2024-03-31

etc

• The Dali ship crew is still on board after hitting the Baltimore bridge

• Crane Linked to CIA Soviet Sub Mission Now on Station at Key Bridge Collapse

  Chesapeake, a 1,000-ton lift-capacity derrick barge – the largest crane on the East Coast – arrived by Friday, as well as Ferrell, a 200-ton lift-capacity revolving crane barge, and Oyster, a 150-ton lift-capacity crane barge. The Navy is also sending another 400-ton lift capacity barge, expected to arrive next week, according to a Navy release.

• Baltimore Bridge Collapse: Container Ship "Potentially Atop High-Pressure Underwater Gas Line" | ZeroHedge

• Baltimore bridge collapse could lead to record insurance loss, says Lloyd's boss

• US bridges lack impact protection. After Key Bridge collapse, will that change?

• Road closed after barge strikes bridge in Sallisaw | 5newsonline.com

• Birth Rates Are Plummeting in Most Nations, And The World Isn’t Prepared.

Horseshit

• The Social Benefits of Getting Our Brains in Sync

• When Kids Are Addicted to Their Phones, Who Is to Blame?

• 1 in every 13 bridges in America is in 'poor' condition

• Why Are Older Americans Drinking So Much? - The New York Times

• Vanishing of "Pirate King" Henry Avery after 1695 heist at sea allegedly solved

Electric / Self Driving cars

• Fisker had big dreams to compete with Tesla. What went wrong?

• The crews bracing themselves for a rise in electric car fires

• NYC will allow companies to test autonomous vehicles on its streets

celebrity gossip

• Lizzo Says 'I Quit'

Musk

• Tesla engineers don't have engineering degrees or even common sense apparently | Hacker News

Trump / War against the Right / Jan6

• Trump Is Mad Trans Day Of Visibility Is The Same Day It Was Last Year

• Trump Shares Video Featuring Image of a Hog-Tied Biden

• Ex-Trump adviser says former president ‘hasn’t got the brains’ for dictatorship

  • John Bolton Dismisses Trump Dictator Talk With Brutal Observation

Pox / COVID / BioTerror AgitProp

• Indoor airborne risk assessment in the context of SARS-CoV-2

• Bird flu discovered in U.S. dairy cows is 'disturbing'

Religion / Tribal / Culture War and Re-Segregation

• Female Athletes Unhappy After Being Asked to 'Lose Gracefully' to Trans

Edumacationalizing / Acedemia Nuts

• Biden's New Math: 25% = 100% So Free-Lunch For Everybody | ZeroHedge

  The Biden administration just issued a new directive. If 25 percent of a school is low income, then everybody gets a free lunch.

Info Rental / ShowBiz / Advertising

• 20 Years of Gmail

  • HN comments

• Amazon Kindle Lock Screens Are Showing Ads for AI-Generated Books

• Music Streaming Services Are Getting Record Amounts of Money

• AT&T confirms data breach and resets customer passcodes

  • AT&T confirms data for 73M customers leaked on hacker forum

  • AT&T Says Data from 73M Accounts Were Leaked to Dark Web

  • Data from 73 million AT&T accounts leaked online

TechSuck / Geek Bait

• An unusual 7400-series chip implemented with a gate array

• Security Alert: Potential SSH Backdoor Via Liblzma

  • Technologist vs spy: the xz backdoor debate

  some time ago, an unknown party evidently noticed that liblzma (aka xz) — a relatively obscure open-source compression library — was a dependency of OpenSSH, a security-critical remote administration tool used to manage millions of servers around the world. This dependency existed not because of a deliberate design decision by the developers of OpenSSH, but because of a kludge added by some Linux distributions to integrate the tool with the operating system’s newfangled orchestration service, systemd.

  Equipped with this knowledge about xz, the aforementioned party probably invented the persona of "Jia Tan” — a developer with no prior online footprint who materialized out of the blue in October 2021 and started making helpful contributions to the library. Up to that point, xz had a single maintainer — Lasse Collin — who was dealing with health issues and was falling behind. Shortly after the arrival of “Jia”, several apparent sock puppet accounts showed up and started pressuring Lasse to pass the baton; it appears that he relented at some point in 2023.

  Since then, “Jia” diligently continued the maintenance work — culminating in February 2024 with the seamless introduction of a sophisticated, well-concealed backdoor tucked inside one of the build scripts. Full analysis of the payload is still pending, but it appears to have targeted the pre-authentication crypto functions of OpenSSH; it’s probably safe to assume that it added “master key” functionality to let the attackers access all affected servers at will.

  • Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library

  • Supply Chain Intrigue, or The Spy Who Shagged My Repo

  However, the xz intrigue is only a symptom of a larger problem in the world of software development: securing the supply chain. In just the past few months, we've seen issues with malicious packages on both PyPi and NPM, the main repositories of 3rd party libraries for Python and Javascript respectively. Fortunately, the malicious packages were relatively unsophisticated and were discovered before significant damage could be done, but they hint at an issue that is only going to grow in significance. The xz backdoor is probably the most sophisticated attack - in terms of planning and execution, if not necessarily the source code involved - that we've seen so far (that we know of), involving extensive planning and almost 3 years of preparation and lead time.

• See, this is why I retired early from software engineering

  Devon: Fred made a whole set of structs containing raw untyped pointers so he could reinvent polymorphism in C, because he "doesn't like C++".

  Foobar, Inc: Yes, isn't he clever? We love Fred!

  Devon: And segfaults, apparently.

AI Will (Save | Destroy) The World

• Scoop: Congress bans staff use of Microsoft's AI Copilot

• Sam Altman is trying to convince Hollywood Sora won't destroy the movie business

Economicon / Business / Finance

• the US Realtors settlement is already changing the way some buy and sell homes

• California fast-food workers will get $20 minimum wage, starting Monday

• Average worker now logs off at 4 p.m. on Fridays

• Chocolate prices to keep rising as West Africa’s cocoa crisis deepens

Gubmint / Poilitcks / Law Making

• SF candidate Bilal Mahmood 'neuroscientist' credentials questioned

• Joe Biden wins the Democratic presidential primary in North Dakota

  • Biden wins North Dakota Democratic primary

Law Breaking / Police / Internal Security

• New Calif Highway Surveillance Uses More Than Cameras

• Criminals in Montreal Using AirTags to Steal Vehicles

External Security / Militaria / Diplomania

• Hawaii is not covered by the NATO treaty. Some experts say that needs to change

World

• Sweden aim to classify industrial hemp as narcotic

• Housing Crisis, Packed Hospitals and Food Lines: Even in Canada?

• Peru President Dina Boluarte’s home raided in luxury watch investigation

Israel

• Palestinians reject proposal to introduce Arab multi-national force in Gaza

• UN: 3 UN Observers, Translator Wounded in South Lebanon

• 400 Tons of Aid on Way to Gaza; Humanitarians Say That's Not Enough

• White House authorizes weapons transfers to Israel

• GOP Congressman Calls For Treating Gaza 'Like Nagasaki And Hiroshima'

Russia Bad / Ukraine War

• Russia Is Making Its Own Gaming Consoles

• Russia's Crimea annexation looks a lot like ethnic cleansing

• A growing number of Americans end up in Russian jails

Health / Medicine

• Heat exposure may increase inflammation and impair the immune system

• Semen microbiota are dramatically altered in men with abnormal sperm parameters

• Association of Sexual Intercourse with Sudden Cardiac Death in UK Young

Environment / Climate / Green Propaganda

• Anthropogenic forcing increased the risk of longer, slower traveling heatwaves

• US appeals court kills ban on plastic containers contaminated with PFAS

  • HN comments

• The federal government promised to plant two billion trees. How's that going?