Congress Live Net Worth Tracker
https://www.quiverquant.com/congress-live-net-worth/
Data on politicians' stock portfolios to calculate live net worth estimates for members of Congress.
Tiny11builder - Scripts to build a trimmed-down Windows 11 image
https://github.com/ntdevlabs/tiny11builder
> Scripts to build a trimmed-down Windows 11 image - now in PowerShell! Tiny11 builder, now completely overhauled. After more than a year (for which I am so sorry) of no updates, tiny11 builder is now a much more complete and flexible solution - one script fits all. Also, it is a steppingstone for an even more fleshed-out solution. You can now use it on ANY Windows 11 release (not just a specific build), as well as ANY language or architecture. This is made possible thanks to the much-improved scripting capabilities of PowerShell, compared to the older Batch release. Since it is written in PowerShell, make sure to set the execution policy to Unrestricted, so that you could run the script. If you haven't done this before, make sure to run: Set-ExecutionPolicy unrestricted as administrator in PowerShell before running the script, otherwise it would just crash. This is a script created to automate the build of a streamlined Windows 11 image, similar to tiny11. My main goal is to use only Microsoft utilities like DISM, and no utilities from external sources. The only executable included is oscdimg.exe, which is provided in the Windows ADK and it is used to create bootable ISO images. Also included is an unattended answer file, which is used to bypass the Microsoft Account on OOBE and to deploy the image with the /compact flag. It's open-source, so feel free to add or remove anything you want! Feedback is also much appreciated.
NetBSD 9.4 Released With Security & Stability Fixes
https://www.phoronix.com/news/NetBSD-9.4-Released
> NetBSD 10.0 debuted last month with a long list of improvements and other enhancements that built up over the past several years. For those not yet taking the leap to this big NetBSD update, NetBSD 9.4 is out today for those relying on the stable NetBSD 9 series. NetBSD 9.4 brings various stability enhancements and security fixes. With NetBSD 9.3 having debuted back in 2022, there's a lot in NetBSD 9.4 in terms of fixes. NetBSD 9.4 also includes some updated hardware support such as Intel 600 and 700 series chipset support in various drivers, AMD Zen 3 and Zen 4 support within the temperature driver and related components, supporting newer CPUs in tprof, and various support additions for different wired/wireless network adapters and other device ASICs. NetBSD 9.4 also ships with an updated X.Org Server due to all the security vulnerabilities found over the past two years, updated OpenSSL, and other package updates. The release announcement strongly recommends that NetBSD 9 users upgrade to NetBSD 9.4 if not going straight away for NetBSD 10.
Windows vulnerability reported by the NSA exploited to install Russian malware
> Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian hackers—the company made no mention that it was under active exploitation. As of publication, the company’s advisory still made no mention of the in-the-wild targeting. Windows users frequently prioritize the installation of patches based on whether a vulnerability is likely to be exploited in real-world attacks. Exploiting CVE-2022-38028, as the vulnerability is tracked, allows attackers to gain system privileges, the highest available in Windows, when combined with a separate exploit. Exploiting the flaw, which carries a 7.8 severity rating out of a possible 10, requires low existing privileges and little complexity. It resides in the Windows print spooler, a printer-management component that has harbored previous critical zero-days. Microsoft said at the time that it learned of the vulnerability from the US National Security Agency. On Monday, Microsoft revealed that a hacking group tracked under the name Forest Blizzard has been exploiting CVE-2022-38028 since at least June 2020—and possibly as early as April 2019. The threat group—which is also tracked under names including APT28, Sednit, Sofacy, GRU Unit 26165, and Fancy Bear—has been linked by the US and the UK governments to Unit 26165 of the Main Intelligence Directorate, a Russian military intelligence arm better known as the GRU. Forest Blizzard focuses on intelligence gathering through the hacking of a wide array of organizations, mainly in the US, Europe, and the Middle East. Since as early as April 2019, Forest Blizzard has been exploiting CVE-2022-38028 in attacks that, once system privileges are acquired, use a previously undocumented tool that Microsoft calls GooseEgg. The post-exploitation malware elevates privileges within a compromised system and goes on to provide a simple interface for installing additional pieces of malware that also run with system privileges. This additional malware, which includes credential stealers and tools for moving laterally through a compromised network, can be customized for each target. “While a simple launcher application, GooseEgg is capable of spawning other applications specified at the command line with elevated permissions, allowing threat actors to support any follow-on objectives such as remote code execution, installing a backdoor, and moving laterally through compromised networks,” Microsoft officials wrote. GooseEgg is typically installed using a simple batch script, which is executed following the successful exploitation of CVE-2022-38028 or another vulnerability, such as CVE-2023-23397, which Monday's advisory said has also been exploited by Forest Blizzard. The script is responsible for installing the GooseEgg binary, often named justice.exe or DefragmentSrv.exe, then ensuring that they run each time the infected machine is rebooted.
The Moon brings a wild but precarious fish orgy to California's beaches
> On a Southern Californian beach in the middle of the night, a citizen scientist stood observing thousands of fish having sex. "Unruly thousands, all making noise," they duly jotted down. "Looked like some post-apocalyptic marine Mad Max." This unique mating ritual is known as the grunion run. Unlike most other fish, the small silvery grunions actually spawn onshore, flinging themselves from the ocean onto the sand. In addition, they only spawn during full or new moons – because they need a high tide. Since 2002, the rituals have been observed by "grunion greeters" – citizen scientists who volunteer to observe the fish at 50 California beaches. They report their observations back to Karen Martin, a scientist at Malibu's Pepperdine University, who has been studying grunion for decades. To date, more than 5,000 people have contributed to Martin's project. "We couldn't do it without them," says Martin. "There is no other way for us to get this kind of data. It's pretty remarkable, actually." The fish are near-impossible to count. They are smart enough to avoid nets, and they don't take bait on a hook. "The 'normal' methods for stock assessment do not work for these species," Martin explains. As a result, there's no formal statistic for how many there are – and so they don't have a conservation status either, although Martin says they are certainly under threat and numbers have declined significantly in the past decade according to her research. The fish are only found along the Pacific Coast, primarily between Punta Abreojos in Mexico's Baja California, up to Point Conception, in central California. Scientists believe the fish, which grow to around five inches (13cm) long, have declined in numbers over the past century. Beach erosion, light pollution and development along coastlines are the main threats to the fish, as well as overfishing and habitat destruction.
> The grunion's mating behaviour is unique, to say the least. Females swim as far up as they can and then fling themselves out of the water onto the sand, wiggling their tails to dig a hole, into which they release their eggs. Males follow behind and fertilise the eggs. The eggs remain buried in the sand until the next tide that is high enough to reach the them, usually around 10 days. Then they hatch. This behaviour puts the grunion at risk, though – and not only because they are easy prey when they're spawning on the sand. The beaches the fish use happen to be some of the most popular tourist destinations in California, which are groomed almost daily with heavy machinery, meaning the eggs are often destroyed. "Everything that people do on those beaches is going to impact the environment," Martin says. Although gathering data on the fish has been challenging, there have been some successes with implementing regulations to protect grunion. In 1927, the first regulations to protect grunion were put in place by the California Department of Fish and Wildlife after scientists observed the fish being caught in enormous amounts when they came ashore – people would use nets made from bedsheets to catch grunion en masse. Gear restrictions were introduced during closed season – April until June – meaning locals could only use their bare hands. In the 1940s, marine biologist Boyd Walker observed every grunion run in La Jolla, California, for three years. His dissertation mapped the grunion's range, mating habits, and developed a method to count grunion, now known as the Walker Scale. This is what Martin's grunion greeters use to compile their reports. The scale ranges from W0 meaning "no fish or only a few individuals", to W5 meaning "fish covering the length of the beach, several individuals deep, impossible to see sand between fish". The latter is a rare event, making up only around 1-3% of observations in a year. The citizen scientists assess the number of fish on shore, the duration of the spawning event, and the extent of the shoreline the fish cover. Data gathered from the most popular grunion beaches gathered shows an overall decline in the fish. Martin's study, which she published in 2019 using citizen science data, found from 2002 to 2010 the median average ranking on the Walker scale was W2, indicating 100-500 fish at the peak of a run. From 2010 to 2018 this ranking dropped to a median of W1 – fewer than 100 fish at the peak. Furthermore, a median of W0 – "no run" with little or no spawning – was recorded in both 2014 and 2016. "Despite local concentrations, California grunion are not abundant," says Dianna Porzio, senior environmental scientist at the California Department of Fish and Wildlife. "Although [the grunion greeters] data has limitations, the findings show a decrease in the number of spawning California grunion across much of their southern California range over the past decade."
Good question, I’m not sure it is possible.
Steam Deck Motion Sensors Being Worked On For Linux's HID-Steam Driver
https://www.phoronix.com/news/Steam-Deck-IMU-For-HID-Driver
> A patch is undergoing work to add Steam Deck IMU support to the HID-Steam kernel driver for supporting the accelerometer and gyroscope sensors of the Steam Deck controller. The patches by independent developer Max Maisel allow for the accelerometer and gyroscope features to be exposed to user-space via a separate evdev node with the HID-Steam driver, the kernel driver supporting the Steam Controller and Steam Deck input functionality. This exposing of the Steam Deck IMU support via separate evdev nodes match the behavior of the Nintendo and PlayStation HID kernel drivers for exposing these motion sensors.
