Category: Computers, Science & Technology

According to Slashdot: “Mozilla has announced plans to remove support for the FTP protocol from Firefox. Going forward, users won’t be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser. From a report:

“We’re doing this for security reasons,” said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. “FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources,” he said. “Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past.” Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.”

Beware of sites and emails directing you to ‘Coronavirus Maps’ or maps that are supposed to show the progression of COVID-19. Turns out, it’s a malware infecting PCs to steal passwords from unsuspecting folks afraid of what’s going on! The “bad guys” re not above using opportunities like this to overcome your good sense and make you click on unknown links!

Think carefully about those Chrome extensions in the Google Play store!

500 Chrome Extensions Caught Stealing Private Data of 1.7 Million Users

The Hacker News – By: Ravie Lakshmanan – “Google removed 500 malicious Chrome extensions from its Web Store after they found to inject malicious ads and siphon off user browsing data to servers under the control of attackers.

These extensions were part of a malvertising and ad-fraud campaign that’s been operating at least since January 2019, although evidence points out the possibility that the actor behind the scheme may have been active since 2017.

The findings come as part of a joint investigation by security researcher Jamila Kaya and Cisco-owned Duo Security, which unearthed 70 Chrome Extensions with over 1.7 million installations.

Upon sharing the discovery privately with Google, the company went on to identify 430 more problematic browser extensions, all of which have since been deactivated.

‘The prominence of malvertising as an attack vector will continue to rise as long as tracking-based advertising remains ubiquitous, and particularly if users remain underserved by protection mechanisms,’ said Kaya and Duo Security’s Jacob Rickerd in the report.

A Well-Concealed Malvertising Campaign

Using Duo Security’s Chrome extension security assessment tool — called CRXcavator — the researchers were able to ascertain that the browser plugins operated by surreptitiously connecting the browser clients to an attacker-controlled command-and-control (C2) server that made it possible to exfiltrate private browsing data without the users’ knowledge.

The extensions, which functioned under the guise of promotions and advertising services, had near-identical source code but differed in the names of the functions, thereby evading Chrome Web Store detection mechanisms.

In addition to requesting extensive permissions that granted the plugins access to clipboard and all the cookies stored locally in the browser, they periodically connected to a domain that shared the same name as the plugin (e.g., Mapstrekcom, ArcadeYumcom) to check for instructions on getting themselves uninstalled from the browser.

Upon making initial contact with the site, the plugins subsequently established contact with a hard-coded C2 domain — e.g., DTSINCEcom — to await further commands, the locations to upload user data, and receive updated lists of malicious ads and redirect domains, which subsequently redirected users’ browsing sessions to a mix of legitimate and phishing sites.

‘A large portion of these are benign ad streams, leading to ads such as Macy’s, Dell, or Best Buy,’ the report found. ‘Some of these ads could be considered legitimate; however, 60 to 70 percent of the time a redirect occurs, the ad streams reference a malicious site.’

Beware of Data-Stealing Browser Extensions

This is not the first time data-stealing extensions have been discovered on the Chrome browser. Last July, security researcher Sam Jadali and The Washington Post uncovered a massive data leak called DataSpii (pronounced data-spy) perpetrated by shady Chrome and Firefox extensions installed on as many four million users’ browsers.

These add-ons collected browsing activity — including personally identifiable information — and shared it with an unnamed third-party data broker that passed it on to an analytics firm called Nacho Analytics (now shut down), which then sold the collected data to its subscription members in near real-time.

In response, Google began requiring extensions to only request access to the ‘least amount of data’ starting October 15, 2019, banning any extensions that don’t have a privacy policy and gather data on users’ browsing habits.

For now, the same rule of caution applies: review your extension permissions, consider uninstalling extensions you rarely use or switch to other software alternatives that don’t require invasive access to your browser activity.”

I mentioned on the show that I couldn’t get my Camlink to work. That is a waaay oversimplification. It DID work, it is just that the video looked TERRIBLE It looked like the issue was due to really bad interlacing. I looked at the OBS deinterlacing settings, and it set to disable. I assume that this is the default. So, I played around with it, and viola’! I found a setting that works perfectly FOR ME! I emphasis FOR ME, because your mileage, as they say, may vary! Experiment! Find YOUR sweet spot! But, hey, now it works great! My “sweet spot” was “Yadif 2X.” Dewd! I love it when things just work!

To set this, go into OBS, under “Sources” locate your video device, select “Deinterlacing” from the menu, and set it as shown in the image at the left of this text.

Then, drop me an email and let me know if this tip helped you with your OBS usage!

We geeks need to stick together!

This technology can also be used for pretty dark purposes!

Batteries improvements ARE the future!

A Battery Breakthrough Could End Lithium-Ion’s Reign

OneZero – By: Yasmin Tayag – “Chances are, if you own a smartphone or laptop, much of your life revolves around a lithium-ion battery. It’s just as likely that you know about this battery’s downsides: It eventually stops holding a charge, lithium is scarce and mining it is horrible for the environment, and sometimes, it blows up. And yet, the vast majority of consumer electronics and clean energy storage devices rely on lithium-ion batteries because right now, there’s no better alternative.

Scientists are working hard to find other options. Last week, a paper published in the journal Proceedings of the National Academy of Sciences described a breakthrough in the effort to make a potassium-based battery. Potassium batteries are considered one of the best potential competitors to lithium-ion batteries because potassium is way more naturally abundant than lithium, and the batteries could perform comparably — once a few obstacles are addressed.

‘The uneven distribution and scarcity of lithium in the Earth’s crust make relying on lithium-ion batteries as the sole source of energy storage highly impractical and uneconomical,’ study co-author Nikhil Koratkar, a professor of mechanical engineering at Rensselaer Polytechnic Institute, tells OneZero. Previous potassium batteries didn’t perform as well as lithium-ion technology, he says, but his team has now figured out a way to build one that safely provides more juice.
First, a quick recap on how batteries work: They’re a self-contained chemistry reaction made up of two electrodes — a positive terminal (cathode) and negative terminal (anode) — with a substance called an electrolyte sandwiched between them. What we think of as ‘power’ is a stream of electrons flowing out of the negative terminal to the positive side. Connecting a battery to a device and powering it on completes a circuit that allows this flow to happen.

The chemical makeup of the two electrodes is key. In a lithium-ion battery, the positive terminal is made from a lithium compound and is paired with a negative terminal made of graphite. Lithium is lightweight and especially good at freeing up its electrons for graphite to grab, which is why it performs so well. In a potassium battery, the positive terminal is made from (surprise!) potassium. But since potassium is heavy and naturally less energy-dense, says Koratkar, it doesn’t perform as well when paired with the usual graphite-based negative terminal.

Researchers attempting to make a potassium-based battery have discovered that they can get past this issue by making both the positive and negative terminals out of potassium. ‘Such potassium metal batteries can compete with commercial lithium-ion batteries,’ says Koratkar.

But there is, of course, a catch — one that other researchers attempting to perfect the potassium battery have run into before. The ‘Achilles’ heel,’ Koratkar says, ‘of any metal battery lies in the evolution and growth of sharp metal projections (called dendrites) that can short the battery and result in a fire hazard.’ These dendrites are like tough weeds poking out of concrete. If they break through the structures inside a battery, explosions could ensue.

This is where the team made its breakthrough. Rather than wrestle with dendrite formation, the researchers figured out a way to simply burn them off — a process they gently call ‘self-healing.’ To continue with the weeds analogy, self-healing is akin to periodically heating sidewalks, in a controlled way, to toast weeds into oblivion. ‘To our surprise,’ says Koratkar, ‘we found that potassium is far more amenable than lithium for such type of healing.’

If this feat can be reproduced by other researchers, potassium batteries may stand a chance at knocking lithium-ion from its throne. Of course, there’s a lot of potential for things to go wrong with self-heating batteries, but the team has shown it can be done safely in a controlled manner, at least in the small batteries that were tested. To further address safety and scale, the team plans to try reproducing these results in bigger, industrial-scale batteries.

The potential for potassium-ion batteries is enormous: They not only could make it more economical to power consumer electronics but also bigger devices, like electric cars; further, they could provide a way to store power from green energy sources like solar and wind. Excitement about these prospects appears to be reflected in the research, with scientists in Russia, Australia, and Japan publishing papers on potassium-ion batteries in just the past few months.

Research on other alternatives is ongoing as well. Koratkar roughly divides them into two groups based on the family of metal they belong to on the periodic table. Zinc is another cheap metal that shows promise (and interest from investors) as is sodium. Ultimately, it may be that no one battery — but rather a range of alternatives — takes over lithium-ion’s battery monopoly.”

I talked about graphene batteries back in 2013, now they are actually here!

What software do I always install after setting up a new PC with Linux? Here’s my list:

Linux “Must Have Software”

Office: LibreOffice
Image Manipulation: Gimp
Editor: Notepadqq
Screenshot: https://flameshot.js.org/
Browser: Vivaldi or Brave
Audio Player: VLC Player
Video Capture from Sites: 4Kvideodownload.com
Email (Local) Thunderbird
Bible: E-Sword (under WINE)
VPN: IPVanish
VNC: Remmina
MP3 Tag Editor: easyTag – https://wiki.gnome.org/Apps/EasyTAG
PC Cleaner/Monitor: Stacer
Dropbox
Video Recorder: Cheese
Screen Recorder: Simple Screen Recorder
Games: Frozen Bubble
WYSIWYG HTML Editor: BlueGriffon

Manjaro 19.0

“We are happy to publish another stable release of Manjaro Linux, named Kyria.

The Xfce edition remains our flagship offering and has received the attention it deserves. Only a few can claim to offer such a polished, integrated and leading-edge Xfce experience. With this release we ship Xfce 4.14 and have mostly focused on polishing the user experience with the desktop and window manager. Also we have switched to a new theme called Matcha. A new feature Display-Profiles allows you to store one or more profiles for your preferred display configuration. We also have implemented auto-application of profiles when new displays are connected.

Our KDE edition provides the powerful, mature and feature-rich Plasma 5.17 desktop environment with a unique look-and-feel, which we completely re-designed for this release. The full set of Breath2-themes includes light and dark versions, animated splash-screen, Konsole profiles, Yakuake skins and many more little details. We have rounded off text editor Kate with some additional color schemes and offer Plasma-Simplemenu as an alternative to the traditional Kickoff-Launcher. With a wide selection of latest KDE-Apps 19.12.2 and other applications Manjaro-KDE aims to be a versatile and elegant environment ready for all your everyday needs.

In Gnome edition which is based on version 3.34 series, we also have included a visual refresh for several applications and the desktop itself. The background selection settings also received a redesign, making it easier to select custom backgrounds. By default we added our own dynamic wallpaper that changes throughout the day. GNOME 3.34 also introduces custom folders in the application overview: Simply drag an application icon on top of another to create a folder. Folders are automatically removed again when all icons have been dragged out. With a simpler desktop layout we gain more stability. Our new Gnome-Layout-Switcher enables you to change your desktop layout easily with preset layouts mimicking popular operating systems. Available layouts are: Manjaro, Vanilla Gnome, Mate/Gnome2, Traditional Desktop/Windows, Modern Desktop/MacOs, Unity/Ubuntu Theme. We also automatically change between dark and light theme when Nightlight is triggered. A new theme for the login screen and the addition of Feral’s Gamemode round up our Gnome edition.

Kernel 5.4 LTS is used for this release, such as the latest drivers available to date. Relative to the last installation media release, our tools have been improved and polished.

Pamac 9.3 series received a few updates. With a more robust and reliable transaction backend our update process should be much smoother now. Also we improved package sorting by relevance in our GTK-UI. Enhancing our package management we have enabled snap and flatpak support by default. You can now install snaps or flatpaks very easily, with our new tool Bauh and make use of a larger selection of the latest Linux applications.

We hope you enjoy this release and let us know what you think of Kyria.”