Blurblogs
Global
Popular
Log in
acdha's blurblog
Software developer at a big library, cyclist, photographer, hiker, reader. Email: chris@improbable.org
24042 stories
·
214 followers

USC bans pro-Palestinian valedictorian from speaking at graduation - Los Angeles Times
Tuesday April 16th, 2024 at 6:55 AM

1 Comment

Saying “tradition must give way to safety,” the University of Southern California on Monday made the unprecedented move of barring an undergraduate valedictorian who has come under fire for her pro-Palestinian views from giving a speech at its May graduation ceremony.

The move, according to USC officials, is the first time the university has banned a valedictorian from the traditional chance to speak onstage at the annual commencement ceremony, which typically draws more than 65,000 people to the Los Angeles campus.

In a campuswide letter, USC Provost Andrew T. Guzman cited unnamed threats that have poured in shortly after the university publicized the valedictorian’s name and biography this month. Guzman said attacks against the student for her pro-Palestinian views have reached an “alarming tenor” and “escalated to the point of creating substantial risks relating to security and disruption at commencement.”

“After careful consideration, we have decided that our student valedictorian will not deliver a speech at commencement. ... There is no free-speech entitlement to speak at a commencement. The issue here is how best to maintain campus security and safety, period,” Guzman wrote.

The student, whom the letter does not name, is biomedical engineering major Asna Tabassum. USC officials chose Tabassum from nearly 100 student applicants who had GPAs of 3.98 or higher.

But after USC President Carol Folt announced her selection, a swarm of on- and off-campus groups attacked Tabassum. They targeted her minor, resistance to genocide, as well as her pro-Palestinian views and “likes” expressed through her Instagram account.

We Are Tov, a group that uses the Hebrew word for “good” and describes itself as “dedicated to combating antisemitism,” posted Tabassum’s image on its Instagram account and said she “openly promotes antisemitic writings.” The group also criticized Tabassum for liking Instagram posts from “Trojans for Palestine.” Tabassum’s Instagram bio links to a landing page that says “learn about what’s happening in Palestine, and how to help.”

The campus group Trojans for Israel also posted on its Instagram account, calling for Folt’s “reconsideration” of Tabassum for what it described as her “antisemitic and anti-Zionist rhetoric.” The group said Tabassum’s Instagram bio linked to a page that called Zionism a “racist settler-colonial ideology.”

In a statement, Tabassum opposed the decision, saying USC has “abandoned” her.

“Although this should have been a time of celebration for my family, friends, professors, and classmates, anti-Muslim and anti-Palestinian voices have subjected me to a campaign of racist hatred because of my uncompromising belief in human rights for all,” said Tabassum, who is Muslim.

“This campaign to prevent me from addressing my peers at commencement has evidently accomplished its goal: today, USC administrators informed me that the university will no longer allow me to speak at commencement due to supposed security concerns,” she wrote.

“I am both shocked by this decision and profoundly disappointed that the university is succumbing to a campaign of hate meant to silence my voice. I am not surprised by those who attempt to propagate hatred. I am surprised that my own university—my home for four years—has abandoned me.”

In an interview, Guzman said the university has been “in close contact with the student” and would “provide her support.” He added that “we weren’t seeking her opinion” on the ban.

“This is a security decision,” he said. “This is not about the identity of the speaker, it’s not about the things the valedictorian has said in the past. We have to put as our top priority ensuring that the campus and community is safe.”

Another campus official who was part of the decision, Erroll Southers, said threats came in via email, phone calls and letters. Southers is USC’s associate senior vice president for safety and risk assurance.

Individuals “say they will come to campus as early as this week,” Southers said. He did not elaborate.

Pro-Palestinian groups, including the Los Angeles chapter of the Council on American-Islamic Relations, have called for USC to reinvite Tabassum to speak.

“USC cannot hide its cowardly decision behind a disingenuous concern for ‘security,’” CAIR-LA Executive Director Hussam Ayloush said in a statement.

In another statement, the USC Palestine Justice Faculty Group said it “unequivocally rejects” Tabassum being uninvited.

“The provost’s action is another example of USC’s egregious pattern of supporting anti-Palestinian and anti-Muslim racism,” the group said.

Times staff writers Jenna Peterson and Angie Orellana Hernandez contributed to this report.

Read the whole story
Share this story
Delete
1 public comment
acdha
49 minutes ago
reply
I’m sure all of the old people who were so concerned about freedom of speech on campus will be protesting this. Any minute now. Maybe they need time to finish writing their properly scathing NYT editorials first.
Washington, DC

How Do You Say ‘Danger’ in Sperm Whale Clicks? by Michaela Haas
Monday April 15th, 2024 at 10:25 PM

Reasons to be Cheerful
1 Comment and 2 Shares

This is part one of a two-part series. Read part two here.

Sperm whales don’t sing melodious, moaning whale songs like their humpback cousins. The biggest predator on the planet communicates in clicks, called codas. Some compare the sounds to popping popcorn or frying bacon in a pan. For CUNY biologist David Gruber, it resembles “morse code or techno music.” 

Gruber, the founding president of Project CETI, the Cetacean Translation Initiative, often listens for hours in his New York office to the sperm whale chats his team has recorded in the Eastern Caribbean.

Sperm whale birth seen from above in the Eastern Caribbean.
Project CETI records sperm whale codas around the Eastern Caribbean island of Dominica. Courtesy of Project CETI

CETI focuses on sperm whales for several reasons. One reason is that it can build on the audio recordings that whale biologist Shane Gero has already been collecting for 15 years with the Dominica Sperm Whale Project. Gero was able to show that sperm whale families have different dialects, much like British and American English. “Another reason is that the sperm whale has been vilified as a killer, Moby Dick as a leviathan,” Gruber says. “Meanwhile it could be one of the most intelligent, sophisticated communicators on the planet.”

While the humpback whales sing their soprano songs primarily for mating, sperm whales are communicating to socialize and exchange information. CETI has already discovered that the communication patterns are complex. “Their codas are clicks, they are like ones and zeros, which is very good for cryptographers,” Gruber explains. “The combination of advanced machine learning and bioacoustics is slated to be the next microscope or telescope in terms of our ability to really listen more deeply and understand life at a new level.”

CETI’s team operates a giant whale-recording platform from a 40-foot sailboat off the coast of Dominica, a volcanic island in the Caribbean with a stable sperm whale population. Both by tagging the whales and installing whale listening stations with microphones dangling deep down into the ocean on floating buoys, CETI is recording several terabytes of data every month. The scientists are creating a three-dimensional interactive map of the whales within a 20-kilometer radius, combining sounds with data such as the whales’ heart rates. 

The post How Do You Say ‘Danger’ in Sperm Whale Clicks? appeared first on Reasons to be Cheerful.

Read the whole story
Share this story
Delete
1 public comment
cjheinz
3 days ago
reply
Wow, whale speech!

Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects – Open Source Security Foundation
Monday April 15th, 2024 at 9:21 PM

Open Source Security Foundation
1 Share

By Robin Bender Ginn, Executive Director, OpenJS Foundation; and Omkhar Arasaratnam, General Manager, Open Source Security Foundation

The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation, home to JavaScript projects used by billions of websites worldwide. The Open Source Security (OpenSSF) and OpenJS Foundations are calling all open source maintainers to be alert for social engineering takeover attempts, to recognize the early threat patterns emerging, and to take steps to protect their open source projects.

Failed Credible Takeover Attempt

The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.  

None of these individuals have been given privileged access to the OpenJS-hosted project. The project has security policies in place, including those outlined by the Foundation’s security working group.

The OpenJS team also recognized a similar suspicious pattern in two other popular JavaScript projects not hosted by its Foundation, and immediately flagged the potential security concerns to respective OpenJS leaders, and the Cybersecurity and Infrastructure Security Agency (CISA) within the United States Department of Homeland Security (DHS).

Open source projects always welcome contributions from anyone, anywhere, yet granting someone administrative access to the source code as a maintainer requires a higher level of earned trust, and it is not given away as a “quick fix” to any problem.

Together with the Linux Foundation, we want to raise awareness of this ongoing threat to all open source maintainers, and offer practical guidance and resources from our broad community of experts in security and open source.

Suspicious patterns in social engineering takeovers:

  • Friendly yet aggressive and persistent pursuit of maintainer or their hosted entity (foundation or company) by relatively unknown members of the community.
  • Request to be elevated to maintainer status by new or unknown persons.
  • Endorsement coming from other unknown members of the community who may also be using false identities, also known as “sock puppets.”
  • PRs containing blobs as artifacts.
    • For example, the XZ backdoor was a cleverly crafted file as part of the test suite that wasn’t human readable, as opposed to source code.
  • Intentionally obfuscated or difficult to understand source code.
  • Gradually escalating security issues.
    • For example, the XZ issue started off with a relatively innocuous replacement of safe_fprintf() with fprintf() to see who would notice.
  • Deviation from typical project compile, build, and deployment practices that could allow the insertion of external malicious payloads into blobs, zips, or other binary artifacts.
  • A false sense of urgency, especially if the implied urgency forces a maintainer to reduce the thoroughness of a review or bypass a control.

These social engineering attacks are exploiting the sense of duty that maintainers have with their project and community in order to manipulate them. Pay attention to how interactions make you feel. Interactions that create self-doubt, feelings of inadequacy, of not doing enough for the project, etc. might be part of a social engineering attack.

Social engineering attacks like the ones we have witnessed with XZ/liblzma were successfully averted by the OpenJS community. These types of attacks are difficult to detect or protect against programmatically as they prey on a violation of trust through social engineering. In the short term, clearly and transparently sharing suspicious activity like those we mentioned above will help other communities stay vigilant. Ensuring our maintainers are well supported is the primary deterrent we have against these social engineering attacks.

Steps to help secure your open source project:

In addition to these recommendations, there are a number of security best practices that can improve the security properties of our projects. While these recommendations will not thwart a persistent social engineering attack, they may help improve your overall security posture of your project. 

  • Consider following industry-standard security best practices such as OpenSSF Guides.
  • Use strong authentication.
    • Enable two-factor authentication (2FA) or Multifactor Authentication (MFA). 
    • Use a secure password manager.
    • Preserve your recovery codes in a safe, preferably offline place.  
    • Do not reuse credentials/passwords across different services.
  • Have a security policy including a “coordinated disclosure” process for reports.
  • Use best practices for merging new code.
    • Enable branch protections and signed commits. 
    • If possible, have a second developer conduct code reviews before merging, even when the PR comes from a maintainer.
    • Enforce readability requirements to ensure new PRs are not obfuscated, and use of opaque binaries is minimized. 
    • Limit who has npm publish rights.
    • Know your committers and maintainers, and do a periodic review. Have you seen them in your working group meetings or met them at events, for example?
  • If you run an open source package repository, consider adopting Principles for Package Repository Security.
  • Review “Avoiding social engineering and phishing attacks” from CISA and/or “What is ‘Social Engineering’” from ENISA.

Steps for industry and government to help secure critical open source infrastructure:

The pressure to sustain a stable and secure open source project creates pressure on maintainers. For example, many projects in the JavaScript ecosystem are maintained by small teams or single developers who are overwhelmed by commercial companies who depend on these community-led projects yet contribute very little back.

To solve a problem of this scale, we need vast resources and public/private international coordination. There is already great work underway by the following organizations:

Open source foundations:

The Linux Foundation family of foundations and other similar organizations like ours can help provide a safety net for open source projects. Maintainers often lack the time, people and expertise in areas such as security. Neutral foundations help support the business, marketing, legal and operations behind hundreds of open source projects that so many rely upon. Our goal is to remove any friction outside of coding to support our maintainers and help their projects grow. As vendor-neutral nonprofits, we are uniquely positioned to offer expertise garnered from multiple stakeholders represented in our organizations.

On security, our open source foundations have found that an effective best approach is to provide technical assistance and direct support to open source projects. 

Alpha-Omega is an associated project of the OpenSSF, funded by Microsoft, Google, and Amazon, funds critical projects and ecosystems. The project aims to build a world where critical open source projects are secure and where security vulnerabilities are found and fixed quickly.  The OpenJS Foundation has experienced how funding developers for security has had a proven impact through Alpha-Omega investments in Node.js and jQuery.

Sovereign Tech Fund:  

The Sovereign Tech Fund, financed by the German Federal Ministry for Economic Affairs and Climate Action, is providing the OpenJS Foundation and more open source organizations significant funding to strengthen infrastructure and security. 

They have built a model with detailed reporting and accountability of resources, yet at the same time, have technical expertise on staff to customize security proposals for the variety of open source projects they fund.

It’s encouraging to see the German government taking this initiative to improve the lives of citizens by investing in critical open source infrastructure through the Sovereign Tech Fund. 

We are advocating for more global public investment in initiatives like the Sovereign Tech Fund to invest in open source global that society depends on, complimentary to private funding. We recommend that public institutions learn from, adapt and coordinate with Germany’s Sovereign Tech Fund to support our interconnected open source projects and shared digital economies.

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects, as well as collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is made up of 35 open source JavaScript projects including Appium, Electron, Jest, jQuery, Node.js, and webpack and is supported by corporate and end-user members, including GoDaddy, Google, HeroDevs, IBM, Joyent, Microsoft, and the Sovereign Tech Fund. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value.

About the OpenSSF

The Open Source Security Foundation (OpenSSF) is a cross-industry initiative by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at <a href="http://openssf.org" rel="nofollow">openssf.org</a>.

About the Authors

Robin Bender Ginn is the Executive Director of the OpenJS Foundation, the neutral home to drive broad adoption and ongoing development of key JavaScript and web technologies. She also serves on the leadership team at the Linux Foundation. Robin has led major initiatives advancing open source technologies, community development, and open standards. Previously, Robin spent more than 10 years at Microsoft where she was at the forefront of the company’s shift to openness.

Omkhar Arasaratnam is the General Manager of the Open Source Security Foundation (OpenSSF). He is a veteran cybersecurity and technical risk management executive with more than 25 years of experience leading global organizations. Omkhar began his career as a strong supporter of open source software as a PPC64 maintainer for Gentoo and contributor to the Linux kernel, and that enthusiasm for OSS continues today. Before joining the OpenSSF, he led security and engineering organizations at financial and technology institutions, such as Google, JPMorgan Chase, Credit Suisse, Deutsche Bank, TD Bank Group, and IBM. As a seasoned technology leader, he has revolutionized the effectiveness of secure software engineering, compliance, and cybersecurity controls. He is also an accomplished author and has led contributions to many international standards. Omkhar is also a NYU Cyber Fellow Advisory Council member and a Senior Fellow with the NYU Center for Cybersecurity where he guest lectures Applied Cryptography.

Read the whole story
Share this story
Delete

Right-Wing Media Are in Trouble - The Atlantic
Monday April 15th, 2024 at 9:06 PM

The Atlantic
2 Shares
Read the whole story
Share this story
Delete

Trump Appears to Fall Asleep in Courtroom Ahead of Criminal Trial
Monday April 15th, 2024 at 4:35 PM

1 Share
Read the whole story
Share this story
Delete

Reducing CO₂ emissions by 20% with only a 2% economic loss
Monday April 15th, 2024 at 3:37 PM

1 Share

by Complexity Science Hub

A "rapid and far-reaching change" is necessary to prevent catastrophic climate change, according to the Intergovernmental Panel on Climate Change (IPCC). "However, the transformation of the economy towards climate neutrality always involves a certain amount of economic stress—some industries and jobs disappear while others are created," explains Johannes Stangl from the Complexity Science Hub (CSH). When it comes to climate policy measures, how can economic damage be minimized?

A CSH team has developed a new method to help solve this problem. "To understand how climate policy measures will affect a country's economy, it's not sufficient to have data on carbon dioxide emissions. We must also understand the role that companies play in the economy," says Stangl, one of the co-authors of the study published in Nature Sustainability.

CO2 emissions reduced by 20%

The researchers used a data set from Hungary that includes almost 250,000 companies and over one million supplier relationships, virtually representing the entire Hungarian economy. They examined what a country's entire economy would look like if certain companies were forced to cease production in various scenarios—all aimed at reducing greenhouse gas emissions by 20%.

"In the first scenario, we looked at what would happen if only CO2 emissions were taken into account," explains Stefan Thurner from the CSH. In order to reduce greenhouse gas emissions by 20%, the country's seven largest emitters would have to cease operations.

"In the meantime, however, around 29% of jobs and 32% of the country's economic output would be lost. The idea is completely unrealistic; no politician would ever attempt such a thing," says Thurner.

Furthermore, when greenhouse gas emissions and the size of the companies are considered, serious economic consequences result.

A two-factor approach

"Two factors are crucial—the CO2 emissions of a company, as well as what systemic risks are associated with it, i.e. what role the company plays in the supply network," explains Stangl. CSH researchers developed the Economic Systemic Risk Index (ESRI) in an earlier study. It estimates the economic loss that would result if a company ceased production.

Taking these two factors into account—a company's greenhouse gas emissions and its risk index for the country's economy—the researchers calculated a new ranking of companies with large emissions relative to their economic impact.

According to the new ranking, a 20% reduction in CO2 emissions would require the top 23 companies on the list to cease operations. This, however, would only result in a loss of 2% of jobs and 2% of economic output.

At the company level

"In reality, companies would naturally try to find new suppliers and customers. We want to take this aspect into account in a further developed version of our model in order to obtain an even more comprehensive picture of the green transformation. However, our study clearly shows that we need to take the supply network at the company level into account if we want to evaluate what a particular climate policy will achieve," say the authors of the study. This is the only way to assess which companies will be affected by a particular measure and how this will affect their trading partners, according to them.

The availability of company-level data has been largely lacking in Austria. The risk assessment is normally done at the sector level, for example, how severely a measure affects the entire automotive or tourism industry.

"This puts us at a disadvantage compared to other countries such as Hungary, Spain or Belgium, where detailed data is available at company level. In these countries, VAT is not recorded cumulatively, but in a standardized way for all business-to-business transactions, which means that extensive information is available on the country's supply network," explains Thurner.

More information: Firm-level supply chains to minimize decarbonization unemployment and economic losses, Nature Sustainability (2024). DOI: 10.1038/s41893-024-01321-x

Journal information: Nature Sustainability

Provided by Complexity Science Hub

Citation: Reducing CO₂ emissions by 20% with only a 2% economic loss (2024, April 15) retrieved 15 April 2024 from <a href="https://phys.org/news/2024-04-emissions-economic-loss.html" rel="nofollow">https://phys.org/news/2024-04-emissions-economic-loss.html</a>
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.
Read the whole story
Share this story
Delete
Next Page of Stories