Feed aggregator

Recently, I had a learning experience with cron jobs and acme.sh. acme.sh is an excellent tool that simplifies the management of Let's Encrypt TLS (SSL) certificates. It makes obtaining and renewing these essential security certificates for your web server easier. Recently, I moved my server from Linode to AWS, which was a new environment for me. Initially, everything appeared to be working correctly, and I assumed everything was running smoothly. However, I forgot to migrate the cron job that acme.sh uses to renew the certificate automatically. This oversight caused my Let's Encrypt certificates to expire, resulting in security warnings and potential disruptions for visitors to my website. Opps! Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to add cron job entry for acme.sh appeared first on nixCraft. 2024-05-03T06:43:12Z 2024-05-03T06:43:12Z Vivek Gite

{nixCraft Patreon supporters content}Below is a sneak peek of this content! Ubuntu 24.04 LTS (Noble Numbat) was launched on April 25th, 2024. This new version will be supported for five years until June 2029. The armhf architecture now provides support for the Year 2038 problem. The upgrades include significant updates to core packages like Linux kernel, systemd, Netplan, […]The post How to Upgrade Ubuntu 22.04 to 24.04 LTS: A Complete Guide appeared first on Opensource Flare✨. 2024-04-26T18:25:08Z 2024-04-26T18:25:08Z Vivek Gite

Ubuntu 24.04 LTS (Noble Numbat) was launched on April 25th, 2024. This new version will be supported for five years until June 2029. The armhf architecture now provides support for the Year 2038 problem. The upgrades include significant updates to core packages like Linux kernel, systemd, Netplan, toolchain upgrades for better development support, enhanced security measures, and performance optimizations. It also has an updated GNOME desktop environment and other default applications. Let us see how to upgrade Ubuntu 22.04 LTS to Ubuntu 24.04 LTS using the CLI over ssh-based session. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to Upgrade Ubuntu 22.04 to 24.04 LTS: A Complete Guide appeared first on nixCraft. 2024-04-26T08:33:21Z 2024-04-26T08:33:21Z Vivek Gite

AWS SES (Amazon Simple Email Service) is a cloud-based email-sending service that is both reliable and cost-effective. This service is offered by Amazon Web Services. Postfix is a popular email server for Debian and Unix-like systems. It is an open-source Mail Transfer Agent (MTA) responsible for routing and delivering emails. Debian Linux is a widely used Linux distribution known for its stability and user-friendliness for server usage. Let us see how to integrate AWS SES with the Postfix MTA on Debian Linux version 11/12. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How to configure AWS SES with Postfix MTA on Debian Linux appeared first on nixCraft. 2024-04-19T07:04:06Z 2024-04-19T07:04:06Z Vivek Gite

When you run the sudo apt update, you may see the following message or error on a Debian Linux: Err:5 http://deb.debian.org/debian buster-backports Release 404 Not Found [IP: 146.75.34.132 80] Reading package lists... Done E: The repository 'http://deb.debian.org/debian buster-backports Release' no longer has a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Here is how to fix this issue. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post The repository ‘http://deb.debian.org/debian buster-backports Release’ no longer has a Release file. appeared first on nixCraft. 2024-04-14T20:42:01Z 2024-04-14T20:42:01Z Vivek Gite

You can find the timezone in Linux using the command line. The easiest way to do this is to type the "timedatectl" command and look for the "timezone" line when using modern Linux distros with systemd. There are other commands and ways to temporarily switch to a new timezone for date calculations. Love this? sudo share_on: Twitter - Facebook - LinkedIn - Whatsapp - Reddit The post How do I find out my timezone in Linux? appeared first on nixCraft. 2024-04-06T01:06:44Z 2024-04-06T01:06:44Z Vivek Gite

Can being "very online" really affect our brains, asks the Washington Post: Research suggests that scrolling through short videos on TikTok, Instagram or YouTube Shorts is affecting our attention, memory and mental health. A recent meta-analysis of the scientific literature found that increased use of short-form video was linked with poorer cognition and increased anxiety... In a 2025 study published in the journal Translational Psychiatry, researchers looked at longitudinal data from more than 7,000 children across the country and found that more screen use was associated with reduced cortical thickness in certain areas of the brain. The cortex, which is the outer layer that sits on top of our more primitive brain structures, allows for higher-level thinking, memory and decision-making. "We really need it for things like inhibitory control or not being so impulsive," said Mitch Prinstein, a senior science adviser to the American Psychological Association and professor of psychology and neuroscience at the University of North Carolina at Chapel Hill, who was not involved in the study. The cortex is also important for controlling addictive behaviors. "Those seem to be the areas being affected by the reduced cortical thickness," he said, explaining that impulsivity can prompt us to seek dopamine hits from social media. In the study, more screen time was also associated with more attention-deficit/hyperactivity disorder (ADHD) symptoms... But not all screen time is created equal. A recent study removed social media from kids' devices but let them use their phones for as long as they wanted. The result? Kids spent just as long on their phones but didn't have the same harmful effects. "It's what you're doing on the screen that matters," Prinstein said.

Read more of this story at Slashdot.

WSL is good, but it's still not enough for me to go back to Windows  How-To Geek

This week the Python Software Foundation explained how they keep Python secure. A new blog post recognizes the volunteers and paid Python Software Foundation staff on the Python Security Response Team (PSRT), who "triage and coordinate vulnerability reports and remediations keeping all Python users safe." Just last year the PSRT published 16 vulnerability advisories for CPython and pip, the most in a single year to date! And the PSRT usually can't do this work alone, PSRT coordinators are encouraged to involve maintainers and experts on the projects and submodules. By involving the experts directly in the remediation process ensures fixes adhere to existing API conventions and threat-models, are maintainable long-term, and have minimal impact on existing use-cases. Sometimes the PSRT even coordinates with other open source projects to avoid catching the Python ecosystem off-guard by publishing a vulnerability advisory that affects multiple other projects. The most recent example of this is PyPI's ZIP archive differential attack mitigation. This work deserves recognition and celebration just like contributions to source code and documentation. [Security Developer-in-Residence Seth Larson and PSF Infrastructure Engineer Jacob Coffee] are developing further improvements to workflows involving "GitHub Security Advisories" to record the reporter, coordinator, and remediation developers and reviewers to CVE and OSV records to properly thank everyone involved in the otherwise private contribution to open source projects.

Read more of this story at Slashdot.

3 reasons I still can’t switch to Linux: Where Windows still wins  How-To Geek

An anonymous reader quotes a report from the Guardian: You wear them at work, you wear them at play, you wear them to relax. You may even get sweaty in them at the gym. But an investigation into headphones has found every single pair tested contained substances hazardous to human health, including chemicals that can cause cancer, neurodevelopmental problems and the feminization of males. [...] Researchers say that while individual doses from particular sources may be low, a "cocktail effect" of daily, multi-source exposure nevertheless poses potentially severe long-term risks to health. [...] Researchers bought 81 pairs of in-ear and over-ear headphones, either on the market in the Czech Republic, Slovakia, Hungary, Slovenia and Austria, or from the online marketplaces Shein and Temu, and took them for laboratory analysis, testing for a range of harmful chemicals. "Hazardous substances were detected in every product tested," they said. Bisphenol A (BPA) appeared in 98% of samples, and its substitute, bisphenol S (BPS), was found in more than three-quarters. Synthetic chemicals used to stiffen plastic, BPA and BPS mimic the action of oestrogen inside organisms, causing a range of adverse effects including the feminization of males, early onset puberty in girls, and cancer. Previous studies have shown that bisphenols can migrate from synthetic materials into sweat, and that they can be absorbed through the skin. "Given the prolonged skin contact associated with headphone use, dermal exposure represents a relevant pathway, and it is reasonable to assume that similar migration of BPA and its substitutes may occur from headphone components directly to the user's skin," the researchers said. Also found in the headphones tested were phthalates, potent reproductive toxins that can impair fertility; chlorinated paraffins, which have been linked to liver and kidney damage; and brominated and organophosphate flame retardants, which have similar endocrine disrupting properties to bisphenols. Most were, however, found in only trace quantities.

Read more of this story at Slashdot.

eCryptfs Sees Renewed Patch Activity With Linux 7.0  Phoronix

Linux 7.0 Lands More AMDGPU Fixes For Old Radeon Hardware  Phoronix

Ceph In Linux 7.0 Lands Support For AES256K Keys  Phoronix

OpenAI is reportedly developing its first consumer hardware product: a $200-$300 smart speaker with a built-in camera capable of recognizing "items on a nearby table or conversations people are having in the vicinity." It's also said to feature Face ID-style authentication for purchases. The Verge reports: In addition to the smart speaker, OpenAI is "possibly" working on smart glasses and a smart lamp, The Information reports. (Apple may also be working on a smart lamp.) But OpenAI's glasses might not hit mass production until 2028, and while OpenAI has made prototypes of gadgets like the smart lamp, The Information says it's "unclear" if they'll be released and that OpenAI's devices plans are in early stages.

Read more of this story at Slashdot.

Intel works on making gaming on Linux better as it scouts for new talent  XDA

Researchers at the Thomas Jefferson National Accelerator Facility are advancing Accelerator-Driven Systems (ADS) that use high-energy proton beams to transmute long-lived nuclear waste into shorter-lived isotopes. "The process also generates significant heat, which can be harnessed to produce additional electricity for the grid," reports Interesting Engineering. The projects are supported by $8.17 million in grants from the Department of Energy's NEWTON (Nuclear Energy Waste Transmutation Optimized Now) program. From the report: The researchers are developing ADS technology. This system uses a particle accelerator to fire high-energy protons at a target (such as liquid mercury), triggering a process called "spallation." This releases a flood of neutrons that interact with unwanted, long-lived isotopes in nuclear waste. The technology can effectively "burn" the most hazardous components of the waste by transmuting these elements. While unprocessed fuel remains dangerous for approximately 100,000 years, partitioning and recycling via ADS can reduce that window to just 300 years. [...] To make ADS economically viability, Jefferson Lab is tackling two primary technical hurdles: efficiency and power. Traditional particle accelerators require massive, expensive cryogenic cooling systems to reach superconducting temperatures. Jefferson Lab is pioneering a more cost-effective approach by coating the interior of pure niobium cavities with tin. These niobium-tin cavities can operate at higher temperatures, allowing for the use of standard commercial cooling units rather than custom, large-scale cryogenic plants. The team is also developing spoke cavities, which is a complex design intended to drive even higher efficiency in neutron spallation. The second project focuses on the power source behind the beam. Researchers are adapting the magnetron -- the same component that powers microwave ovens -- to provide the 10 megawatts of power required for ADS. The primary challenge is that the energy frequency must match the accelerator cavity precisely at 805 Megahertz. In collaboration with Stellant Systems, researchers are prototyping advanced magnetrons that can be combined to reach the necessary high-power thresholds with maximum efficiency. The NEWTON program aims to enable the recycling of the entire US commercial nuclear fuel stockpile within the next 30 years.

Read more of this story at Slashdot.

An anonymous reader quotes a report from NPR: NASA could launch four astronauts on a mission to fly around the moon as soon as March 6th. That's the launch date (PDF) that the space agency is now working towards following a successful test fueling of its big, 322-foot-tall moon rocket, which is standing on a launch pad at the Kennedy Space Center in Florida. "This is really getting real," says Lori Glaze, acting associate administrator of NASA's exploration systems development mission directorate. "It's time to get serious and start getting excited." But she cautioned that there's still some pending work that remains to be done out at the launch pad, and officials will have to conduct a multi-day flight readiness review late next week to make sure that every aspect of the mission is truly ready to go. "We need to successfully navigate all of those, but assuming that happens, it puts us in a very good position to target March 6th," she says, noting that the flight readiness review will be "extensive and detailed." [...] When NASA workers first tested out fueling the rocket earlier this month, they encountered problems like a liquid hydrogen leak. Swapping out some seals and other work seems to have fixed these issues, according to officials who say that the latest countdown dress rehearsal went smoothly, despite glitches such as a loss of ground communications in the Launch Control Center that forced workers to temporarily use backups.

Read more of this story at Slashdot.

Backlash intensified against Discord's age verification rollout after it briefly disclosed a UK age-verification test involving vendor Persona, contradicting earlier claims about minimal ID storage and transparency. Ars Technica explains: One of the major complaints was that Discord planned to collect more government IDs as part of its global age verification process. It shocked many that Discord would be so bold so soon after a third-party breach of a former age check partner's services recently exposed 70,000 Discord users' government IDs. Attempting to reassure users, Discord claimed that most users wouldn't have to show ID, instead relying on video selfies using AI to estimate ages, which raised separate privacy concerns. In the future, perhaps behavioral signals would override the need for age checks for most users, Discord suggested, seemingly downplaying the risk that sensitive data would be improperly stored. Discord didn't hide that it planned to continue requesting IDs for any user appealing an incorrect age assessment, and users weren't happy, since that is exactly how the prior breach happened. Responding to critics, Discord claimed that the majority of ID data was promptly deleted. Specifically, Savannah Badalich, Discord's global head of product policy, told The Verge that IDs shared during appeals "are deleted quickly -- in most cases, immediately after age confirmation." It's unsurprising then that backlash exploded after Discord posted, and then weirdly deleted, a disclaimer on an FAQ about Discord's age assurance policies that contradicted Discord's hyped short timeline for storing IDs. An archived version of the page shows the note shared this warning: "Important: If you're located in the UK, you may be part of an experiment where your information will be processed by an age-assurance vendor, Persona. The information you submit will be temporarily stored for up to 7 days, then deleted. For ID document verification, all details are blurred except your photo and date of birth, so only what's truly needed for age verification is used." Critics felt that Discord was obscuring not just how long IDs may be stored, but also the entities collecting information. Discord did not provide details on what the experiment was testing or how many users were affected, and Persona was not listed as a partner on its platform. Asked for comment, Discord told Ars that only a small number of users was included in the experiment, which ran for less than one month. That test has since concluded, Discord confirmed, and Persona is no longer an active vendor partnering with Discord. Moving forward, Discord promised to "keep our users informed as vendors are added or updated." While Discord seeks to distance itself from Persona, Rick Song, Persona's CEO [...] told Ars that all the data of verified individuals involved in Discord's test has been deleted. Ars also notes that hackers "quickly exposed a 'workaround' to avoid Persona's age checks on Discord" and "found a Persona frontend exposed to the open internet on a U.S. government authorized server." The Rage, an independent publication that covers financial surveillance, reported: "In 2,456 publicly accessible files, the code revealed the extensive surveillance Persona software performs on its users, bundled in an interface that pairs facial recognition with financial reporting -- and a parallel implementation that appears designed to serve federal agencies." While Persona does not have any government contracts, the exposed service "appears to be powered by an OpenAI chatbot," The Rage noted. Hackers warned "that OpenAI may have created an internal database for Persona identity checks that spans all OpenAI users via its internal watchlistdb," seemingly exploiting the "opportunity to go from comparing users against a single federal watchlist, to creating the watchlist of all users themselves."

Read more of this story at Slashdot.

Users say Pinterest has become flooded with AI-generated images and heavy-handed automated moderation, with artists reporting wrongful takedowns and their hand-drawn work mislabeled as "AI modified." As the company doubles down on AI features and layoffs, longtime users argue the platform's creative ecosystem is being undermined. 404 Media reports: "I feel like, increasingly, it's impossible to talk to a single human [at Pinterest]," artist and Pinterest user Tiana Oreglia told 404 Media. "Along with being filled with AI images that have been completely ruining the platform, Pinterest has implemented terrible AI moderation that the community is up in arms about. It's banning people randomly and I keep getting takedown notices for pins." [...] r/Pinterest is awash in users complaining about AI-related issues on the site. "Pinterest keeps automatically adding the 'AI modified' tag to my Pins... every time I appeal, Pinterest reviews it and removes the AI label. But then... the same thing happens again on new Pins and new artwork. So I'm stuck in this endless loop of appealing, label removed, new Pin gets tagged again," read a post on r/Pinterest. The redditor told 404 Media that this has happened three times so far and it takes between 24 to 48 hours to sort out. "I actively promote my work as 100% hand-drawn and 'no AI,'" they said. "On Etsy, I clearly position my brand around original illustration. So when a Pinterest Pin is labeled 'Hand Drawn' but simultaneously marked as 'AI modified,' it creates confusion and undermines that positioning." Artist Min Zakuga told 404 Media that they've seen a lot of their art on Pinterest get labeled as "AI modified" despite being older than image generation tech. "There is no way to take their auto-labeling off, other than going through a horribly long process where you have to prove it was not AI, which still may get rejected," she said. "Even artwork from 10-13 years ago will still be labeled by Pinterest as AI, with them knowing full well something from 10 years ago could not possibly be AI." Other users are tired of seeing a constant flood of AI-generated art in their feeds. "I can't even scroll through 100 pins without 95 out of them being some AI slop or theft, let alone very talented artists tend to be sucked down and are being unrecognized by the sheer amount of it," said another post. "I don't want to triple check my sources every single time I look at a pin, but I refuse to use any of that soulless garbage. However, Pinterest has been infested. Made obsolete."

Read more of this story at Slashdot.