Replies

Re. Linux CUPS vulnerabilities:

Patched by Ubuntu:

https://www.omgubuntu.co.uk/2024/09/ubuntu-secuity-fix-cups-vulnerability 

Other Linux distros to follow. Debian patches available now.

My Linux Mint 21 and LMDE 6 have been patched automatically.

Closing Port 631 could prevent CUPS from accessing networked printers. Maybe that’s exactly the point of the workaround.

See also AskWoody Forum posts following #2706767.

-- rc primak

2 users thanked author for this post.

Lars220, Norio

Patched by Ubuntu:

https://www.omgubuntu.co.uk/2024/09/ubuntu-secuity-fix-cups-vulnerability 

Other Linux distros to follow. Debian patches available now.

-- rc primak

1 user thanked author for this post.

Microfix

There is nothing that can presently be done with DNA data in terms of identification or  misuse.

Tell that to all the people who had their DNA involuntarily included in police and other law enforcement dragnets over the past few years, all without any warrants or probable cause filings.  There is no way that all those dragnets didn’t “catch” some innocent people.

I say almost because there is one real exposure.  Under the GINA act, companies cannot use DNA data for hiring or  health insurance decisions.

Just because the law says they can’t openly do it, does not mean they don’t actually do it. Same with every other type of discrimination, much of it based on physical appearance. There have been studies done about how face to face interviews reinforce the interviewers’ pre-existing biases. Knowing something, even if you can’t legally “use” it, does influence hiring decisions. And academic admissions decisions.

-- rc primak

5 users thanked author for this post.

wavy, Sueska, windbg, SueW, NaNoNyMouse

The important part of your ATM/Debit Card as an identifier is indeed the chip.  Chip security can be defeated, but it’s a daunting technical challenge.

-- rc primak

Formatting error(s). Got it. And yes, that would be an editorial matter, not something Susan got wrong.

-- rc primak

1 user thanked author for this post.

Will Fastie

To clarify, What does “Fi” here refer to? Asking Susan as she was the one who posted this item with no explanation.

-- rc primak

2 users thanked author for this post.

KevinG3, Will Fastie

I also had a fraud alert when someone made a test-ping for under $2.00 USD from London, England, when I had never been there.

-- rc primak

1 user thanked author for this post.

TechTango

DEBIT CARD – i’m confused, what is the benefit, even if i don’t use it?
thanks

Not Susan, but my understanding is that the card number, chip or barcode (magnetic strip) is used as a factor in identifying you to your bank. For me, it’s also my ATM Card, with its own PIN. (ATMs may also have a “tap” phone app option now.)

-- rc primak

An interesting podcast recently discussed whether AI is critical infrastructure. I recommend you give it a listen.

I think the question might be reparsed as:

Are the datacenters and networks involved in AI processing becoming parts of our nation’s critical infrastructure?

And I think the answers soon will be, yes. (Whether we as individuals prefer this or not.)

Maybe the podcast addressed this aspect of the issue.

-- rc primak

The SBAT Revocations List issue with Linux can be resolved by upgrading to the latest Linux version for your distro. In some cases, this means upgrading from an older Long Term Release to a newer one.

At its core, the issue is that some older Linux bootloaders and shims have been blacklisted due to a security issue, which is serious, but only in limited circumstances.

To get updated bootloaders and shims, all that is needed in many cases is to locate sources with the newer bootloaders, shims and other necessary files, and copy the newer files over to the Linux EFI/Boot Directory, with appropriate name changes.

Then the issue will usually be resolved within a few reboots.

No need to remove the updated SBAT blacklist. And no need to change Windows Registry settings before patching.

-- rc primak

Update: You can update your Ventoy Flash Drives to comply with the new SBAT revocations.

Details: https://github.com/ventoy/Ventoy/issues/2692#issuecomment-2031412234

https://mjg59.dreamwidth.org/70348.html 

 

 

 

-- rc primak

Update: After weeks of poring over online Linux forums, I finally found a way to replace the older Shim and GRUB files on my Ventoy USB Fl;ash Drive with the updated versions. I used parts of the Fedora 40 Installer as my source, but Ubuntu and Mint (and Debian) all have their own versions of the updated Shim. Just make sure you rename your new Shim and grubx64.efi and mmx files correctly for Ventoy to continue to work.

Once applied, these changes did require re-enrolling the MOK and Grub Hash once only per computer.  But other than that, the new configuration for Ventoy is compatible with the SBAT blacklist changes.

Details: https://github.com/ventoy/Ventoy/issues/2692   

https://mjg59.dreamwidth.org/70348.html 

 

-- rc primak

Gamers and high-end photo and video editors have never had a great love of Arm, and this has hardly changed since Apple went over to Arm chipsets awhile ago. Anti-cheat routines can potentially benefit from onboard AI, as this could enhance the detection algorithms and learn a particular player’s gaming style. But all of this is moot because Intel and AMD both have NPU-enabled CISC chips already, coming to new PCs and Motherboards soon (early-2025 at the latest). Provided they don’t overheat and destroy themselves when overclocked, these chips will be the basis of serious gaming and graphics rigs on the Windows side by early-2025.

-- rc primak

There is also Microsoft’s own ‘wushowhide.diacab’ from the Redmond chocolate factory as an adequate runner up.

Like all the Windows troubleshooters, at least in Windows 11, the framework which supports wushowhide will be removed in some future Windows 11 upgrade or update. I’ve been preparing for that day by getting to know how Powershell can be used to manage Windows Updates. It’s good, but not easy to learn. Definitely not a simple to use GUI app like wushowhide.

-- rc primak

2 users thanked author for this post.

Cybertooth, KWGuy

I couldn’t have said it better myself. Though I tried.

-- rc primak