Category Archives: News

Source: Engadget

According to researchers, anyone who knows where to look can spray digital graffiti on the Department of Government Efficiency (DOGE) website. Two web development experts said the site doesn’t seem to be hosted on government servers and that the database it pulls from can be modified by those who locate it. At the time of writing, a message reading “these ‘experts’ left their database open - roro” is still visible on the DOGE site.

DOGE chief and President Trump consigliere Elon Musk said on Tuesday that his team would be as transparent as possible, with updates on its actions shared to an X account and website. As 404 Media notes, the DOGE website was pretty much blank at the time. Since then, it's been hurriedly assembled to show a feed of posts from the entity’s X account, along with details about the federal workforce.

The researchers told 404 that the site appeared to be built on Cloudflare Pages instead of government servers. After looking at the site’s architecture and API endpoints, one was able to locate the database containing stats on government employees. They made changes to database entries that were reflected on the DOGE website.

It's not the first time that a federal website operating under the Trump administration has appeared to have been slapped together. Just this week, the waste.gov was locked after it was reported that the site displayed a dummy WordPress page, complete with placeholder text.

DOGE does acknowledge that there are possible issues with its web presence. “This is DOGE's effort to create a comprehensive, government-wide org chart,” a footnote on the DOGE website reads. “This is an enormous effort, and there are likely some errors or omissions. We will continue to strive for maximum accuracy over time.”

However, it doesn’t exactly inspire confidence that a team tasked with making sweeping cuts to government spending and allegedly barging its way into federal systems that contain sensitive data on federal employees and citizens can’t secure its own website. Perhaps gutting the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency wasn't the wisest idea.

Source: Hacker News

Source: OSNews

You might think the world of Linux distributions is a rather boring, settled affair, but there’s actually a ton of interesting experimentation going on in the Linux world. From things like NixOS with its unique packaging framework, to the various immutable distributions out there like the Fedora Atomic editions, there’s enough uniqueness to go around to find a lid for every pot. Oasis Linux surely falls into this category. One of its main unique characteristics is that it’s entirely statically linked.

All software in the base system is linked statically, including the display server (velox) and web browser (netsurf). Compared to dynamic linking, this is a simpler mechanism which eliminates problems with upgrading libraries, and results in completely self-contained binaries that can easily be copied to other systems.

↫ Oasis GitHub page

That’s not all it has to offer, though. It also offers fast and 100% reproducible builds, it’s mostly ISO C conformant, and it has minimal bootstrap dependencies – all you need is a “POSIX system with git, lua, curl, a sha256 utility, standard compression utilities, and an x86_64-linux-musl cross compiler”. The ISO C-comformance is a crucial part of one of Oasis’ goals: to be buildable with cproc, a small, very strict C11 compiler. It has no package manager, but any software outside of Oasis itself can be installed and managed with pkgsrc or Nix.

Another important goal of the project is to be extremely easy to understand, and its /etc directory is honestly a sight to behold, and as the project proudly claims, the most complex file in there is rc.init at a mere 16 lines. The configuration files are indeed incredibly easy to understand, which is a breath of fresh air compared to the archaic stuff in commercial UNIX or the complex stuff in modern Linux distributions that I normally deal with.

I’m not sure is Oasis would make for a good, usable day-to-day operating system, but I definitely like what they’re putting down.

Source: Ars Technica

On Friday, the National Institutes of Health (NIH) announced a sudden change to how it handles the indirect costs of research—the money that pays for things like support services and facilities maintenance. These costs help pay universities and research centers to provide the environment and resources all their researchers need to get research done. Previously, these had been set through negotiations with the university and audits of the spending. These averaged roughly 30 percent of the value of the grant itself and would frequently exceed 50 percent.

The NIH announcement set the rate at 15 percent for every campus. The new rate would start today and apply retroactively to existing grants, meaning most research universities are currently finding themselves facing catastrophic budget shortfalls.

Today, a coalition of 22 states filed a suit that seeks to block the new policy, alleging it violated both a long-standing law and a budget rider that Congress had passed in response to a 2017 attempt by Trump to drastically cut indirect costs. The suit seeks to prevent the new policy or its equivalent from being applied—something that Judge Angel Kelley of the District of Massachusetts granted later in the day. The injunction only applies to research centers located in the states that have joined the suit, however, essentially leaving red states to suffer the consequences of the funding cut.

Read full article

Comments

Source: Hacker News

Source: Ars Technica

Source: Hacker News

Source: Hacker News

Source: Hack a Day

Update: The USPS has now resumed acceptance of inbound packages from China. According to the updated Service Alert, they are currently working with Customs and Border Protection to “implement an efficient collection mechanism for the new China tariffs.’

Some troubling news hit overnight as the United States Post Office announced via a terse “Service Alert” that they would suspend acceptance of inbound parcels from China and Hong Kong Posts, effective immediately.

The Alert calls it a temporary suspension, but gives no timeline on when service will be restored. While details are still coming together, it seems likely that this suspension is part of the Trump administration’s Chinese tariff package, which went into effect at midnight.

Specifically, the administration looks to close the “de minimis” exemption — a loophole which allowed packages valued under $800 USD to pass through customs without having to pay any duties or fees. Those packages will now not only be subject to the overall 10% tax imposed by the new tariff package, but will now have to be formally processed through customs, potentially tacking on even more taxes and fees.

The end result is that not only will your next order of parts from AliExpress be more expensive, but it’s likely to take even longer to arrive at your door. Of course, this should come as no surprise. At the end of the day, this is precisely what the administration aims to accomplish with the new tariffs — if purchasing goods from overseas is suddenly a less attractive option than it was previously, it will be a boon to domestic suppliers. That said, some components will be imported from China regardless of who you order them from, so those prices are still going to increase.

Other carriers such as FedEx and UPS will also have to follow these new rules, but at the time of this writing, neither service had released a statement about how they intend to comply.

Source: Hacker News