The Housing Authority of the City of High Point, North Carolina (HPHA) has released its annual report, highlighting positive improvements, new programs, and milestones for the community.

Guest Resources announces expanded accredited skills training, focusing on human resource learnerships and national certificates. These programs aim to empower South Africa's workforce by bridging the skills gap and enhancing employability, supporting economic growth.

Riyadh, Saudi Arabia, Duisburg, Germany, and Oslo, Norway - 1st July 2024

RTO National, North America's largest provider of consumer lease purchase and installment contracts to the backyard products industry, is pleased to announce that it was recently named the exclusive provider of financing for Tuff Shed.

MasterPieces offers new NFL, NHL, MLB, and NCAA games, puzzles, toys, housewares, and baby products.

With the 2024 National Squash League season upcoming in March 2024, the NSL, with the help of Louisville-based creative agency Honeywick, has launched a new site outlining news and events, including the first official National Squash League 2024 Draft Day, teams, players, results, and the official NSL rules.

Salary.com, the leading SaaS provider of cloud-based compensation data and analytics, today released the results of its eighth annual U.S. and Canada National Salary Budget Survey – revealing, for the eighth year in a row, that annual salary increase budgets are expected to remain flat at 3% for the upcoming year.

Wainwright Marks Management - European Commission will hold off on disciplinary proceedings against Italy, giving the debt burdened country time to revise its budget plans.

The Ground-Breaking and Global Business Promotion Ceremony of Qingdao International Cruise Terminal Area was held at Qingdao Port on March 28.

Borro's team of accredited luxury asset experts and financing specialists tailor loans to meet individual and business needs, making Borro a trusted lender to over 15,000 clients since 2008.

The STIHL Group is planning to acquire COSMOS Manufacturing Inc., a U.S.-based manufacturer of mufflers. COSMOS, a current STIHL development partner and major supplier of mufflers, is headquartered in South Chicago Heights, Illinois, USA and employs some 200 people in the development, production, and sale of muffler systems and stamped components for small and medium-sized engines.

Discover the profound artistic expression in Danielle Nelisse's "Jungle Garden," lauded by esteemed curator Debra Drexler and University of Hawaii Art Professor, embodying hope, resilience, and nature's renewal after the Maui fires. Immerse yourself in this vibrant exhibition at Hui No' Eau Art Gallery, where Nelisse's oil painting and others represent a symbol of nature's power against the backdrop of Maui's lush landscape.

Vattenfall commits over EUR five billion by 2028 to fossil-free energy production, e-mobility and related services in Europe's largest economy

Court revives Enigma's lawsuit against Malwarebytes. Court rules immunity protection under Section 230 of CDA is "not limitless."

Paris Commercial Court rules Enigma companies can proceed with their lawsuit claims against Malwarebytes for harm caused to French consumers and Enigma companies.

Ninth Circuit rules against Malwarebytes in Enigma Software's lawsuit for claims of unfair trade practices. Ninth Circuit denies Malwarebytes petition for rehearing and orders that no further petitions will be entertained. Enigma Software is permitted to proceed with its lawsuit against Malwarebytes.

Annual MSP 501 Identifies Best-in-Class Global MSP Businesses & Leading Trends in Managed Services.

AnyDesk, a leading provider of remote desktop solutions, launched its new global channel partner program today to strengthen and expand its worldwide partner network.

SpyHunter Pro combines highly effective anti-malware detection and blocking along with new functionality to enhance privacy protection and optimize computer systems. SpyHunter Pro extends standard anti-malware scanning by adding specialized scans designed to detect potentially unneeded data that can be deleted by users to reduce the risk of privacy invasion and free up disk space.

In the light of the recent security breach at Her Majesty's Revenue and Customs (HMRC), The Department of Social Scrutiny (DoSS) has issued the following statement on the subject of Identity Theft (IT) on behalf of The Government. This statement contains vital advice and the answers to a number...

You should read the following information carefully, then completely destroy the computer you are reading it on.

(I posted this to the DnD subreddit also: link.)

The Open Gaming License fiasco with Dungeons & Dragons producer Wizards of the Coast is a symptom of a larger problem: our insane Intellectual Property system that currently protects material for the life of the author plus 70 years. As a comparison, patents generally only protect inventions for 20 years.

The purpose of intellectual property laws is to balance public and private interests. IP law is an agreement between society and creators: the creator is guaranteed an exclusive right to their creation for a period of time, and in exchange the public gets rights to the creation afterwards. It's intended to be a balance of interests, but the balance has gotten completely out of whack thanks to (obviously) lobbying throughout the 20th century by major copyright holders like Disney.

In my opinion, the current copyright term, life of the author plus 70 years, is grossly unfair to the public. I believe that the internet era has demonstrated that creators would be incentivized to create even without such a long period of exclusivity. Think about it: would you create less stuff if your great-grandkids didn't get exclusive rights? I doubt it.

Listen: creators should be able to make money from their work. I don't think copyright should go to zero, but why not bring it in line with patent protection with a 20-year term?

Disney, DnD, and many other creations are part of our generation's cultural legacy, part of a 10,000+ year inheritance that has been handed down through time to our grandparents, our parents, and now us. It's morally wrong for our ancestors and corporations to lock our inheritance away from us.

Copyright protections must be re-balanced to protect both creators and the public. This problem with WotC shouldn't be just about a license, it should be about the IP laws that grant them exclusive rights to creations that are over 50 years old. Our generation should re-open these negotiations and come up with a fair copyright term.

It seems that most conservatives are calling the new Bank Term Funding Program a "bailout" for the rich, but as far as I can tell preventing a contagious bank-run is good for everyone. Shareholders and bondholders of any failed banks are not being guaranteed in anyway, only depositors (i.e., bank customers).

The additional funding will be made available through the creation of a new Bank Term Funding Program (BTFP), offering loans of up to one year in length to banks, savings associations, credit unions, and other eligible depository institutions pledging U.S. Treasuries, agency debt and mortgage-backed securities, and other qualifying assets as collateral. These assets will be valued at par. The BTFP will be an additional source of liquidity against high-quality securities, eliminating an institution's need to quickly sell those securities in times of stress.

Silicon Valley Bank and Signature Bank are being "resolved" and shareholders are being wiped out. Bondholders will probably get some of their money back, but they won't be made whole. Depositors will be fully protected. Bank runs are caused by depositors panicking and withdrawing their money, so the BTFP should be sufficient to forestall that catastrophe without "bailing out" banks using taxpayer dollars. I guess we'll find out.

Spline Technologies Corporation announces a major update to SplineTech JavaScript Debugger PRO, an independent standalone Web development tool that enables Web developers to easily edit and debug JavaScript and VBScript inside HTML and AJAX pages, without the need for any add-ons, plugins or changes of their code to handle the debugging process. Client-side JavaScript, JScript and client-side VBScript debugging languages are fully supported for simple and complex HTML, DHTML and AJAX debugging scenarios.

 SplineTech JavaScript Debugger PRO offers following main features to address the most common Web development issues:

 - Advanced form debugging for JavaScript form validation - Programmers to cause order forms to validate in clients' browser windows before they are submitted.
 - JavaScript pop-up debugging
 - Debug DHTML menus and JavaScript menus
 - Debug JavaScript and VBScript events: Debug JavaScript Pop-ups, onclick, onmouseover, onfocus and any
 other event.
 - Debug DHTML behavior
 - Debug client-side JavaScript controls: Debug calendars and any other control
 - Multi-Functional VBScript and JavaScript script editor for HTML and AJAX
 - Full Support for native VBScript and JavaScript syntax (color-coded)
 - Explicit JavaScript runtime error information
 - Execution line highlighting: Display the current line of the code to be executed

 Aside from a vast array of main features, this major update of SplineTech JavaScript Debugger PRO includes these new and unique features:
 - Pause code execution in 3, 5 or more seconds (user adjustable)
 - Reformat unreadable JavaScript and AJAX scripts (turns large one-line AJAX scripts into properly formatted readable multi-line code)
 - Step Through multiple lines of code at once (user adjustable)
 - Go back (and forth) to any step within your code
 - Call Stack enables developers to view all function names taken from function lists (since IE reports most of them as anonymous)
 - View all current variables in a dedicated Current Variables panel

 Without requiring any manual configuration or network configuration, SplineTech JavaScript Debugger PRO runs on the Windows 7/2008/2000/2003/XP and Windows Server 2008 platforms (both x86 and x64) with Microsoft Internet Explorer 6.0 or better.

 SplineTech JavaScript Debugger PRO is priced at $90 per single-user license, and is available for purchase at
 http://www.RemoteDebugger.com/javascript_debugger/javascript_debugger.asp

 Immediate online product delivery and full support is included with all Spline Technologies products.

 ABOUT:
 Spline Technologies Corporation is a growing dynamic international software development company, specializing in web development tools, with headquarters in beautiful downtown Montreal, Canada, since 1999.

League tables revealing failing NHS trusts and cancelled pay rises or dismissal for managers who don't turn things around are part of plans to improve the health service.

Train companies are set to face a review over how they prosecute and enforce rail fare evasion after reports of disproportionate action taken against passengers.

It’s the start of the work week, so for the IT administrators among us, I have another great article by friend of the website, Stefano Marinelli. This article covers migrating a Proxmox-based setup to FreeBSD with bhyve. The load is not particularly high, and the machines have good performance. Suddenly, however, I received a notification: one of the NVMe drives died abruptly, and the server rebooted. ZFS did its job, and everything remained sufficiently secure, but since it’s a leased server and already several years old, I spoke with the client and proposed getting more recent hardware and redoing the setup based on a FreeBSD host. ↫ Stefano Marinelli If you’re interested in moving one of your own setups, or one of your clients’ setups, from Linux to FreeBSD, this is a great place to start and get some ideas, tips, and tricks. Like I said, it’s Monday, and you need to get to work.

Some months ago, I got really fed up with C. Like, I don’t hate C. Hating programming languages is silly. But it was way too much effort to do simple things like lists/hashmaps and other simple data structures and such. I decided to try this language called Odin, which is one of these “Better C” languages. And I ended up liking it so much that I moved my game Artificial Rage from C to Odin. Since Odin has support for Raylib too (like everything really), it was very easy to move things around. Here’s how it all went.. Well, what I remember the very least. ↫ Akseli Lahtinen You programmers might’ve thought you escaped the wrath of Monday on OSNews, but after putting the IT administrators to work in my previous post, it’s now time for you to get to work. If you have a C codebase and want to move it to something else, in this case Odin, Lahtinen’s article will send you on your way. As someone who barely knows how to write HTML, it’s difficult for me to say anything meaningful about the technical details, but I feel like there’s a lot of useful, first-hand info here.

The current version of Windows on ARM contains Prism, Microsoft’s emulator that allows x86-64 code to run on ARM processors. While it was already relatively decent on the recent Snapdragon X platform, it could still be very hit-or-miss with what applications it would run, and especially games seemed to be problematic. As such, Microsoft has pushed out a major update to Prism that adds support for a whole bunch of extensions to the x86 architecture. This new support in Prism is already in limited use today in the retail version of Windows 11, version 24H2, where it enables the ability to run Adobe Premiere Pro 25 on Arm. Starting with Build 27744, the support is being opened to any x64 application under emulation. You may find some games or creative apps that were blocked due to CPU requirements before will be able to run using Prism on this build of Windows. At a technical level, the virtual CPU used by x64 emulated applications through Prism will now have support for additional extensions to the x86 instruction set architecture. These extensions include AVX and AVX2, as well as BMI, FMA, F16C, and others, that are not required to run Windows but have become sufficiently commonplace that some apps expect them to be present. You can see some of the new features in the output of a tool like Coreinfo64.exe. ↫ Amanda Langowski and Brandon LeBlanc on the Windows Blog Hopefully this makes running existing x86 applications that don’t yet have an ARM version a more reliable affair for Windows on ARM users.

Earlier this year, a proposal was made to replace the primary edition of Fedora from the GNOME variant to the KDE variant. This proposal, while serious, was mostly intended to stir up discussion about the position of the Fedora KDE spin within the larger Fedora community, and it seems this has had its intended effect. A different, but related proposal, to make Fedora KDE equal in status to the Fedora GNOME variant, has been accepted. The original proposal read: After a few months of being live, the proposal has now been unanimously accepted, which means that starting with Fedora 42, the GNOME and KDE versions will have equal status, and thus will receive equal marketing and positioning on the website. Considering how many people really enjoy Fedora KDE, this is a great outcome, and probably the fairest way to handle the situation for a distribution as popular as Fedora. I use Fedora KDE on all my machines, so for me, this is great news.

Speaking of Steam, the Linux version of Valve’s gaming platform has just received a pretty substantial set of fixes for crashes, and Timothee “TTimo” Besset, who works for Valve on Linux support, has published a blog post with more details about what kind of crashes they’ve been fixing. The Steam client update on November 5th mentions “Fixed some miscellaneous common crashes.” in the Linux notes, which I wanted to give a bit of background on. There’s more than one fix that made it in under the somewhat generic header, but the one change that made the most significant impact to Steam client stability on Linux has been a revamping of how we are approaching the setenv and getenv functions. One of my colleagues rightly dubbed setenv “the worst Linux API”. It’s such a simple, common API, available on all platforms that it was a little difficult to convince ourselves just how bad it is. I highly encourage anyone who writes software that will run on Linux at some point to read through “RachelByTheBay”‘s very engaging post on the subject. ↫ Timothee “TTimo” Besset This indeed seems to be a specific Linux problem, and due to the variability in Linux systems – different distributions, extensive user customisation, and so on – debugging information was more difficult to parse than on Windows and macOS. After a lot of work grouping the debug information to try and make sense of it all, it turned out that the two functions in question were causing issues in threads other than those that used them. They had to resort to several solutions, from reducing the reliance setenv and refactoring it with exevpe, to reducing the reliance on getenv through caching, to introducing “an ‘environment manager’ that pre-allocates large enough value buffers at startup for fixed environment variable names, before any threading has started”. It was especially this last one that had a major impact on reducing the number of crashes with Steam on Linux. Besset does note that these functions are still used far too often, but that at this point it’s out of their control because that usage comes from the libraries of the operating system, like x11, xcb, dbus, and so on. Besset also mentions that it would be much better if this issue can be addressed in glibc, and in the comments, a user by the name of Adhemerval reports that this is indeed something the glibc team is working on.

Korzystając z zainfekowanych telefonów, przestępcy rozsyłają wiadomości SMS z informacją o konieczności podjęcia działań wraz z linkiem do złośliwej strony. Jeśli użytkownik zgodzi sie na pobranie i zainstalowanie aplikacji to po uzyskaniu odpowiednich uprawnień przejmuje ona kontrolę nad urządzeniem i wykradać dane z telefonu.

Przestępcy próbują doprowadzić do infekcji komputera ofiary wszelkimi możliwymi sposobami. Bardzo częstym wektorem ataku są masowo wysyłane emaile zawierające złośliwe załączniki, które mają zostać otworzone i uruchomione przez ofiarę.

W module WebInteraface oprogramowania Telwin SCADA CERT Polska wykrył podatność typu Path Traversal (CVE-2023-0956).

W oprogramowaniu UptimeDC firmy ProIntegra S.A wykryto podatność pozwalającą na eskalację uprawnień (CVE-2023-4997).

W oprogramowaniu SmodBIP wykryto podatność CSRF (CVE-2023-4837).

Firma Cisco opublikowała informację o krytycznej podatności CVE-2023-20198 w funkcjonalności Web User Interface oprogramowania Cisco IOS XE. Luka umożliwia nieautoryzowanemu złośliwemu użytkownikowi utworzenie konta administratora z poziomu interfejsu użytkownika i przejęcie kontroli nad urządzeniem docelowym.

W oprogramowaniu Apereo Central Authentication Service wykryto podatność pozwalającą na ominięcie wieloskładnikowego uwierzytelnienia (CVE-2023-4612).

W oprogramowaniu SAS 9.4 wykryto podatność typu Reflected XSS (CVE-2023-4932).

Zespół CERT Polska oraz Służba Kontrwywiadu Wojskowego wraz z zagranicznymi partnerami wykryły, że Rosyjska Służba Wywiadu Zagranicznego (SVR) wykorzystuje podatność CVE-2023-42793 (w JetBrains TeamCity) do szeroko zakrojonych działań, skierowanych przeciwko podmiotom wytwarzającym oprogramowanie.

W oprogramowaniu MegaBIP oraz SmodBIP wykryto podatność Stored XSS (CVE-2023-5378).

W oprogramowaniu PrestaShop Google Integrator firmy PrestaShow wykryto podatność typu SQL injection (CVE-2023-6921).

W otwartoźródłowym oprogramowaniu TasmoAdmin wykryto podatność open redirect (CVE-2023-6552).

W otwartoźródłowym oprogramowaniu TCExam wykryto podatność (CVE-2023-6554).

W oprogramowaniu Kofax Capture wykryto podatność typu Stored XSS (CVE-2023-5118).

W oprogramowaniu routera Hongdian H8951-4G-ESP wykryto 10 podatności różnego typu (od CVE-2023-49253 do CVE-2023-49262).

Jednym z kluczowych wyzwań związanych z europejskim cyberbezpieczeństwem jest zależność od danych pochodzących z krajów spoza UE. Projekt FETTA (Federated European Team for Threat Analysis, pol. Europejski Zespół Analizy Zagrożeń) ma na celu rozwiązanie tego problemu poprzez utworzenie międzynarodowego zespołu opracowującego produkty i narzędzia z zakresu Cyber Threat Intelligence (CTI).

W oprogramowaniu Comarch ERP XL wykryto trzy podatności (CVE-2023-4537, CVE-2023-4538, CVE-2023-4539).

W otwartoźródłowym oprogramowaniu Laragon wykryto podatność RCE (CVE-2024-0864).