The badass bounty hunter and his little green friend take on the Empire and Jabba the Hutt’s family in this solid enough addition to the ever-expanding universe

Here is a non-canonical, or semi-canonical tale – maybe the distinction is beginning to blur – from the Star Wars universe, serving up some entertaining but very familiar Star Wars narrative tropes on a spectacular Imax scale. And if you thought it was possible to end a movie like this without a climactic aerial combat scene involving X-wing fighters, think again. It is developed from the Disney+ streaming TV series The Mandalorian and set in the timeframe just after Star Wars: Episode VI – Return of the Jedi, in which holdout warlords from the defeated Empire are plotting a return against the New Republic.

Pedro Pascal plays the Mandalorian, a badass freebooting bounty hunter not unlike Han Solo, only he has on his shoulder Grogu, his “ward”. (That quaint Victorian term is revived here for the first time since the days of Dick Grayson and Bruce Wayne.) Grogu is the Yoda-species infant with nascent telekinetic powers. As for the Mandalorian, he has a voice like Clint Eastwood’s man with no name, and in fact he’s the guy with no face; he hardly ever removes his helmet – apart from in one key scene – despite the fact that it must surely restrict his visual field. And he must surely remove it occasionally to eat and drink and trim his moustache. Body-double actors Lateef Crowder and Brendan Wayne variously play the helmeted Mandalorian striding around, giving director Jon Favreau and Pascal exceptional leeway with the filming and voice-recording schedule. The Mandalorian is a vivid symbol of the importance of genre IP over old-fashioned star presence and the obvious comparison with Dave Prowse body-doubling Darth Vader is disconcerting.

Continue reading...

A new UK scheme is encouraging venues to provide accommodation for touring acts. But what if someone hurls a TV through a window?

Touring has become increasingly financially precarious for grassroots artists, pinched by issues including the cost of living crisis and increasing fuel costs. But a growing number of UK music venues are attempting a simple but potentially transformative fix: giving bands somewhere to sleep.

This month, the Music Venue Trust charity announced a new wave of funding initiatives to rebuild infrastructure for touring musicians, including schemes focused on artist accommodation: unused spaces in venues could be converted into rooms for touring musicians, in an effort to cut costs and make smaller tours more viable. “Accommodation costs are limiting touring options and venues, especially in rural locations where there may not be lots of accommodation choices,” says Mark Davyd, the charity’s chief executive.

Continue reading...

The emergency caused by the Bundibugyo variant has revived fears shaped by conflict, mistrust and delayed detection, even as the WHO moves quickly

To be around the centre of an Ebola outbreak is to become used to the smell of chlorine. At hospitals and government buildings, surfaces are sprayed with it and hands washed in a 0.05% solution that can kill the virus in 60 seconds.

Infrared handheld thermometers take temperatures at airports and border crossings. Any indication of a fever prevents passage. Contact-tracing teams crisscross the countryside.

Continue reading...

Kijk. Zo kan het dus ook. De Adviesraad Migratie, die zijn eigen 25-jarige verjaardag wilde vieren in haathol Pakhuis de Zwijger, zoekt een nieuwe locatie voor dat feestje. Een locatie waar professor Ruud Koopmans wel welkom is. Dat is volkomen terecht, want als je een discussie wilt voeren over migratie en vervolgens iedereen rechts van Leo Lucassen tot ongewenste vreemdeling gaat verklaren, dan schiet het niet op met het maatschappelijke debat. De kritische Kamervragen van de PVV over de Adviesraad kunnen dus in de prullenbak, deze motie van JA21 Amsterdam wordt nu juist des te prangender: als Pakhuis de Zwijger zelfs niet meer geschikt is voor debatten van de Adviesraad Migratie, waarom moet het dan nog steeds met belastinggeld overeind gehouden worden?

Draadje van de professor

Social

Fixed it

An npm account compromise infected 314 npm packages with malware, including size-sensor, echarts-for-react, timeago.js, and packages scoped to @antv, in a 22-minute burst of activity in the early hours of Tuesday morning. The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million). The compromised account, i@hust.cc, belongs to a developer based in Hangzhou, China. Security researcher Nicholas Carlini reported the malware on GitHub, and the the hust.cc account closed the issues and marked them as "fixed" within an hour. This means the malware report on this and other repositories is hidden unless a developer looks for closed issues. Some malicious package versions have been deprecated on npm with the message "this version was published in error, please use the latest version instead," while others have been removed. Security biz SafeDep reported on the malware and analyzed the payload, which uses the same structure as that used to compromise SAP packages three weeks ago. The malware reads environment variables and scans files to find credentials for GitHub, npm, cloud platforms including AWS, Microsoft Azure, and Google Cloud, Docker, Stripe, and more. The code also attempts to escape container boundaries. Stolen secrets are exfiltrated to a new GitHub repository. The malware injects settings files into other local projects on a developer machine, for execution by Claude Code or Codex, and further abuses GitHub as a C2 (command-and-control) backdoor via malicious repositories and Python code that downloads and executes content from them. According to SafeDep, "the attacker automated the entire wave using a stolen token." Developers who have installed compromised package versions are advised to rotate all credentials accessible from the build environment, check for unauthorized GitHub repositories, and remove malicious systemd services on Linux. Maintainers and package publishers are at greatest risk as they may find further malicious packages published via their own credentials. This attack comes shortly after another Shai-Hulud incident reported yesterday, and more can be expected. Although other package repositories such as PyPI and RubyGems have also seen malware published to them, npm remains the biggest target and, for now, appears to be the worst affected. npm, owned by Microsoft subsidiary GitHub, has said little about the current wave. In September last year, a post outlining a plan for a more secure npm supply chain was intended to "address a surge in package registry attacks," during what now looks like the early phase of Shai-Hulud, but the actions taken so far have not prevented further incidents. The Register asked GitHub to comment.®

mikeleonardvisualarts has added a photo to the pool:

mikeleonardvisualarts posted a photo:

De politie en de FIOD hebben dinsdagochtend drie invallen gedaan in Bergschenhoek en Berkel en Rodenrijs. De invallen maken deel uit van een groter onderzoek van de politie Noord-Holland.