change from Microsoft. And the world demands this change.

This is not a one-time event. It will require real work and focus. We will listen and learn. We will take feedback and we will adjust. But it starts with each of us making a commitment to do the work, to help drive change, and to act with intention.

Satya
https://blogs.microsoft.com/blog/2020/06/23/addressing-racial-injustice/

#microsoft #ms #software #os #windows #programming #job #technology #whitelivesmatter #USA #America #civil #rights #protest #activism #activist #riot #freedom #blacklivesmatter #news #racial #racism #black #white #photo

#Pinebook Pro – ein User-Bericht

Von der #Hardware her, wäre es am ehesten mit den bei Schülern und Studenten in USA sehr beliebten Chromebooks zu vergleichen. Jedoch bietet ein komplettes #Linux zusätzlich einen großen Mehrwert gegenüber dem dort verwendeten #ChromeOS.

#Google's billing #library is not compatible with #fdroid

New FreeBSD Code of Conduct... or This lawless #Devilette

N.B.!

(...) This code of conduct applies to all spaces managed by the FreeBSD project. This includes online chat, mailing lists, bug trackers, FreeBSD events such as the developer meetings and socials, and any other forums created by the project that the community uses for communication. It applies to all of your communication and conduct in these spaces, including emails, chats, things you say, slides, videos, posters, signs, or even t-shirts you display in these spaces. In addition, violations of this code outside these spaces may, in rare cases, affect a person's ability to participate within them, when the conduct amounts to an egregious violation of this code.

wttr_v2: MORE than excellent!

Just open the similar link in your browser:

https://v2.wttr.in/Jerusalem

Part 1. #wttr: MORE NEW options and presets!

A Wise White Man's Decision! :) Linux Mint developers: "Snap? Never!"

Part 1. Fedora will be happy without damned Flatpak!

Part 2. Snap: The simple anal-games of "Generation X/Y/X"

We also heard your queries on the topic of snapd. This is a topic which is important to us and we already explained our position last year:

[…] as you install APT updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT.

A self-installing Snap Store which overwrites part of our APT package base is a complete NO NO. It’s something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint.

A year later, in the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can’t audit them, hold them, modify them or even point snap to a different store. You’ve as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you.

First, I’m happy to confirm that Linux Mint 20, like previous Mint releases will not ship with any snaps or snapd installed. Second, to address this situation we’ll do exactly what we said we would:

- In Linux Mint 20, Chromium won’t be an empty package which installs snapd behind your back. It will be an empty package which tells you why it’s empty and tells you where to look to get Chromium yourself.

- In Linux Mint 20, APT will forbid snapd from getting installed.

You’ll still be able to install it yourself and we’ll document this in the release notes, but by default APT won’t allow repository packages from doing this on your behalf.

Citing software with style – Software Heritage

Graph / Node / Attribute Modellierungs-Tool?

Tits here!

It’s here! We’re proud to announce the release of Fedora 32. Thanks to the hard work of thousands of Fedora community members and contributors, we’re celebrating yet another on-time release.

If you just want to get to the bits without delay, head over to https://getfedora.org/ right now. For details, read on!

All of Fedora’s Flavors

Fedora Editions are targeted outputs geared toward specific “showcase” uses.

Fedora Workstation focuses on the desktop. In particular, it’s geared toward software developers who want a “just works” Linux operating system experience. This release features GNOME 3.36, which has plenty of great improvements as usual. My favorite is the new lock screen!

Fedora Server brings the latest in cutting-edge open source server software to systems administrators in an easy-to-deploy fashion. For edge computing use cases, Fedora IoT provides a strong foundation for IoT ecosystems.

Fedora CoreOS is an emerging Fedora Edition. It’s an automatically-updating, minimal operating system for running containerized workloads securely and at scale. It offers several update streams that can be followed for automatic updates that occur roughly every two weeks. Currently the next stream is based on Fedora 32, with the testing and stable streams to follow. You can find information about released artifacts that follow the next stream from the download page and information about how to use those artifacts in the Fedora CoreOS Documentation.

Of course, we produce more than just the editions. Fedora Spins and Labs target a variety of audiences and use cases, including the Fedora Astronomy Lab, which brings a complete open source toolchain to both amateur and professional astronomers, and desktop environments like KDE Plasma and Xfce. New in Fedora 32 is the Comp Neuro Lab, developed by our Neuroscience Special Interest Group to enable computational neuroscience.

And, don’t forget our alternate architectures: ARM AArch64, Power, and S390x. Of particular note, we have improved support for the Rockchip system-on-a-chip devices including the Rock960, RockPro64, and Rock64.

General improvements

No matter what variant of Fedora you use, you’re getting the latest the open source world has to offer. Following our “First” foundation, we’ve updated key programming language and system library packages, including GCC 10, Ruby 2.7, and Python 3.8. Of course, with Python 2 past end-of-life, we’ve removed most Python 2 packages from Fedora. A legacy python27 package is provided for developers and users who still need it. In Fedora Workstation, we’ve enabled the EarlyOOM service by default to improve the user experience in low-memory situations.

We’re excited for you to try out the new release! Go to https://getfedora.org/ and download it now. Or if you’re already running a Fedora operating system, follow the easy upgrade instructions. For more information on the new features in Fedora 32, see the release notes.

MORE TITS!