B.C. Conservative leader John Rustad faces criticism from several sides amid review


Trump to send 12 more tariff letters today, says White House, with more to follow this week


Donald Trump will send foreign leaders more letters notifying them of new tariffs in the days to come, said Karoline Leavitt.

“There will be additional letters in the coming days,” the White House press secretary said, in addition to the 12 he plans to send today and the two already made public, which were to South Korea and Japan’s leaders,

As for why Trump decided to start with the two Asian allies, Leavitt said:

It’s the president’s prerogative and those are the countries he chose.

Exclusive: Proposal outlines large-scale 'Humanitarian Transit Areas' for Palestinians in Gaza


July 7 (Reuters) - A proposal seen by Reuters and bearing the name of a controversial U.S.-backed aid group described a plan to build large-scale camps called “Humanitarian Transit Areas” inside - and possibly outside - Gaza to house the Palestinian population, outlining a vision of "replacing Hamas' control over the population in Gaza."

The $2 billion plan, created sometime after February 11 and carrying the name of the U.S.-backed Gaza Humanitarian Foundation, or GHF, was submitted to the Trump administration, according to two sources, one of whom said it was recently discussed in the White House.

https://www.reuters.com/world/middle-east/us-backed-aid-group-proposed-human-transit-areas-palestinians-gaza-2025-07-07/

Cabinet ministers told to find ‘ambitious’ savings by end of summer


Federal cabinet ministers are being asked to find ... ways to reduce program spending by 7.5 per cent in the fiscal year that begins April 1, 2026, followed by 10 per cent in savings the next year and 15 per cent in the 2028-29 fiscal year.


I'm getting 90s vibes. Government cutbacks, threats of separation, climate change. It's all here.

But there's a modern twist: we're talking about 3C change in 2100, there's a housing crisis, our media landscape is dominated by tech bros, and the US is lost in the culture wars.

archive

in reply to sbv

“You will be expected to bring forward ambitious savings proposals to spend less on the day-to-day running of government, and invest more in building a strong, united Canadian economy,” Mr. Champagne wrote in one of the letters.


So cuts to the public service and services to fund loans/giveaways to the private sector.

“Through this ambitious review each minister should examine the programs and activities in their portfolio to determine which are: meeting their objectives, are core to the federal mandate, and complement versus duplicate what is offered elsewhere by the federal government or by other levels of government,” it states.


Anyone who has been through a round of layoffs recognizes this language. All it's missing is a need to find "efficiencies". Carney is looking less and less like the genius economy understander I was told he was and more and more like a bog standard orthodox Friedmanite.

This entry was edited (3 days ago)
in reply to sbv

The annoying thing is that for a lot of his voters it seems like his decisions have been surprising. I'm seeing a lot of, "trust the plan," sort of comments elsewhere like this is all leading to some bait-and-switch social democratic turn. I think the Liberal campaign didn't focus on his fiscal orthodoxy and a lot of people just projected whatever they wanted him to be onto him.
in reply to Tlaloc_Temporal

I liked Jagmeet, and the NDP platform (well what i understood of it), if i wasn't worried that PP would get in they would have gotten my vote. I did feel that he didn't stand a chance of getting in.

I did read Carney's book (values), i found it extremely difficult to read, and said a lot without saying anything. I don't think he would get my vote if not for PP.

I'd like to see a rule that any politician voted in must work in an aid camp in a warzone to be elegable for office. Or maybe spend a year as an average citizen in their country.

in reply to karlhungus

Jagmeet was a nice enough person, but his communication never seemed to be about making changes, only criticising the other parties. It's possible I missed the more constructive messages, but the constant tearing down in political messaging is why I don't ingest much of it. NDP would also be my choice (outside of a spoiler situation), but the default answer isn't very inspiring.

FPTP isn't the only fucked up voting issue we have though, as the vote for leader also affected so many local representatives, and I thing that's where the NDP is currently strongest. Losing local reps is a sad price for opposing a national lunatic.

I've thoughs about similar restrictions to bring high-level politicians down to Earth. Hard limits to effective income from all sources of perhaps 2.5x minimum wage. Six months of consecutive retail or food service work.

Jack Dorsey just Announced Bitchat(A secure, decentralized, peer-to-peer messaging app for iOS and macOS that works over Bluetooth mesh networks) Licensed Under Public Domain.


This entry was edited (3 days ago)

Turning every word of Ulysses into a clickable link. What topics would you recommend us to cover?


We’re turning every word of James Joyce’s Ulysses into a clickable link.
Some links reflect the current state of the world, some capture modern culture, others are just playfully weird or totally random. Together, they create a living portrait of the Web, word by word. See them here.
What topics do you think we should cover as we pick new links for this project?
in reply to KoboldCoterie

You're absolutely right: the links are not related to the words, that's the point: a total surprise.
20 links, we've just started this chapter (Chapter I (2)), therefore we're asking for your advice 😀

We've started another chapter earlier (Chapter I (1)), where everyone can add links, to any word. Feel free to add yours (or someone else's). Ulysses has 265,222 words. When we fill them all, it will become the world's largest portrait of the Web.

"Duplicate link" - we've doublechecked, haven't found any. Can you pinpoint it for us? I would be thankful 😀

Transport committee will study BC Ferries’ Chinese ship contract


GNOME 49 Alpha Released With X11 Support Disabled By Default, Many New Features


Canon PIXMA G550 Linux compatibility?


I'm in the process of getting a new printer and since I recently (December 2024) switched to Linux it would be nice if it would be Linux compatible. So far I've decided on the Canon PIXMA G550 printer but I can't find anything about it's compatibility so I figured I would just ask here in the hopes someone might have the same printer or knows someone who has the same printer and can tell me if this printer works with Linux. If all else fails I could still use the printer with my tablet or phone using Canons app but using it with my desktop would be much more comfortable.
in reply to dblsaiko

I think network printer made by big manufacturer recent years should be fine with IPP driverless. They found Printer Working Group of IEEE, this organization maintains IPP standard and IPP Everywhere™ Certification. AirPrint can be treated as Apple version of IPP Everywhere, the difference between them is AirPrint requires Apple Raster but IPP Everywhere requires PWG Raster (and JPEG JFIF file format if color printer).

pwg.org/ipp/everywhere.html

Why is it so hard to get real Pay-As-You-Go mobile plans in Canada?


Just wanted to share some frustrations and open this up for discussion.

Unlike in Europe or parts of Asia, Canada has virtually no true pay-as-you-go (PAYG) mobile plans. Most so-called “prepaid” or “PAYG” options here are just monthly bundles with expiry dates — not actual usage-based billing. You’re often paying $15–30/month whether you use 100 MB or not at all.

To make things worse:

  • The minimum postpaid plan is now often 60 GB or more — which is total overkill for average users who don’t stream or game constantly.
  • Vacation suspensions are restricted or unavailable unless you upgrade to expensive plans and limited to a minimum of 30 days.
  • Text-to-911 is still not available to the general public, only for those registered as Deaf or hard of hearing — despite many emergency scenarios (hostage, abuse, low signal) where calling isn't possible.
  • CRTC and CCTS don’t help. The CRTC says they can’t intervene in pricing or service terms, and the CCTS (per Section 4.3) won’t challenge carrier policies themselves.

Please note that I’m not asking for charity or free service — just fairer options that reflect actual usage, more flexible policies, and access to emergency support.

Has anyone here had better experiences with MVNOs or alternatives? And why do we seem so far behind compared to other countries?

This entry was edited (3 days ago)
in reply to Diyan Hu

Canadians are way too used to getting shafted.

I currently pay monthly but if I had to get a PAYG plan, I'd go with something like Saily: saily.com/esim-canada/

Or one of those other eSim companies. However, I'm not sure if it's just data or if it'll give you a number. Typically with PAYG I'm happy with just data, but I know it doesn't work for everyone. The cost is pretty wild though, I'm in London UK right now and I got a 200GB PAYG SIM for the same price as the 20GB SIM on Saily.


Freedom's Prepaid looks alright-ish?

shop.freedommobile.ca/en-CA/pr…

This entry was edited (1 day ago)

Does anyone have any experience with sending raw HID commands on Linux? Trying to make a project work


I've currently been messing around trying to make the Switch 2 Pro Controller work on Linux using the raw HID commands from this website, to potentially build into a driver as a bit of a project to get better at C. However, seemingly nothing I use can send any commands properly, or at least in a way that makes the controller work. I've tried both echo, sending bytes to the /dev/hidraw6 device (that device at least on my system, may vary on others), as well as hidapitester (a wrapper for hidapi). I know the device works, as a WebUSB tool that uses the same commands makes the controller work on this system. Is anyone more familiar with this, and can point me in the right direction? I'm on Fedora Linux 42 if that info helps.
in reply to heythatsprettygood

You might want to try this matrix channel:

matrix.to/#/#simracing:matrix.…

It's a channel for sim racing, but there are pretty knowledgeable people around that can get all sorts of obscure peripherals working on Linux.

‘No warning at all’: Texas flood survivors question safety planning and officials’ response


People who lost everything describe leaving homes and express anger at poor preparedness and officials who seemed to shirk responsibility

As Texas marshals a formidable response to the flash floods that have already killed dozens, questions are now being posed about warnings that were given on Thursday and early Friday about the severity of the approaching storm and the co-ordination between local officials and the National Weather Service.

New flood alerts were issued for Texas “hill country” on Sunday, prompting rescue services to suspend the search for missing people, including at least 11 from Camp Mystic, the summer camp on the banks of the Guadalupe River hard hit by Friday’s flash flood.

At an early evening press briefing, Kerr county authorities said they were suspending the search and evacuating first responders from the river valley. They confirmed that 68 had died there, including 28 children. Not all have been identified, with officials still examining the bodies of 18 adults and 10 children.

Black screen on wake from suspend on game mode


Hi all, I have tried everything, and now I am coming here for help. Hopefully someone can tell me what's happening here.
So, I have this older pc that I have converted into a steam console, first with Bazzite and now with Chimera OS. Both work very nicely, but the one issue that persisted on both distros is that when I put the pc to sleep from game mode (press xbox button>power>sleep) then wake it up, the screen is not receiving a signal, it not even a black screen, just no signal. I would have to force reboot it to be able to get in. Nothing works. I can't even get into a tty screen or do anything. It is connected to a samsung tv 65mu8000 via HDMI cable. I have UHD color input enabled for that input, just to give more details.

I have tried disabling the wake up animation like some folks suggested and that didn't do anything. I have tried disabling the display core like some other searches suggested by putting amdgpu.dc=0 in modprob.d in its own file. I have tried blocking the intel iGPU, even though this CPU doesn't have one. Nothing works.
It has an intel core i7 5930k and an AMD RX 6600.
I would appreciate any help or suggestions
Thank you

Black screen on wake from suspend on game mode


Hi all, I have tried everything, and now I am coming here for help. Hopefully someone can tell me what's happening here.
So, I have this older pc that I have converted into a steam console, first with Bazzite and now with Chimera OS. Both work very nicely, but the one issue that persisted on both distros is that when I put the pc to sleep from game mode (press xbox button>power>sleep) then wake it up, the screen is not receiving a signal, it not even a black screen, just no signal. I would have to force reboot it to be able to get in. Nothing works. I can't even get into a tty screen or do anything. It is connected to a samsung tv 65mu8000 via HDMI cable. I have UHD color input enabled for that input, just to give more details.

I have tried disabling the wake up animation like some folks suggested and that didn't do anything. I have tried disabling the display core like some other searches suggested by putting amdgpu.dc=0 in modprob.d in its own file. I have tried blocking the intel iGPU, even though this CPU doesn't have one. Nothing works.
It has an intel core i7 5930k and an AMD RX 6600.
I would appreciate any help or suggestions
Thank you

in reply to DonutsRMeh

I've had the similar problems with bazzite in desktop mode coming back from sleep or screen off, first with Nvidia, then solved by switching to an AMD graphics card, but now it happens there too. I have two workarounds.

1) Try Ctrl+Alt+F1and Ctrl+Alt+F3. You should be able to switch to console then back to desktop/login screen.

2) In KDE Plasma, there's a way to map wake screen to a keyboard button. That worked for me until I reinstalled the OS and never bothered.

I think this is a Plasma or SSDM issue but idk how to report it properly.

Any ideas would be appreciated

in reply to DonutsRMeh

You think it's the screen/hdmi at fault, but it might not be. I've had the problem with two laptops in the past (the bug was with all distros I tried), and in one case it was a BIOS that Linux didn't like, and the second one was the internal wifi that its linux driver was buggy. For the first laptop there was nothing to be done, so I disabled sleep completely in the bios, while for the second one, I disabled the wifi modules in the kernel's blacklist, and then used a usb wifi that I knew it worked better. Both cases were appearing as a dead screen, but it wasn't the screen/hdmi/gfx card to blame. In yet another case, with a thinkpad laptop, the wake up was working, but it would wake up 30 seconds later than anticipated. In that case, it was the fact that its thunderbolt was dead (hardware had gone bad), and only when I disabled it in the bios completely the laptop would wake up correctly and fast.

In all those cases, I had to look at the kernel logs to see what was the issue. There were traces of the problem of which hardware exactly was creating the problem. It might look like a screen/hdmi problem, but most of the times, it's not.

Omarchy - an opinionated Hyprland + Arch setup | built by DHH


David Heinemeier Hansson, the creator of Ruby on Rails, has tailored together his take on Hyprland combined with Arch. It looks quite neat and promising and looks like a nice entry point for those who don't want to configure hyprland themselves. DHH describes Omarchy as:

Turn a fresh Arch installation into a fully-configured, beautiful, and modern web development system based on Hyprland by running a single command. That's the one-line pitch for Omarchy (like it was for Omakub). No need to write bespoke configs for every essential tool just to get started or to be up on all the latest command-line tools. Omarchy is an opinionated take on what Linux can be at its best.


Omarchy comes in different themes, and by the looks of it this are hotswappable on the go by using the keybinds: Super + Ctrl + Shift + Space.

::: spoiler Theme Showcase
1
:::

Website: omarchy.org/
Documantation/Manual: manuals.omamix.org/2/the-omarc…
Github: github.com/basecamp/omarchy
YT video showcase: youtu.be/I5Mnni7cea8
Invidious video showcase: invidious.reallyaweso.me/watch…

Omarchy - an opinionated Hyprland + Arch setup | built by DHH


David Heinemeier Hansson, the creator of Ruby on Rails, has tailored together his take on Hyprland combined with Arch. It looks quite neat and promising and looks like a nice entry point for those who don't want to configure hyprland themselves. DHH describes Omarchy as:

Turn a fresh Arch installation into a fully-configured, beautiful, and modern web development system based on Hyprland by running a single command. That's the one-line pitch for Omarchy (like it was for Omakub). No need to write bespoke configs for every essential tool just to get started or to be up on all the latest command-line tools. Omarchy is an opinionated take on what Linux can be at its best.


Omarchy comes in different themes, and by the looks of it this are hotswappable on the go by using the keybinds: Super + Ctrl + Shift + Space.

::: spoiler Theme Showcase
1

2

3

4

5

6
:::

This entry was edited (3 days ago)
in reply to phantomwise

Was just about to suggest it might be PDA. I have a bit of that and it is rather annoying. Some techniques ive used go combat this:

  • challenge yourself. Or someone else challenge you to do a thing. "I bet you can't do x."
  • give yourself a couple choices that lead to the same result and then just lick one. This one can be tough if im feeling indecisive.

Neither are perfect but they do help sometimes.

This entry was edited (3 days ago)
in reply to zmrl

Nice suggestions, thanks!

Challenges usually get the opposite reaction than demands for me, I can't even count all the stuff I've done because of it. Maybe self (not-)imposed challenges would work? I'll need to give it a try. Though challenges also have their problems, like picking the most stupid or pointless ideas because I was advised not to do it. I think there's a correlation between how stupid and pointless an idea is and how quickly my brain latches onto in 😅

The ‘China threat’ as ‘basis’ for Ontario’s attack on democratic rights — The Canada Files


in reply to Avatar of Vengeance

“Ontario and Canada have critical minerals in abundance and America needs them. At a time when China is winning the race to dominate these resources while also restricting the sale and shipment of critical minerals to the U.S., Canada and Ontario need to urgently get our critical minerals out of the ground, processed and shipped to the factory floors that are building for the future.”


US, afaik, has tariffs on Canadian critical materials, while it makes deals with China to ensure the access it needs, and while it destroys commercial supply of new energy within US, to make sure it needs as little as possible. Banning "CCP" energy is a basis for lies for banning Chinese solar that don't have CCP ties, and even if they did, it's a fucking solar panel.

If bill C5 was used as a carrot to come into effect after the US makes an acceptable trade deal, which means elimination of all tariffs imposed this year, then this would be a somewhat acceptable act of sycophancy. Without "normalized US trade relations", it is extreme oppressive enslavement of Ontarians/Canadians.

An economic future for any nation with critical minerals is to develop them. Forcing colonial slavery of a single buyer who is currently committed against the future, while excluding buyers driving the future, is pure treason, and economic/social/climate terrorism on its own people/businesses.

Canada needs to cut all military ties with US. Stop seeking alliances where political capital is all in on war on Russia and China and Iran. US empire is collapsing, but it can buy a few years by exploiting its colonies harder. It is categorically unacceptable for our rulers to assist US destruction of our colony.

What happened to Ontario saving its auto sector? Japan/SK/US companies that cut investments/factories should have their phone/electronics brands tariffed. Huawei 5g, and datacenters/AI should be welcome. DST definitely threatened to be reimposed. High fees for access to NORAD. If Ford, is happy to destroy Auto manufacturing, then Australian prosperity has done well with better value cars and Chinese trade as a better economic model.

Fortress Can-Am has a pathethic political appeal, ONLY IF, there exists someone from the Am side that is enthusiastic about it.

This entry was edited (3 days ago)

If americans come to germany and act like german public Transport is the best, how frickin bad is american public Transport?


Genuine Question. Even if I look at hungarian Transport, and they to this day use trains from the UdSSR, they come more consistantly then the DB.

They are really Bad sometimes, with like 20 seperate prices: Theres the bayernwald ticket that only works in the alps, then theres the official ticket to the destination. Theres a special offer, but only in the very special APP. You can use a d-ticket, but look! Some random ass slum in the middle of the worlds ass dosent accept that, but it does the MVV zone Tickets. But then you need the MVV zone 11-M, a ticket to the beginning to the Nürnberg zones, and a ticket for the Nürnberg zones.

And yet this shit is better than americas rails? How?

This entry was edited (4 days ago)
in reply to Luffy

When I was in Australia, a bunch of people asked me about the public transport here and all of them were baffled when I told them how shit it was...

I have no idea why this perception that everything must be perfect in Germany or Europe came from but it is sooo outdated.

Speaking of tickets; in NSW you just tap your Opal card when entering/leaving train stations. It makes so much more sense and is so much easier.

This entry was edited (3 days ago)

Danielle Smith, Queen of Measles


It’s official: Premier Danielle Smith can now call herself Queen of Measles.

And not just in Alberta. Try North America.

That’s right. Alberta now leads the continent in a preventable childhood disease that leaves at least two of every 1,000 infections with severe intellectual disabilities, pneumonia or hearing loss. Or dead.

Stunningly, Alberta has already recorded nearly half a dozen cases of measles present at birth in the province.

And every measles infection leaves a child with a disabled immune system, stripped of memory about how to fight other routine infections. As a result, any unvaccinated child who battles measles will probably be sicklier, possibly for years afterwards. Brazilian researchers recently found a high correlation between having measles and later dying of another infectious disease.

https://thetyee.ca/Analysis/2025/07/07/Danielle-Smith-Queen-Measles/

Bribe Offers and Conflicts of Interest: Vancouver’s Building Inspector Scandal


For a decade, Vancouver city managers knew an employee in the building inspection department was part owner of a private company that did work frequently checked by city inspectors.

That employee and the city staff he managed often inspected the company’s work, and a conflict-of-interest investigation found the employee, “in their capacity as a city inspector, personally made decisions about the private sector business they owned in four instances.” None of those decisions were “unfavourable” to the business, the report said.

The employee also said he’d been offered, but refused, a bribe from another contractor. An analysis by the city’s Office of the Auditor General, or OAG, found the contractor had appeared to receive preferential treatment from the employee.

https://thetyee.ca/News/2025/07/07/Vancouver-Building-Inspector-Scandal/

Human trafficking case ends on 'significant disclosure issue,' Hamilton Crown drops charges


On the day a month-long trial for a man accused of "significant" human trafficking was set to begin, the Crown's case fell apart over a technicality.

Christian Vitela, 37, and his defence lawyer had not received all disclosure or evidence related to the case in the years leading up to the criminal trial, assistant Crown attorney Heather Palin said on April 23.

Vitela hadn't accessed all phone records of the migrant workers he was charged with trafficking — the phones had been seized by the RCMP and were "typically core disclosure in human trafficking prosecutions," said Vitela's lawyer, Tobias Okada-Phillips.

The RCMP, which initially laid nine human trafficking charges against Vitela in 2019, have a different version of events. It includes that they notified Vitela on several occasions that the information was available, and set up a room and computer for him to view the materials, but he never showed up.

What’s the ideal ripeness for plantain chips?


I’ve been making plantain chips for a bit, and I’m always dissatisfied with them. If my plantains are too ripe, the chips can’t crunch up. Not ripe enough and they lack the slight sweetness I love.

I decided to grab the greenest ones at the market to slowly ripen them at home, but even that’s a bit wonky, as they tend to ripen on top but not the bottom, which leaves me with something peculiar and delicious, but certainly not what I’m looking for.

So, how do you consistently get plantains in the Goldilocks zone?

Charles Rice, Nobel Prize winner in Medicine: ‘It’s a crime that a drug exists that could cure everyone yet not everybody has access to it’


Intel Wildcat Lake HID Support & Dell + ASUS Additions Ahead Of Linux 6.16-rc5


just_another_person doesn't like this.

Vulnerability Report - June 2025


Introduction


This vulnerability report has been generated using data aggregated on
Vulnerability-Lookup,
with contributions from the platform’s community.

It highlights the most frequently mentioned vulnerability for June 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, and more. For further details, please visit this page.

The final section focuses on exploitations observed through The Shadowserver Foundation's honeypot network.

The Month at a Glance


The June 2025 report highlights a mix of long-standing and newly identified high-risk vulnerabilities. Notably, Citrix discloses a critical NetScaler ADC/Gateway flaw (CVE-2025-5777), dubbed “CitrixBleed 2,” which can expose session tokens and bypass multi-factor authentication — echoing last year’s infamous CitrixBleed. Other urgent issues include a PayU India WordPress plugin vulnerability (CVE-2025-31022) that allows full account takeover across thousands of sites, and a Python “tarfile” library bug (CVE-2025-4517) that enables attackers to write files outside intended directories. Among the most sighted vulnerabilities are multiple Microsoft Windows 10 and Google Chrome flaws, as well as several Citrix ADC bugs, many rated “High” or “Critical.” Common web weaknesses like cross-site scripting and SQL injection (CWE-79, CWE-89) remain widespread, highlighting the ongoing need for strong patching hygiene. Some older vulnerabilities — such as the 2015 D-Link DIR-645 flaw and known Confluence or Cisco RCE bugs — also continue to see active exploitation. Organizations should prioritize remediation of these critical and actively targeted vulnerabilities, while reinforcing application security against injection and XSS attacks.

Top 10 vulnerabilities of the Month

VulnerabilityVendorProductVLAI Severity
CVE-2025-33053MicrosoftWindows 10 Version 1809High
CVE-2025-49113RoundcubeWebmailHigh
CVE-2025-5777NetScalerADCCritical
CVE-2025-5419GoogleChromeHigh
CVE-2025-2783GoogleChromeHigh
CVE-2025-6019Red HatRed Hat Enterprise Linux 10Medium
CVE-2025-33073MicrosoftWindows 10 Version 1809High
CVE-2025-6543NetScalerADCCritical
CVE-2015-2051D-LinkDIR-645Critical
CVE-2017-18368ZyXELP660HN-T1ACritical

Evolution of sightings per week


Top 10 Weaknesses of the Month

CWENumber of vulnerabilities
CWE-79659
CWE-89411
CWE-74342
CWE-119190
CWE-862157
CWE-352157
CWE-120105
CWE-9494
CWE-2286
CWE-9874

Insights from Contributors


CitrixBleed 2
Citrix patched a critical vulnerability in its NetScaler ADC and NetScaler Gateway products that is already being compared to the infamous CitrixBleed flaw exploited by ransomware gangs and other cyber scum, although there haven't been any reports of active exploitation. Yet.

Security analyst Kevin Beaumont dubbed the vulnerability "CitrixBleed 2." As The Register's readers likely remember, that earlier flaw (CVE-2023-4966) allowed attackers to access a device's memory, find session tokens, and then use those to impersonate an authenticated user while bypassing multi-factor authentication — which is also possible with this new bug.

GCVE-1-2025-0002: Cl0p Ransomware Data Exfiltration Vulnerable to RCE Attacks
A newly identified security vulnerability in the Cl0p ransomware group’s data exfiltration utility has exposed a critical remote code execution (RCE) flaw that security researchers and rival threat actors could potentially exploit.

The vulnerability, designated as GCVE-1-2025-0002, was published on July 1, 2025, and carries a high severity rating of 8.9 on the CVSS:4.0 scale.

Stuxnet-related CVEs
- CVE-2010-2568 MS10-046 Windows
- CVE-2010-2729 MS10-061 Windows
- CVE-2008-4250 MS08-067 Windows
- CVE-2010-2772 Not Available Siemens SIMATIC WinCC

CVE-2025-31022: More details about PayU wordpress extension
"This can be abused by a malicious actor to perform action which normally should only be able to be executed by higher privileged users. These actions might allow the malicious actor to gain admin access to the website."

CVE-2025-4517: Additional information
RISK : Multiple vulnerabilities affect the standard TarFile library for CPython. Currently, there is no indication that the vulnerability is actively exploited, but because it is a zero-day with a substantial install base, attackers can exploit it at any moment. An attacker could exploit flaws to bypass safety checks when extracting compressed files, allowing them to write files outside intended directories, create malicious links, or tamper with system files even when protections are supposedly enabled. Successful exploitation could lead to unauthorised access, data corruption, or malware installation, especially if your systems or third-party tools handle untrusted file uploads or archives RECOMMENDED ACTION: Patch Source: ccb.be

Continuous Exploitation



Thank you


Thank you to all the contributors and our diverse sources!

If you want to contribute to the next report, you can create your account.

Feedback and Support


If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us!
github.com/vulnerability-looku…

'There are no plans to drop support for SteamOS': The Finals devs commit to Steam Deck and Linux players despite new kernel-level anti-cheat | PC Gamer


in reply to just_another_person

My friends and I play it nightly, because it's a good casual FPS and it has many modes, decent progression. Honestly environment destruction is such a powerful mechanic for making games have variability between games that it makes each feel unique - like a puzzle even at times.

There's not a great deal of free games right now that are capturing our attention, we wanted an FPS this month, and there's been no paid games everyone's been willing to jump on.

Funny enough we're waiting on Arc Raiders to drop which is also a game by the studio behind The Finals.

in reply to just_another_person

"I know zero people who play it, so let me into the inside knowledge about it. "

"Hi, my friends and I play it. We're people. Here's why we like it."

"You sound like an ad".

My brother in Christ, you asked for someone to tell you about the game and then I did - wtf did you think was going to happen. I'm not even really giving it a glowing review. I'm mostly saying there's not a lot of great competition in the scene right now and this game does enough good to be fun to play. At the cost of free, my poorer friends are happy to play it while we wait for the next paid game we know we want to get.

I'd love to be playing Nightreign but it's not good enough for them to buy in, and other games like... Oh what's that extraction shooter by the original Hell Let Loose team... Hunger? That's not out yet.

Like ya dawg, I like The Finals - I'm a guy on the Internet responding to a comment from a random about the Finals. That's a pretty safe bet.

PoC Released for Linux Privilege Escalation Vulnerability via udisksd and libblockdev


Conservative-backed petition calls for end of ‘co-ordinated mass candidacies’ in elections


in reply to Sunshine (she/her)

Surprised by some of the comments here.

Whether or not the solution being proposed is the best or only one is the question.

Instead several users are taking any discussion as being anti-democratic.

The Chief Electoral Officer of Canada raised concerns about how these long ballots were impeding the democratic process, including by presenting barriers to accessibility by voters.

This has become an increasing problem, with former Prime Minister Justin Trudeau’s riding being targeted in 2019.

There seem to be two kinds of barriers:
- physical barriers to finding and marking the ballot of their choice
- becoming informed of the positions and intents of candidates when there are so many candidates that do not actually intend to serve as MPs.

The underlying issue seems to be that a small group of qualified voters in a targeted riding are nominating a very large number of candidates.

That is 60+ candidates put forward by the longest ballot group were all nominated by the same small number of voters.

Is this reasonable?

Democratic rights are balanced with responsibility under the Charter. Is it reasonable for a single voter to sign the nomination papers for 50 candidates or even 20.

Only being able to sign the papers for one candidate in one election period may be too limiting as not all candidates obtain enough signatures to be minor drop out later for other reasons.

Would limiting the right to sign nomination papers to 2 or 5 candidates be a reasonable balance under the Charter?

While this specific solution being proposed by this CPC member may be too restrictive, it seems worth a debate.

And perhaps the second issue of voters being able to reasonably obtain information about the intent and positions of candidates would be resolved if there were not so many nominated candidates.

The Rhinoceros party position that their candidates would resign if elected was well known so voters could make an informed choice. The current long ballot situation doesn’t offer that choice.

A proactive referral to the Supreme Court of Canada might be the best way to get an understanding of the balance of democratic rights. It would be best to have a read on what would be a reasonable limitation on both those who sign nominations and those who put themselves forward vs the responsibility to have accessible ballots with candidates who intend to serve before any changes to the the elections act is brought forward.

in reply to Avid Amoeba

Needs to be % based. Years ago the TV show top gear was racing across Europe, they didn't speed in Finland as speeding tickets are based off income. Every other country they would speed and break whatever laws they want as it's small fines. Finland they drove proper because the speeding tickets would be hundreds of thousands of dollars.

It works. Put a fine based off profit, and all of a sudden you'll have complete compliance. Good luck getting that law passed when the billionaire class rules both parties and has us fighting over washrooms.

This entry was edited (3 days ago)
in reply to Em Adespoton

Personally, I think it would be great to give this particular flag the same protections as a civic flag.


It already is protected.

“The National Flag Act states that no strata has the authority to tell citizens they can’t fly the Canadian flag, and the Flag Act acknowledges that there are other flags,” said Parke, though there’s no express permission to fly an Indigenized Canadian flag.

If someone holds their pee, which would happen first - the sphincters giving way due to the pressure, or the bladder rupturing?


Asking this since I've always been told the former and that your bladder rupturing from not going to the toilet is a myth and the story of Tycho Brahe is too old to be reliable. But in recent years, I've seen articles about people drinking alcohol and passing out and their bladders bursting because the sensations got dulled (which still shouldn't affect the sphincters giving way due to the pressure before the bladder actually ruptures, since it's about the sphincters being not physically strong enough to hold back the pressure).

The existence of overflow incontinence would seem to contradict this story from 2020, for example. Alcohol dulls the urge to urinate, but overflow incontinence often happens in absence of this urge as well, and when the detrusor muscles (which squeeze the bladder) aren't working.

What's the straight dope here?

This entry was edited (4 days ago)
in reply to Talonflame (she/her)

Disclaimer: Not a medical scientist.

With that said, your question would probably hold more water (pun intended), if you had asked regarding a urinary tract infection or similar infection forcefully blocking the urethra, making it almost impossible to piss even if you wanted or needed to.

I won't go into the fine details, but early 2009 was definitely not fun for me after a multi-systemic infection that started as a dental abscess.

No, luckily nothing down south ruptured, but its never good when someone is pissing brown, I couldn't hardly even piss for a few days after I started antibiotics.

This entry was edited (4 days ago)

Anyone get a Royal Kludge R75 working under linux and Vial?


My R75 works fine under via.

I'm using the R75 vial firmware located here.

github.com/mossbed/r75

It won't compile, as cloned. It's more than just the directory structure which is completely silly. It's not surprising it didn't work, given it's messy state. I had to modify it a bit, so it could easily be something I did.

I had to add a UID:

config.h -> #define VIAL_KEYBOARD_UID { }

and uncomment tap_dance_action in keymap.c.

tap_dance_action_t tap_dance_actions[] = {
[TD_RESET] = ACTION_TAP_DANCE_FN(safe_reset),
[TD_CLEAR] = ACTION_TAP_DANCE_FN(safe_clear),
[TD_CTL_TG] = ACTION_TAP_DANCE_LAYER_TOGGLE(KC_RCTL, _CTL_LYR)
};

That's about it.

It compiles and downloads cleanly. Via continues to work but Vial does not discover it.

This mosbed firmware extension claims to be a derivative of this work but it doesn't seem to be.

github.com/irfanjmdn/r65/tree/…

Anyone have Vial working? It's a popular keyboard so I expect someone has solved this problem. If no one responds, I'll take it on in a week or so so we can all enjoy ou R75 on linux with Vial.

This entry was edited (4 days ago)
in reply to TomB19

The problem seems to be lack of ability to give the board a magic serial number. The vial app looks for a specific string in the serial number ("vial:") to identify a vial capable keyboard. My R75 won't accept a serial number, no matter what I do.

Apparently, this is a limitation of some cheap USB controllers (always answer 0 to all serial requests). I don't know if that's true but ChatGPT tells me it's so.

udevadm info -a -n /dev/hidraw$(ls /dev/hidraw* | tail -1 | tr -dc '0-9') | grep -i serial  2 ✘
ATTRS{serial}=="00000000000000000000000000000000"
ATTRS{serial}=="0000:09:00.0"

Apparently, the magic number can be coded into the UID, also. I'm working on that, too, with no success so far. Apparently, USB controllers don't stand in for UID in any case.

I'm struggling with this. If anyone has some ideas or clear direction, I would consider it a favor. If I can manage to make it work, I'll publish the firmware for everyone.

Even if someone got the mossbed firmware to work, that would be helpful to know. I have been banging on it for three days with no luck. This is the most expensive, cheap keyboard I've ever purchased. lol!

in reply to Candid_Andy

Yes agree but the NDP have been here before (reduced), NDP voters lent their vote to the Liberals this time to block a PP govt while US is attacking us. While I acknowledge that the federal NDP is in disarray (no leader and very few federal seats) they still are the provincial govt in BC and Manitoba and form the opposition in Alberta, Nova Scotia, Ontario, and Saskatchewan. You could say that the federal cons are also in disarray, the leader without a seat, a leader who is the least popular leader in the country, who still has to survive a leadership review, and who may not survive that. We are not turning into a 2 party country actually IMO.
This entry was edited (3 days ago)

Hogan still silent on agency nurse healthcare scandal


On Thursday Registered Nurses’ Union President Yvette Coffey took aim at [Newfoundland and Labrador] Premier John Hogan, who has yet to publicly address the healthcare scandal, which [Auditor General] Hanrahan says has resulted in the province paying upward of $400,000 on average per agency nurse over the past couple of years.

NL Health Services, the province’s health authority, spent $241-million on agency nurses between 2022 and 2024, according to the auditor general. That’s up to four times the salary of local registered nurses, PC leader Tony Wakeham has argued. “Public nurses were denied benefits, pushed into arbitration over overtime, and treated as an afterthought,” Wakeham said last week. “The Premier, who once served as both Minister of Health and Attorney General, has remained absent and silent, even as the AG pointed to potential criminality and conflict of interest.”

This entry was edited (4 days ago)

Scientists discover new life aboard Great Lakes research vessel


cross-posted from: lemmy.world/post/32575156


Scientists discover new life aboard Great Lakes research vessel


Does people doing things that upset others also upset you?


This question came about over a discussion my brother and I had about whether dogs should be on leashes when outside. We both agreed that yes, they should, for several reasons, but that's not the point.

Let's use a hypothetical to better illustrate the question. Imagine that there's a perfume - vanilla, for example - that doesn't bother you at all (you don't like nor dislike it), but that is very upsetting to some people, and can even cause some adverse reactions (allergies or something). In this hypothetical, based on the negative effects, you agree that vanilla perfumes should be banned. Currently, however, they are allowed.

You're walking down the street, and randomly smell someone passing you by and they're wearing a vanilla perfume.

Would that upset you? Why, or why not?


My answer is yes, without a doubt. Even though the smell itself doesn't bother me, the fact someone would wear that perfume and not only potentially upset others, but put them in danger, is upsetting.

My brother, however, would say no! He couldn't explain his reasoning to me.

I know this is a little convoluted, but I hope I got my question across.

in reply to BryceBassitt

There was a certain type of perfume that seemed popular back in the 90s, that would make me instantly gag and almost puke within seconds. I have no clue how anyone found that as any sort of pleasant smell.

To me I thought it smelled like a woman with a nasty yeast infection, trying to cover it up with potpourri. But it wasn't even the women's health causing it, literal potpourri smell alone causes me the same gag reflex, the stuff just smells nasty to me and I can't be in the same room as that smell for long.

So yes, there are reasons to be offended by particular scents, even if others somehow find them pleasant.

Rhino Linux 2025.3 released


[Workaround] (Arch, KDE Plasma 6.4, Wayland) Resuming from sleep taking up to 30 seconds, display settings not loading, screen auto-rotate broken after suspend - issue with iio-sensor-proxy 3.7


Once again posting something for reference as I couldn't find it online

Symptoms


No issues after logging in.
After suspending (sleep) and resuming, screen takes 25 - 30 seconds to turn on.
Display settings in Plasma take a long time to load, sometimes don't show automatic rotation option.
Turning on screen after turning off (even without sleep) takes a long time.
No suspicious logs in Kernel and Journald (even after comparing post-fix).
Switching kernel makes no difference.
Logging out and back in temporarily fixes screen rotation and screen waking until next suspend.
Everything works in X11 session apart from screen rotation (appears unsupported).
Running monitor-sensor hangs when running after suspend
systemctl stop iio-sensor-proxy fixes slowdown issues

Workaround


Downgrading to iio-sensor-proxy 3.6-1 following Arch Linux package downgrade instructions.
In my case with a cached package
```<>
sudo pacman -U file:///var/cache/pacman/pkg/iio-sensor-proxy-3.6-1-x86_64.pkg.tar.zst

and optionally adding it to IgnorePkg  
```<>
IgnorePkg   = iio-sensor-proxy # Issues in Wayland after suspend

System info


OS: Arch Linux x64
Host: Lenovo ThinkPad L390 Yoga
Kernel: 6.12.35-1-lts
DE: Plasma 6.4.2
iio-sensor-proxy (broken version): 3.7-1
Last full system upgrade: 2025-07-06

This entry was edited (4 days ago)