Despite the exiled opposition’s reputation for infighting and ineffectiveness, some activists inside Russia say it still plays an important role.
WASHINGTON (ANP/RTR) - De Amerikaanse gezondheidsautoriteiten gaan scherper letten op reizigers die vanuit Congo-Kinshasa, Oeganda en Zuid-Soedan naar de Verenigde Staten komen, of daar onlangs verbleven. Dit naar aanleiding van de uitbraak van ebola in die regio.
Het risico dat er in de VS mensen besmet raken wordt laag ingeschat, maar voor de zekerheid worden de gangen nagegaan van reizigers die in de afgelopen drie weken in Congo, Oeganda of Zuid-Soedan zijn geweest en naar de VS gaan. Daar zijn ook weer uitzonderingen op, zoals Amerikanen en mensen met een verblijfsvergunning.
Het duurt naar schatting maximaal 21 dagen voordat iemand de symptomen van het gevreesde virus toont. Dit dwingt volgens de autoriteiten tot nader onderzoek van personen die in de genoemde landen zijn geweest voordat ze in de VS arriveren en dan eventueel mogelijk pas symptomen krijgen als ze er al zijn.
Another Linux kernel flaw has handed local unprivileged users a way to peek at files they should never be able to read, including root-only secrets such as SSH keys. The bug affects multiple LTS kernel lines from 5.10 upward, although a fix has already landed – and there is now a proposal for reducing the odds of similar surprises in future. What FOSS analytics vendor Metabase memorably dubbed the strip-mining era of open source security continues. This time, the culprit is CVE-2026-46333, a local kernel vulnerability that lets an unprivileged user read files they should not be able to access, including those normally available only to root. An attacker who already has login access to an affected machine could therefore potentially grab SSH keys, password files, or other confidential credentials, as the KnightLi blog explains. Despite its official designation, a demo exploit on GitHub calls it ssh-keysign-pwn. It is not quite as catchy a name as Copy Fail, or Dirty Frag, or indeed Fragnesia, but we feel it is safe to say it hasn't been a good month. According to a report on Linux Stans, it affected LTS kernel versions 5.10, 5.15, 6.1, 6.6, 6.12, 6.18 and 7.0. The good news is that it's already been fixed: Linus himself, in commit 31e62c2, called the fix "ptrace: slightly saner 'get_dumpable()' logic." The issue was reported on the oss-security list on Friday by security consultancy Qualys, as noted on X by grsecurity's Brad Spengler. In the same thread, Altan Baig pointed out that the underlying issue was reported by Jann Horn on the Linux Kernel Mailing List way back in 2020. The problem with tracking security reports, which Penguin Emperor Torvalds described recently, is not new, alas. ModuleJail This also seems like a good time to look at what we thought was an interesting new defensive measure, Jasper Nuyens' ModuleJail. The top line of the README summarizes it: The mention of "no AI inside the tool" is arguably something of a giveaway, and you can see a CLAUDE.md file in the repo. Even so, how it works is simple enough. Although Linux has a monolithic kernel, it is modular: when the kernel's source code is compiled, the person or tool building it can choose if each individual component is included (built into the binary), not included at all, or compiled as a module, which can be loaded on the fly as and when it's needed. Since the kernel is mostly device drivers, it's normal for distribution vendors to compile most non-essential components as kernel modules – as the Arch wiki explains. Blacklisting a module just means adding its name to a list of modules not to load. Blacklisting unusued models for added security isn't a new idea. It's in the RHEL 6 documentation, for instance, and a DoHost blog post from last year describes it as a security measure. ModuleJail simply automates the process: it blacklists any modules not currently in use. Probably safe for a server, but rather less ideal for a laptop or machine where you need to plug in new hardware on the fly. Connecting a USB headset, say, is quite different from plugging one into a headphone socket. While a device with a jack plug uses your existing sound controller, by connecting a USB one you're effectively adding a new sound controller – just one that happens to be connected over USB. ModuleJail mentions that its approach avoids changing the initramfs. An initramfs, like an initrd, is a file containing a temporary RAM disk, so that a generic kernel can find and load the drivers it needs for the particular box it's running on – even before it can find the machine's SSD and mount the root partition. Back in the 1990s, as grumpy old graybeards such as this vulture recall, recompiling your kernel was a standard part of periodic system maintenance. One benefit of building the kernel customized for your own computer was eliminating the need for an initramfs. If all the drivers are built in, there's no need for this temporary stage, although as the ArchWiki notes, this does limit some advanced features, which, for instance, systemd uses. We would love to see some of the systemd-free distros incorporate such automatic ModuleJail-style identification of essential modules, and use it to build a custom kernel on the fly, then banish the use of initramfs. (Maybe just keep the all-options-enabled installation kernel around as an emergency fallback.) Aside from a few special cases such as OpenZFS, this should work on most hardware – and make life simpler, quicker, and perhaps slightly more secure. ®
Unheralded coach has presided over a remarkable turnaround as club navigates La Liga’s epic relegation battle
Luís Castro was 11 when he started vomiting blood. Taken to hospital and diagnosed with purpura, initially doctors told his parents there was no chance of him living and even when he was cured they said he couldn’t do any physical exercise ever again. But three lonely years later, driven by an inner strength he ascribed to a higher power, he was back on a football pitch, building a career that took him through the lower leagues in Portugal as a player and around the world as coach, winning trophies in Qatar, Saudi Arabia, Ukraine and Brazil, until one day in December his name landed on the president’s desk at Levante: just the kind of man the Spanish club needed in their impossible fight for survival.
Oh, wait. No, that’s not right. “I had heard of another Luís Castro but not this one,” Pablo Sánchez admitted on Sunday night, “and this one turned out to be the ideal coach for our club.”
Continue reading...
In 1985 begon Music Meeting met jazz-, dans- en improvisatiemuziek uit alle windstreken. Veertig jaar later staat dat concept nog steeds overeind, maar is het festivallandschap veranderd.
/s3/static.nrc.nl/wp-content/uploads/2026/05/18150913/210526CUL_2033547303_MusicMeeting.jpg)
Het voetbalseizoen 2025/26 zit erop voor Feyenoord. In FC Rijnmond blikken Geert den Ouden, Harry van der Laan en Emile Schelvis terug op het jaar van de Rotterdamse club en vellen een eindoordeel.
