News

LN Webworks: How To Protect Your Website With Drupal 10 From Cyber Threats

by
LN Webworks: How To Protect Your Website With Drupal 10 From Cyber Threats

In 2024, safeguarding your website against a multitude of online threats has become more crucial than ever. With cyberattacks posing significant risks that can potentially cripple your business, ensuring the security and safety of your digital presence is paramount. 

Enter Drupal 10, a robust CMS equipped with advanced features designed to protect your website from these looming dangers. This comprehensive guide will dive into the talk about the prominent thread out there for your website and the key steps you need to take to protect your website. 

Knowing Potential Threats that Can Harm Your Drupal 10 Website:

Before forging your Drupal 10 security shields, understanding the enemies you face is important. Here’s a deeper dive into the most common threats, their tactics, and their potential impact:

Evaluating LLM models at scale

by

(To read the complete Mozilla.ai learnings on LLM evaluation, please visit the Mozilla.ai blog) Large language models (LLMs) have rapidly advanced, but determining their real-world performance remains a complex challenge in AI. Mozilla.ai participated in NeurIPS 2023, one of the most prominent machine learning conferences, by co-sponsoring a challenge designed to address evaluating models by […]

The post Evaluating LLM models at scale appeared first on The Mozilla Blog.

www @ Savannah: Malware in Proprietary Software – Latest Additions

by

The initial injustice of proprietary software often leads to further injustices: malicious functionalities.

The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.

We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.

Here are our latest additions

February 2024

Proprietary Surveillance

  • Surveillance cameras put in by government A to surveil for it may be surveilling for government B as well. That’s because A put in a product made by B with nonfree software.

(Please note that this article misuses the word “hack” to mean “break security.”)

January 2024

Malware in Cars

A good privacy law would prohibit cars recording this data about the users’ activities. But not just this data—lots of other data too.

DRM in Trains

  • Newag, a Polish railway manufacturer, puts DRM inside trains to prevent third-party repairs.
    • The train’s software contains code to detect if the GPS coordinates are near some third party repairers, or the train has not been running for some time. If yes, the train will be “locked up” (i.e. bricked). It was also possible to unlock it by pressing a secret combination of buttons in the cockpit, but this ability was removed by a manufacturer’s software update.
    • The train will also lock up after a certain date, which is hardcoded in the software.
    • The company pushes a software update that detects if the DRM code has been bypassed, i.e. the lock should have been engaged but the train is still operational. If yes, the controller cabin screen will display a scary message warning about “copyright violation.”


Proprietary Insecurity in LogoFAIL

  • x86 and ARM based computers shipped with UEFI are potentially vulnerable to a design omission called LogoFAIL. A cracker can replace the BIOS logo with a fake one that contains malicious code. Users can’t fix this omission because it is in the nonfree UEFI firmware that users can’t replace.


4K UHD Blu-ray Disks, Super Duper Malware

  • The UHD (Ultra High Definition, also known as 4K) Blu-ray standard involves several types of restrictions, both at the hardware and the software levels, which make “legitimate” playback of UHD Blu-ray media impossible on a PC with free/libre software.
    • DRM – UHD Blu-ray disks are encrypted with AACS, one of the worst kinds of DRM. Playing them on a PC requires software and hardware that meet stringent proprietary specifications, which developers can only obtain after signing an agreement that explicitly forbids them from disclosing any source code.
    • Sabotage – UHD Blu-ray disks are loaded with malware of the worst kinds. Not only does playback of these disks on a PC require proprietary software and hardware that enforce AACS, a very nasty DRM, but developers of software players are forbidden from disclosing any source code. The user could also lose the ability to play AACS-restricted disks anytime by attempting to play a new Blu-ray disk.
    • Tethering – UHD Blu-ray disks are encrypted with keys that must be retrieved from a remote server. This makes repeated updates and internet connections a requirement if the user purchases several UHD Blu-ray disks over time.
    • Insecurity – Playing UHD Blu-ray disks on a PC requires Intel SGX (Software Guard Extensions), which not only has numerous security vulnerabilities, but also was deprecated and removed from mainstream Intel CPUs in 2022.
    • Back Doors – Playing UHD Blu-ray disks on a PC requires the Intel Management Engine, which has back doors and cannot be disabled. Every Blu-ray drive also has a back door in its firmware, which allows the AACS-enforcing organization to “revoke” the ability to play any AACS-restricted disk.


Proprietary Interference

This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don’t count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!

Cycles come and go

by

TWIF generated on Thursday, 07 Mar 2024, Week 10

Community News

@Licaon_Kter updates over the years:

LISTEN.moe, Listen to j-pop and anime music radio 24/7 ad-free, was updated to 6.0.2 after a year and a half hiatus. F-Droid’s main repository has more than 4300 apps (or about 3200 if you are on Android 14), so contributors attend to the well being of apps that are visibly failing to update or build. Autoupdated apps, like this one, can stop updating if developers change repo structure or the way they tag. Luckily fans of the app, and of FOSS, pinged us and we managed to fix it, update it and assure that future updates are picked up. Thank you fans!

F-Droid website

Last week’s TWIF we reached out for help regarding the locale mix-up. While it’s still not fixed site wide, we at least fixed the “Search” field from glitching, which was the biggest pain point.

Newly Added Apps

7 apps were newly added
  • Alexandria – Download and convert e-books
  • Brume Wallet – The private Ethereum wallet
  • IREX Mobile App – IREX mobile application (only VPN functionality for now)
  • QUIK SMS – Replacement to the stock SMS app on Android, a revival of QKSMS
  • Roboyard – Problem-solving game – find the optimal moves to move one robot to its target
  • Sekreto – A tool for encryption and steganography (only in Esperanto and Russian)
  • Traditional T9 – A T9 Input Method Editor with a hardware keypad

Updated Apps

103 more apps were updated

Thank you for reading this week’s TWIF 🙂

Please subscribe to the RSS feed in your favourite RSS application to be updated of new TWIFs when they come up.

You are welcome to join the TWIF forum thread. If you have any news from the community, post it there, maybe it will be featured next week 😉

A peculiarity of the X Window System: windows all the way down

by
Every window system has windows, as an entity. Usually we think of these as being used for, well, windows and window like things; application windows, those extremely annoying pop-up modal dialogs that are always interrupting you at the wrong time, even perhaps things like pop-up menus. In its original state, X has more windows than that. Part of how and why it does this is that X allows windows to nest inside each other, in a window tree, which you can still see today with ‘xwininfo -root -tree‘. One of the reasons that X has copious nested windows is that X was designed with a particular model of writing X programs in mind, and that model made everything into a (nested) window. Seriously, everything. In an old fashioned X application, windows are everywhere. Buttons are windows (or several windows if they’re radio buttons or the like), text areas are windows, menu entries are each a window of their own within the window that is the menu, visible containers of things are windows (with more windows nested inside them), and so on. ↫ Chris Siebenmann This is wild.

സർക്കാരിന്റെ ഉടമസ്ഥതയിലുള്ള ഒ.ടി.ടി പ്ലാറ്റ് ഫോം, സി സ്‌പേസ് പ്രവർത്തനം ആരംഭിച്ചു

by
സർക്കാരിന്റെ ഉടമസ്ഥതയിലുള്ള ഒ.ടി.ടി പ്ലാറ്റ് ഫോം, സി സ്‌പേസ് പ്രവർത്തനം ആരംഭിച്ചു

Exposição, constituição gigante: veja os bastidores da cerimônia que marca um ano do 8 de janeiro

by
Exposição, constituição gigante: veja os bastidores da cerimônia que marca um ano dos atos de 8 de janeiro. O repórter do Terra em Brasília, Guilherme Mazieiro, mostrou alguns dos itens que fazem parte da mostra sobre o ataque às sedes dos Três Poderes. Peças danificadas, algumas delas restauradas, estão entre os itens da exposição “Após 8 de janeiro: Reconstrução, memória e democracia”. A mostra reúne imagens da atuação do STF após os atos de vandalismo e depredação e marcas do ataque à sede do Supremo. #terranoticias

Acompanhe as principais notícias do Brasil e do mundo no Terra ▸ https://www.terra.com.br
————-
Siga o Terra nas redes sociais
Facebook▸ https://www.facebook.com/terrabrasil
Instagram ▸ http://instagram.com/terrabrasil
Twitter ▸ https://twitter.com/terra
TikTok ▸ https://www.tiktok.com/@terrabrasil
Pinterest ▸ https://br.pinterest.com/terrabrasil