Infosec Press

Reader

Read the latest posts from Infosec Press.

from csantosb

img
Remote #ci is the way to go in #modernhw digital design testing. In this #ciseries, let’s see how to implement it with detail using sourcehut and a real world example.
Sourcehut is a lightweight #gitforge where I host my #git repositories. Not only it is based on a paradigm perfectly adapted to #modernhw, but also its builds service includes support for guix (x86_64) images. This means that we will be able to execute all of our testing online inside guix profiles, shells or natively on top of the bare-bones image.

Open logic

Let’s see how in detail using the cookbook as a starting point, and taking as a complete example the fw-open-logic #openlogic firmware package which comes with the electronics guix channel.
Get it with:

guix install fw-open-logic:out

Open logic is a useful #vhdl library of commonly used components, implemented in a reusable and vendor/tool-independent way. As any other #modernhw library, it includes tests sets for any of its components, using the vunit utility in this case.
To run the full tests suite use (user wide using the default $GUIX_PROFILE), install its dependencies, defined in a manifest.scm file (ghdl-clang and python-vunit in this case).

cd open-logic
guix install -m .builds/manifest.scm
cd sim
python3 run.py --ghdl -v

or local to the project, using a profile

cd open-logic
mkdir _deps
export GUIX_PROFILE=open-logic/_deps
guix install -P $GUIX_PROFILE -m .builds/manifest.scm
. $GUIX_PROFILE/etc/profile
cd sim
python3 run.py --ghdl -v

go remote

img
Now, how do we proceed online using #sourcehut #ci builds facility ? Builds will pop up a new environment based on an up to date guix-system image when we push a commit to git.sr.ht, provided we include a .build.yml build manifest file, or by a .build folder with up to 4 build manifest files, at the root of the git project [1]. Be careful: consider that this image is built daily using a crontab job, which is a good and a bad thing at the same time. From one side, you won’t be using the same environment for your tests, which breaks #reproducibility (see comments section below). On the other side, #guix is a rolling release, and new fancy features and new fixes are added every day. Keep this in mind.
Let’s create a .builds folder in a topic test branch, with the following contents:

manifest.scm, list of dependencies in our project
guix.scm, default guix repository, redundant, included here for convenience
channels.scm, list of guix channels remote repositories, in addition to the default guix repository, from where we pull packages
We will be using here my own electronics channel (no substitutes), as well as the guix science channel (which provides substitutes).
(note how here we load the local guix.scm file, instead of making use of the %default-channels global variable)

scheme (load "guix.scm") ;;; %default-channels key.pub, auth key to access substitutes of packages in guix channels

build manifests

From now on, every new push to the test #git branch will trigger the execution of the tasks defined in the three build manifest files

profile1
profile2
shell1

The two profile build manifest files use a slightly different approach, and are given here for comparison purposes only. The shell build manifest uses an isolated shell container within the image itself to illustrate this feature.
Inside the manifests, I declare the image to use, guix, and the global environment variables sourced before each task is run: prj (project name), srv (list of servers with substitutes), manifest and channels (pointing to the corresponding files) and key (same). It is important to declare a trigger action, to receive an email with all relevant information in case of failure (log, id, commit, etc.).

tasks

What’s interesting here is the list of tasks. Some of them are common to all three manifests

env, useful only for debugging
guix__update__channels, replace the default project local guix.scm file by the output of

sh guix describe --format=channels

The goal here is avoid pulling latest guix upstream, useless and cpu and time consuming, and using the local version instead. Remember that the guix system image we are using here is updated daily.

guix__auth, runs the authorize command to add the key.pub file to guix, so that we will be able to download package substitutes when necessary

sh sudo guix archive --authorize < "$key"

Here, one may opt by doing a

sh guix pull --channels="$channels"

as in profile2, to set the revision of the guix channels we are using (remember channels are nothing but git repositories).
Note how in profile1 and shell1 we opt for a different approach.
guix__update__profile, where we create a _deps folder to be used as a local $GUIX_PROFILE (defined in .envrc).
Then, one of

sh # profile1 guix time-machine --channels="$channels" -- \ package -p "$GUIX_PROFILE" \ --substitute-urls="$srv" \ -m "$manifest"

or

sh # profile2 guix \ package -p "$GUIX_PROFILE" \ --substitute-urls="$srv" \ -m "$manifest"

will install packages in $manifest into the $GUIX_PROFILE. I’m using here the time-machine mechanism to set the revision of the guix channels, depending if guix pull was run in the previous stage or not.
vunit, sets env variables in .envrc and runs python3 run.py --ghdl -v inside sim directory
Note that here, we are using ghdl-clang and python-vunit packages, provided respectively by guix-science and the electronics channel.
guix__shell__test, used by shell1, make use of time-machine (no former guix pull, then), to create a shell container, where to install project dependencies. Then, if calls inmediately run.sh to run the unit tests

sh guix time-machine --channels="$channels" -- shell -C --substitute-urls="$srv" -m "$manifest" -- ./.builds/run.sh

comments

You may check the logs of profile1, profile2 and shell1 manifests, including a section with logs per task, to better understand what’s going on here. Remember that #sourcehut gives ssh access to the builds by connecting to the runners in case of failures, which provides a practical way of debugging the manifest files.
You may see how, using the remove guix image, it is possible to deploy a series of tasks to test our #modernhw design as we develop it: we will get an email in case of failure to pass the tests. Here, I present three approaches: guix pulling to set the repositories revisions on use; time-machine, to achieve the same, and guix shell to create an isolated container. These three alternatives are not necessary here, of course, but are given as a simple and practical demo of what can be achieved with #guix, #sourcehut and #ci.
To conclude this long post, it is important to stress once again that the point on using #guix resides in its reproducibility capabilities. By keeping a couple of #plaintext files, namely the manifest.scm and channels.scm, one can obtain #determinism in the execution of the tests. Even if the guix image is upgraded and rebuilt daily (and so it changes), by fixing the revision of our channels (remember, guix pull or guix time-machine) we obtain always the same products out of our tests, as we run the same (project and tests) code, within exactly the same environment.


[1] It is also possible to automatically submit builds when a patch to a repo with build manifests is sent to a mailing list. This is achieved by appending the project name as a prefix to the subject of the message, for example [PATCH project-name].

 
Read more...

from Kevin Neely's Security Notes

A resume workflow from neurond.com Image: a typical resume content extraction workflow from neurond.com

I used to keep my résumé (from here, “resume”) very up-to-date. For a long time, I had a resume crafted in #LaTeX because I have a long history with using that typesetting and markup language for purposes other than the ones most people think of, e.g. I wrote my college English papers in it, I had a slew of templates I created while I was a practicing attorney that would create letters, motions, and envelopes from source .tex files, etc. Keeping content in text makes it more portable across platforms and applications, and the nature of Microsoft Word is that you need to fully re-create the resume every couple years because some invisible formatting munges the entire document.

TL;DR I ended up using RenderCV as mentioned below in the [[Resume Workflow#RenderCV|RenderCV section]].

In the time since I last relied upon a resume, the method of applying for jobs –and more importantly, how recruiters review submissions– has changed pretty drastically. And despite all the great advances in technology over the past ten years, apparently, HR systems still are not that great at parsing a PDF or Word doc into text that can be machine-read by whatever algorithms and/or AI they’re using to perform the first pass. Because of this, you want to make sure to submit a machine-friendly description of your experience. There really should be a standard for all this stuff that makes it easy on both the applicant and the hiring manager. Like, I don’t know, some sort of HR standards body or something. A standard has never emerged, and I suspect that LinkedIn has a lot to do with that.

Additionally, having an easy way to keep one’s resume in sync and in multiple formats means that it can be quickly used for many purposes, from printing an attractive hard copy to piping it through some [[Fabric]] AI workflows. So this set me on a fairly long hunt for a system where I could write once, and generate in multiple formats.

The search for a resume workflow

First round

LaTeX & Pandoc

Since my resume was already in LaTeX, using the 20 second CV set of template –which I think is very nice– I went and updated that and then ran it through pandoc, which is a multi-format document converter. The results ended up being pretty poor and not useful. The PDF looked great, obviously, but pandoc did not understand the LaTeX very well and the Markdown required a lot of edits.

We want everything to look good upon compilation/export/save as/whatever, so this was not an option.

Interlude

I had kind of given up at this point, figuring I either needed to just go Google Docs or maintain a Markdown version and attempt to keep them in sync. Then, I came across a post about an auto-application bot and the author had a related project that used resume information formatted as YAML to create a specific resume based upon job description or LinkedIn post.

Resume from Job Description

This project is called resume render from job description (no cute animal names or obtuse references in this project!), and I gave it a try, but it appeared to require all the fields, including e.g. GPA. I don’t know about you, but I'm way past the point in my career where I'm putting my GPA on a resume, so it wasn’t that useful.

It was late on a Thursday night, so obviously it was time to look a bit further into the rabbit hole

Online options

I found a number of projects that were a service model where they host and render the resume for you. These included resume.lol (I question the naming choice here), Reactive resume (opensource, excellent domain name, and it has nice documentation), and WTF resume (my thought exactly!).

These all came from a post of 14 Open-source Free Resume Builder and CV Generator Apps.

JSONResume

As I traveled further down the Internet search rabbit hole, I came across JSON Resume, an #opensource project with a hosting component where people craft their resumes in JSON and it can then render in a number of formats either via a command-line tool or within their hosted service, making it a kind of hybrid option.

At this point, I felt like I was almost there, but it wasn’t exactly what I wanted. JSONResume is very focused around being part of their ecosystem and publishing within their hosting ecosystem. The original #CLI tool is no longer maintained, and a new one is being worked on, which appears minimal but sufficient for the task. A nice thing is that they have some add-ons and have created a sort of ecosystem of tools. Looking over the project’s 10 year history, those tools have a tendency to come and go, but such is the nature of OSS.

The Award for “Project Most Suited to My Workflow” goes to….

Another great thing about JSON Resume is that they, i.e. Thomas Davis, have done a fantastic job of cataloging various resume systems out there in their JSON Resume projects section. There is so much interesting stuff here –and a lot of duplicative effort ahem see the “HR Standards” comment above– that you can spend a couple days looking for the project that best fits your needs. For me, I landed on RenderCV, which is not only in the bibliography, but also mentioned on the Getting Started page because there are tools to leverage JSON Resume from RenderCV!

So without further ado…

RenderCV

While RenderCV is a part of the JSON Resume ecosystem, in that people have created scripts to convert from the latter to the former, it is a completely separate and standalone project. Written in #python and installable via pip. RenderCV’s approach is to leverage a YAML file, and from that generate consistent resumes in PDF, HTTML, Markdown, and even individual PNG files, allowing the applicant to meet whatever arcane requirements the prospective employer has.

graph LR

	YAML --> TeX & Markdown 
	TeX --> PDF & HTML & PNG

Resume generation workflow

Using RenderCV

Getting started with RenderCV is like pretty much any other project built in python

  1. Create a virtual environment using venv or conda, e.g. conda create -n renderCV python=3.12.4
  2. Install via pip with a simple command pip install rendercv
  3. Follow the quick start guide and create a YAML file with your information in it
  4. Run rendercv render <my_cv>.yaml
  5. View the lovely rendered résumé

Extending RenderCV

This was great, as I now have a very easy-to-edit source document for my résumé and can quickly create others. I’m hoping Sina, the author, makes the framework a bit more extensible in the future because the current templates are oriented toward people with STEM backgrounds looking for individual contributor roles. However, as some of us move further in our careers, the résumé should be less about skills and projects, but more about responsibilities and accomplishments as we lead teams. I have enhanced the “classic” and “sb2nov” themes so that they take these keywords as subsections to a specific company/role combination under the professional_experience section.

Theme update for Leaders and Managers

I created a fork which contains updates to v1.14, adding the “Responsibilities” and “Accomplishments” subsections for company: under the Experience section.
This allows leaders to craft their resume or CV in such a way that it highlights the breadth of their influence and impact to the organization.

The following themes support the additional subsections: – markdown – classic – sb2nov

A non-updated theme will simply ignore the content under these subsections; omitting these sections will make the resume look like the original theme. Hopefully the framework will be more extensible in the future and I can add this as a pull request.
In the meantime, the forked repo at https://github.com/ktneely/rendercv4leaders should work on its own, or the /ExperienceEntry.j2.tex and /ExperienceEntry.j2.md files from those themes can simply be copied over the existing.

How to use

Usage is extremely straightforward, as this merely extends the framework with a couple new keywords for the Experience section and looking for a preceding company declaration. Here is an example:

professional_experience:
  - company: NASA
	position: Director of Flight Operations
	location: Houston, TX
	start_date: 1957-03
	end_date: 1964-06
	responsibilities:
	  - Manage the Control room.
	  - Write performance reports.
	  - Smoke copious amounts of cigarettes
	accomplishments:
	  - 100% staff retention over the course of 9 rocket launches.
	  - Mobilized and orchestrated multiple teams to rescue astronauts trapped in space.
	  - Lung cancer.

This will then render “responsibilities” and “accomplishments” as italicized sections under the job role, highlighting what a difference made while performing in that role.

Maintaining Multiple Versions

This is basically what it all comes down to: the ability to maintain different versions for your target companies. While some work is being done to modularize the source content, it is not yet to the point where each section of the resume is a building block that can be invoked at compile time. What I do is maintain different YAML files and use the parameters in the rendercv_settings section to direct the output to different, meaningfully-named directories while maintaining a generic name for the file itself.

So, instead of “Kevin-LargeCorprole.pdf”, “Kevin-Startuprole.pdf”, etc., I simply send “Kevin-CV.pdf”. This way, it’s not incredibly obvious to the reviewer that I have specially-crafted a resume for that job, it just happens to look like I have exactly what they’re looking for in my default resume.

Automation

Want to automate the build of your resume whenever you update the source file(s)? Look no further than rendercv pipeline to generate the output whenever you commit source to GitHub.

Also, since version 1.15, the --watch flag will watch the source file locally and re-compile every time you save the source YAML file.

References and further exploration

  1. Neurond.com blog post: What is a CV/Resume Parser and How Does it Work?, Trinh Nguyen, Aug 16, 2022.
  2. TeXMaker: an Open-source TeX editor
  3. RenderCV user guide
 
Read more...

from csantosb

img
Remote #ci is the way to go in #modernhw digital design testing. In this #ciseries, let’s see it in practice with some detail using two of the most popular forges out there.

Gitlab

The gitlab #gitforge includes tones of features. Among these, a facility called the container registry, which stores per project container images. Guix pack allows the creation of custom #reproductible environments as images. In particular, it is possible to create a docker image out of our manifest and channels files with

guix time-machine -C channels.scm -- pack --compression=xz --save-provenance -f docker -m manifest.scm

Check the documentation for options.
Remember that there are obviously alternative methods to produce docker images. The point on using guix resides on its reproducibility capabilities: you’ll be able to create a new, identical docker image, out of the manifest and channels files at any point in time. Even more: you’ll have the capacity to retrieve your manifest file out of the binary image in case your manifest file gets lost.
Then, this image must be loaded into the local docker store with

docker load < IMAGE

and renamed to something meaningful

docker tag IMAGE:latest gitlab-registry.whatever.fr/domain/group/NAME:TAG

go remote

img
Finally, pushed to the remote container registry of your project with

docker push gitlab-registry.whatever.fr/domain/group/NAME:TAG

At this point, you have an environment where you’ll run your tests using gitlab's ci features. You’ll set up your gitlab’s runners and manifest files to use this container to execute your jobs.
As an alternative, you could use a ssh executor running on your own fast and powerful hardware resources (dedicated machine, shared cluster, etc.). In this case, you’d rather produce an apptainer container image with:

guix time-machine -C channels.scm -- pack -f squashfs ...

scp this container file to your computing resources and call it from the #gitlab runner.

Github

The github is probably the most popular #gitforge out there. It follows a similar to #gitlab in its conception (pull requests and merge requests, you catch the idea ?). It also includes a container registry, and the set of features if offers may be exchanged with ease with any other #gitforge following the same paradigm. No need to go into more details.
There is a couple of interesting tips about using #github, though. It happens more usually than not that users encounter frequently problems of #reproducibility when using container images hosted on ghcr.io, the hosting service for user images. These images are usually employed for running #ci testing pipelines, and they usually break as upstream changes happen: updates, image definition changes, image packages upgrades, etc. If you read my dependencies hell post, this should ring a bell.
What can be done about in what concerns #modernhw ? Well, we have #guix. Let’s try a differente approach: building an image locally, and pushing it to #github registry. Let’s see how.

in practice

An example repository shows tha way to proceed. Its contents allow to create a docker container image to be hosted remotely. It includes all that’s necessary to perform remote #ci testing of a #modernhw #vhdl design.

docker pull ghcr.io/csantosb/hdl
docker images # check $ID
docker run -ti $ID bash

It includes a couple of #plaintext files to produce a #deterministic container. First, the channels.scm file with the list of guix chanels to use to pull packages from. Then, a manifest.scm, with the list of packages to be install within the container.
The image container may be build with

image=$(guix time-machine --channels=channels.scm -- \
             pack -f docker \
             -S /bin=bin \
             --save-provenance \
             -m manifest.scm)

At this point, it is to be load to the docker store with

docker load < $image
# docker images

Now it is time to tag the image

docker tag IMID ghcr.io/USER/REPO:RELEASE

and login to ghcr.io

docker login -u USER -p PASSWORD ghcr.io

Finally, the image is to be push remotely

docker push ghcr.io/USER/HDL:RELEASE

test

You’ll may test this image using the neorv32 project, for example, with:

docker pull ghcr.io/csantosb/hdl
docker run -ti ID bash
git clone --depth=1 https://github.com/stnolting/neorv32
cd neorv32
git clone --depth=1 https://github.com/stnolting/neorv32-vunit test
cd test
rm -rf neorv32
ln -sf ../../neorv32 neorv32
python3 sim/run.py --ci-mode -v
 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🤖 How threat actors can use generative artificial intelligence? cybercrime – Generative AI is increasingly exploited by cybercriminals for phishing, deepfakes, and disinformation campaigns, posing significant risks in cybersecurity. https://securityaffairs.com/171582/uncategorized/how-threat-actors-can-use-generative-artificial-intelligence.html

🔍 Are You Being Tracked by an AirTag? Here’s How to Check privacy – To check for unwanted AirTag tracking, iPhone users should enable notifications and scan for unknown devices, while Android users can use the Tracker Detect app. If found, remove the battery and contact authorities if necessary. https://www.wired.com/story/how-to-find-airtags/

🪧 Indian online ID verification firm Signzy confirms security incident data breach – Signzy, a major online ID verification provider, confirmed a cyberattack impacting its services for financial institutions. Although some client data was briefly visible online, many customers report no data compromise. https://techcrunch.com/2024/12/02/indian-online-id-verification-firm-signzy-confirms-security-incident/

📳 Small number of vulnerabilities patched in last Android security update of 2024 security news – Google's December 2024 Android Security Bulletin addresses several vulnerabilities, including a high-severity flaw (CVE-2024-43767) allowing remote code execution. Patches are provided to partners for various Android components. https://cyberscoop.com/android-security-update-december-2024/

🚫 Certain names make ChatGPT grind to a halt, and we know why security research – ChatGPT encounters issues when certain names are mentioned due to hard-coded filters, likely stemming from past defamation lawsuits. This can hinder user experience and raise concerns about adversarial attacks. https://arstechnica.com/information-technology/2024/12/certain-names-make-chatgpt-grind-to-a-halt-and-we-know-why/

👯 Apple patents system for identifying people when facial scans aren’t enough privacy – Apple's newly approved patent describes a system that enhances facial recognition with body characteristics like gait and clothing to identify individuals even in unclear video feeds. https://therecord.media/apple-patent-body-recognition-biometrics

💼 Xerox, Nokia, BofA, Morgan Stanley's employees data dumped data breach – A massive data breach linked to the MOVEit vulnerability has exposed personal data of hundreds of thousands of employees from companies like Xerox, Nokia, Bank of America, and Morgan Stanley, posing risks for social engineering attacks. https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/

🛑 Data brokers may be banned from selling your social security number privacy – The CFPB proposes a rule to limit data brokers from selling sensitive personal information, including Social Security numbers, requiring compliance with the Fair Credit Reporting Act and explicit consumer consent for data sharing. https://www.theverge.com/2024/12/3/24311498/cfpb-rule-data-brokers-social-security-number-fico-score

⬆️ North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets cybercrime – North Korean hackers are using false identities to pose as remote IT workers and venture capitalists to steal cryptocurrency and sensitive information, employing sophisticated tactics to infiltrate unsuspecting companies. https://www.bitdefender.com/en-us/blog/hotforsecurity/north-korean-hackers-masquerade-as-remote-it-workers-and-venture-capitalists-to-steal-crypto-and-secrets

🔗 Why Phishers Love New TLDs Like .shop, .top and .xyz cybercrime – Phishing attacks surged nearly 40% due to new generic top-level domains (gTLDs) like .shop and .xyz, which offer cheap registration and minimal verification, making them attractive to scammers. New research highlights the need for stricter regulations. https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

📊 Your Bluesky Posts Are Probably In A Bunch of Datasets Now privacy – Bluesky posts are being scraped into large datasets for machine learning, sparking controversy over consent and privacy. Multiple datasets, including one with 298 million posts, have emerged, raising ethical and legal concerns. https://www.404media.co/bluesky-posts-machine-learning-ai-datasets-hugging-face/

🚗 ‘A Total Meltdown’: Black Friday Zipcar Outage Strands Customers in Random Places security news – A Zipcar outage on Black Friday stranded customers nationwide, locking them out of rented cars and leading to surprise charges. The company attributed the issue to increased site traffic and SMS service problems. https://www.404media.co/a-total-meltdown-black-friday-zipcar-outage-strands-customers-in-random-places/

🌐 Finland says latest fiber-optic cable break was an accident, not sabotage security news – Finland's police confirmed that the recent damage to two fiber-optic cables was accidental, caused by excavation work, not sabotage. The incident led to a major internet outage affecting 6,000 customers and 100 businesses. https://therecord.media/finland-sweden-cable-accident-not-malicious

🚫 Two data brokers banned from selling ‘sensitive’ location data by the FTC privacy – The FTC has banned Gravy Analytics and Mobilewalla from selling sensitive location data, citing violations that put millions of Americans at risk by enabling tracking to sensitive sites. The companies must comply with strict data handling regulations. https://www.theverge.com/2024/12/3/24312313/ftc-bans-sensitive-location-data-brokers-gravy-analytics-venntel-mobilewalla

💬 Eurocops red pill the Matrix 'secure' criminal chat systems cybercrime – French and Dutch police have dismantled the Matrix chat app, a secure messaging tool for criminals, after infiltrating its servers. The operation yielded 2.3 million messages related to criminal activities and resulted in multiple arrests. https://www.theregister.com/2024/12/04/eurocop_crack_matrix/

💻 Tech Support Scams Exploit Google Ads to Target Users cybercrime – Cybercriminals are using Google Ads for tech support scams, manipulating search results to display malicious ads impersonating legitimate companies like PayPal and Netflix. https://www.tripwire.com/state-of-security/tech-support-scams-exploit-google-ads-target-users

🗳️ AI and the 2024 Elections security news – In the unprecedented 2024 elections, AI played a significant role, with both beneficial and harmful applications observed. While AI-assisted campaigns helped connect with voters, misinformation and deepfakes raised concerns about electoral integrity. https://www.schneier.com/blog/archives/2024/12/ai-and-the-2024-elections.html

🔒 U.S. Offered $10M for Hacker Just Arrested by Russia cybercrime – Mikhail Matveev, known as 'Wazawaka,' was arrested by Russian authorities after being indicted by the U.S. for ransomware activities. The arrest raises questions about motivations behind the move, with experts suggesting it could be linked to local corruption and financial pressures. https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/

🎭 Deepfake YouTube Ads of Celebrities Promise to Get You ‘Rock Hard’ security news – YouTube ran ads featuring deepfaked celebrities like Schwarzenegger and Stallone promoting erectile dysfunction supplements. These misleading ads, using AI-generated voices, have been removed after being flagged for false endorsements. https://www.404media.co/deepfake-youtube-ads-of-celebrities-promise-to-get-you-rock-hard/

🚔 Authorities shut down Crimenetwork, the Germany's largest crime marketplace cybercrime – German authorities have dismantled Crimenetwork, the largest German-speaking underground marketplace for illegal goods, arresting an administrator and seizing €1 million in assets. The platform facilitated extensive criminal activities since 2012. https://securityaffairs.com/171658/cyber-crime/german-authorities-shut-down-crimenetwork.html

🫥 US officials recommend encrypted messaging to evade hackers in telecom networks security news – FBI and CISA officials advise Americans to use encrypted messaging apps to protect communications from hackers linked to the Chinese group Salt Typhoon, who may still access U.S. telecom networks. https://www.theverge.com/2024/12/4/24313187/encrypted-apps-salt-typhoon-hack-telecom-fbi-cisa

🔍 $1 phone scanner finds seven Pegasus spyware infections privacy – iVerify's $1 diagnostic tool detected seven instances of Pegasus spyware among 2,500 scans, indicating a broader scope of spyware use beyond just targeting activists. The findings challenge the narrative that commercial spyware is only used against a select few. https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/

🔑 Your AI clone could target your family, but there’s a simple defense security news – The FBI advises families to establish a secret word or phrase to verify identity and protect against AI voice-cloning scams, as criminals increasingly use AI to impersonate loved ones for fraud. https://arstechnica.com/ai/2024/12/your-ai-clone-could-target-your-family-but-theres-a-simple-defense/


Some More, For the Curious

🤦‍♂️ New era of slop security reports for open source security news – An increase in low-quality security reports from AI tools burdens open source maintainers, leading to burnout and confusion. Better reporting practices are needed to protect valuable contributors. https://sethmlarson.dev/slop-security-reports

💰 Supply Chain Attack Detected in Solana's web3.js Library security research – Versions 1.95.6 and 1.95.7 of the @solana/web3.js library were compromised to steal private keys, risking users' cryptocurrency wallets. Developers are urged to audit and secure their projects immediately. https://socket.dev/blog/supply-chain-attack-solana-web3-js-library

🥚 The Curious Case of an Egg-Cellent Resume security research – A campaign by TA4557/FIN6 exploited resumes to install malware and access servers. The attack involved multiple tactics, including credential theft and lateral movement, using various malicious tools. https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/

🥴 Exploit Intelligence this is part of a post series. take a look at the others! 😉 cyber defense – The article discusses the significance of exploit intelligence in cybersecurity, highlighting the need for organizations to stay informed about vulnerabilities and emerging threats to enhance their defense strategies. https://vulncheck.com/blog/exploit-intelligence

🃏 ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches cyber defense – This article outlines essential strategies for securing Industrial Control Systems against cyber threats found in their card game, emphasizing isolation and comprehensive security practices to mitigate risks. https://www.blackhillsinfosec.com/mitigations-to-scenarios-found-in-ics-ot-backdoors-and-breaches/

🌉 Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship privacy – The Tor Project aims to deploy 200 new WebTunnel bridges by year-end to combat increasing censorship in Russia, where government actions have made existing bridges less accessible. https://securityaffairs.com/171601/digital-id/tor-project-needs-200-webtunnel-bridges.html

🛡️ Building Cyber Resilience Against Ransomware Attacks cyber defense – Ransomware attacks are on the rise, costing organizations an average of $5.24 million. This article outlines a framework for building resilience against ransomware, emphasizing the need for effective response, sustainability, and recovery strategies. https://blog.nviso.eu/2024/12/03/building-cyber-resilience-against-ransomware-attacks/

🔌 Zero Day Initiative — Detailing the Attack Surfaces of the WolfBox E40 EV Charger hacking write-up – The WolfBox E40 EV charger has been analyzed for potential vulnerabilities, revealing attack surfaces via its mobile app and hardware components. The firmware extraction process highlights risks associated with its communications module and embedded OS. https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger

📊 Linux Foundation report highlights the true state of open source libraries in production apps security news – The Linux Foundation's Census III report reveals insights on open source libraries in production, emphasizing the rise of Rust for memory safety and ongoing reliance on Python 2, which raises security risks. https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/

🔧 Veeam addressed critical Service Provider Console (VSPC) bug vulnerability – Veeam fixed a critical vulnerability (CVE-2024-42448) in its Service Provider Console that could allow remote code execution. Organizations are urged to upgrade to version 8.1.0.21999 to mitigate this and another related vulnerability. https://securityaffairs.com/171651/security/veeam-addressed-critical-service-provider-console-vspc-flaw.html

🏝️ (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments cyber defense – Mandiant reveals a technique to bypass browser isolation using QR codes for command-and-control (C2) communication, highlighting vulnerabilities in browser isolation technologies while recommending continued use as a defense measure against web threats. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

🌶️ White House: Chinese telecom hacks have been in motion for years security news – A White House official revealed that the Salt Typhoon hack, linked to Chinese state-sponsored actors, has impacted eight U.S. telecom companies and has been ongoing for two years, posing risks to communications and requiring urgent cybersecurity measures. https://cyberscoop.com/salt-typhoon-national-security-council-chinese-spying/

🏁 RACE Conditions in Modern Web Applications security research – RACE conditions, where simultaneous processes lead to unpredictable outcomes, remain a security concern in web applications. Recent research highlights new methods to exploit these vulnerabilities, emphasizing the need for proactive mitigation strategies in application development. https://www.guidepointsecurity.com/blog/race-conditions-in-modern-web-applications/

🧫 Analyzing the vulnerability landscape in Q3 2024 security news – Q3 2024 saw an increase in vulnerabilities in Windows and Linux, with notable exploits affecting systems like WinRAR and Microsoft Office. Experts emphasize the importance of timely patching and monitoring to mitigate risks. https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/


CISA Corner

🔒 CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers security news – CISA, alongside the NSA, FBI, and international partners, issued guidance to enhance security following a cyber espionage campaign by a PRC-affiliated threat actor targeting global telecommunications networks. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global

🔒 Cisco Releases Security Updates for NX-OS Software vulnerability – Cisco has issued security updates for NX-OS software to fix a vulnerability that could allow cybercriminals to gain control of affected systems. Users are advised to review the advisory and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software

⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – On December 3, 2024, CISA issued eight advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – On December 5, 2024, CISA issued two advisories addressing security vulnerabilities in Industrial Control Systems: AutomationDirect C-More EA9 Programming Software and Planet Technology Planet WGS-804HPT, urging users to review them for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/05/cisa-releases-two-industrial-control-systems-advisories

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging users to address these risks to federal networks. The vulnerabilities include CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-51378, a vulnerability in CyberPanel related to incorrect default permissions, to its Known Exploited Vulnerabilities Catalog, highlighting the need for Federal agencies to remediate this risk promptly. https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Ducks

From 49.12.82.250 to 195.201.173.222 Lots of domains moved , both ips in Hetzner space. Many of the domanis are fake crypto investing sites #cryptoscam. And other scam sites.

 
Read more...

from Тетрадка | Notebook

I.

1 When the heavens above did not exist, 2 And earth beneath had not come into being — 3 There was Apsû, the first in order, their begetter, 4 And demiurge Tia-mat, who gave birth to them all; 5 They had mingled their waters together 6 Before meadow-land had coalesced and reed-bed was to he found — 7 When not one of the gods had been formed 8 Or had come into being, when no destinies had been decreed, 9 The gods were created within them: 10 Lah(mu and Lah(amu were formed and came into being. 11 While they grew and increased in stature 12 Anšar and Kišar, who excelled them, were created. 13 They prolonged their days, they multiplied their years. 14 Anu, their son, could rival his fathers. 15 Anu, the son, equalled Anšar, 16 And Anu begat Nudimmud, his own equal. 17 Nudimmud was the champion among his fathers: 18 Profoundly discerning, wise, of robust strength; 19 Very much stronger than his father's begetter, Anšar 20 He had no rival among the gods, his brothers. 21 The divine brothers came together, 22 Their clamour got loud, throwing Tia-mat into a turmoil. 23 They jarred the nerves of Tia-mat, 24 And by their dancing they spread alarm in Anduruna. 25 Apsû did not diminish their clamour, 26 And Tia-mat was silent when confronted with them. 27 Their conduct was displeasing to her, 28 Yet though their behaviour was not good, she wished to spare them. 29 Thereupon Apsû, the begetter of the great gods, 30 Called Mummu, his vizier, and addressed him, 31 “Vizier Mummu, who gratifies my pleasure, 32 Come, let us go to Tia-mat!” 33 They went and sat, facing Tia-mat, 34 As they conferred about the gods, their sons. 35 Apsû opened his mouth 36 And addressed Tia-mat 37 “Their behaviour has become displeasing to me 38 And I cannot rest in the day-time or sleep at night. 39 I will destroy and break up their way of life 40 That silence may reign and we may sleep.” 41 When Tia-mat heard this 42 She raged and cried out to her spouse, 43 She cried in distress, fuming within herself, 44 She grieved over the (plotted) evil, 45 “How can we destroy what we have given birth to? 46 Though their behaviour causes distress, let us tighten discipline graciously.” 47 Mummu spoke up with counsel for Apsû— 48 (As from) a rebellious vizier was the counsel of his Mummu— 49 “Destroy, my father, that lawless way of life, 50 That you may rest in the day-time and sleep by night!” 51 Apsû was pleased with him, his face beamed 52 Because he had plotted evil against the gods, his sons. 53 Mummu put his arms around Apsû's neck, 54 He sat on his knees kissing him. 55 What they plotted in their gathering 56 Was reported to the gods, their sons. 57 The gods heard it and were frantic. 58 They were overcome with silence and sat quietly. 59 Ea, who excels in knowledge, the skilled and learned, 60 Ea, who knows everything, perceived their tricks. 61 He fashioned it and made it to be all-embracing, 62 He executed it skilfully as supreme—his pure incantation. 63 He recited it and set it on the waters, 64 He poured sleep upon him as he was slumbering deeply. 65 He put Apsû to slumber as he poured out sleep, 66 And Mummu, the counsellor, was breathless with agitation. 67 He split (Apsû's) sinews, ripped off his crown, 68 Carried away his aura and put it on himself. 69 He bound Apsû and killed him; 70 Mummu he confined and handled roughly. 71 He set his dwelling upon Apsû, 72 And laid hold on Mummu, keeping the nose-rope in his hand. 73 After Ea had bound and slain his enemies, 74 Had achieved victory over his foes, 75 He rested quietly in his chamber, 76 He called it Apsû, whose shrines he appointed. 77 Then he founded his living-quarters within it, 78 And Ea and Damkina, his wife, sat in splendour. 79 In the chamber of the destinies, the room of the archetypes, 80 The wisest of the wise, the sage of the gods, Be-l was conceived. 81 In Apsû was Marduk born, 82 In pure Apsû was Marduk born. 83 Ea his father begat him, 84 Damkina his mother bore him. 85 He sucked the breasts of goddesses, 86 A nurse reared him and filled him with terror. 87 His figure was well developed, the glance of his eyes was dazzling, 88 His growth was manly, he was mighty from the beginning. 89 Anu, his father's begetter, saw him, 90 He exulted and smiled; his heart filled with joy. 91 Anu rendered him perfect: his divinity was remarkable, 92 And he became very lofty, excelling them in his attributes. 93 His members were incomprehensibly wonderful, 94 Incapable of being grasped with the mind, hard even to look on. 95 Four were his eyes, four his ears, 96 Flame shot forth as he moved his lips. 97 His four ears grew large, 93 And his eyes likewise took in everything. 99 His figure was lofty and superior in comparison with the gods, 100 His limbs were surpassing, his nature was superior. 101 'Mari-utu, Mari-utu, 102 The Son, the Sun-god, the Sun-god of the gods.' 103 He was clothed with the aura of the Ten Gods, so exalted was his strength, 104 The Fifty Dreads were loaded upon him. 105 Anu formed and gave birth to the four winds, 106 He delivered them to him, “My son, let them whirl!” 107 He formed dust and set a hurricane to drive it, 108 He made a wave to bring consternation on Tia-mat. 109 Tia-mat was confounded; day and night she was frantic. 110 The gods took no rest, they . . . . . . . 111 In their minds they plotted evil, 112 And addressed their mother Tia-mat, 113 “When Apsû, your spouse, was killed, 114 You did not go at his side, but sat quietly. 115 The four dreadful winds have been fashioned 116 To throw you into confusion, and we cannot sleep. 117 You gave no thought to Apsû, your spouse, 113 Nor to Mummu, who is a prisoner. Now you sit alone. 119 Henceforth you will be in frantic consternation! 120 And as for us, who cannot rest, you do not love us! 121 Consider our burden, our eyes are hollow. 122 Break the immovable yoke that we may sleep. 123 Make battle, avenge them! 124 [ . . ] . . . . reduce to nothingness! 125 Tia-mat heard, the speech pleased her, 126 (She said,) “Let us make demons, [as you] have advised.” 127 The gods assembled within her. 128 They conceived [evil] against the gods their begetters. 129 They . . . . . and took the side of Tia-mat, 130 Fiercely plotting, unresting by night and day, 131 Lusting for battle, raging, storming, 132 They set up a host to bring about conflict. 133 Mother H(ubur, who forms everything, 134 Supplied irresistible weapons, and gave birth to giant serpents. 135 They had sharp teeth, they were merciless . . . . 136 With poison instead of blood she filled their bodies. 137 She clothed the fearful monsters with dread, 138 She loaded them with an aura and made them godlike. 139 (She said,) “Let their onlooker feebly perish, 140 May they constantly leap forward and never retire.” 141 She created the Hydra, the Dragon, the Hairy Hero 142 The Great Demon, the Savage Dog, and the Scorpion-man, 143 Fierce demons, the Fish-man, and the Bull-man, 144 Carriers of merciless weapons, fearless in the face of battle. 145 Her commands were tremendous, not to be resisted. 146 Altogether she made eleven of that kind. 147 Among the gods, her sons, whom she constituted her host, 148 She exalted Qingu, and magnified him among them. 149 The leadership of the army, the direction of the host, 150 The bearing of weapons, campaigning, the mobilization of conflict, 151 The chief executive power of battle, supreme command, 152 She entrusted to him and set him on a throne, 153 “I have cast the spell for you and exalted you in the host of the gods, 154 I have delivered to you the rule of all the gods. 155 You are indeed exalted, my spouse, you are renowned, 156 Let your commands prevail over all the Anunnaki.” 157 She gave him the Tablet of Destinies and fastened it to his breast, 158 (Saying) “Your order may not be changed; let the utterance of your mouth be firm.” 159 After Qingu was elevated and had acquired the power of Anuship, 160 He decreed the destinies for the gods, her sons: 161 “May the utterance of your mouths subdue the fire-god, 162 May your poison by its accumulation put down aggression.”

II.

1 Tia-mat gathered together her creation 2 And organised battle against the gods, her offspring. 3 Henceforth Tia-mat plotted evil because of Apsû 4 It became known to Ea that she had arranged the conflict. 5 Ea heard this matter, 6 He lapsed into silence in his chamber and sat motionless. 7 After he had reflected and his anger had subsided 8 He directed his steps to Anšar his father. 9 He entered the presence of the father of his begetter, Anšar, 10 And related to him all of Tia-mat's plotting. 11 “My father, Tia-mat our mother has conceived a hatred for us, 12 She has established a host in her savage fury. 13 All the gods have turned to her, 14 Even those you (pl.) begat also take her side 15 They . . . . . and took the side of Tia-mat, 16 Fiercely plotting, unresting by night and day, 17 Lusting for battle, raging, storming, 18 They set up a host to bring about conflict. 19 Mother H(ubur, who forms everything, 20 Supplied irresistible weapons, and gave birth to giant serpents. 21 They had sharp teeth, they were merciless. 22 With poison instead of blood she filled their bodies. 23 She clothed the fearful monsters with dread, 24 She loaded them with an aura and made them godlike. 25 (She said,) “Let their onlooker feebly perish, 26 May they constantly leap forward and never retire.” 27 She created the Hydra, the Dragon, the Hairy Hero, 28 The Great Demon, the Savage Dog, and the Scorpion-man, 29 Fierce demons, the Fish-man, and the Bull-man, 30 Carriers of merciless weapons, fearless in the face of battle. 31 Her commands were tremendous, not to be resisted. 32 Altogether she made eleven of that kind. 33 Among the gods, her sons, whom she constituted her host, 34 She exalted Qingu and magnified him among them. 35 The leadership of the army, the direction of the host, 36 The bearing of weapons, campaigning, the mobilization of conflict, 37 The chief executive power of battle supreme command, 38 She entrusted to him and set him on a throne. 39 “I have cast the spell for you and exalted you in the host of the gods, 40 I have delivered to you the rule of all the gods. 41 You are indeed exalted, my spouse, you are renowned, 42 Let your commands prevail over all the Anunnaki.” 43 She gave him the tablet of Destinies and fastened it to his breast, 44 (Saying) “Your order may not he changed; let the utterance of your mouth be firm.” 45 After Qingu was elevated and had acquired the power of Anuship 46 He decreed the destinies for the gods. her sons: 47 “May the utterance of your mouths subdue the fire-god, 48 May your poison by its accumulation put down aggression.” 49 Anšar heard; the matter was profoundly disturbing. 50 He cried “Woe!” and bit his lip. 51 His heart was in fury, his mind could not be calmed. 52 Over Ea his son his cry was faltering. 53 “My son, you who provoked the war, 54 Take responsibility for whatever you alone have done! 55 You set out and killed Apsû, 56 And as for Tia-mat, whom you made furious, where is her equal?” 57 The gatherer of counsel, the learned prince, 58 The creator of wisdom, the god Nudimmud 59 With soothing words and calming utterance 60 Gently answered [his] father Anšar 61 “My father, deep mind, who decrees destiny, 62 Who has the power to bring into being and destroy, 63 Anšar, deep mind, who decrees destiny, 64 Who has the power to bring into being and to destroy, 65 I want to say something to you, calm down for me for a moment 66 And consider that I performed a helpful deed. 67 Before I killed Apsû 68 Who could have seen the present situation? 69 Before I quickly made an end of him 70 What were the circumstances were I to destroy him?” 71 Anšar heard, the words pleased him. 72 His heart relaxed to speak to Ea, 73 “My son, your deeds are fitting for a god, 74 You are capable of a fierce, unequalled blow . . [ . . . ] 75 Ea, your deeds are fitting for a god, 76 You are capable of a fierce, unequalled blow . . [ . . . ] 77 Go before Tia-mat and appease her attack, 78 . . [ . . . ] . . . her fury with [your] incantation.” 79 He heard the speech of Anšar his father, 80 He took the road to her, proceeded on the route to her. 81 He went, he perceived the tricks of Tia-mat, 82 [He stopped], fell silent, and turned back. 83 [He] entered the presence of august Anšar 84 Penitently addressing him, 85 “[My father], Tia-mat's deeds are too much for me. 86 I perceived her planning, and [my] incantation was not equal (to it). 87 Her strength is mighty, she is full of dread, 88 She is altogether very strong, none can go against her. 89 Her very loud cry did not diminish, 90 [I became afraid] of her cry and turned back. 91 [My father], do not lose hope, send a second person against her. 92 Though a woman's strength is very great, it is not equal to a man's. 93 Disband her cohorts, break up her plans 94 Before she lays her hands on us.” 95 Anšar cried out in intense fury, 96 Addressing Anu his son, 97 “Honoured son, hero, warrior, 98 Whose strength is mighty, whose attack is irresistible 99 Hasten and stand before Tia-mat, 100 Appease her rage that her heart may relax 101 If she does not harken to your words, 102 Address to her words of petition that she may be appeased.” 103 He heard the speech of Anšar his father, 104 He took the road to her, proceeded on the route to her. 105 Anu went, he perceived the tricks of Tia-mat, 106 He stopped, fell silent, and turned back. 107 He entered the presence of Anšar the father who begat him, 108 Penitently addressing him. 109 “My father, Tia-mat's [deeds] are too much for me. 110 I perceived her planning, but my [incantation] was not [equal] (to it). 111 Her strength is mighty, she is [full] of dread, 112 She is altogether very strong, no one [can go against her]. 113 Her very loud noise does not diminish, 114 I became afraid of her cry and turned back. 115 My father, do not lose hope, send another person against her. 116 Though a woman's strength is very great, it is not equal to a man's. 117 Disband her cohorts, break up her plans, 118 Before she lays her hands on us.” 119 Anšar lapsed into silence, staring at the ground, 120 He nodded to Ea, shaking his head. 121 The Igigi and all the Anunnaki had assembled, 122 They sat in tight-lipped silence. 123 No god would go to face . . [ . . ] 124 Would go out against Tia-mat . . . . [ . . ] 125 Yet the lord Anšar, the father of the great gods, 126 Was angry in his heart, and did not summon any one. 127 A mighty son, the avenger of his father, 128 He who hastens to war, the warrior Marduk 129 Ea summoned (him) to his private chamber 130 To explain to him his plans. 131 “Marduk, give counsel, listen to your father. 132 You are my son, who gives me pleasure, 133 Go reverently before Anšar, 134 Speak, take your stand, appease him with your glance.” 135 Be-l rejoiced at his father's words, 136 He drew near and stood in the presence of Anšar. 137 Anšar saw him, his heart filled with satisfaction, 138 He kissed his lips and removed his fear. 139 “My [father] do not hold your peace, but speak forth, 140 I will go and fulfil your desires! 141 [Anšar,] do not hold your peace, but speak forth, 142 I will go and fulfil your desires! 143 Which man has drawn up his battle array against you? 144 And will Tia-mat, who is a woman, attack you with (her) weapons? 145 [“My father], begetter, rejoice and be glad, 146 Soon you will tread on the neck of Tia-mat! 147 [Anšar], begetter, rejoice and be glad, 148 Soon you will tread on the neck of Tia-mat! 149 [“Go,] my son, conversant with all knowledge, 150 Appease Tia-mat with your pure spell. 151 Drive the storm chariot without delay, 152 And with a [ . . ] which cannot be repelled turn her back.” 153 Be-l rejoiced at his father's words, 154 With glad heart he addressed his father, 155 “Lord of the gods, Destiny of the great gods, 156 If I should become your avenger, 157 If I should bind Tia-mat and preserve you, 158 Convene an assembly and proclaim for me an exalted destiny. 159 Sit, all of you, in Upšukkinakku with gladness, 160 And let me, with my utterance, decree destinies instead of you. 161 Whatever I instigate must not be changed, 162 Nor may my command be nullified or altered.”

III.

1 Anšar opened his mouth 2 And addressed Kaka, his vizier, 3 “Vizier Kaka, who gratifies my pleasure, 4 I will send you to Lah(mu and Lah(amu. 5 You are skilled in making inquiry, learned in address. 6 Have the gods, my fathers, brought to my presence. 7 Let all the gods be brought, 8 Let them confer as they sit at table. 9 Let them eat grain, let them drink ale, 10 Let them decree the destiny for Marduk their avenger. 11 Go, be gone, Kaka, stand before them, 12 And repeat to them all that I tell you: 13 “Anšar, your son, has sent me, 14 And I am to explain his plans. 15-52 = II, 11-48 ( instead of 'My father,' put ' 'Thus,' ) 53 I sent Anu, but he could not face her. 54 Nudimmud took fright and retired. 55 Marduk, the sage of the gods, your son, has come forward, 56 He has determined to meet Tia-mat. 57 He has spoken to me and said, 58-64 = II, 156-162 ( begin with quotation marks: “If ) 65 Quickly, now, decree your destiny for him without delay, 66 That he may go and face your powerful enemy.” 67 Kaka went. He directed his steps 68 To Lah(mu and Lah(amu, the gods his fathers. 69 He prostrated himself, he kissed the ground before them, 70 He got up, saying to them he stood, 71-124 = II, 13-66 125 When Lah(h(a and Lah(amu heard, they cried aloud. 126 All the Igigi moaned in distress, 127 “What has gone wrong that she took this decision about us? 128 We did not know what Tia-mat was doing.” 129 All the great gods who decree destinies 130 Gathered as they went, 131 They entered the presence of Anšar and became filled with [joy], 132 They kissed one another as they . [ . . ] in the assembly. 133 They conferred as they sat at table, 134 They ate grain, they drank ale. 135 They strained the sweet liquor through their straws, 136 As they drank beer and felt good, 137 They became quite carefree, their mood was merry, 138 And they decreed the fate for Marduk, their avenger.

IV.

1 Anšar opened his mouth 2 And addressed Kaka, his vizier, 3 “Vizier Kaka, who gratifies my pleasure, 4 I will send you to Lah(mu and Lah(amu. 5 You are skilled in making inquiry, learned in address. 6 Have the gods, my fathers, brought to my presence. 7 Let all the gods be brought, 8 Let them confer as they sit at table. 9 Let them eat grain, let them drink ale, 10 Let them decree the destiny for Marduk their avenger. 11 Go, be gone, Kaka, stand before them, 12 And repeat to them all that I tell you: 13 “Anšar, your son, has sent me, 14 And I am to explain his plans. 15-52 = II, 11-48 ( instead of 'My father,' put ' 'Thus,' ) 53 I sent Anu, but he could not face her. 54 Nudimmud took fright and retired. 55 Marduk, the sage of the gods, your son, has come forward, 56 He has determined to meet Tia-mat. 57 He has spoken to me and said, 58-64 = II, 156-162 ( begin with quotation marks: “If ) 65 Quickly, now, decree your destiny for him without delay, 66 That he may go and face your powerful enemy.” 67 Kaka went. He directed his steps 68 To Lah(mu and Lah(amu, the gods his fathers. 69 He prostrated himself, he kissed the ground before them, 70 He got up, saying to them he stood, 71-124 = II, 13-66 125 When Lah(h(a and Lah(amu heard, they cried aloud. 126 All the Igigi moaned in distress, 127 “What has gone wrong that she took this decision about us? 128 We did not know what Tia-mat was doing.” 129 All the great gods who decree destinies 130 Gathered as they went, 131 They entered the presence of Anšar and became filled with [joy], 132 They kissed one another as they . [ . . ] in the assembly. 133 They conferred as they sat at table, 134 They ate grain, they drank ale. 135 They strained the sweet liquor through their straws, 136 As they drank beer and felt good, 137 They became quite carefree, their mood was merry, 138 And they decreed the fate for Marduk, their avenger.

V

1 He fashioned heavenly stations for the great gods, 2 And set up constellations, the patterns of the stars. 3 He appointed the year, marked off divisions, 4 And set up three stars each for the twelve months. 5 After he had organized the year, 6 He established the heavenly station of Ne-beru to fix the stars' intervals. 7 That none should transgress or be slothful 8 He fixed the heavenly stations of Enlil and Ea with it. 9 Gates he opened on both sides, 10 And put strong bolts at the left and the right. 11 He placed the heights (of heaven) in her (Tia-mat's) belly, 12 He created Nannar, entrusting to him the night. 13 He appointed him as the jewel of the night to fix the days, 14 And month by month without ceasing he elevated him with a crown, 15 (Saying,) “Shine over the land at the beginning of the month, 16 Resplendent with horns to fix six days. 17 On the seventh day the crown will be half size, 18 On the fifteenth day, halfway through each month, stand in opposition. 19 When Šamaš [sees] you on the horizon, 20 Diminish in the proper stages and shine backwards. 21 On the 29th day, draw near to the path of Šamaš, 22 . [ . . ] the 30th day, stand in conjunction and rival Šamaš. 23 I have ( . . . . ] . the sign, follow its track, 24 Draw near . . ( . . . . . ) give judgment. 25 . [ . . . . ] . Šamaš, constrain [murder] and violence, 26 . [ . . . . . . . . . . . . . . . . . . . ] . me. * * * * * * 35 At the end [ . . . 36 Let there [be] the 29th day [ . . . “ 37 After [he had . . . . ] the decrees [ . . . 38 The organization of front and . [ . . . 39 He made the day [ . . . 40 Let the year be equally [ . . . 41 At the new year [ . . . 42 The year . . . . . [ . . . 43 Let there be regularly [ . . . 44 The projecting bolt [ . . . 45 After he had [ . . . 46 The watches of night and day [ . . . 47 The foam which Tia-mat [ . . . 48 Marduk fashioned [ . . . 49 He gathered it together and made it into clouds. 50 The raging of the winds, violent rainstorms, 51 The billowing of mist—the accumulation of her spittle— 52 He appointed for himself and took them in his hand. 53 He put her head in position and poured out . . [ . . ] . 54 He opened the abyss and it was sated with water. 55 From her two eyes he let the Euphrates and Tigris flow, 56 He blocked her nostrils, but left . . 57 He heaped up the distant [mountains] on her breasts, 58 He bored wells to channel the springs. 59 He twisted her tail and wove it into the Durmah(u, 60 [ . . . ] . . the Apsû beneath his feet. 61 [He set up] her crotch—it wedged up the heavens— 62 [(Thus) the half of her] he stretched out and made it firm as the earth. 63 [After] he had finished his work inside Tia-mat, 64 [He spread] his net and let it right out. 65 He surveyed the heavens and the earth . . [ . ] . 66 [ . . ] their bonds . . . . . . . 67 After he had formulated his regulations and composed [his] decrees, 68 He attached guide-ropes and put them in Ea's hands. 69 [The Tablet] of Destinies which Qingu had taken and carried, 70 He took charge of it as a trophy (?) and presented it to Anu. 71 [The . ] . of battle, which he had tied on or had put on his head, 72 [ . ] . he brought before his fathers. 73 [Now] the eleven creatures to which Tia-mat had given birth and . . . , 74 He broke their weapons and bound them (the creatures) to his feet. 75 He made images of them and stationed them at the [Gate] of the Apsû, 76 To be a sign never to be forgotten. 77 [The gods] saw it and were jubilantly happy, 78 (That is,) Lah(mu, Lah(amu and all his fathers. 79 Anšar [embraced] him and published abroad his title, “Victorious King,” 80 Anu, Enlil and Ea gave him gifts. 81 Mother Damkina, who bore him, hailed him, 82 With a clean festal robe she made his face shine. 83 To Usmû, who held her present to give the news, 84 [He entrusted] the vizierate of the Apsû and the care of the holy places. 85 The Igigi assembled and all did obeisance to him, 86 Every one of the Anunnaki was kissing his feet. 87 They all [gathered] to show their submission, 88 [ . . . ] . they stood, they bowed down, “Behold the king!” 89 His fathers [ . . . ] . and took their fill of his beauty, 90 Be-l listened to their utterance, being girded with the dust of battle. 91 . [ . . . . . . . . . . . . ] . . . . . . . 92 Anointing his body with . [ . . . ] cedar perfume. 93 He clothed himself in [his] lordly robe, 94 With a crown of terror as a royal aura. 95 He took up his club and held it in his right hand, 96 . . . ] . he grasped in his left. 97 [ . . . . . . . . . . . . . . . . . . . . ] 98 . . . ] . he set his feet. 99 He put upon . [ . . . 100 The sceptre of prosperity and success [he hung] at his side. 101 After [he had . . . ] the aura [ 102 He adorned(?) his sack, the Apsû, with a fearful [ . . ] 103 Was settled like . [ . . . 104 In [his] throne room [ . . . 105 In his cella [ . . . 106 Every one of the gods [ . . . 107 Lah(mu and Lah(amu . [ . . . . . . . ] . 108 Opened their mouths and [addressed] the Igigi gods, 109 “Previously Marduk was our beloved son, 110 Now he is your king, heed his command!” 111 Next, they all spoke up together, 112 “His name is Lugaldimmerankia, trust in him!” 113 When they had given kingship to Marduk, 114 They addressed to him a benediction for prosperity and success, 115 “Henceforth you are the caretaker of our shrine, 116 Whatever you command, we will do!” 117 Marduk opened his mouth to speak 118 And addressed the gods his fathers, 119 “Above the Apsû, the emerald (?) abode, 120 Opposite Ešarra, which I built for you, 121 Beneath the celestial parts, whose floor I made firm, 122 I will build a house to be my luxurious abode. 123 Within it I will establish its shrine, 124 I will found my chamber and establish my kingship. 125 When you come up from the Apsû to make a decision 126 This will be your resting place before the assembly. 127 When you descend from heaven to make a decision 128 This will be your resting place before the assembly. 129 I shall call its name 'Babylon', “The Homes of the Great Gods”, 130 Within it we will hold a festival: that will be the evening festival. 131 [The gods], his fathers, [heard] this speech of his, 132 . [ . . . . . . . . . . . . ] . they said, 133 “With regard to all that your hands have made, 134 Who has your [ . . . ]? 135 With regard to the earth that your hands have made, 136 Who has your [ . . . ]? 137 In Babylon, as you have named it, 138 Put our [resting place] for ever. 139 . [ . . . . . . . . . ] let them our bring regular offerings 140 . [ . . . . . . . . . . . . . . . . ] . . 141 Whoever [ . . . ] our tasks which we . [ . . . 142 Therein [ . . . . . ] its toil . [ . . . 143 [ . . . . . . . . . . . . . . . . . . . . . ] 144 They rejoiced [ . . . . . . . . . . . ] . . [ . . . 145 The gods . [ . . . . . . . . . . . . . ] 146 He who knows [ . . . . . . . . . ] . them 147 He opened [his mouth showing] them light, 148 . . [ . . . . . . . . . ] his speech . [ . ] 149 He made wide [ . . . . . . . . ] . them [ . . . 150 And . [ . . . . . . . . . . . . ] . . . . . 151 The gods bowed down, speaking to him, 152 They addressed Lugaldimmerankia, their lord, 153 “Formerly, lord, [you were our beloved] son, 154 Now you are our king, . . [ . . . ] 155 He who . [ . ] . [ . ] preserved [us] 156 . . [. . . ] the aura of club and sceptre. 157 Let him conceive plans [ . . . . ] . . [ . . . ] 158 [ . ] . . [ . . . . . . that] we . [ . . .”

VI.

1 When Marduk heard the gods' speech 2 He conceived a desire to accomplish clever things. 3 He opened his mouth addressing Ea, 4 He counsels that which he had pondered in his heart, 5 “I will bring together blood to form bone, 6 I will bring into being Lullû, whose name shall be 'man'. 7 I will create Lullû—man 8 On whom the toil of the gods will be laid that they may rest. 9 I will skilfully alter the organization of the gods: 10 Though they are honoured as one, they shall be divided into two.” 11 Ea answered, as he addressed a word to him, 12 Expressing his comments on the resting of the gods, 13 “Let one brother of theirs be given up. 14 Let him perish that people may be fashioned. 15 Let the great gods assemble 16 And let the guilty one be given up that they may be confirmed.” 17 Marduk assembled the great gods, 18 Using gracious direction as he gave his order, 19 As he spoke the gods heeded him: 20 The king addressed a word to the Anunnaki, 21 “Your former oath was true indeed, 22 (Now also) tell me the solemn truth: 23 Who is the one who instigated warfare, 24 Who made Tia-mat rebel, and set battle in motion? 25 Let him who instigated warfare be given up 26 That I may lay his punishment on him; but you sit and rest. 27 The Igigi, the great gods, answered him, 28 That is, Lugaldimmerankia, the counsellor of the gods, the lord, 29 “Qingu is the one who instigated warfare, 30 Who made Tia-mat rebel and set battle in motion.” 31 They bound him, holding him before Ea, 32 They inflicted the penalty on him and severed his blood-vessels. 33 From his blood he (Ea) created mankind, 34 On whom he imposed the service of the gods, and set the gods free. 35 After the wise Ea had created mankind 36 And had imposed the service of the gods upon them— 37 That task is beyond comprehension 38 For Nudimmud performed the creation with the skill of Marduk— 39 King Marduk divided the gods, 40 All the Anunnaki into upper and lower groups. 41 He assigned 300 in the heavens to guard the decrees of Anu 42 And appointed them as a guard. 43 Next he arranged the organization of the netherworld. 44 In heaven and netherworld he stationed 600 gods. 45 After he had arranged all the decrees, 46 And had distributed incomes among the Anunnaki of heaven and netherworld, 47 The Anunnaki opened their mouths 48 And addressed their lord Marduk, 49 “Now, lord, seeing you have established our freedom 50 What favour can we do for you? 51 Let us make a shrine of great renown: 52 Your chamber will be our resting place wherein we may repose. 53 Let us erect a shrine to house a pedestal 54 Wherein we may repose when we finish (the work).” 55 When Marduk heard this, 56 He beamed as brightly as the light of day, 57 “Build Babylon, the task you have sought. 58 Let bricks for it be moulded, and raise the shrine!” 59 The Anunnaki wielded the pick. 60 For one year they made the needed bricks. 61 When the second year arrived, 62 They raised the peak of Esagil, a replica of the Apsû. 63 They built the lofty temple tower of the Apsû 64 And for Anu, Enlil, and Ea they established its . . as a dwelling. 65 He sat in splendour before them, 66 Suveying its horns, which were level with the base of Ešarra. 67 After they had completed the work on Esagil 68 All the Anunnaki constructed their own shrines. 69 300 Igigi of heaven and 600 of the Apsû, all of them, had assembled. 70 Be-l seated the gods, his fathers, at the banquet 71 In the lofty shrine which they had built for his dwelling, 72 (Saying,) “This is Babylon, your fixed dwelling, 73 Take your pleasure here! Sit down in joy! 74 The great gods sat down, 75 Beer-mugs were set out and they sat at the banquet. 76 After they had enjoyed themselves inside 77 They held a service in awesome Esagil. 78 The regulations and all the rules were confirmed: 79 All the gods divided the stations of heaven and netherwor1d. 80 The college of the Fifty great gods took their seats, 81 The Seven gods of destinies were appointed to give decisions. 82 Be-l received his weapon, the bow, and laid it before them: 83 His divine fathers saw the net which he had made. 84 His fathers saw how skilfully wrought was the structure of the bow 85 As they praised what he had made. 86 Anu lifted it up in the divine assembly, 87 He kissed the bow, saying, “It is my daughter!” 88 Thus he called the names of the bow: 89 “Long Stick” was the first; the second was, “May it hit the mark.” 90 With the third name, “Bow Star”, he made it to shine in the sky, 91 He fixed its heavenly position along with its divine brothers. 92 After Anu had decreed the destiny of the bow, 93 He set down a royal throne, a lofty one even for a god, 94 Anu set it there in the assembly of the gods. 95 The great gods assembled, 96 They exalted the destiny of Marduk and did obeisance. 97 They invoked a curse on themselves 98 And took an oath with water and oil, and put their hands to their throats. 99 They granted him the right to exercise kingship over the gods, 100 They confirmed him as lord of the gods of heaven and netherworld. 101 Anšar gave him his exalted name, Asalluh(i 102 “At the mention of his name, let us show submission! 103 When he speaks, let the gods heed him, 104 Let his command be superior in upper and lower regions. 105 May the son, our avenger, be exalted, 106 Let his lordship be superior and himself without rival. 107 Let him shepherd the black-heads, his creatures, 108 Let them tell of his character to future days without forgetting. 109 Let him establish lavish food offerings for his fathers, 110 Let him provide for their maintenance and be caretaker of their sanctuaries, 111 Let him burn incense to rejoice their sanctums. 112 Let him do on earth the same as he has done in heaven: 113 Let him appoint the black-heads to worship him. 114 The subject humans should take note and call on their gods, 115 Since he commands they should heed their goddesses, 116 Let food offerings be brought [for] (?) their gods and goddesses, 117 May they (?) not be forgotten, may they remember their gods, 118 May they . . . their . . , may they . . their shrines. 119 Though the black-heads worship some one, some another god, 120 He is the god of each and every one of us! 121 Come, let us call the fifty names 122 Of him whose character is resplendent, whose achievement is the same. 123 (1) MARDUK As he was named by his father Anu from his birth, 124 Who supplies pasturage and watering, making the stables flourish. 125 Who bound the boastful with his weapon, the storm flood, 126 And saved the gods, his fathers, from distress. 127 He is the son, the sun-god of the gods, he is dazzling, 128 Let them ever walk in his bright light. 129 On the peoples that he created, the living beings, 130 He imposed the service of the gods and they took rest. 131 Creation and annihilation, forgiveness and exacting the penalty 132 Occur at his command, so let them fix their eyes on him. 133 (2) Marukka: he is the god who created them 134 Who put the Anunnaki at ease, the Igigi at rest. 135 (3) Marutukku: he is the support of land, city, and its peoples, 136 Henceforth let the peoples ever heed him. 137 (4) Meršakušu: fierce yet deliberating, angry yet relenting, 138 His mind is wide, his heart is all-embracing. 139 (5) Lugaldimmerankia is the name by which we all called him, 140 Whose command we have exalted above that of the gods his fathers. 141 He is the lord of all the gods of heaven and netherworld, 142 The king at whose injunctions the gods in upper and lower regions shudder. 143 (6) Narilugaldimmerankia is the name we gave him, the mentor of every god, 144 Who established our dwellings in heaven and netherworld in time of trouble, 145 Who distributed the heavenly stations between Igigi and Anunnaki, 146 Let the gods tremble at his name and quake on their seats. 147 (7) Asalluh(i is the name by which his father Anu called him, 148 He is the light of the gods, a mighty hero, 149 Who, as his name says, is a protecting angel for god and land, 150 Who by a terrible combat saved our dwelling in time of trouble. 151 (8) Asalluh(i-Namtilla they called him secondly, the life-giving god, 152 Who, in accordance with the form (of) his (name), restored all the ruined gods, 153 The lord, who brought to life the dead gods by his pure incantation, 154 Let us praise him as the destroyer of the crooked enemies. 155 (9) Asalluh(i-Namru, as his name is called thirdly, 156 The pure god, who cleanses our character.” 157 Anšar, Lah(mu, and Lah(amu (each) called him by three of his names, 158 Then they addressed the gods, their sons, 159 “We have each called him by three of his names,

160 Now you call his names, like us.” 161 The gods rejoiced as they heard their speech, 162 In Upšuukkinaki they held a conference, 163 “Of the warrior son, our avenger, 164 Of the provisioner, let us extol the name.” 165 They sat down in their assembly, summoning the destinies, 166 And with all due rites they called his name:

VII.

1 (10)Asarre, the giver of arable land who established plough-land, 2 The creator of barley and flax, who made plant life grow. 3 (11)Asaralim, who is revered in the counsel chamber, whose counsel excels, 4 The gods heed it and grasp fear of him. 5 (12)Asaralimnunna, the noble, the light of the father, his begetter, 6 Who directs the decrees of Anu, Enlil, and Ea, that is Ninšiku. 7 He is their provisioner, who assigns their incomes, 8 Whose turban multiplies abundance for the land. 9 (13) Tutu is he, who accomplishes their renovation, 10 Let him purify their sanctuaries that they may repose. 11 Let him fashion an incantation that the gods may rest, 12 Though they rise up in fury, let them withdraw. 13 He is indeed exalted in the assembly of the gods, his [fathers], 14 No one among the gods can [equal] him. 15 (14) Tutu-Ziukkinna, the life of [his] host, 16 Who established, the pure heavens for the gods, 17 Who took charge of their courses, who appointed [their stations], 16 May he not be forgotten among mortals, but [let them remember] his deeds. 19 (15) Tutu-Ziku they called him thirdly, the establisher of purification, 20 The god of the pleasant breeze, lord of success and obedience, 21 Who produces bounty and wealth, who establishes abundance, 22 Who turns everything scant that we have into profusion, 23 Whose pleasant breeze we sniffed in time of terrible trouble, 24 Let men command that his praises be constantly uttered, let them offer worship to him. 25 As (16) Tutu-Agaku, fourthly, let humans extol him, 26 Lord of the pure incantation, who brought the dead back to life, 27 Who showed mercy on the Bound Gods, 28 Who threw the imposed yoke on the gods, his enemies, 29 And to spare them created mankind. 30 The merciful, in whose power it is to restore to life, 31 Let his words be sure and not forgotten 32 From the mouths of the black-heads, his creatures. 33 As (17) Tutu-Tuku, fifthly, let their mouth give expression to his pure spell, 34 Who extirpated all the wicked by his pure incantation. 35 (18) Šazu, who knew the heart of the gods, who saw the reins, 36 Who did not let an evil-doer escape from him, 37 Who established the assembly of the gods, who rejoiced their hearts, 38 Who subjugated the disobedient, he is the gods' encompassing protection. 39 He made truth to prosper, he uprooted perverse speech, 40 He separated falsehood from truth. 41 As (19) Šazu-Zisi, secondly, let them continually praise him, the subduer of aggressors, 42 Who ousted consternation of from the bodies of the gods, his fathers. 43 (20) Šazu-Suh(rim, thirdly, who extirpated every foe with his weapons, 44 Who confounded their plans and turned them into wind. 45 He snuffed out all the wicked who came against him, 46 Let the gods ever shout acclamations in the assembly. 47 (21) Šazu-Suh(gurim, fourthly, who established success for the gods, his fathers, 48 Who extirpated foes and destroyed their offspring, 49 Who scattered their achievements, leaving no part of them, 50 Let his name be spoken and proclaimed in the land. 51 As (22) Šazu-Zah(rim, fifthly, let future gererations discuss him, 52 The destroyer of every rebel, of all the disobedient, 53 Who brought all the fugitive gods into the shrines, 54 Let this name of his be established. 55 As (23) Šazu-Zah(gurim, sixthly, let them altogether and everywhere worship him, 56 Who himself destroyed all the foes in battle. 57 (24) Enbilulu is he, the lord who supplies them abundantly, 58 Their great chosen one, who provides cereal offerings, 59 Who keeps pasturage and watering in good condition and established it for the land, 60 Who opened watercourses and distributed plentiful water. 61 (25) Enbilulu-Epadun, lord of common land and . . ., let them [call him] secondly, 62 Canal supervisor of heaven and netherworld, who sets the furrow, Who establishes clean arable land in the open country, 63 Who directs irrigation ditch and canal, and marks out the furrow. 64 As (26) Enbilulu-Gugal, canal supervisor of the water courses of the gods, let them praise him thirdly, 65 Lord of abundance, profusion, and huge stores (of grain), 66 Who provides bounty, who enriches human habitations, 67 Who gives wheat, and brings grain into being. 68 (27) Enbilulu-H(egal, who accumulates abundance for the peoples . . . . 69 Who rains down riches on the broad earth, and supplies abundant vegetation. 70 (28) Sirsir, who heaped up a mountain on top of Tia-mat, 71 Who plundered the corpse of Tia-mat with [his] weapons, 72 The guardian of the land, their trustworthy shepherd, 73 Whose hair is a growing crop, whose turban is a furrow, 74 Who kept crossing the broad Sea in his fury, 75 And kept crossing over the place of her battle as though it were a bridge. 76 (29) Sirsir-Malah( they named him secondly—so be it— 77 Tia-mat was his boat, he was her sailor. 78 (30) Gil, who ever heaps up piles of barley, massive mounds, 79 The creator of grain and flocks, who gives seed for the land. 80 (31) Gilima, who made the bond of the gods firm, who created stability, 81 A snare that overwhelmed them, who yet extended favours. 82 (32) Agilima, the lofty, who snatches off the crown, who takes charge of snow, 83 Who created the earth on the water and made firm the height of heaven. 84 (33) Zulum, who assigns meadows for the gods and divides up what he has created, 85 Who gives incomes and food-offerings, who administers shrines. 86 (34) Mummu, creator of heaven end underworld, who protects refugees, 87 The god who purifies heaven and underworld, secondly Zulummu, 88 In respect of whose strength none other among the gods can equal him. 89 (35) Gišnumunab, creator of all the peoples, who made the world regions, 90 Who destroyed Tia-mat's gods, and made peoples from part of them. 91 (36) Lugalabdubur, the king who scattered the works of Tia-mat, who uprooted her weapons, 92 Whose foundation is secure on the “Fore and Aft”. 93 (37) Pagalguenna, foremost of all lords, whose strength is exalted, 94 Who is the greatest among the gods, his brothers, the most noble of them all. 95 (38) Lugaldurmah(, king of the bond of the gods, lord of Durmah(u, 96 Who is the greatest in the royal abode, infinitely more lofty than the other gods. 97 (39) Aranunna, counsellor of Ea, creator of the gods, his fathers, 98 Whom no god can equal in respect of his lordly walk. 99 (40) Dumuduku, who renews for himself his pure abode in Duku, 100 Dumuduku, without whom Lugalduku does not make a decision. 101 (41) Lugalšuanna, the king whose strength is exalted among the gods, 102 The lord, the strength of Anu, he who is supreme, chosen of Anšar. 103 (42) Irugga, who plundered them all in the Sea, 104 Who grasps all wisdom, is comprehensive in understanding. 105 (43) Irqingu, who plundered Qingu in . . . battle, 106 Who directs all decrees and establishes lordship. 107 (44) Kinma, the director of all the gods, who gives counsel, 108 At whose name the gods bend down in reverence as before a hurricane. 109 (45) Dingir-Esiskur—let him take his lofty seat in the House of Benediction, 110 Let the gods bring their presents before him 111 Until he receives their offerings. 112 No one but he accomplishes clever things 113 The four (regions) of black-heads are his creation, 114 Apart from him no god knows the measure of their days. 115 (46) Girru, who makes weapons hard (?), 116 Who accomplished clever things in the battle with Tia-mat, 117 Comprehensive in wisdom, skilled in understanding, 118 A deep mind, that all the gods combined do not understand. 119 Let (47) Addu be his name, let him cover the whole span of heaven, 120 Let him thunder with his pleasant voice upon the earth, 121 May the rumble fill (?) the clouds And give sustenance to the peoples below. 122 (48) Aša-ru, who, as his name says, mustered the Divine Fates 123 He indeed is the warden of absolutely all peoples. 124 As (49) Ne-beru let him hold the crossing place of heaven and underworld, 125 They should not cross above or below, but should wait for him. 126 Ne-beru is his star, which he caused to shine in the sky, 127 Let him take his stand on the heavenly staircase that they may look at him. 128 Yes, he who constantly crosses the Sea without resting, 129 Let his name be Ne-beru, who grasps her middle, 130 Let him fix the paths of the stars of heaven, 131 Let him shepherd all the gods like sheep, 132 Let him bind Tia-mat and put her life in mortal danger, 133 To generations yet unborn, to distant future days, 134 May he continue unchecked, may he persist into eternity. 135 Since he created the heavens and fashioned the earth, 136 Enlil, the father, called him by his own name, (50) 'Lord of the Lands'. 137 Ea heard the names which all the Igigi called 138 And his spirit became radiant. 139 “Why! He whose name was extolled by his fathers 140 Let him, like me, be called (51) 'Ea'. 141 Let him control the sum of all my rites, 142 Let him administer all my decrees.” 143 With the word “Fifty” the great gods 144 Called his fifty names and assigned him an outstanding position. 145 They should be remembered; a leading figure should expound them, 146 The wise and learned should confer about them, 147 A father should repeat them and teach them to his son, 148 One should explain them to shepherd and herdsman. 149 If one is not negligent to Marduk, the Enlil of the gods, 150 May one's land flourish, and oneself prosper, 151 (For) his word is reliable, his command unchanged, 152 No god can alter the utterance of his mouth. 153 When he looks in fury, he does not relent, 154 When his anger is ablaze, no god can face him. 155 His mind is deep, his spirit is all-embracing, 156 Before whom sin and transgression are sought out. 157 Instruction which a leading figure repeated before him (Marduk): 158 He wrote it down and stored it so that generations to come might hear it. 159 [ . . ] . Marduk, who created the Igigi gods, 160 Though they diminish . . . let them call on his name. 161 . . . the song of Marduk, 162 Who defeated Tia-mat and took kingship

 
Read more...

from Тетрадка | Notebook

R hslfow szev nvmgrlmvw yvuliv, gszg, rm gsv zfgfnm lu gsv kivxvwrmt bvzi, R szw ulin'w nlhg lu nb rmtvmrlfh zxjfzrmgzmxv rmgl z xofy lu nfgfzo rnkilevnvmg, dsrxs dzh xzoovw gsv Qfmgl; dv nvg lm Uirwzb vevmrmth. Gsv ifovh gszg R wivd fk ivjfrivw gszg vevib nvnyvi, rm srh gfim, hslfow kilwfxv lmv li nliv jfvirvh lm zmb klrmg lu Nlizoh, Klorgrxh, li Mzgfizo Ksrolhlksb, gl yv wrhxfhh'w yb gsv xlnkzmb; zmw lmxv rm gsivv nlmgsh kilwfxv zmw ivzw zm vhhzb lu srh ldm dirgrmt, lm zmb hfyqvxg sv kovzhvw. Lfi wvyzgvh dviv gl yv fmwvi gsv wrivxgrlm lu z kivhrwvmg, zmw gl yv xlmwfxgvw rm gsv hrmxviv hkrirg lu rmjfrib zugvi gifgs, drgslfg ulmwmvhh uli wrhkfgv, li wvhriv lu erxglib; zmw, gl kivevmg dzings, zoo vckivhhrlmh lu klhrgrevmvhh rm lkrmrlmh, li wrivxg xlmgizwrxgrlm, dviv zugvi hlnv grnv nzwv xlmgizyzmw, zmw kilsryrgvw fmwvi hnzoo kvxfmrzib kvmzogrvh.

 
Read more...

from 📰wrzlbrmpft's cyberlights💥

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

📦 Vorsicht vor gefälschten Paketbenachrichtigungen warning – Kriminelle nutzen die Black Friday Zeit, um gefälschte Paketbenachrichtigungen zu versenden, die Nutzer zur Zahlung von angeblichen Versandkosten verleiten und sie in Abofallen locken. https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/

🧱 Google blocked 1000 pro China websites from services security news – Google has blocked over 1,000 sites linked to a network promoting pro-China narratives, exposing coordinated disinformation tactics that blur the lines between authentic and fake news. https://www.theregister.com/2024/11/25/google_beijing_propaganda/

📦 Supply chain vendor Blue Yonder succumbs to ransomware cybercrime – Blue Yonder has suffered a ransomware attack, disrupting services and affecting customers like Starbucks and UK retailers, who are struggling to maintain supply chain operations. https://www.theregister.com/2024/11/26/blue_yonder_ransomware/

📞 Malware linked to Salt Typhoon used to hack telcos around the world security news – Salt Typhoon, a sophisticated Chinese APT group, has exploited various vulnerabilities to infiltrate telecom companies globally, using advanced malware and tactics for cyber-espionage. https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

🔧 Weekend QNAP, Veritas bugs hit patch pipelines vulnerability – QNAP patched 24 vulnerabilities in its products, including critical flaws in Notes Station 3, while Veritas faces delays in addressing seven critical vulnerabilities in its Enterprise Vault software. https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/

🚔 Emergency Vehicle Lights Can Screw Up a Car’s Automated Driving System security research – Research reveals that emergency vehicle lights can disrupt camera-based automated driving systems, causing them to misidentify objects and potentially leading to accidents, highlighting vulnerabilities in AI driving tech. https://www.wired.com/story/emergency-vehicle-lights-can-screw-up-a-cars-automated-driving-system/

🚫 Steam Removes Oct 7 Game at Request of UK Counter-Terrorism Unit security news – Valve removed the game 'Fursan al-Aqsa' from Steam in the UK at the request of the Counter-Terrorism Internet Referral Unit, citing concerns over its portrayal of violence related to the Israel-Palestine conflict. https://www.404media.co/steam-removes-oct-7-game-at-request-of-uk-counter-terrorism-unit/

🔓 Canadian privacy regulators publish details of medical testing company’s data breach data breach – A court ruling has allowed the public release of a report detailing a 2019 data breach at LifeLabs, exposing millions of Canadians' health data and revealing inadequate security measures. https://therecord.media/canadian-privacy-regulators-publish-life-labs-investigation

🦠 Russia-linked hackers exploited Firefox and Windows bugs in 'widespread' hacking campaign security research – RomCom, a Russian-linked hacking group, exploited zero-day vulnerabilities in Firefox and Windows to deploy malware via a 'zero-click' exploit, targeting users in Europe and North America. https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

🤫 US alleges man is cybercrook with distaste for opsec cybercrime – Nicholas Kloster, 31, is accused of a cybercrime spree in Missouri, including unauthorized access and damage to computers, showing a blatant disregard for operational security. https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

📊 Someone Made a Dataset of One Million Bluesky Posts for 'Machine Learning Research' privacy – A dataset of one million public Bluesky posts was released for machine learning research but was later removed by its creator, citing violations of transparency and consent principles. https://www.404media.co/someone-made-a-dataset-of-one-million-bluesky-posts-for-machine-learning-research/

👔 NSO Group Spies on People on Behalf of Governments privacy – NSO Group, known for selling Pegasus spyware, reportedly operates the spyware on behalf of governments, revealing that they install and extract data from targeted devices themselves. https://www.schneier.com/blog/archives/2024/11/nso-group-spies-on-people-on-behalf-of-governments.html

⚖️ Judge rejects data brokers’ bid to throw out case brought by law enforcement officers privacy – A federal judge denied data brokers' motion to dismiss a lawsuit by New Jersey law enforcement officers under Daniel's Law, which protects their personal information from being disclosed online. https://therecord.media/judge-rejects-bid-to-throw-out-data-broker-police-privacy-case

🎮 Russian Disinformation Campaign Spreads Lies About Ukraine's ‘Stalker 2’ security news- A Russian disinformation campaign falsely claims that the Ukrainian game Stalker 2 is used for military enlistment and data collection, aiming to undermine the game's significance amidst the ongoing conflict. https://www.404media.co/stalker2-disinformation/

📳 T-Mobile says telco hackers had 'no access' to customer call and text message logs data breach – T-Mobile stated that hackers did not access customer calls, texts, or voicemails during a cyberattack linked to the China-backed group Salt Typhoon, while emphasizing their robust cybersecurity measures. https://techcrunch.com/2024/11/27/t-mobile-says-telco-hackers-had-no-access-to-customer-call-and-text-message-logs/

🚢 Investigators think a Chinese ship purposefully cut critical data cables security news – European investigators allege a Chinese ship intentionally dragged its anchor to sever two critical data cables, potentially linked to Russian intelligence, while the Kremlin denies involvement. https://techcrunch.com/2024/11/27/investigators-think-a-chinese-ship-purposefully-cut-critical-data-cables/

💻 Mimic Ransomware: What You Need To Know malware – Mimic ransomware, first identified in 2022, encrypts files and may exfiltrate data, leveraging the legitimate 'Everything' tool for quick file access. Infected files have a '.QUIETPLACE' extension, and a new variant called Elpaco has emerged, targeting systems via RDP. https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

⚽ Italian football club Bologna FC says company data stolen during ransomware attack data breach – Bologna FC confirmed a ransomware attack by RansomHub, resulting in the theft of 200GB of sensitive data, including financial documents and player medical records, which may be leaked online. https://therecord.media/italian-football-club-blogna-fc-ransomware

📱 15 SpyLoan Android apps found on Google play had over 8 million installs malware – McAfee identified 15 SpyLoan apps on Google Play with over 8 million installs, exploiting users through deceptive tactics to collect sensitive data and leading to extortion and harassment. https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html


Some More, For the Curious

🤦‍♂️ Malicious NPM Package Exploits React Native Documentation Example security research – A malicious npm package mimicked official React Native documentation, tricking developers and highlighting vulnerabilities in supply chain security. Vigilance is essential to prevent such attacks. https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/

🗳️ Security Analysis of the MERGE Voting Protocol security research – The MERGE voting protocol, intended for internet voting, is criticized for its fundamental flaws and the impracticality of ensuring trustworthy elections without significant legal and administrative reforms. https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html

🎮 The Exploitation of Gaming Engines: A New Dimension in Cybercrime cybercrime – Cybercriminals exploit Godot Engine to distribute malware undetected, infecting over 17,000 machines. This new trend poses significant risks to developers and gamers alike. https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/

🚨 Malware campaign abused flawed Avast Anti security research – Threat actors exploited a vulnerable Avast Anti-Rootkit driver to gain kernel-level access, disable security tools, and compromise systems, highlighting the risks of flawed drivers in malware campaigns. https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

🛡️ Zyxel firewalls targeted in recent ransomware attacks vulnerability – Zyxel warns that a ransomware group is exploiting a patched command injection vulnerability in its firewalls, allowing attackers to execute OS commands if certain conditions are met. https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html

🔑 BitLocker Security: Are Your Keys Truly Safe? hacking write-up – BitLocker's security relies on the TPM, but its default configuration may expose vulnerabilities. Without additional authentication, attackers can sniff the TPM bus and access encryption keys, compromising data. https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/

🧑‍💻 The source code of Banshee Stealer leaked online malware – Banshee Stealer, a macOS malware for stealing sensitive data, has had its source code leaked on GitHub, leading to the shutdown of its operations by the developers. https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.html

📄 The Four Question Framework for Threat Modeling security research – Shostack + Associates has released a free whitepaper on the Four Question Framework for Threat Modeling, emphasizing the importance of consistent phrasing to maintain nuance and intent in security discussions. https://shostack.org/blog/four-question-frame/

⚠️ ProjectSend critical flaw actively exploited in the wild, experts warn vulnerability – A critical vulnerability in ProjectSend (CVE-2024-11680) is being actively exploited, allowing unauthorized access and webshell uploads. Many instances remain unpatched, raising significant security concerns. https://securityaffairs.com/171494/hacking/projectsend-critical-flaw-actively-exploited.html

🏇 Race Condition Attacks against LLMs security research – New attacks against LLMs include 'Flowbreaking,' which disrupts guardrails, and 'Second Thoughts,' where LLMs retract sensitive content if a user interrupts the response. These exploit vulnerabilities in the surrounding application architecture. https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html

🔒 Zabbix urges upgrades after SQL injection bug disclosure vulnerability – Zabbix warns of a critical SQL injection vulnerability (CVE-2024-42327) affecting multiple product versions, potentially allowing full system compromise. Users are urged to upgrade to the latest versions for protection. https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/

🐱 Code found online exploits LogoFAIL to install Bootkitty Linux backdoor malware – Malicious code exploiting the LogoFAIL vulnerability can hijack the boot process of certain Linux devices from manufacturers like Acer and HP, allowing installation of the Bootkitty backdoor without user interaction. https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/


CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2023-28461, a vulnerability in Array Networks, to its catalog due to active exploitation, underscoring the need for federal agencies to address known vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Тетрадка | Notebook

“Както водата, газта и електричеството идват отдалеч в нашето жилище с помощта на почти незабележимо движение на ръката, за да ни обслужат, така ще бъдем снабдявани с картини или с поредици от тонове, които ще се появяват с помощта на едно леко движение, почти знак, и също тъй ще ни напускат.”

 
Read more...

from Kevin Neely's Security Notes

I finally decided to move my #NextCloud instance from one that I had been operating on the #Vultr hosting service to my #HomeLab.

A note on Vultr: I am impressed with this service. I have used them for multiple projects and paid with various means, from credit card to #cryptocurrency for about 10 years and I cannot even remember a downtime that impacted me. (In fact, I think there was only one real downtime, which was planned, well-communicated, and didn’t impact me because my setup was fairly resilient). With a growing volume of data, and sufficient spare hardware that wasn’t doing anything, I decided to bring it in-house.

This is not going to be a full guide, as there are plenty of those, but I did run into some hurdles that may be common, especially if a pre-built Nextcloud instance was used. So this is meant to provide some color and augment the official and popular documentation.

Getting started

Plan out the migration

Migration Overview

Essentially, there are three high-level steps to this process 1. Build a new Nextcloud server in the homelab 2. Copy the configuration (1 file), database (1 backup file), apps (install apps), and data (all user files) over to the new system 3. Restore all the copied data to the new instance

Preparing to Migrate

  1. Start with the NextCloud official documentation for migrating to a different server as well as:
    1. Backing up Nextcloud
    2. and the restoring a server doc
  2. Check out Nicholas Henkey’s migrate Nextcloud to a new server blog post. This is very thorough and has some great detail if you’re not super familiar with Nextcloud (because you used a pre-built instance)
  3. For the new build:
    1. A full set of installation instructions, placing [Nextcloud behind an Nginx proxy](https://github.com/jameskimmel/Nextcloud_Ubuntu/blob/main/nextcloud_behind_NGINX_proxy.md.
    2. An older install document for Installing Nextcloud on Ubuntu with Redis, APCu, SSL & Apache

Migration

While the official documentation describes the basics, the following is the steps I recommend following. This is at a medium level, providing the details, but not the specific command-line arguments (mostly).

  1. Build the new server
    1. Use your favorite flavor of Linux (I used Debian, and these notes will reflect that)
      1. install all updates,
      2. install fail2ban or similar security if you’re exposing this to the Internet.
      3. name the new system the same as the outgoing server
    2. Download the Nextcloud install from the nextcloud download site and choose either:
      1. update the current system to the latest version of whatever major version your running, and then download latest-XX.tar.bz2 where ‘XX’ is your version
      2. identify your exact version and download it from nextcloud
    3. Install the dependencies (mariaDB, redis, php, apache, etc. etc.)
      1. note: if the source server is running nginx, I recommend sticking with that for simplicity, keeping in mind that only Apache is officially supported
    4. Unpack Nextcloud
    5. Validate that it’s working
    6. Place it into maintenance mode
  2. Backup the data

    1. If using multi-factor authentication, find your recovery codes or create new ones
    2. Place the server into maintenance mode
    3. Backup the database
    4. copy the database backup to a temporary location on the new server
  3. Restore the data

    1. Restore the database
    2. copy /path/to/nextcloud/config/config.php over the existing config.php
    3. rsync the data/ directory to the new server
      1. you can remove old logs in the data directory
      2. you may need to use an intermediary step, like a USB drive. It’s best if this is ext4 formatted so you can retain attributes
      3. the rsync options should include -Aaxr you may want -v and/or --progress to get a better feel for what’s going on
      4. if rsync-ing over ssh, the switch is -e ssh
    4. If you have installed any additional apps for your Nextcloud environment, rsync the apps/ directory in the same way as the data dir above
    5. Validate the permissions in your nextcloud, data, and apps directories. Fix as necessary, see the info Nicholas Henkey’s post (linked above) for commands
    6. Redirect your A or CNAME record to the new system
    7. Configure SSL on the new system
    8. Turn off maintenance mode
    9. Log in and test! :fingers-crossed:

Troubleshooting

Hopefully everything is working. Make sure to check the logs if something is broken.

log locations – the nextcloud.log in the data/ directory – the apache logs in /var/log/apache2 – the redis logs in /var/log/redis – the system logs, accessible with journalctl

Reiterating: Remember or check for these items

These are the specific notes I took as I ran into problems that I had to work around or solve. These are incorporated in the above, so this is basically a restatement of the gotchas I ran into:

  • upgrade the current one to the latest version of the current release (i.e. the latest of the major version you are on, so if you were running 29.0.3, get to 29.0.9)
    • this makes it easier when you download <version>-latest.tar.bz2
    • If you’d prefer to skip that, use the nextcloud download site with all available versions. Make sure to grab the same one and compare the specific version as listed in config.php. Example: 'version' => '29.0.9.2',
  • use the same name on the new server
  • use the same web server. Apache is officially supported, but if you’re using nginx, it will be easier to stay on that.
  • Most multi-factor authentication, like WebAuthN, FIDO hardware keys, etc. will not work over HTTP in the clear.
    • IOW: make sure you have recovery codes
  • If the apps aren’t copied over, the new server sees them as installed rather than installable. I suppose one could “delete” or remove them in the admin GUI and then reinstall, but otherwise, there was no button to force a reinstall.
  • Files and data you need to copy over after creating the install. Do each of these separately, rather
    • if you have any additional apps, copy the apps/ directory over
    • copy config.php
    • copy the data/ directory
  • Is your current install using Redis-based transactional file locking?
    • If the previous system was using Redis and it is still in the configuration, the new system will not be able to obtain file-locking and essentially all users will be read-only and not able to modify or create new files.
    • In config.php, you will see settings such as 'redis' and 'memcache.locking' => '\\OC\\Memcache\\Redis',
    • make sure Redis is installed on the new system and running on the same port (or change the port in config.php)
    • Install the necessary software: apt install redis-server php-redis php-apcu
    • Ensure that the Redis and APCu settings in config.php are according to the documented single-server settings

The Memcache settings should look something like the following configuration snippet. Alternatively, you could enable and use the process socket.


'memcache.local' => '\OC\Memcache\APCu',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.locking' => '\OC\Memcache\Redis',
'redis' => [
     'host' => 'localhost',
     'port' => 6379,
],
 
Read more...

from Kevin Neely's Security Notes

Nextcloud administration notes

These instructions and administrative notes were written for the pre-built Nextcloud provided by hosting provider Vultr. As a way to de- #Google my life and take back a bit of #privacy, I have been using a Vultr-hosted instance for a couple years now and it has run quite well. These notes are really aimed at the small instance for personal use. Please don’t use my notes if you’re responsible for an enterprise server!

Upgrading Nextcloud

#Nextcloud, with all it's PHP-based functionality, can become temperamental if not upgraded appropriately.  These are my notes to remind me how to now completely break things. When upgrading, the first pass will usually bring you to the most up-to-date version of Nextcloud in your major release, e.g. an instance running 27.1.4 would be brought up to 27.1.11. Running the script again would bring the instance to 28.0.x.

To update a Nextcloud server running on the #Vultr service to the latest version, you need to follow the steps below:

  1. Backup your Nextcloud data: Before starting any update process, it's always a good idea to create a backup of your Nextcloud data. This will ensure that you can restore your data in case of any unexpected issues during the update process.
    1. Shutdown the OS with shutdown -h now
    2. Power down the instance in Vultr
    3. Create a snapshot
    4. Wait
    5. Wait some more – depending on how much data is hosted on the system
    6. Power it back up
  2. SSH into the Vultr server: To update the Nextcloud server, you need to access the server using SSH. You can use an SSH client such as PuTTY to connect to the Vultr server.
  3. Switch to the Nextcloud user: Once you are logged in, switch to the Nextcloud user using the following command: sudo su -s /bin/bash www-data.
  4. Navigate to the Nextcloud directory: Navigate to the Nextcloud directory using the following command: cd/var/www/html  (could be /var/www/nextcloud or other.  Check what's in use)
  5. Stop the Nextcloud service: To avoid any conflicts during the update process, stop the Nextcloud service using the following command (as www-data): php occ maintenance:mode --on 
  6. Update the Nextcloud server: To update the Nextcloud server, you need to run the following command(as www-data): php updater/updater.phar. This will start the update process and download the latest version of Nextcloud.
  7. Update the OS, as needed, with apt upgrade
  8. Start the Nextcloud service: Once the update is complete and verified, you can start the Nextcloud service using the following command: sudo -u www-data php occ maintenance:mode --off.
  9. Verify the update: After the update process is complete, you can verify the update by accessing the Nextcloud login page. You should see the latest version of Nextcloud listed on the login page.
  10. Assuming all is running smoothly, the snapshot that was created in step 1 can be safely deleted. Otherwise, they accrue charges on the order of pennies / gigabyte / day.

Some other notes

Remove files in the trash

When a user deletes files, it can take a long time from them to actually disappear from the server.

root@cloud:/var/www/html# sudo -u www-data php -f /var/www/html/cron.php root@cloud:/var/www/html# sudo -u www-data php occ config:app:delete files_trashbin background_job_expire_trash

Set files to expire

root@cloud:/var/www/html# sudo -u www-data php occ config:app:set —value=yes iles_trashbin background_job_expire_trash

 
Read more...

from Sirius

O historiador grego do século I a.C., Diodoro, é considerado um compilador de fontes antigas, dentre elas alguns dos ensinamentos de Demócrito de Abdera. Em sua obra, Biblioteca de História (Tomo I, Capítulo 8), encontramos um relato da origem dos seres vivos e dos primeiros homens, que são atribuídos aos ensinamentos de Demócrito por especialistas como Diels, Vlastos, Reinhardt e Beresford. Dando início a meus estudos sobre Protágoras que, como discípulo de Demócrito, compartilhava com ele algumas concepções naturalistas e humanistas, apresento uma tradução do relato da pré-história de Diodoro. Felizmente a obra Biblioteca de História, de Diodoro, foi disponibilizada em inglês pela Universidade de Chicago nesse site.

Transcrevo a seguir o relato dos primeiros homens de Diodoro, como texto inicial para o estudo da conexão do pensamento de Demócrito com o de Protágoras (inclusive as semelhanças e diferenças com o mito de Prometeu e Epimeteu, atribuído a Protágoras no diálogo homônimo, de Platão):

Relato da pré-história de Diodoro

(…) os primeiros homens a nascer (…) levavam uma vida indisciplinada e bestial, saindo um a um para garantir sua subsistência e alimentando-se tanto das ervas mais tenras quanto dos frutos das árvores selvagens. Então, como foram atacados pelas feras, vieram em auxílio uns dos outros, sendo instruídos pela necessidade, e, quando se reuniram dessa maneira devido ao medo, gradualmente começaram a reconhecer suas características mútuas. E embora os sons que produziam fossem no início incompreensíveis e indistintos, aos poucos conseguiram articular sua fala, e, ao concordar entre si sobre símbolos para cada coisa que se apresentava a eles, tornaram conhecido entre si o significado que deveria ser atribuído a cada termo. Mas, como grupos desse tipo surgiram por todas as partes do mundo habitado, nem todos os homens tinham a mesma linguagem, uma vez que cada grupo organizou os elementos de sua fala por mero acaso. Esta é a explicação da existência atual de todos os tipos concebíveis de linguagem e, além disso, a partir desses primeiros grupos formados surgiram todas as nações originais do mundo.

Agora, os primeiros homens, uma vez que nenhuma das coisas úteis para a vida havia sido descoberta ainda, levavam uma existência miserável, não tendo roupas para se cobrir, não sabendo o uso de habitações e fogo, e também sendo totalmente ignorantes de alimentos cultivados. Pois como também negligenciaram até mesmo a colheita dos alimentos selvagens, não acumularam nenhum estoque de seus frutos contra suas necessidades; consequentemente, um grande número deles pereceu nos invernos devido ao frio e à falta de alimentos. Pouco a pouco, no entanto, a experiência os ensinou tanto a buscar as cavernas no inverno quanto a armazenar os frutos que podiam ser preservados. E quando se familiarizaram com o fogo e outras coisas úteis, as artes também e tudo o que é capaz de promover a vida social do homem foram gradualmente descobertos. De fato, falando de modo geral, em todas as coisas foi a própria necessidade que se tornou a professora do homem, fornecendo de maneira apropriada instrução em todos os assuntos a uma criatura que foi bem dotada pela natureza e que tinha, como assistentes para todos os propósitos, mãos, logos (razão) e anchinoia (sagacidade mental).

E no que diz respeito à primeira origem dos homens e seu modo de vida mais primitivo, nos contentaremos com o que foi dito, uma vez que desejamos manter a devida proporção em nosso relato.

#Filosofia #Demócrito #Protágoras

 
Leia mais...

from Tai Lam in Science

I need to figure out how to reasonably deal mail and deliveries privately.

How it started

I donated to a local nonprofit in 2024, and I really shouldn't say this, but I honestly wish I never did. However, this is not due to a reason you probably expect.

I started to receive significantly more junk mail from charitable nonprofits and groups, more so than usual (at least since the 2020 COVID-19 pandemic). I won't name specific names, but this was a local nonprofit which has a total annual budget size between the order of $1 million and $10 million.

(To the reader: if we know each other IRL, then I'll tell you who the offending org is; and if your savvy with implementing an actionable fix with the issue below, then maybe we can work out a way for me to get out of this rut of a “situation” — as if this is or should be by highest priority project to take on right now. Let's just say that some of you will be surprised by the org I have in mind, which either intentionally uses the services of data brokers, or at least has some heuristic workflow that is leaking donor info to data brokers. The overall situation has a bit of a tragic irony.)

I'm (usually) not a vengeful person, at least when it comes to nonprofit orgs genuinely acting in good faith; but I am keeping a running list of these others orgs that engage in buying/selling/sharing snail mail lists as orgs I won't donate money to in the future, due to their respective disregard for mail privacy. However, there are 3 national-level orgs that have (so far) never sold out to physical mail lists: the ACLU, including state chapters; the EFF; and the Freedom of the Press Foundation. I am purposefully excluding comparatively technical groups that would respect the privacy and security of others in general, such as the Signal Foundation and The Tor Project.

On the other hand, the only other way to avoid excessive physical mail list tracking is to donate to small local nonprofits. (Any method is fine — if you're super concerned about protecting your membership info, using a PO box for your mailing address and renewing your member dues via paper check is more than sufficient for most local community members.) This is because these groups literally don't have the money to spend for mass mail solicitations or blanket marketing.

After this happened, I expressed to a local activist about how I'm going to go straight for a paid plan on Privacy.com (at least the lower tier) and skip the free plan. Additionally, I commented that I reaction was essentially the “I can't believe you've done this” meme. (Somehow, I was initially confused this with the “Charlie bit my finger” meme.)

How it's going (and the future)

I no longer think it's safe for me to order computers and ship the delivery to my residential address, using my own debit card. (That does remind me – I really should get a credit card for better payment protection and everything else that encompasses.)

I remembered that I ordered the HP Dev One in 2022 and the box's outer shipping box wasn't even taped closed when it arrived on my doorstep. Due to my living situation since 2020, I no longer trust anything that goes through the mail, and after Andrew “bunnie” Huang's assessment of overall supply chain security after the 2024 exploding pager incident in Lebanon, I think it's about high time I figure out the logistics of shipping to a private mail box (PMB) – or maybe I use a friend's address and/or credit card to purchase an online only computer (while I pay my friend for the cost, of course).

However, quite a few large computer manufacturers, who primarily have B2B (business-to-business) though also some minor B2C (business-to-consumer) sales, will tell customers that sending deliveries to a PO Box is not allowed during checkout. This includes Lenovo, HP, and even Framework. (I have to double check for System76.) This is partly why I was sad when Costco no longer sold any in-store ThinkPad laptops anymore (one probable cause might be the pandemic, but that's another matter).

If you have any somewhat serious considerations to become a Linux distro maintainer or even a package manager (such as the AUR/MPR), you should at least consider this while threat modeling. I recall Ariadne Conill tweeting about how a Lenovo ThinkPad laptop that they tried ordering online was suspiciously redirected to Langely, Virginia while en route to their home in early 2022, which was symptomatic of mail interdiction. However, those tweets were deleted around late 2022 or early 2023.

 
Read more...

from lobster

There is always something new to try... https://soapbox.pub/servers/

BUT I am now a concentrate and focus. Too much candy? Too many ideas and possibilities? It all depends on the priorities we need. In other words what is your hat colour? Black, white, grey or red? No hats for me, not even green or hoody.

Security for me is transparency or zero preference. Otherwise I am spending all my time on noise and “AI” generated attempts to fathom my rousing browsing. I am already using too many browsers, except TOR. Which is one rocky peek too many.

Slow too. Too slow. Like my keyboard. Old and clunky. Noisy and dusty. Good enough...

 
Read more...