Self-identified liberals outnumber conservatives among Harvard faculty by 82-1.

More than 80 percent of Harvard faculty respondents characterized their political leanings as "liberal" or "very liberal," according to The Crimson's annual survey of the Faculty of Arts and Sciences in April.

A little over 37 percent of faculty respondents identified as "very liberal"-- a nearly 8 percent jump from last year. Only 1 percent of respondents stated they are "conservative," and no respondents identified as "very conservative."

Academics usually explain this uniformity by asserting that liberals are smarter than conservatives and thus better suited for faculty positions in higher education -- particularly in self-identified elite universities. This explanation is relatively simple to assess by considering whether or not these same academics would entertain a similar explanation for a lack of sex or racial diversity in other institutions, such as corporate leadership or government. If one were to claim that "there are more male CEOs because men are smarter than women" that claim would be rightly dismissed.

(HT: Campus Reform and Instapundit.)

Italy's new prime minister Giorgia Meloni explains why so many people are afraid of her victory. American newspapers categorize her as "far-right", but Italian newspapers call her "center-right". Let's see what she does.

The new Prime Minister of Italy.

Wow. pic.twitter.com/fkKTM8I9Fs

— Aaron Ginn (@aginnt) September 26, 2022

This seems insane. Why create a more transmissable and lethal version of COVID?

DailyMail.com revealed the team had made a hybrid virus -- combining Omicron and the original Wuhan strain -- that killed 80 per cent of mice in a study.

The revelation exposes how dangerous virus manipulation research continues to go on even in the US, despite fears similar practices may have started the pandemic.

Professor Shmuel Shapira, a leading scientist in the Israeli Government, said: 'This should be totally forbidden, it's playing with fire.'

Gain of function research - when viruses are purposefully manipulated to be more infectious or deadly - is thought to be at the center of Covid's origin.

We may never know the origin of COVID-19 with certainty, but gain-of-function research needs to stop.

(I posted this to the DnD subreddit also: link.)

The Open Gaming License fiasco with Dungeons & Dragons producer Wizards of the Coast is a symptom of a larger problem: our insane Intellectual Property system that currently protects material for the life of the author plus 70 years. As a comparison, patents generally only protect inventions for 20 years.

The purpose of intellectual property laws is to balance public and private interests. IP law is an agreement between society and creators: the creator is guaranteed an exclusive right to their creation for a period of time, and in exchange the public gets rights to the creation afterwards. It's intended to be a balance of interests, but the balance has gotten completely out of whack thanks to (obviously) lobbying throughout the 20th century by major copyright holders like Disney.

In my opinion, the current copyright term, life of the author plus 70 years, is grossly unfair to the public. I believe that the internet era has demonstrated that creators would be incentivized to create even without such a long period of exclusivity. Think about it: would you create less stuff if your great-grandkids didn't get exclusive rights? I doubt it.

Listen: creators should be able to make money from their work. I don't think copyright should go to zero, but why not bring it in line with patent protection with a 20-year term?

Disney, DnD, and many other creations are part of our generation's cultural legacy, part of a 10,000+ year inheritance that has been handed down through time to our grandparents, our parents, and now us. It's morally wrong for our ancestors and corporations to lock our inheritance away from us.

Copyright protections must be re-balanced to protect both creators and the public. This problem with WotC shouldn't be just about a license, it should be about the IP laws that grant them exclusive rights to creations that are over 50 years old. Our generation should re-open these negotiations and come up with a fair copyright term.

Spline Technologies Corporation announces a major update to SplineTech JavaScript Debugger PRO, an independent standalone Web development tool that enables Web developers to easily edit and debug JavaScript and VBScript inside HTML and AJAX pages, without the need for any add-ons, plugins or changes of their code to handle the debugging process. Client-side JavaScript, JScript and client-side VBScript debugging languages are fully supported for simple and complex HTML, DHTML and AJAX debugging scenarios.

 SplineTech JavaScript Debugger PRO offers following main features to address the most common Web development issues:

 - Advanced form debugging for JavaScript form validation - Programmers to cause order forms to validate in clients' browser windows before they are submitted.
 - JavaScript pop-up debugging
 - Debug DHTML menus and JavaScript menus
 - Debug JavaScript and VBScript events: Debug JavaScript Pop-ups, onclick, onmouseover, onfocus and any
 other event.
 - Debug DHTML behavior
 - Debug client-side JavaScript controls: Debug calendars and any other control
 - Multi-Functional VBScript and JavaScript script editor for HTML and AJAX
 - Full Support for native VBScript and JavaScript syntax (color-coded)
 - Explicit JavaScript runtime error information
 - Execution line highlighting: Display the current line of the code to be executed

 Aside from a vast array of main features, this major update of SplineTech JavaScript Debugger PRO includes these new and unique features:
 - Pause code execution in 3, 5 or more seconds (user adjustable)
 - Reformat unreadable JavaScript and AJAX scripts (turns large one-line AJAX scripts into properly formatted readable multi-line code)
 - Step Through multiple lines of code at once (user adjustable)
 - Go back (and forth) to any step within your code
 - Call Stack enables developers to view all function names taken from function lists (since IE reports most of them as anonymous)
 - View all current variables in a dedicated Current Variables panel

 Without requiring any manual configuration or network configuration, SplineTech JavaScript Debugger PRO runs on the Windows 7/2008/2000/2003/XP and Windows Server 2008 platforms (both x86 and x64) with Microsoft Internet Explorer 6.0 or better.

 SplineTech JavaScript Debugger PRO is priced at $90 per single-user license, and is available for purchase at
 http://www.RemoteDebugger.com/javascript_debugger/javascript_debugger.asp

 Immediate online product delivery and full support is included with all Spline Technologies products.

 ABOUT:
 Spline Technologies Corporation is a growing dynamic international software development company, specializing in web development tools, with headquarters in beautiful downtown Montreal, Canada, since 1999.

Keir Starmer's arrival at COP29, with a promise to drastically cut the UK's carbon emissions by 81%, will be a small ray of sunshine in an otherwise gloomy start to the climate talks.

The homes of Kansas City Chiefs stars Patrick Mahomes and Travis Kelce were both broken into last month, according to police and media reports.

An "unknown" explosion at factory in Louisville, Kentucky injured 11 people on Tuesday.

Some of Britain's biggest retailers have warned the chancellor that last month's budget will stoke inflation in the economy and spark job losses as tax hikes add nearly £2.5bn to the industry's annual tax bill.

A union representing Post Office staff has lashed out at proposals that could result in 115 branch closures and significantly more than 1,000 workers losing their jobs, by describing them as "immoral".

The Post Office has announced that more than a hundred larger crown branches - those owned by the company directly - could close with the possible loss of hundreds of jobs.

Sara Sharif's murder-accused father has told jurors he "takes full responsibility" for the death of his daughter.

New trenches and berms are being constructed along the frontier in the occupied Golan Heights.

Audrey F tells a court how a 13-year-old student's lie to her parents led to Samuel Paty's murder.

It’s the start of the work week, so for the IT administrators among us, I have another great article by friend of the website, Stefano Marinelli. This article covers migrating a Proxmox-based setup to FreeBSD with bhyve. The load is not particularly high, and the machines have good performance. Suddenly, however, I received a notification: one of the NVMe drives died abruptly, and the server rebooted. ZFS did its job, and everything remained sufficiently secure, but since it’s a leased server and already several years old, I spoke with the client and proposed getting more recent hardware and redoing the setup based on a FreeBSD host. ↫ Stefano Marinelli If you’re interested in moving one of your own setups, or one of your clients’ setups, from Linux to FreeBSD, this is a great place to start and get some ideas, tips, and tricks. Like I said, it’s Monday, and you need to get to work.

NetBSD is an open-source, Unix-like operating system known for its portability, lightweight design, and robustness across a wide array of hardware platforms. Initially released in 1993, NetBSD was one of the first open-source operating systems based on the Berkeley Software Distribution (BSD) lineage, alongside FreeBSD and OpenBSD. NetBSD’s development has been led by a collaborative community and is particularly recognized for its “clean” and well-documented codebase, a factor that has made it a popular choice among users interested in systems programming and cross-platform compatibility. ↫ André Machado I’m not really sure what to make of this article, since it mostly reads like an advertisement for NetBSD, but considering NetBSD is one of the lesser-talked about variants of an operating system family that already sadly plays second fiddle to the Linux behemoth, I don’t think giving it some additional attention is really hurting anybody. The article is still gives a solid overview of the history and strengths of NetBSD, which makes it a good introduction. I have personally never tried NetBSD, but it’s on my list of systems to try out on my PA-RISC workstation since from what I’ve heard it’s the only BSD which can possibly load up X11 on the Visualize FX10pro graphics card it has (OpenBSD can only boot to a console on this GPU). While I could probably coax some cobbled-together Linux installation into booting X11 on it, where’s the fun in that? Do any of you lovely readers use NetBSD for anything? FreeBSD and even OpenBSD are quite well represented as general purpose operating systems in the kinds of circles we all frequent, but I rarely hear about people using NetBSD other than explicitly because it supports some outdated, arcane architecture in 2024.

The current version of Windows on ARM contains Prism, Microsoft’s emulator that allows x86-64 code to run on ARM processors. While it was already relatively decent on the recent Snapdragon X platform, it could still be very hit-or-miss with what applications it would run, and especially games seemed to be problematic. As such, Microsoft has pushed out a major update to Prism that adds support for a whole bunch of extensions to the x86 architecture. This new support in Prism is already in limited use today in the retail version of Windows 11, version 24H2, where it enables the ability to run Adobe Premiere Pro 25 on Arm. Starting with Build 27744, the support is being opened to any x64 application under emulation. You may find some games or creative apps that were blocked due to CPU requirements before will be able to run using Prism on this build of Windows. At a technical level, the virtual CPU used by x64 emulated applications through Prism will now have support for additional extensions to the x86 instruction set architecture. These extensions include AVX and AVX2, as well as BMI, FMA, F16C, and others, that are not required to run Windows but have become sufficiently commonplace that some apps expect them to be present. You can see some of the new features in the output of a tool like Coreinfo64.exe. ↫ Amanda Langowski and Brandon LeBlanc on the Windows Blog Hopefully this makes running existing x86 applications that don’t yet have an ARM version a more reliable affair for Windows on ARM users.

Earlier this year, a proposal was made to replace the primary edition of Fedora from the GNOME variant to the KDE variant. This proposal, while serious, was mostly intended to stir up discussion about the position of the Fedora KDE spin within the larger Fedora community, and it seems this has had its intended effect. A different, but related proposal, to make Fedora KDE equal in status to the Fedora GNOME variant, has been accepted. The original proposal read: After a few months of being live, the proposal has now been unanimously accepted, which means that starting with Fedora 42, the GNOME and KDE versions will have equal status, and thus will receive equal marketing and positioning on the website. Considering how many people really enjoy Fedora KDE, this is a great outcome, and probably the fairest way to handle the situation for a distribution as popular as Fedora. I use Fedora KDE on all my machines, so for me, this is great news.

More bad news from Mozilla. The Mozilla Foundation, the nonprofit arm of the Firefox browser maker Mozilla, has laid off 30% of its employees as the organization says it faces a “relentless onslaught of change.” Announcing the layoffs in an email to all employees on October 30, the Mozilla Foundation’s executive director Nabiha Syed confirmed that two of the foundation’s major divisions — advocacy and global programs — are “no longer a part of our structure.” ↫ Zack Whittaker at TechCrunch This means Mozilla will no longer be advocating for an open web, privacy, and related ideals, which fits right in with the organisation’s steady decline into an ad-driven effort that also happens to be making a web browser used by, I’m sorry to say, effectively nobody. I just don’t know how many more signs people need to see before realising that the future of Firefox is very much at stake, and that we’re probably only a few years away from losing the only non-big tech browser out there. This should be a much bigger concern than it seems to be to especially the Linux and BSD world, who rely heavily on Firefox, without a valid alternative to shift to once the browser’s no longer compatible with the various open source requirements enforced by Linux distributions and the BSDs. What this could also signal is that the sword of Damocles dangling above Mozilla’s head is about to come down, and that the people involved know more than we do. Google is effectively bankrolling Mozilla – for about 80% of its revenue – but that deal has come under increasing scrutiny from regulars, and Google itself, too, must be wondering why they’re wasting money supporting a browser nobody’s using. We’re very close to a web ruled by Google and Apple. If that prospect doesn’t utterly terrify you, I honestly wonder what you’re doing here, reading this.

Sukcesywnie każdego roku CERT Polska rejestruje coraz większą liczbę zgłoszeń oraz incydentów cyberbezpieczeństwa. W 2021 r. CERT Polska zarejestrował 116 071 zgłoszeń. Spośród wszystkich zgłoszeń nasi specjaliści wytypowali 65 586, na podstawie których zarejestrowano łącznie 29 483 unikalnych incydentów cyberbezpieczeństwa.

Rok 2021 był wypełniony poważnymi podatnościami, które bardzo szybko były adaptowane i wykorzystywane przez cyberprzestępców, w szczególności przez grupy ransomware. Zaobserwowaliśmy wyraźny trend wzrostu wykorzystania podatności w oprogramowaniu używanym przez firmy np. Microsoft Exchange czy VMware vCenter, względem tych w oprogramowaniu wykorzystywanym przez użytkownika końcowego, takich jak pakiet Office czy przeglądarka.

W ostatnim czasie obserwujemy ataki grupy UNC1151/Ghostwriter z wykorzystaniem techniki Browser in the Browser. Grupa ta od ponad roku atakuje skrzynki pocztowe polskich obywateli. Wykorzystywane techniki z biegiem czasu ulegają zmianie, ale motyw przewodni używanych wiadomości, jak i cel pozostaje ten sam.

Fortinet opublikował informację o krytycznej podatności CVE-2022-42475 pozwalającej na zdalne wykonanie kodu bez uwierzytelniania w module SSL-VPN (sslvpnd) dla FortiOS. Podatność była aktywnie wykorzystywana w atakach jeszcze zanim jej istnienie zostało ujawnione.

Przestępcy coraz częściej personalizują swoje kampanie, tworzą je pod potencjalne ofiary. Chcą tak wzbudzić większy niepokój, ale także urealistycznić atak. Osiągają to m.in. zwracając się do adresata bezpośrednio po jego imieniu.

Ostrzegamy - szkodliwe oprogramowanie z rodziny Hydra ponownie aktywne. Jako cel obiera dane logowania do aplikacji bankowych na systemach Android.

Cyberprzestępcy często kontaktują się z potencjalnymi ofiarami telefonicznie. Na początku rozmowy przedstawiają nieprawdziwą sytuację, która wydaje się pilna i wymaga szybkiego działania. Pochopne działanie może jednak prowadzić do utraty środków pieniężnych.

Microsoft opublikował informację o krytycznej podatności CVE-2023-23397 w aplikacji Outlook na systemie Windows. Może ona prowadzić do zdalnego przejęcia hasła domenowego, bez interakcji użytkownika. Podatność była aktywnie używana w atakach przez jedną z rosyjskich grup APT od kwietnia 2022 roku, w tym w Polsce. Rekomendujemy podjęcie natychmiastowych działań we wszystkich organizacjach, których użytkownicy korzystają z poczty poprzez klienta Microsoft Outlook.

Spear phishing jest oszustwem o charakterze socjotechnicznym, wykorzystującym presję autorytetu i czasu, aby skłonić atakowanego do podjęcia niekorzystnego dla niego działania. Fakt, że zazwyczaj informacje potrzebne do przeprowadzenia ataku są publicznie dostępne lub łatwe do uzyskania, czyni to oszustwo popularnym wśród cyberprzestępców.

Od początku sierpnia CERT Polska jako jedyna instytucja w kraju i jeden z 7 CERT-ów w Europie może nadawać numery CVE, które służą identyfikacji i katalogowaniu publicznie ujawnionych podatności.

W module WebInteraface oprogramowania Telwin SCADA CERT Polska wykrył podatność typu Path Traversal (CVE-2023-0956).

CERT Polska otrzymał zgłoszenie o podatności w bibliotece lua-http i nadał jej numer CVE-2023-4540.

W oprogramowaniu UptimeDC firmy ProIntegra S.A wykryto podatność pozwalającą na eskalację uprawnień (CVE-2023-4997).

W oprogramowaniu SmodBIP wykryto podatność CSRF (CVE-2023-4837).

Firma Cisco opublikowała informację o krytycznej podatności CVE-2023-20198 w funkcjonalności Web User Interface oprogramowania Cisco IOS XE. Luka umożliwia nieautoryzowanemu złośliwemu użytkownikowi utworzenie konta administratora z poziomu interfejsu użytkownika i przejęcie kontroli nad urządzeniem docelowym.

W oprogramowaniu Apereo Central Authentication Service wykryto podatność pozwalającą na ominięcie wieloskładnikowego uwierzytelnienia (CVE-2023-4612).

W oprogramowaniu SAS 9.4 wykryto podatność typu Reflected XSS (CVE-2023-4932).

Zespół CERT Polska oraz Służba Kontrwywiadu Wojskowego wraz z zagranicznymi partnerami wykryły, że Rosyjska Służba Wywiadu Zagranicznego (SVR) wykorzystuje podatność CVE-2023-42793 (w JetBrains TeamCity) do szeroko zakrojonych działań, skierowanych przeciwko podmiotom wytwarzającym oprogramowanie.

W oprogramowaniu MegaBIP oraz SmodBIP wykryto podatność Stored XSS (CVE-2023-5378).

W aplikacji eWeLink firmy CoolKit Technology wykryto podatność pozwalającą na ominięcie ekranu blokady (CVE-2023-6998).

W otwartoźródłowej bibliotece class.upload.php wykryto podatność typu Stored XSS (CVE-2023-6551).

Secure to dwudniowa konferencja poświęcona strategicznym wyzwaniom w cyberprzestrzeni. Wydarzenie odbędzie się w dniach 16-17 kwietnia w Muzeum Historii Polski w Warszawie. Tegoroczna edycja odbywa się pod hasłem "Horyzont cyberwyzwań".

W oprogramowaniu PrestaShop Google Integrator firmy PrestaShow wykryto podatność typu SQL injection (CVE-2023-6921).

W otwartoźródłowym oprogramowaniu TasmoAdmin wykryto podatność open redirect (CVE-2023-6552).

W otwartoźródłowym oprogramowaniu TCExam wykryto podatność (CVE-2023-6554).

W oprogramowaniu Kofax Capture wykryto podatność typu Stored XSS (CVE-2023-5118).

W oprogramowaniu routera Hongdian H8951-4G-ESP wykryto 10 podatności różnego typu (od CVE-2023-49253 do CVE-2023-49262).

W oprogramowaniu różnych modeli terminali płatniczych firmy PAX wykryto łącznie 5 podatności (CVE-2023-4818, CVE-2023-42134, CVE-2023-42135, CVE-2023-42136, CVE-2023-42137).

W aplikacji iZZi connect firmy INPRAX wykryto podatność polegającą na możliwości odczytania zaszytych na stałe w kodzie aplikacji danych dostępowych (CVE-2024-0390).

W oprogramowaniu Comarch ERP XL wykryto trzy podatności (CVE-2023-4537, CVE-2023-4538, CVE-2023-4539).

W otwartoźródłowym oprogramowaniu Laragon wykryto podatność RCE (CVE-2024-0864).