Language Selection

English French German Italian Portuguese Spanish

Security

Former Microsoft Security Analyst Claims Office 365 Knowingly Hosted Malware For Years

Filed under
Microsoft
Security

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too?

On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive.

Read more

Security Leftovers

Filed under
Security

Security Leftovers

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (squashfs-tools, tomcat9, and wordpress), Fedora (openssh), openSUSE (kernel, mbedtls, and rpm), Oracle (httpd, kernel, and kernel-container), SUSE (firefox, kernel, and rpm), and Ubuntu (linux-azure, linux-azure-5.4).

  • Apache Releases Security Advisory for Tomcat   | CISA

    The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

  • Security Risks of Client-Side Scanning

    Even before Apple made their announcement, law enforcement shifted their battle for back doors to client-side scanning. The idea is that they wouldn’t touch the cryptography, but instead eavesdrop on communications and systems before encryption or after decryption. It’s not a cryptographic back door, but it still a back door — and brings with it all the insecurities of a back door.

    I’m part of a group of cryptographers that has just published a paper discussing the security risks of such a system. (It’s substantially the same group that wrote a similar paper about key escrow in 1997, and other “exceptional access” proposals in 2015. We seem to have to do this every decade or so.) In our paper, we examine both the efficacy of such a system and its potential security failures, and conclude that it’s a really bad idea.

  • The Open Source Security Foundation receives $ 10 million in funding - itsfoss.net

    The Linux Foundation has announced a $ 10 million commitment to the OpenSSF (Open Source Security Foundation), an effort to improve the security of open source software. Funds raised through royalties from parent companies of OpenSSF, including Amazon, Cisco, Dell Technologies, Ericsson, Facebook, Fidelity, GitHub, Google, IBM, Intel, JPMorgan Chase, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, and VMware …

Security Leftovers

Filed under
Security
  • White House ransomware summit calls for virtual asset crackdown, without mentioning cryptocurrency [Ed: They need to crack down on Microsoft Windows, instead; they use their NSA back doors as a ruse to protect big banks. Microsoft has infiltrated think tanks about ransomware, so now instead of tackling the security breaches themselves (which can lead to sabotage or worse) they treat it like a financial transaction issue.]

    The 30-nation gabfest convened under the auspices of the US National Security Council’s Counter-Ransomware Initiative has ended with agreement that increased regulation of virtual assets is required to curb the digital coins' allure to criminals.

    A joint statement issued after the event's conclusion opens with anodyne observations about the need for good infosec, international collaboration, and the benefits of private sector engagement.

    The first mention of concrete action comes in a section of the statement entitled "Countering Illicit Finance" – and while the document never mentions cryptocurrencies, it's plain they're a target.

    "Taking action to disrupt the ransomware business model requires concerted efforts to address illicit finance risks posed by all value transfer systems, including virtual assets, the primary instrument criminals use for ransomware payments and subsequent money laundering."

  • Thingiverse suffers breach of 228,000 email addresses • The Register

    Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach – and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums.

    News of the breach came from Have I Been Pwned (HIBP), whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums.

    Hunt claimed on Twitter that in excess of two million addresses were in the breach. He qualified that by saying the majority were email addresses that appeared to be generated by Thingiverse itself, judging from their format: webdev+$username@makerbot[.]com.

    HIBP's maintainer also claimed that some of the data included poorly encrypted passwords: one he highlighted was an unsalted SHA-1 hash which resolved to the password "test123".

  • Thingiverse Data Leaked — Check Your Passwords | Hackaday

    Every week seems to bring another set of high-profile data leaks, and this time it’s the turn of a service that should be of concern to many in our community. A database backup from the popular 3D model sharing website Thingiverse has leaked online, containing 228,000 email addresses, full names, addresses, and passwords stored as unsalted SHA-1 or bcrypt hashes. If you have an account with Thingiverse it is probably worth your while to head over to Have I Been Pwned to search on your email address, and just to be sure you should also change your password on the site. Our informal testing suggests that not all accounts appear to be contained in the leak, which appears to relate to comments left on the site.

  • New PureBoot Feature: Scanning Root for Tampering – Purism

    With the latest PureBoot R19 pre-release we have added a number of new changes including improved GUI workflows and new security features and published a ROM image so the wider community can test it before it turns into the next stable release. To test it, existing PureBoot users can download the R19-pre1 .rom file that corresponds to their Librem computer and flash it like any other PureBoot release.

    In this post I want to highlight a new experimental security feature we added in this release that will extend the tamper detection PureBoot already does with the boot firmware and the /boot directory into the main root file system. This will allow you to detect attacks that modify system binaries (like /bin/bash) with backdoored versions. I also want to give some background on this feature and my thought process behind it so people understand where I’m coming from and why I made the design decisions I did.

Security FUD

Filed under
Security
  • New Python-based Ransomware Encrypts Virtual Machines Quickly [Ed: This make it sound like a Python issue, but it is a proprietary software issue completely irrelevant to the programming language]

    VMware ESXi datastores rarely have endpoint protection, the researchers noted, and they host virtual machines (VMs) that likely run critical services for the business, making them a very attractive target for hackers. In the threat landscape, it’s like winning the jackpot.

  • Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

    On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the “hackers” and anyone who aided the publication in its “attempt to embarrass the state and sell headlines for their news outlet.”

  • Missouri governor threatens criminal prosecution of reporter who found security flaw in state site

    Hancock reports, "The Post-Dispatch discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials. The Department removed the affected pages from its website Tuesday after being notified of the problem by the Post-Dispatch. Based on state pay records and other data, more than 100,000 Social Security numbers were vulnerable. The newspaper delayed publishing this report to give the Department time to take steps to protect teachers' private information, and to allow the state to ensure no other agencies' web applications contained similar vulnerabilities."

  • Missouri goes after man who looked at source code on state site

    A newspaper in St Louis, Missouri, which discovered that the social security numbers of school teachers, administrators and counsellors across the state were publicly exposed and informed the authorities, has been threatened with unspecified action by the state's governor.

  • Missouri Governor Is Extremely Confused About What Constitutes ‘Hacking’

    Reporter Josh Renaud was browsing a Department of Elementary and Secondary Education web application that lets users search for teachers’ certifications and credentials when he looked at the site’s HTML source code (something that usually requires zero hacking skills, only the use of a right-click). In the source code, he found sensitive data belonging to the state’s teachers, including Social Security numbers and other private information.

  • No it isn’t: Missouri governor says viewing HTML source code containing private data the state published on every page, is a crime

    Republican Gov. Mike Parson on Thursday condemned one of Missouri’s largest newspapers for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

  • Gov. Parson threatens legal action against reporter who exposed flaw on state education department’s website

    The reporter found hundreds of thousands of Missouri educators' social security numbers were accessible to the public in the HTML code for the Missouri Department of Elementary and Secondary Education's website.

    Parson said the Cole County prosecutor and the Missouri State Highway Patrol Digital Investigations Unit are now investigating the incident and it could cost taxpayers up to $50 million.

  • Missouri Governor Says HTML Source Code ‘Decoded’ by ‘Hacker’ Reporter

    Gov. Mike Parson of Missouri announced that an individual stole Social Security numbers after they “decoded the HTML source code.” However, a local media publication is disputing this claim and saying the individual was their own reporter who warned Parson’s administration about the security flaw and let them fix it before reporting about it. The word “SSNs” began trending on Twitter after Parson’s announcement, as people pointed out that if the Social Security numbers were in the source code, that meant they were easily viewable by just hitting F12.

Integrity and Security Issues

Filed under
Security
  • Windows error screen on display at UK A&E • The Register

    There may be no better place for Windows to seek comfort in desperate times than the UK's National Health Service (NHS) – and sure enough a good old fashioned blue screen of death has popped up an A&E waiting room.

    The borkage was spotted by a Register reader attending the Accident & Emergency department of a city hospital in the north of Britain.

    The screen would normally have info on COVID-19 rules, and display the wait times for the various ticket numbers (in order) dished out by the nurses who do triage when you enter A&E. Instead, it appears that Windows has simply given up the ghost.

  • Google's VirusTotal reports that 95% of ransomware spotted targets Windows [Ed: Even Microsoft Tim seems to grasp the concept that people should be fired or sued for deploying Microsoft Windows, more so when ransom strikes]

    Google's VirusTotal service showing that 95 per cent of ransomware malware identified by its systems targets Windows.

    VirusTotal, acquired by Google in 2012, operates a malware scanning service that can be used manually or via an API, to analyze suspicious files. The team collected data between January 2020 and August this year to investigate how ransomware is evolving. VirusTotal receives over two million suspicious files per day from 232 countries, it said, placing it in a strong position to analyse the problem.

  • Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

    CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities. The joint CSA provides extensive mitigations and resources to assist WWS Sector facilities in strengthening operational resilience and cybersecurity practices.

  • Far-right Missouri Governor threatens criminal charges against reporter for telling the state about a security vulnerability.

    Far-right lunatic Missouri Governor Mike Parson threatens criminal charges against reporters who found that the state’s IT department was so incompetent that over 100,000 state employee Social Security numbers were embedded in the HTML source code of the state’s website.

  • Implementing form filling and accessibility in the Firefox PDF viewer

    Last year, during lockdown, many discovered the importance of PDF forms when having to deal remotely with administrations and large organizations like banks. Firefox supported displaying PDF forms, but it didn’t support filling them: users had to print them, fill them by hand, and scan them back to digital form. We decided it was time to reinvest in the PDF viewer (PDF.js) and support filling PDF forms within Firefox to make our users’ lives easier.

    While we invested more time in the PDF viewer, we also went through the backlog of work and prioritized improving the accessibility of our PDF reader for users of assistive technologies. Below we’ll describe how we implemented the form support, improved accessibility, and made sure we had no regressions along the way.

Security Leftovers

Filed under
Security
  • Russia excluded from virtual White House meeting on ransomware

    The White House on Wednesday will convene a virtual meeting on countering ransomware with senior officials representing 30 countries and the European Union, Biden administration officials said, as part of President Biden’s effort to work with global partners to address cyber threats.

    Ministers and senior officials from a range of countries will take part in the virtual meeting, though the attendees do not include representatives from Russia, which has been a key focus of the Biden administration in trying to root out criminal ransomware groups.

  • How does HTTPS protect you (and how doesn't it?) - The Mozilla Blog

    It’s true that looking for the lock icon and HTTPS will help you prevent attackers from seeing any information you submit to a website. HTTPS also prevents your internet service provider (ISP) from seeing what pages you visit beyond the top level of a website. That means they can see that you regularly visit https://www.reddit.com, for example, but they won’t see that you spend most of your time at https://www.reddit.com/r/CatGifs/. But while HTTPS does guarantee that your communication is private and encrypted, it doesn’t guarantee that the site won’t try to scam you.

    Because here’s the thing: Any website can use HTTPS and encryption. This includes the good, trusted websites as well as the ones that are up to no good — the scammers, the phishers, the malware makers.

    You might be scratching your head right now, wondering how a nefarious website can use HTTPS. You’ll be forgiven if you wonder in all caps HOW CAN THIS BE?

    The answer is that the security of your connection to a website — which HTTPS provides — knows nothing about the information being relayed or the motivations of the entities relaying it. It’s a lot like having a phone. The phone company isn’t responsible for scammers calling you and trying to get your credit card. You have to be savvy about who you’re talking to. The job of HTTPS is to provide a secure line, not guarantee that you won’t be talking to crooks on it.

    That’s your job. Tough love, I know. But think about it. Scammers go to great lengths to trick you, and their motives largely boil down to one: to separate you from your money. This applies everywhere in life, online and offline. Your job is to not get scammed.

  • Security updates for Wednesday [LWN.net]

    Security updates have been issued by Debian (flatpak and ruby2.3), Fedora (flatpak, httpd, mediawiki, redis, and xstream), openSUSE (kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), Red Hat (.NET 5.0, 389-ds-base, httpd:2.4, kernel, kernel-rt, libxml2, openssl, and thunderbird), Scientific Linux (389-ds-base, kernel, libxml2, and openssl), SUSE (apache2-mod_auth_openidc, curl, glibc, kernel, libaom, libqt5-qtsvg, systemd, and webkit2gtk3), and Ubuntu (squashfs-tools).

  • Linux Foundation Raises $10M To Expand And Support Open Source Security Foundation
  • Open Source Security Foundation Raises $10 Million in New Commitments to Secure Software Supply Chains
  • Linux Foundation raises $10M to support open-source security project - SiliconANGLE

    The funding came from members of the foundation. The long lineup: Dell Technologies Inc., Telefonaktiebolaget LM Ericsson, Facebook Inc., Fidelity Investments Inc., GitHub Inc., Google LLC, International Business Machines Corp., Intel Inc., JPMorgan Chase & Co., Microsoft Corp., Morgan Stanley, Oracle Corp., Red Hat Inc., Snyk Inc., VMware Inc., Anchore Inc., Apiiro LLC, AuriStar Technologies Inc., Deepfence Inc., Devgistics, GitLab Inc., Nutanix Inc., Tidelift Inc. and Wind River Systems Inc.

  • The World’s Major Technology Providers and Converge to Improve the Security of Software Supply Chains

    Imagine you have created an open source project that has become incredibly popular. Thousands, if not millions, of developers worldwide, rely on the lines of code that you wrote. You have become an accidental hero of that community — people love your code, contribute to improving it, requesting new features, and encouraging others to use it. Life is amazing, but with great power and influence comes great responsibility.

    When code is buggy, people complain. When performance issues crop up in large scale implementations, it needs to be addressed. When security vulnerabilities are discovered — because no code or its dependencies are always perfect — they need to be remediated quickly to keep your community safe.

Security Leftovers

Filed under
Security
  • 10 Most Commonly Used FOSS Packages

    The Core Infrastructure Initiative Census Program II report released earlier this year identified the most commonly used FOSS components in production applications, with the goal of understanding potential vulnerabilities in these components and better securing the open source software supply chain.

  • Don’t penalise cybersecurity researchers!

    We wrote to the Indian Computer Emergency Response Team regarding a provision in their new Responsible Vulnerability Disclosure and Coordination Policy that penalises cybersecurity researchers for vulnerability disclosures. In our representation, we highlighted how such provisions would create an atmosphere in which researchers would be reluctant about reporting vulnerabilities and recommended that a robust disclosure mechanism be implemented that protects researchers from harm.

    [...]

    Such provisions contribute to a disclosure regime in which security researchers would be liable under the Information Technology Act, 2000 (‘IT Act’), and are penalised for disclosures of genuine security vulnerabilities. Section 43 of the Information Technology Act, 2000 penalizes anyone who gains unauthorized access to a computer resource without permission of the owner, and so fails to draw a distinction between malicious hackers and ethical security researchers. Thus, even when researchers have acted in good faith they may be charged under the IT Act. As we have mentioned earlier, companies have exploited this loophole in the said provision to press charges against cybersecurity researchers who expose data breaches in their companies. The Personal Data Protection Bill, 2019, currently being considered by a Joint Parliamentary Committee, also fails to protect security researchers and whistleblowers. All of this leads to situations in which researchers are reluctant to report vulnerabilities for fear of being sued.

    Clause 7 of the Policy is also in conflict with the Information Technology (The Indian Computer Emergency Response Team and Manner of Performing Functions and Duties) Rules, 2013 (‘2013 IT Rules’) which adapts a cooperative and collaborative approach. Rule 10 requires CERT-IN to interact with stakeholders including research organisations and security experts for preventing cyber security incidents. Under Rule 11(2), CERT-IN is obligated to collaborate with, among others, organisations and individuals engaged in preventing and protecting against cyber security attacks. Thus, by imposing complete and sole responsibility on cyber security researchers for actions undertaken during the discovery of a vulnerability, the policy is in conflict with the collaborative spirit of the 2013 IT Rules and so is a genuine impediment to effective collaboration.

  • Airline Passenger Mistakes Vintage Camera for a Bomb

    Back in 2007, I called this the “war on the unexpected.” It’s why “see something, say something” doesn’t work. If you put amateurs in the front lines of security, don’t be surprised when you get amateur security. I have lots of examples.

  • How to create an effective security policy: 6 tips

    Are your security policies boring? OK, that’s not entirely fair. Security policies are boring, especially to people outside of IT – in the way that children find their parents’ or teachers’ rules “boring.” There’s a limit to how interesting one can make “best practices for creating strong passwords” sound to the masses.

    The point of such policies is to educate people on organizational rules and the habits of good security hygiene. This is the administrative layer of security controls: all of the rules, standards, guidelines, and training an organization puts in place as part of its overall security program. It’s the human-focused component that rounds out the other two general categories of security controls, according to Terumi Laskowsky, an IT security consultant and cybersecurity instructor at DevelopIntelligence. The other two categories are technical/logical controls (your hardware and software tools) and physical controls (things like building or site access).

    Laskowsky notes that people tend to question the value of administrative controls. That’s partly because it can be difficult to measure or “see” their effectiveness, especially relative to technical or physical controls. But Laskowsky and other security experts generally agree that they are necessary. Security is not a steady-state affair – while our security tooling and processes are becoming more automated, a strong posture still requires human awareness, intelligence, and adaptability.

    “Raising our security awareness through administrative controls allows us to start seeing the patterns of unsafe behavior,” Laskowsky says. “We can then generalize and respond to new threats faster than security companies can come up with software to handle them.”

Proprietary Software Leftovers

Filed under
Security
Misc
  • Patch Tuesday, October 2021 Edition

    Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.

  • Office 365 Spy Campaign Targets US Military Defense

    A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers.

  • Govt to force businesses with $10m annual turnover to report ransomware attacks [iophk: Windows TCO]

    In a statement on Wednesday, Andrews said the reporting regime was part of a plan — called the Ransomware Action Plan — to protect Australians against ransomware.

    The government will also introduce new criminal offences and tougher penalties as part of the plan. However, there is no date given for the Plan to take effect.

  • Nokia says PTC, Linux Foundation, Smart Mobile Labs and Taqtile start running on MX Industrial Edge - Telecompaper

    Nokia has announced the expansion of the Industry 4.0 digitisation enabler application ecosystem running on its newly launched MX Industrial Edge (MXIE), to include PTC's Kepware, the Linux Foundation's Fledge, the Smart Mobile Labs Edge Video Orchestrator, and Taqtile's Manifest platform.

Security Patches

Filed under
Security
  • Security updates for Tuesday [LWN.net]

    Security updates have been issued by Debian (firefox-esr, hiredis, and icu), Fedora (kernel), Mageia (libreoffice), openSUSE (chromium, firefox, git, go1.16, kernel, mbedtls, mupdf, and nodejs8), Oracle (firefox and kernel), Red Hat (firefox, grafana, kernel, kpatch-patch, and rh-mysql80-mysql), and SUSE (apache2, containerd, docker, runc, curl, firefox, kernel, libqt5-qtsvg, and squid).

  • Google Releases Security Updates for Chrome | CISA

    Google has updated the Stable channel to 94.0.4606.81 for Windows, Mac and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

    CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

  • Microsoft Releases October 2021 Security Updates

    Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

  • Apple Releases Security Update to Address CVE-2021-30883

    Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild.

Syndicate content

More in Tux Machines

Today in Techrights

CuteFish – An Elegant, Beautiful and Easy-to-Use Linux Desktop

CutefishOS is a new free and open-source desktop environment for Linux operating systems with a focus on simplicity, beauty, and practicality. Its goal is to create a better computing experience for Linux users. Cutefish OS is among the newest kids on the block of desktop environments. And since it has been born at such a time when the KDE aesthetic leads in the UI/UX stand for Linux users, it features a design that is strikingly similar. Given its goal of making a better desktop experience, the team uses KDE Frameworks, KDE Plasma 5, and Qt. My guess is that Qt is the source of its “cute” name. They seem to have collaborated heavily with JingOS, a beautiful Linux OS targeted at Tablets. Read more

Former Microsoft Security Analyst Claims Office 365 Knowingly Hosted Malware For Years

Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the problem too? On Friday, cybersecurity researcher TheAnalyst explained on Twitter how BazarLoader malware leads to ransomware that can severely affect healthcare, among other industries. He then called out Microsoft, asking if the company has “any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this,” alongside an image of what appears to be malicious files being hosted in OneDrive. Read more

today's leftovers

  • pam-krb5 4.11

    The primary change in this release of my Kerberos PAM module is support for calling pam_end with PAM_DATA_SILENT. I had not known that the intent of this flag was to signal that only process resources were being cleaned up and external resources should not be (in part because an older version of the man page doesn't make this clear).

  • QB64 Hits Version 2.0, Gets Enhanced Debugging | Hackaday

    Despite the name, BASIC isn’t exactly a language recommended for beginners these days. Technology has moved on, and now most people would steer you towards Python if you wanted to get your feet wet with software development. But for those who got their first taste of programming by copying lines of BASIC out of a computer magazine, the language still holds a certain nostalgic appeal.

  • All Things Open: Diversity Event Today - Big Top Goes Up Monday! - FOSS Force

    By now things are going full tilt boogie in downtown Raleigh, as the All Things Open conference is well into its “pre” day. Keeping with the trend set by other conferences, All Things Open opens a day ahead of time, partially to stage free event’s that aren’t officially a part of the main show, but which offer attendees from out-of-town a reason to fly in a day early to settle in. This is good for the travelling attendees, because they don’t spend the first day suffering for jet lag or other forms of travel fatigue, and good for the event, because it means that more people are in place to fill seats and attend presentations, beginning with the opening keynote. [...] At ATO, the registration desks are open on Sunday from noon until 5:30 Eastern Time, and the pre-conference is a free Inclusion and Diversity Event that started at noon and will run until 5pm, emceed by Rikki Endsley, formally with Red Hat and now a community marketing manager at Amazon Web Services.

  • [Older] Arduino Nano Pros and Cons: Is the Cheapest Arduino Worth It?

    While there is quite an array of Arduino boards to choose from, the Nano is a versatile board suitable for almost all DIY electronic projects. These tiny micro controllers make compact DIY hardware development available to more people than ever before. In the past we have covered reasons you may not want to choose a genuine Arduino for your projects, but today lets take a look at the positives and negatives of the Arduino Nano.

  • Pnevmo-Capsula: Domiki rolls onto Windows, Mac and Linux

    Usually the term "on rails" refers to a highly linear experience over which the player has little control. But sometimes it's meant far more literally than that, as is the case in Pomeshkin Valentin Igorevich's recently released steampunk adventure, Pnevmo-Capsula: Domiki.

  • How to install Thinkorswim Desktop on a Chromebook in 2021

    Today we are looking at how to install Thinkorswim Desktop on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.