Short Topix: New Crypto Mining Worm Targets, Attacks Windows, Linux

According to a blog entry from The Document Foundation, the council of the German city of Dortmund has announced that it's moving to free and open source software, where possible. What follows is a translation of the original German blog post.

The Dortmund Council has declared digitalisation to be a political leadership task in its Memorandum 2020 to 2025. In the course of this, two central resolutions for free software were passed on February 11, 2021, for which the minutes were published on March 30:

• "Use of open source software where possible."


• "Software developed by the administration or commissioned for development is made available to the general public."

Open source wherever possible

With this resolution, city policy takes on the shaping of municipal digital sovereignty and digital participation. The resolution means a reversal of the burden of proof in favor of open source software -- and at the expense of proprietary software. In the future, the administration will have to justify why open source software cannot be used for every proprietary software application. Based on the report of the Dortmund city administration on the investigation of the potentials of free software and open standards, open source software is understood in the sense of free software.

Public Money? Public Code!

So, the Council's decision is in line with the concerns of the campaign Public Money, Public Code. What is financed with public money should be available to the general public for use. For software, this is achieved by means of a corresponding free license. With this resolution, local politicians ensure that the city of Dortmund not only draws from the free software community, but also contributes to it. In this way, inter-communal synergies can be achieved true to the motto develop together, use individually.

Support for open standards

Through the Digital Dortmund Charter 2018-2030, among other things, Open Standards were established as a requirement for further digitalisation.

Politically unanimous in favor of Free Software

The resolution for free software is supported by a broad political base. The motion was passed unanimously by the City Council of Dortmund. The digitalisation motion was jointly introduced by the following parliamentary groups: CDU, SPD, Die Grünen (Greens) and Die Linke (The Left).

Conclusion

The city of Dortmund has ushered in the political turning point and begun the exit from the proprietary era. Now it is important that the city finds the appropriate means to implement this process practically, by means of a proprietary exit strategy and to dissolve existing vendor lock-in. For Do-FOSS, the decision of the Memorandum 2020 to 2025 is the result of a functioning democratic local discourse. The practical management work for Free Software has the necessary political backing to succeed.

Ba-Da-Boom-Boom-Boom: Another Google App Bites The Dust

Another month, another Google service or app bites the dust. Ba-Da-Boom-Boom-Boom. It has become so commonplace, that it would be news if a month went by without Google chopping off one of its many tentacles that weave through just about everything we see on the web.

Google is ruthless in cutting off its own tentacles. Launch a service or app, gain a respectable following, and then pull the rug out from under those followers/users. Google will cut off all but its most successful tentacles. For those that remain, Google's goal seems to be to screw around with them when they are working perfectly and wonderfully, until they no longer work so perfectly or wonderfully. This time, it's Google Shopping that has been sacrificed at the Google Altar.

The strictly-mobile app will be removed from the Google Play store by June, 2021. You can install it from there to see what you have (or haven't) been missing. Google assures users that it will continue to work for at least the next several weeks.

Ba-Da-Boom-Boom-Boom. And another one gone, and another one gone, another one bites the dust!

New Cryptomining Worm Targets, Attacks Windows, Linux

According to an article on the Ars Technica site, there is a new cryptomining worm botnet attacking vulnerable Windows and Linux devices. Called the Sysrv botnet, it can spread from vulnerable device to vulnerable device (read, insecure) without any user intervention (also known as assistance). Once a device is infected, the cryptomining portion of the malware gets busy mining Monero digital currency for its "owner" ... which isn't the same as the owner of the infected device.

Initially discovered in December, by March the designers had combined the worm and cryptominer into one binary. Vulnerabilities in enterprise level software and frameworks such as Mongo Express, XXL-Job, XML-RPC, Saltstack, ThinkPHP, and Drupal Ajax is how the malware finds its way onto other vulnerable systems. A Juniper Networks blog post shines even more light on how the cryptomining worm works and gains entry. At its current rate, the worm can mine one XMR (currently ~ $200 U.S.) every two days.

I do like the way the Ars Technica article concludes. "The threat from this botnet isn't just the strain on computing resources and the non-trivial drain of electricity. Malware that has the ability to run a cryptominer can almost certainly also install ransomware and other malicious wares." The previously mentioned Juniper Networks blog post has details about how system administrators can determine if the systems they oversee have become infected.

The Great 2021 Ketchup Catch-Up

It's amazing how far the reach of COVID-19 is. First, there were toilet paper shortages. Then can goods, hand sanitizer, disinfecting wipes, paper towels, soups, bicycles, and a whole bunch of other seemingly unrelated stuff have taken their turn leading the lists of items in short supply.

Now, it's the individual serving packets of ketchup. When everything was shut down, ketchup makers -- like Heinz -- switched from packaging individual serving packets of ketchup to the larger bottles of ketchup we all have in our homes. And, it made sense, with most restaurants closed down and people spending more time at home. More people were cooking and eating food at home, so they were consuming the larger bottles of ketchup at an increased rate, while consuming hardly any of the individual serving packets.

But now that restaurants are starting to reopen, there's a shortage of the individual serving packets of ketchup. According to an article from NPR, Heinz (who has about 70 percent of the U.S. market share among ketchup manufacturers) is planning to increase production of the individual serving packets of ketchup by 25 percent. In fact, they estimate that they will have to produce 12 billion packets to catch up with the ketchup demand.

A Monkey With Implanted Neuralink Plays Pong ... With His Mind

Is there anything that Elon Musk cannot take from the realms of science fiction and turn into science fact? With Tesla, he has given us auto-piloting electric vehicles. With SpaceX, Musk is transporting NASA astronauts into space, and making plans to colonize Mars. And now, with Neuralink, one of his "other" companies, a monkey with implants in his brain can play pong. With just his thoughts. And he's very, very good at it.

Neuralink's goal is to allow people (think quadriplegics) to control devices and computers with brain implants controlled by brain waves, according to an article on Inc. Eventually, it could lead to more efficient means of input than clumsy keyboards, mice and thumb-tapping on mobile devices for everyone.

After implanting the devices in the monkey's brain, they taught him to play pong with a joystick. Eventually, Pager (that's the monkey's name) learned to use just his thoughts to control the cursor in the Pong game. You can see Pager in action by watching the Neuralink video on YouTube.

Microsoft Goes All In On Speech Recognition

Microsoft entered the speech recognition fight in a huge way, and in the way that Microsoft usually does: it buys its way in by buying up successful companies. The jury will still be out as far as what the outcome will be, however. Microsoft doesn't have a very good track record when it comes to the companies it takes over remaining successful (Nokia immediately comes to mind, but there are others).

Microsoft's latest "purchasing victim" is Nuance. You probably know them better as the company that has, for years, produced and sold the speech recognition software called "Dragon Naturally Speaking." As widely reported in the computing press, as well as by Microsoft itself, Microsoft purchased Nuance for $19.7 billion (U.S.). That represents a 23 percent premium over Nuance's closing stock price on April 9, 2021, purchasing shares at $56 per share.

Nuance is also the company that was behind the voice recognition backbone for Apple's iOS successful Siri speech recognition and AI assistant.

The Nuance Dragon software is in widespread use in hospitals for physicians to dictate their patient progress notes, and for radiologists to dictate their radiology findings. Microsoft hopes to leverage Dragon to increase its AI and cloud offerings to medical institutions.

It doesn't sound like things have changed much with Microsoft. They behave much like the Borg of Star Trek notoriety. Perhaps their motto should be "When you can't innovate, buy up/assimilate those who do." Or, maybe that's been their business plan all along. Hmmmm.

Just WHO knowingly introduces security vulnerabilities disguised as fixes for other problems, just so they can test the security of open source software? Why, a team of graduate researchers from the University of Minnesota. That's who.

According to an article on Neowin, the researchers from UMN made a point to introduce vulnerabilities to the Linux kernel, disguised as "hypocrite commits," which are fixes for other issues. They even published a research paper (PDF on GitHub) about their exploits. As you might expect, the entire drama played out on the Linux Kernel Mailing List (LKML). This message on the LKML pretty much sums up the main thrust of this issue. As a result, UMN has been banned from contributing to the Linux kernel.

The UMN Computer Science department did not take this news especially well. They posted their response in the comments section of the article on Neowin that was linked in the previous paragraph.

Greg Kroah-Hartman, one of the big wigs keeping Linux kernel on track, mentioned in another LKML post that all the patches and commits from the research group were being undone, and reverted to their previous state. The research group, which has seriously damaged its reputation with their underhanded and ill-thought-out research methods, have since posted an open apology to the LKML, but I can find little (if any) response to the apology.

PCLinuxOS Short Topix Roundup

GOOGLE HAS SWITCHED FROM USING COOKIES to using a new tracking method called FLoC. FLoC is the acronym for Federated Learning of Cohorts, and is now used by Google Chrome. It basically uses your browsing history and your search history to deliver targeted advertising to you as you traipse around the web. Google claims that FLoC affords users increased anonymity. DuckDuckGo, however, doesn't agree. In fact, they disagree so much that they have come out with a Google Chrome browser extension that, among other things, blocks the FLoC method of serving up targeted ads. Betanews has an excellent article about the new DuckDuckGo Chrome browser extension, as does MarkTechPost.

BELIEVE IT OR NOT, THERE ARE POSITIVES COMING OUT OF THE COVID-19 PANDEMIC. Thanks to the mass release and success of the coronavirus mRNA vaccines from Pfizer, Moderna and AstraZeneca, researchers are now taking a look at using mRNA vaccines to target HIV and certain cancers. Early trial results are looking very promising.

WHEN YOU COLORIZE A BLACK AND WHITE PHOTO, most of the time you have no problem telling that it was colorized. That's because the process is less than perfect, and doesn't render things the same way as nature or our eyes. One of the problems is lacking to take into account how skin reacts to light, which tends to change with skin pigmentation. Skin not only reflects light, but also absorbs light and is illuminated from within by that absorbed light. A new colorization technique, called Time-Travel Rephotography, uses AI to change that, and to take into account how skin really reacts with light. Old black and white photographs can make its subjects look old and harsh, because black and white film doesn't soften any of the skin tones or textures. The adding of color helps to hide some of the harshness and aging effects. It can take old black and white photographs and produce strikingly accurate colorized versions of them.

CHARLES "CHUCK" GESCHKE, who co-founded Adobe, Inc. with John Warnock, passed away Friday, April 16, 2021, at the age of 81 years. Geschke was responsible for helping create Adobe Postscript, which provided a radical and new way to print text and images on paper, giving rise to desktop publishing. Geschke and Warnock initially met while working at Xerox Palo Alto Research Center. The two men left Xerox in 1982 to start Adobe. You can read an obituary for Geschke here and here.