Agressie tegen boekverkopers (?)

Okee leg ons even uit hoe dit werkt want van 'agressie tegen boekverkopers' hebben we echt nog nooit gehoord. WAAROM STAAN DE BOEKEN VAN PIETER WATERDRINKER NIET BIJ LITERATUUR? Pats een beuk op je muil! WAAROM IS HET NIEUWE SUPERBOEK VAN SPLINTER CHABOT ALWEER UITVERKOCHT? Pats een beuk op je muil! WAAROM KRIJG IK HIER EEN GRATIS BOEK VAN DOORTJE SMITSHUIJSEN BIJ? Pats een beuk op je muil! Nu is er een of andere snoeiharde activist die z'n winkel volkwakt met Palestina-vlaggen en anti-Israël-meuk die in een 'discussie' komt met een passant, die iets ('From the river to the sea, Israel will be Muslim-free') geroepen 'zou' hebben. "Dani weet niet meer exact wat hijzelf heeft gezegd, maar hij denkt dat hij de man een zionist heeft genoemd." The way of boekverkopers. En toen kreeg-ie een tik op z'n neus. En nu biedt de Koninklijke Boekverkopersbond plots 'weerbaarheidstrainingen voor boekhandelaars' aan omdat boekhandelaars te maken krijgen met 'agressie'. Die Dani moet natuurlijk lekker verkopen waar hij zelf zin in heeft en die passant moet z'n gore tengels thuishouden, maar zou het niet kunnen dat die Dani niet te maken krijgt met agressie omdat hij een doodgewone boekhandelaar is, maar omdat hij een kneiterlinkse 'anarchistische' activist is die toevallig een toko heeft met hyperactivistische literatuur? THEODOR HOLMAN?????? Pats een beuk op je muil! DE GORGELS IS GENOCIDE! Pats een beuk op je muil! PIM LAMMERS??!?!??!?!?!

The Register

Biting the hand that feeds IT — Enterprise Technology News and Analysis

Windows 10 refuses to die, and the security bill is coming due

A hard core of Windows 10 devices cannot or will not be migrated to Windows 11, leaving enterprises with a growing security problem as support options run out. According to asset tracking service Lansweeper, Windows 10 still runs on 16.9 percent of the Windows devices it monitors, or "roughly one in six." A year ago, the operating system accounted for about half of the machines in its dataset, falling to the low-to-mid 40 percent range by the time Microsoft ended standard support. The decline continued after that, reaching 18.6 percent in June, but Lansweeper says migration has now slowed to a crawl. This presents a problem because even installations enrolled in the Extended Security Updates (ESU) program, under which Microsoft has committed to fixing security bugs, will eventually become vulnerable. Consumer devices can receive security updates until October 12, 2027, while commercial customers willing to pay can extend coverage until October 10, 2028. After that, the fixes stop. Small and medium-sized businesses (SMBs) are particularly exposed. Lansweeper reckons that 21.4 percent of SMB machines still run Windows 10, with cost usually being the constraint that keeps the legacy operating system running. The exposure is greater in some sectors, with 23 percent of healthcare and pharmaceutical systems sticking with Windows 10, while consumer and retail devices hover at 22.7 percent. According to Lansweeper's data, "a Windows 10 device carries an average of 1,903 active CVEs against 652 on Windows 11. That's a 2.9x gap." Esben Dochy, principal technical evangelist at the company, told The Register that "the Windows 10 average also includes devices that have ESU patches applied." Part of the problem, according to Lansweeper, is "patch diffing," in which Windows 11 fixes can be reverse-engineered to find flaws in Windows 10. "The supported OS effectively hands attackers a map into the unsupported one," Lansweeper said. According to Lansweeper's figures, 14 percent of Windows 10 assets have ESU patches applied. "I think a meaningful share of the remaining Windows 10 estate isn't being actively unpatched by neglect," Dochy said. "It's being held in place by vendor dependency, certification gaps, cost, or accepted risk. Certified equipment is a good example: many medical devices or industrial systems have their OS tied directly to vendor certification, and in some cases a Windows 11-certified version of that device or software doesn't exist yet. The same applies in retail, where devices are often vendor-locked to specific OS versions for compliance or warranty reasons. "For a lot of this hardware, the vendor is contractually responsible for maintaining the device, including any OS changes, so simply enrolling in ESU as a customer may not resolve the underlying problem. The real fix depends on the vendor's own certification timeline for Windows 11, and the cost that comes with the eventual upgrade or replacement. There are also devices sitting in air-gapped or isolated environments, where the risk is knowingly accepted for now rather than actively managed, so ESU enrollment simply isn't a priority." It's not a great situation, and the apparent stalling of Windows 11 adoption doesn't help. Looking at other market share measures such as Statcounter, there was little change in the share of Windows 10 and its successor over the last few months after a surge following the end of support. As Lansweeper noted: "The easy migrations are done. What's left is the hard core: devices that haven't moved because they can't or won't." Compounding the issue is the rising cost of new PC hardware, a trend unlikely to improve in the near term. According to Microsoft, "the ESU program helps reduce the risk of malware and cybersecurity attacks by providing access to critical and important security updates." Microsoft has extended the program for consumer devices, perhaps in recognition that there are an awful lot of Windows 10 machines still out there. Lansweeper's figures also underline the need for administrators to know which Windows 10 devices remain in their estates and whether each is fully patched. While many devices will have some level of protection, others will not, and over time, the proportion of vulnerable Windows 10 devices will grow, particularly where a move to Windows 11 is not an option. ®

SpaceX open sources Grok Build in same week company was found beaming users' repos to the cloud

Elon Musk has confirmed SpaceX has now open sourced the Grok Build CLI just days after researchers caught the AI tool scooping up users’ entire repositories and uploading them to company-controlled cloud storage. SpaceXAI’s data grab was first publicized on Sunday by Cereblab, who probed Grok Build traffic and found that repos were being packaged up as Git Bundles and beamed to Google Cloud storage. Concerning. The news gathered so much negative attention that Elon Musk felt compelled to issue a public statement alongside SpaceX, and its technical staff, promising to delete all data that Grok Build has ever stored and give users more choice over how their data is handled. SpaceX is the parent company of xAI, the corporate subdivision where X, the company once known as Twitter, and Grok, its AI division, both nest. As part of these promises, Musk also said SpaceX would open-source Grok Build to sow greater trust in the product, after the codebase was audited for security vulnerabilities. On Wednesday, that promise was fulfilled. You can see it all on GitHub right now. It’s a single commit, so you can’t see all the changes that have been made over time. There are no pull requests or git history. “We've open-sourced Grok Build and have reset usage limits for all users,” SpaceX said. “Open-sourcing Grok Build allows anyone to support making a reliable and robust harness. Check out our code, including the Git repo for the Grok Build CLI.” According to Simon Willison, creator of Datasette and co-creator of Django, the Grok Build codebase comprises 844,530 lines of Rust code, and while the code responsible for sending repos to the cloud remains, it appears altered to reverse the behavior. In a separate statement accompanying the open source announcement, SpaceX said it has always respected Zero Data Retention (ZDR), which was applied to enterprise customers by default, and acknowledged that data retention was enabled by default for everyone else, which has now been corrected. It said: “In response to user questions about privacy: Since launch, Grok Build has fully respected zero data retention (ZDR). All users have always had the ability to disable data upload in the CLI. “When data upload was disabled, this choice was respected. In the early beta, data retention was enabled by default for non-ZDR users. Based on your feedback, we changed this. We are now going further to protect privacy. “With all retained data deleted, retention default off, and an open-source harness, we are offering complete user privacy. You can also run Grok Build fully open-sourced and local-first with your own inference. “We disabled default retention for all Grok Build users starting on July 12th. Additionally, we are deleting all coding data that was previously retained, ensuring every user’s preferences are respected. With these steps, Grok Build goes beyond other major coding products to protect user privacy.” SpaceX also invited researchers to probe Grok Build for security issues and report them to its bug bounty program, which offers rewards ranging from $100-$20,000, depending on the severity. ®

AWS CloudFront outage serves errors instead of websites

Amazon Web Services (AWS) is experiencing another outage after a CloudFront issue began throwing 5xx errors, knocking a string of websites and online services offline across multiple regions. According to AWS, the issue began at 0145 PDT (0945 UTC) this morning and affects CloudFront customers using VPC Origins. This is a relatively new CloudFront feature that lets customers serve applications running behind private load balancers through CloudFront without exposing their back-end infrastructure to the public internet. The cloud giant said customers using other origin types are not impacted, and suggested that anyone who doesn't strictly need VPC Origins could switch origin types as a temporary workaround while engineers work on a fix. “We are experiencing increased 5xx errors for CloudFront customers utilizing VPC Origins connectivity,” the cloud giant said on its service status page. “Our engineers are engaged and are actively working to mitigate impact." At 03:18 PDT (118BST, 1018 UTC), it added: "We continue working to resolve the increased 5xx errors for CloudFront customers utilizing VPC Origins connectivity. Customers utilizing other origin types remain unaffected by this issue. "Based on our investigation, we believe the root cause is related to a packet processing subsystem responsible for routing requests from CloudFront's edge locations to resources within customer VPCs. We continue to recommend that customers who are able to do so temporarily change their origin type to resolve the errors." It promised another update in the next hour. Users trying to reach sites affected by the CloudFront issues are being met with an error page that reads: “We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website” Among the early casualties was the AI developer platform Hugging Face, which acknowledged that its service was unavailable "from most regions in the world" due to the AWS outage while it worked on mitigation. Meanwhile, the UK's National Lottery admitted in a post on X that players were unable to access its website and mobile app due to what it described as a wider AWS outage, advising hopeful millionaires to try refreshing later. Gamers weren't spared either. Reports quickly piled up on Reddit from Fallout 76 players wondering why Bethesda's post-apocalyptic wasteland had become more inaccessible than usual, while various other threads rapidly filled with reports from disgruntled AWS customers, all describing the same symptom: CloudFront distributions returning 5xx errors while other AWS services carried on as normal. AWS had not disclosed the cause of the borkage and didn’t immediately respond to The Register’s questions. While it said the outage was limited to one CloudFront configuration, the list of broken services made it look considerably less limited. ®

Found Photograph

Thomas Hawk posted a photo:

Found Photograph

I'm Coming Home

Thomas Hawk posted a photo:

I'm Coming Home

Stockholm, Sweden ストックホルム、スウェーデン

Mr Mikage (ミスター御影) posted a photo:

Stockholm, Sweden ストックホルム、スウェーデン

Mitama Festival, Kudanshita.

mikeleonardvisualarts posted a photo:

Mitama Festival, Kudanshita.

MetaFilter

The past 24 hours of MetaFilter

Bad news for Letterboxd users

I'm not even a subscriber, but I like Letterboxd. Bad news ahead.

De wetenschap achter de wedstrijdbal: moderne exemplaren zijn stijver, stabieler en rónder dan hun voorgangers. Maakt dat ze ook beter?

Elk wereldkampioenschap heeft zijn eigen bal, dit jaar de ‘Trionda’. Hoe groot zijn de verschillen? Welke veranderingen zijn functioneel, en welke vooral cosmetisch? Op zoek naar antwoorden, met hulp van een Britse voetbalrobot.