LinuxWebLog.com

Longtime Slashdot reader sandbagger shares a blog post from Meta Engineer Jordan Eldredge, with the caption: A biography of jazz trumpeter Chet Baker, weird images, a worm.exe, random images, encrypted files, a gift a dad in Thailand had made for his two-and-a-half-year-old son, and much more could be found when investigating corrupt WinAmp files. Who knew? "In January of 2021, I was exploring the corpus of skins I collected for the Winamp Skin Museum and found some that seemed corrupted, so I decided to explore them," writes Eldredge. "Winamp skins are actually just zip files with a different file extension, so I tried extracting their files to see what I could find. This ended up leading me down a series of wild rabbit holes..." In all, Eldredge found more than 16 distinct types of items -- most of which are completely random but intriguing nonetheless. "It's so interesting how if you get a large enough number of things that were created by real people, you can end up finding all kinds of crazy stuff!" concludes Eldredge. "This was such an amazingly strange and interesting ride!"

Read more of this story at Slashdot.

{Updated} NFS (Network File System) client allows you to access the shared directory from the Linux client. The computer sharing the directory is called the NFS server (it can be a NAS server, too), and the computers or devices connecting to that server are called clients. The clients need to use the mount command to access the shared directory.The post How to Mount NFS File System in Ubuntu Linux appeared first on nixCraft. 2023-07-27T11:36:00Z 2023-07-27T11:36:00Z Vivek Gite

Oracle releases VirtualBox 7.1 Beta with a refreshed UI, ARM virtualization for Linux, more  Neowin

Oracle releases VirtualBox 7.1 Beta with a refreshed UI, ARM virtualization for Linux, more  Neowin

Updated with new $6,000 tier, referral offer comparison. Brokerage firms constantly compete for “assets under management”, and many are willing to give you cash to move over your existing portfolio from your existing broker over to them. Unfortunately, many of these offers are for new app startups with questionable customer service. How about a traditional firm with telephones connected to knowledgable humans working inside physical branches in major metro areas?

Charles Schwab is currently offering up to a $6,000 cash bonus depending the value of assets that you move over (qualifying net deposit of cash or securities) within 45 days of enrollment. The minimum hold period is one year for taxable brokerage accounts. The percentages aren’t the best, and the tiers are relatively high, but this is actually a brokerage I wouldn’t mind leaving my assets at for the long run. It’s also available to existing Schwab customers.

• $200 with $50,000–$99,999 in new assets
• $300 with $100,000–$249,999 in new assets
• $600 with $250,000–$499,999 in new assets
• $1,200 with $500,000–$999,999 in new assets
• $2,500 with $1,000,000-$4,999,999 in new assets
• $6,000 with $5,000,000+ in new assets

Note: New-to-Schwab clients should compare this with the Schwab Referral Offer, which may offer a slightly higher bonus at specific asset levels (ex. $100 bonus on $25k in new assets, $300 bonus on $50k in new assets, $500 bonus on $100k in new assets). At the higher tiers, the offer above is better. That’s my referral link, thanks if you use it (although please let me know if you have issues with it; I’ve never actually gotten a bonus from Schwab so I’m not sure if it really works).

The easiest option is often to perform an in-kind ACAT transfer of existing securities, which takes less than a week and all of your tax basis information should also move over after another few days. Your old broker may charge you an outgoing ACAT fee about about $75, although you should ask Schwab if they will reimburse you for
this fee.

Both taxable and IRA accounts are eligible. From the fine print and FAQ:

Accounts that are eligible for the Schwab Investor Reward include: Schwab retail brokerage accounts and individual retirement accounts (IRAs), including accounts enrolled in Schwab-sponsored investment advisory programs such as Schwab Intelligent Portfolios®, Schwab Managed Portfolios, Schwab Managed Account Select®, Schwab Managed Account Connection®, and Schwab Wealth Advisory.

Schwab Bank Investor Checking accounts do not qualify for this promotion whether they are linked to a brokerage or are stand-alone. If you make a deposit in a Schwab Bank Investor Checking account, you will not receive the award. The offer also does not apply to the Schwab Global Account, ERISA-covered retirement plans, certain tax-qualified retirement plans and accounts, education savings accounts, Schwab Bank accounts, or accounts managed by independent investment advisors.

Can two clients in the same home get the award?

Yes. As long as both clients have individual accounts and separately qualify for the Reward, provided that each makes a qualifying net deposit.

Schwab appears to still be offering their $101 Starter Kit promo. But the FAQ says “Can this offer be combined with other offers? No. This offer can’t be combined with other offers.” I’m not sure if it counts as combining if you first open the new account for the Starter Kit bonus, wait, and then participate in this transfer offer.

One major drawback with Schwab is that the default cash sweep is not good. Still just 0.48% APY as of 7/16/24! Boo. You need to take proactive steps to avoid lost interest if you plan to keep significant amounts of cash in their default sweep account. Consider buying Treasury bills, brokered CDs, or Treasury Bill ETFs like GBIL (still possible to lose value). See my separate post on the best alternative Schwab cash sweep options.

“The editorial content here is not provided by any of the companies mentioned, and has not been reviewed, approved or otherwise endorsed by any of these entities. Opinions expressed here are the author's alone. This email may contain links through which we are compensated when you click on or are approved for offers.”

Charles Schwab Brokerage: Up to $6,000 New Deposit / Transfer Bonus (New & Existing Customers) from My Money Blog.

Copyright © 2004-2022 MyMoneyBlog.com. All Rights Reserved. Do not re-syndicate without permission.

Yesterday, the Energy Information Agency (EIA) released electricity generation numbers for the first five months of 2024, revealing that solar power generation increased by 25% compared to the same period last year. Ars Technica's John Timmer reports: The EIA breaks down solar production according to the size of the plant. Large grid-scale facilities have their production tracked, giving the EIA hard numbers. For smaller installations, like rooftop solar on residential and commercial buildings, the agency has to estimate the amount produced, since the hardware often resides behind the metering equipment, so only shows up via lower-than-expected consumption. In terms of utility-scale production, the first five months of 2024 saw it rise by 29 percent compared to the same period in the year prior. Small-scale solar was "only" up by 18 percent, with the combined number rising by 25.3 percent. Most other generating sources were largely flat, year over year. This includes coal, nuclear, and hydroelectric, all of which changed by 2 percent or less. Wind was up by 4 percent, while natural gas rose by 5 percent. Because natural gas is the largest single source of energy on the grid, however, its 5 percent rise represents a lot of electrons -- slightly more than the total increase in wind and solar. Overall, energy use was up by about 4 percent compared to the same period in 2023. This could simply be a matter of changing weather conditions that required more heating or cooling. But there have been several trends that should increase electricity usage: the rise of bitcoin mining, growth of data centers, and the electrification of appliances and transport. So far, that hasn't shown up in the actual electricity usage in the US, which has stayed largely flat for decades. It could be possible that 2024 is the year where usage starts going up again. Since the findings are based on data from before some of the most productive months of the year for solar power, solar production for the year as a whole could increase by much more than 25%. Overall, the EIA predicts solar production could rise by as much as 42% in 2024.

Read more of this story at Slashdot.

Linux Mint 22 is an attractive option for migrating away from Windows  Ghacks

Linux Mint 22 Review: Subtle And Impactful Upgrade  It's FOSS

Linux Mint 22 Review: Subtle And Impactful Upgrade  It's FOSS

Following our latest update on our preparations for the DMA (Digital Markets Act), we're sharing more details about what publishers can expect to see in regards to new search results in European Economic Area (EEA) countries, and how they can express interest in these experiences.

An anonymous reader quotes a report from The Conversation, written by Michael W. Crowder, Professor of Chemistry and Biochemistry and Dean of the Graduate School at Miami University: For many people, the aroma of freshly brewed coffee is the start of a great day. But caffeine can cause headaches and jitters in others. That's why many people reach for a decaffeinated cup instead. I'm a chemistry professor who has taught lectures on why chemicals dissolve in some liquids but not in others. The processes of decaffeination offer great real-life examples of these chemistry concepts. Even the best decaffeination method, however, does not remove all of the caffeine -- about 7 milligrams of caffeine usually remain in an 8-ounce cup. Producers decaffeinating their coffee want to remove the caffeine while retaining all -- or at least most -- of the other chemical aroma and flavor compounds. Decaffeination has a rich history, and now almost all coffee producers use one of three common methods. All these methods, which are also used to make decaffeinated tea, start with green, or unroasted, coffee beans that have been premoistened. Using roasted coffee beans would result in a coffee with a very different aroma and taste because the decaffeination steps would remove some flavor and odor compounds produced during roasting. Here's a summary of each method discussed by Dr. Crowder: The Carbon Dioxide Method: Developed in the early 1970s, the carbon dioxide method uses high-pressure CO2 to extract caffeine from moistened coffee beans, resulting in coffee that retains most of its flavor. The caffeine-laden CO2 is then filtered out using water or activated carbon, removing 96% to 98% of the caffeine with minimal CO2 residue. The Swiss Water Process: First used commercially in the early 1980s, the Swiss water method uses hot water and activated charcoal filters to decaffeinate coffee, preserving most of its natural flavor. This chemical-free approach removes 94% to 96% of the caffeine by soaking the beans repeatedly until the desired caffeine level is achieved. Solvent-Based Methods: Originating in the early 1900s, solvent-based methods use organic solvents like ethyl acetate and methylene chloride to extract caffeine from green coffee beans. These methods remove 96% to 97% of the caffeine through either direct soaking in solvent or indirect treatment of water containing caffeine, followed by steaming and roasting to ensure safety and flavor retention. "It's chemically impossible to dissolve out only the caffeine without also dissolving out other chemical compounds in the beans, so decaffeination inevitably removes some other compounds that contribute to the aroma and flavor of your cup of coffee," writes Dr. Crowder in closing. "But some techniques, like the Swiss water process and the indirect solvent method, have steps that may reintroduce some of these extracted compounds. These approaches probably can't return all the extra compounds back to the beans, but they may add some of the flavor compounds back."

Read more of this story at Slashdot.

According to a new study published in Nature, researchers found that training AI models using AI-generated datasets can lead to "model collapse," where models produce increasingly nonsensical outputs over generations. "In one example, a model started with a text about European architecture in the Middle Ages and ended up -- in the ninth generation -- spouting nonsense about jackrabbits," writes The Register's Lindsay Clark. From the report: [W]ork led by Ilia Shumailov, Google DeepMind and Oxford post-doctoral researcher, found that an AI may fail to pick up less common lines of text, for example, in training datasets, which means subsequent models trained on the output cannot carry forward those nuances. Training new models on the output of earlier models in this way ends up in a recursive loop. In an accompanying article, Emily Wenger, assistant professor of electrical and computer engineering at Duke University, illustrated model collapse with the example of a system tasked with generating images of dogs. "The AI model will gravitate towards recreating the breeds of dog most common in its training data, so might over-represent the Golden Retriever compared with the Petit Basset Griffon Vendéen, given the relative prevalence of the two breeds," she said. "If subsequent models are trained on an AI-generated data set that over-represents Golden Retrievers, the problem is compounded. With enough cycles of over-represented Golden Retriever, the model will forget that obscure dog breeds such as Petit Basset Griffon Vendeen exist and generate pictures of just Golden Retrievers. Eventually, the model will collapse, rendering it unable to generate meaningful content." While she concedes an over-representation of Golden Retrievers may be no bad thing, the process of collapse is a serious problem for meaningful representative output that includes less-common ideas and ways of writing. "This is the problem at the heart of model collapse," she said.

Read more of this story at Slashdot.

How to convert to Linux. Dual Booting in the wake of Crowdstrike… | by Miguel Pascual Acheson | Jul, 2024  Medium

How to convert to Linux. Dual Booting in the wake of Crowdstrike… | by Miguel Pascual Acheson | Jul, 2024  Medium

In a major victory for ride-hail companies, California Supreme Court upheld a law classifying gig workers as independent contractors, maintaining their ineligibility for benefits such as sick leave and workers' compensation. This decision concludes a prolonged legal battle and supports the 2020 ballot measure Proposition 22, despite opposition from labor groups who argued it was unconstitutional. Politico reports: Thursday's ruling capped a yearslong battle between labor and the companies over the status of workers who are dispatched by apps to deliver food, buy groceries and transport customers. A 2018 Supreme Court ruling and a follow-up bill would have compelled the gig companies to treat those workers as employees. A collection of five firms then spent more than $200 million to escape that mandate by passing the 2020 ballot measure Proposition 22 in one of the most expensive political campaigns in American history. The unanimous ruling on Thursday now upholds the status quo of the gig economy in California. As independent contractors, gig workers are not entitled to benefits like sick leave, overtime and workers' compensation. The SEIU union and four gig workers, ultimately, challenged Prop 22 based on its conflict with the Legislature's power to administer workers' compensation, specifically. The law, which passed with 58 percent of the vote in 2020, makes gig workers ineligible for workers' comp, which opponents of Prop 22 argued rendered the entire law unconstitutional. [...] Beyond the implications for gig workers, the heavily-funded Prop 22 ballot campaign pushed the limits of what could be spent on an initiative, ultimately becoming the most expensive measure in California history. Uber and Lyft have both threatened to leave any states that pass laws not classifying their drivers as independent contractors. The decision Thursday closes the door to that possibility for California.

Read more of this story at Slashdot.

snydeq shares a report from CIO.com: ServiceNow has reported potential compliance issues to the US Department of Justice "related to one of its government contracts" as well as the hiring of the then-CIO of the US Army to be its head of global public sector, the company said in regulatory filings on Wednesday. The DOJ is looking into the matter. Following an internal investigation, ServiceNow said, its President and COO, CJ Desai, has resigned, while "the other individual has also departed the company." That executive, Raj Iyer, told CIO.com, "I resigned because I didn't want to be associated with this fiasco in any way. It's not my fault." CEO Bill McDermott told financial analysts in a conference call Wednesday that someone within ServiceNow had complained about the situation and that an internal probe "determined that our company policy was violated." "Acting with total transparency, the company proactively disclosed the findings of the investigation to the proper government entities. And as a result, today, we're announcing the departure of the individual whose hiring was the subject of the original complaint," McDermott said. "We also came to a mutual agreement that CJ Desai, our President and COO, would offer his resignation from the company effective immediately. While we believe this was an isolated incident, we are further sharpening our hiring policies and procedures as a result of the situation."

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Associated Press: Hollywood's video game performers voted to go on strike Thursday, throwing part of the entertainment industry into another work stoppage after talks for a new contract with major game studios broke down over artificial intelligence protections. The strike -- the second for video game voice actors and motion capture performers under the Screen Actors Guild-American Federation of Television and Radio Artists -- will begin at 12:01 a.m. Friday. The move comes after nearly two years of negotiations with gaming giants, including divisions of Activision, Warner Bros. and Walt Disney Co., over a new interactive media agreement. SAG-AFTRA negotiators say gains have been made over wages and job safety in the video game contract, but that the studios will not make a deal over the regulation of generative AI. Without guardrails, game companies could train AI to replicate an actor's voice, or create a digital replica of their likeness without consent or fair compensation, the union said. Fran Drescher, the union's president, said in a prepared statement that members would not approve a contract that would allow companies to "abuse AI." "Enough is enough. When these companies get serious about offering an agreement our members can live -- and work -- with, we will be here, ready to negotiate," Drescher said. [...] The last interactive contract, which expired November 2022, did not provide protections around AI but secured a bonus compensation structure for voice actors and performance capture artists after an 11-month strike that began October 2016. That work stoppage marked the first major labor action from SAG-AFTRA following the merger of Hollywood's two largest actors unions in 2012. The video game agreement covers more than 2,500 "off-camera (voiceover) performers, on-camera (motion capture, stunt) performers, stunt coordinators, singers, dancers, puppeteers, and background performers," according to the union. Amid the tense interactive negotiations, SAG-AFTRA created a separate contract in February that covered indie and lower-budget video game projects. The tiered-budget independent interactive media agreement contains some of the protections on AI that video game industry titans have rejected. "Eighteen months of negotiations have shown us that our employers are not interested in fair, reasonable AI protections, but rather flagrant exploitation," said Interactive Media Agreement Negotiating Committee Chair Sarah Elmaleh. The studios have not commented.

Read more of this story at Slashdot.

Lindsay Clark reports via The Register: Only 14 percent of Oracle Java subscribers plan to stay on Big Red's runtime environment, according to a study following the introduction of an employee-based subscription model. At the same time, 36 percent of the 663 Java users questioned said they had already moved to the employee-based pricing model introduced in January 2023. Shortly after the new model was implemented, experts warned that it would create a significant price hike for users adopting it. By July, global tech research company Gartner was forecasting that those on the new subscription package would face between two and five times the costs compared with the previous usage-based model. As such, among the 86 percent of respondents using Oracle Java SE who are currently moving or plan to move all or some of their Java applications off Oracle environments, 53 percent said the Oracle environment was too expensive, according to the study carried out by independent market research firm Dimensional Research. Forty-seven percent said the reason for moving was a preference for open source, and 38 percent said it was because of uncertainty created by ongoing changes in pricing, licensing, and support. [...] To support OpenJDK applications in production, 46 percent chose a paid-for platform such as Belsoft Liberica, IBM Semeru, or Azul Platform Core; 45 percent chose a free supported platform such as Amazon Corretto or Microsoft Build of OpenJDK; and 37 percent chose a free, unsupported platform. Of the users who have already moved to OpenJDK, 25 percent said Oracle had been significantly more expensive, while 41 percent said Big Red's licensing had made it somewhat more expensive than the alternative. The survey found three-quarters of Java migrations were completed within a year, 23 percent within three months.

Read more of this story at Slashdot.

Yesterday, iFixit CEO Kyle Wiens asked AI company Anthropic why it was clogging up their server bandwidth without permission. "Do you really need to hit our servers a million times in 24 hours?" Wiens wrote on X. "You're not only taking our content without paying, you're tying up our DevOps resources. Not cool." PC Gamer's Jacob Fox reports: Assuming Wiens isn't massively exaggerating, it's no surprise that this is "typing up our devops resources." A million "hits" per day would do it, and would certainly be enough to justify more than a little annoyance. The thing is, putting this bandwidth chugging in context only makes it more ridiculous, which is what Wiens is getting at. It's not just that an AI company is seemingly clogging up server resources, but that it's been expressly forbidden from using the content on its servers anyway. There should be no reason for an AI company to hit the iFixit site because its terms of service state that "copying or distributing any Content, materials or design elements on the Site for any other purpose, including training a machine learning or AI model, is strictly prohibited without the express prior written permission of iFixit." Unless it wants us to believe it's not going to use any data it scrapes for these purposes, and it's just doing it for... fun? Well, whatever the case, iFixit's Wiens decided to have some fun with it and ask Anthropic's own AI, Claude, about the matter, saying to Anthropic, "Don't ask me, ask Claude!" It seems that Claude agrees with iFixit, because when it's asked what it should do if it was training a machine learning model and found the above writing in its terms of service, it responded, in no uncertain terms, "Do not use the content." This is, as Wiens points out, something that could be seen if one simply accessed the terms of service.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica, written by Dan Goodin: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what's known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it. The repository was located at https://github.com/raywu-aaeon..., and it's not clear when it was taken down. The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot. Binarly researchers said their scans of firmware images uncovered 215 devices that use the compromised key, which can be identified by the certificate serial number 55:fb:ef:87:81:23:00:84:47:17:0b:b3:cd:87:3a:f4. A table appearing at the end of this article lists each one. The researchers soon discovered that the compromise of the key was just the beginning of a much bigger supply-chain breakdown that raises serious doubts about the integrity of Secure Boot on more than 300 additional device models from virtually all major device manufacturers. As is the case with the platform key compromised in the 2022 GitHub leak, an additional 21 platform keys contain the strings "DO NOT SHIP" or "DO NOT TRUST." These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations. As the strings suggest, the keys were never intended to be used in production systems. Instead, AMI provided them to customers or prospective customers for testing. For reasons that aren't clear, the test keys made their way into devices from a nearly inexhaustive roster of makers. In addition to the five makers mentioned earlier, they include Aopen, Foremelife, Fujitsu, HP, Lenovo, and Supermicro. Cryptographic key management best practices call for credentials such as production platform keys to be unique for every product line or, at a minimum, to be unique to a given device manufacturer. Best practices also dictate that keys should be rotated periodically. The test keys discovered by Binarly, by contrast, were shared for more than a decade among more than a dozen independent device makers. The result is that the keys can no longer be trusted because the private portion of them is an open industry secret. Binarly has named its discovery PKfail in recognition of the massive supply-chain snafu resulting from the industry-wide failure to properly manage platform keys. The report is available here. Proof-of-concept videos are here and here. Binarly has provided a scanning tool here. "It's a big problem," said Martin Smolar, a malware analyst specializing in rootkits who reviewed the Binarly research. "It's basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically... execute any malware or untrusted code during system boot. Of course, privileged access is required, but that's not a problem in many cases." Binarly founder and CEO Alex Matrosov added: "Imagine all the people in an apartment building have the same front door lock and key. If anyone loses the key, it could be a problem for the entire building. But what if things are even worse and other buildings have the same lock and the keys?"

Read more of this story at Slashdot.