Guardian: The average public library is not only a provider of the latest Anne Enright or Julia Donaldson: it is now an informal citizens advice bureau, a business development centre, a community centre and a mental health provider. It is an unofficial Sure Start centre, a homelessness shelter, a literacy and foreign language-learning centre, a calm space where tutors can help struggling kids, an asylum support provider, a citizenship and driving theory test centre, and a place to sit still all day and stare at the wall, if that is what you need to do, without anyone expecting you to buy anything.

President should rethink goal of reclaiming all lost territory, says Reform UK leader in latest remarks about war

• UK election live – latest updates

Nigel Farage has urged Volodymyr Zelenskiy to seek a peace deal with Russia, “otherwise there will be no young men left in Ukraine”.

The Reform UK leader, who has been criticised for suggesting the west provoked Russian aggression against Ukraine, said it was time for the Ukrainian president to rethink his goal of reclaiming all territory lost to Vladimir Putin’s invasion, as such a mission was going to be “incredibly difficult”.

Continue reading...

💾

© Photograph: Finnbarr Webster/Getty Images

💾

© Photograph: Finnbarr Webster/Getty Images

I read them all so you don’t have to. None in isolation would set the world alight, but look closely and there are some good ideas

It is true that election manifestos can’t be compared like with like – and in recent years, the variation of detail, trustworthiness and meaning has become more pronounced than ever. But it is also true that there are things to be gleaned from their recurring themes. Moreover, there are objectively good ideas which may emanate from a party that will never be able to enact them, but nevertheless deserve exposure.

Looked at that way, it’s a great year to be a dentist, or in construction. Every party (bar Reform and the SNP) talks a great game on dental provision – even, ironically, the Conservatives, who have a £200m “recovery plan”. Toothache doesn’t feel very metaphorical when you have it, but the issue speaks to a broader truth that Keir Starmer made explicit in his manifesto launch speech: that the real-life impacts of degraded public services are too stark to ignore – which is precisely why everyone is pledging that the nothing-works years are over.

Continue reading...

💾

© Composite: Guardian Design – Getty images/Alamy

💾

© Composite: Guardian Design – Getty images/Alamy

Exclusive: Videos on Reform leader’s account show more engagement and average views than any other candidate

• UK election live – latest updates

Nigel Farage is outperforming all other parties and candidates on TikTok throughout the general election campaign, analysis shows, eclipsing politicians considered most popular among young people.

Since the election was called, videos posted to the Reform leader’s personal account had more engagement and views on average than any other candidate – as well as the main channels of other parties.

Continue reading...

💾

© Photograph: Finnbarr Webster/Getty Images

💾

© Photograph: Finnbarr Webster/Getty Images

Rishi Sunak has heavily criticised comments from Nigel Farage that the west provoked Russia’s invasion of Ukraine. Archie Bland reports

Continue reading...

💾

© Photograph: Jordan Pettitt/PA

💾

© Photograph: Jordan Pettitt/PA

An anonymous reader shared this report from the Associated Press: An investigation into a ransomware attack earlier this month on London hospitals by the Russian group Qilin could take weeks to complete, the country's state-run National Health Service said Friday, as concerns grow over a reported data dump of patient records. Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 attack on NHS provider Synnovis, which provides pathology services primarily in southeast London... NHS England said Friday that it has been "made aware" that data connected to the attack have been published online. According to the BBC, Qilin shared almost 400GB of data, including patient names, dates of birth and descriptions of blood tests, on their darknet site and Telegram channel... According to Saturday's edition of the Guardian newspaper, records covering 300 million patient interactions, including the results of blood tests for HIV and cancer, were stolen during the attack. A website and helpline has been set up for patients affected.

Read more of this story at Slashdot.

An anonymous reader shared this report from Computer Weekly: Microsoft has admitted to Scottish policing bodies that it cannot guarantee the sovereignty of UK policing data hosted on its hyperscale public cloud infrastructure, despite its systems being deployed throughout the criminal justice sector. According to correspondence released by the Scottish Police Authority (SPA) under freedom of information (FOI) rules, Microsoft is unable to guarantee that data uploaded to a key Police Scotland IT system — the Digital Evidence Sharing Capability (DESC) — will remain in the UK as required by law. While the correspondence has not been released in full, the disclosure reveals that data hosted in Microsoft's hyperscale public cloud infrastructure is regularly transferred and processed overseas; that the data processing agreement in place for the DESC did not cover UK-specific data protection requirements; and that while the company has the ability to make technical changes to ensure data protection compliance, it is only making these changes for DESC partners and not other policing bodies because "no one else had asked". The correspondence also contains acknowledgements from Microsoft that international data transfers are inherent to its public cloud architecture. As a result, the issues identified with the Scottish Police will equally apply to all UK government users, many of whom face similar regulatory limitations on the offshoring of data. The recipient of the FOI disclosures, Owen Sayers — an independent security consultant and enterprise architect with over 20 years' experience in delivering national policing systems — concluded it is now clear that UK policing data has been travelling overseas and "the statements from Microsoft make clear that they 100% cannot comply with UK data protection law".

Read more of this story at Slashdot.

The UK's Sellafield nuclear waste site has pleaded guilty to criminal charges related to various cybersecurity failings in the period spanning 2019-2023. Sellafield admitted it had failed "to ensure adequate protection of sensitive nuclear information on its information technology network." The Sellafield nuclear site has the word's largest store of plutonium and has been used to dispose of waste generated from decades of weapons programs and atomic power generation. Concerns over the nuclear site's cyber defenses have existed for well over a decade.

Sellafield Nuclear Waste Site's Cybersecurity Failings

Concerns over the site's security implementations grew after a 2012 report warned of "critical security vulnerabilities" requiring urgent attention. Due to the extreme sensitivity of the issues, problems were referred to with the codename "Voldemort." While Sellafield stated there has never been a successful cyberattack, revelations of IT failures last year raised alarms. In an investigative report last year, the Guardian uncovered that the site had been attacked by threat actors affiliated with the Russian and Chinese governments. The report found out that the site's authorities were not aware of when Sellafield's systems began to be compromised, but breaches may have gone as far back as the year 2015. In 2015, security experts had realized that Sellafield's computer systems had been compromised by sleeper malware. Sellafield had been earlier forced into “special measures” for regular cybersecurity failings by the UK's Office for Nuclear Regulation (ONR) and security services. The status of the compromised systems are unknown, but may have possibly led to the theft of sensitive information regarding moving of radioactive waste, monitoring for leaks of dangerous material, and fire checks. Sellafield stated that current protections on critical systems are robust, with isolated networks preventing external IT breaches from penetrating operational controls. An ONR spokesperson stated to the Guardian: “We acknowledge that Sellafield Limited has pleaded guilty to all charges," but emphasized that there was no evidence the vulnerabilities led to compromise. A Sellafield spokesman stated in the report, “We have pleaded guilty to all charges and cooperated fully with ONR throughout this process. The charges relate to historic offences and there is no suggestion that public safety was compromised."

Concerns of GMB Trade Union

With attention now focused on improving cyber resilience, officials are working to prevent sensitive materials or dangerous nuclear operations from potential disruption by hackers. Earlier the GMB trade union, which represents tens of thousands of workers across the energy industry, also expressed concerns over the security of Sellafield, with its national secretary Andy Prendergast noting a “lack of training and competence among staff, inadequate safety procedures and a culture of fear and intimidation.” Prendergast added, “GMB has repeatedly raised concerns over safety and staffing levels, which are mainly due to turnover and the age and demographic of the workforce.” Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Guardian latest 24 hour summary: "Three new MRP polls predicted varying degrees of Conservative annihilation, the worst of them projecting a collapse to 53 seats (analogy) and prompting a Daily Telegraph front page headline in a font size normally reserved for mass casualty events in the home counties: 'Tory Wipeout'. The Gambling Commission was revealed to be looking into a second Conservative hopeful, Bristol North West candidate Laura Saunders, over an alleged bet on the timing of the election. Jeremy Hunt admitted he might lose his own seat...

...Laura Saunders' husband turned out to be the Conservatives' director of campaigning, Tony Lee, who is also facing questions from the Gambling Commission and has taken a leave of absence two weeks out from the election. Tory campaign resources are being moved out of constituencies with majorities of around 10,000 because they are no longer viewed as winnable. The Conservatives deleted an unfortunately timed social media post that warned "if you bet on Labour, you can never win" alongside a video of a roulette wheel, that had already been viewed 1.4m times. Promotion started for Boris Johnson's forthcoming book, with a picture of the former prime minister looking like a particularly monstrous horror movie villain, and the tagline: "UNLEASHED". Where do the Tories go from here? The answer appears to be the Hurlingham Club, where they are holding their summer party tonight. Tables cost £12,000." [Previouslyer][Countdown] Politico: Betting scandal engulfs UK election. Metro: What happens if a prime minister loses their seat in a General Election? The National: Polls may be wrong and Tories could win the election, claims Michael Gove Highest-rated comment: Must have changed his dealer, the new blow has addled what's left of his very limited intellect.

Officials are asking if this month's UK hospital hack resulted in fatalities. From a report: As the fallout from a cyberattack affecting hospitals in London enters its third week, doctors have been asked to report any deaths or other serious harms directly linked to the incident. On June 3, a group of ransomware hackers compromised a lab services provider, Synnovis, and locked down the company's systems, triggering major disruptions at hospitals and clinics in South East London. In the first week, doctors delayed 800 planned operations and 700 outpatient appointments and resorted to handwritten records, while a hospital solicited blood from its own clinical workers after the hack. Some of the worst interruptions have been resolved, but many services still haven't been restored. [...] But amid the recovery, health officials last week circulated a so-called "harms monitoring" form to doctors and clinicians, asking them to record the human toll of the cyberattack. The form, which I have seen, seeks to categorize the damage through a series of questions ranging from minor to major, including "patient died as a DIRECT result of the incident."

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Guardian: Dr Joseph Cotter takes some unusual pieces of luggage on his trips on the London underground. They include a stainless steel vacuum chamber, a few billion atoms of rubidium and an array of lasers that are used to cool his equipment to a temperature just above absolute zero. While not the average kit you would expect to find being dragged into carriages on the District Line, this is the gear that Cotter -- who works at Imperial College London's Centre for Cold Matter -- uses on his underground travels. Though the baggage may be bizarre, it has an ambitious purpose. It is being used to develop a quantum compass -- an instrument that will exploit the behavior of subatomic matter in order to develop devices that can accurately pinpoint their locations no matter where they are placed, paving the way for the creation of a new generation of underground and underwater sensors. The ideal place to test it is the London underground, Cotter and his team have discovered. "We are developing very precise new sensors using quantum mechanics, and these are showing great promise in the laboratory," he told the Observer last week. "However, they are less accurate in real-life settings. That is why we are taking our equipment to the London underground. It's the perfect place for smoothing out the rough edges and getting our equipment to work in real life." [...] At the heart of the quantum compass -- which could be ready for widespread use in a few years -- is a device known as an accelerometer that can measure how an object's velocity changes over time. This information, combined with the starting point of that object, allows its future positions to be calculated. Mobile phones and laptops possess accelerometers but these versions cannot maintain their accuracy over lengthy periods. However, quantum mechanics offers scientists a way to provide new precision and accuracy by measuring properties of supercool atoms. At extremely low temperatures, atoms behave in a "quantum" way. They act like matter and like waves. "When atoms are ultra-cold, we can use quantum mechanics to describe how they move, and this allows us to make accurate measurements that tell us how our device is changing its position," said Cotter. In the devices -- which have been carried on board London underground track-testing trains and not on commuter services -- rubidium is inserted into the vacuum chamber that lies at the machine's heart. Powerful lasers are then used to cool these atoms to a fraction of a degree above absolute zero (-273.15C). In these conditions, the wave properties of the rubidium atoms are affected by the acceleration of the vehicle that is carrying the equipment, and these minute changes can be measured accurately. The system has been found to work well in a stable laboratory but needs to be tested in more extreme conditions if it is to be turned into a transportable, standalone device that can be used in remote or complex locations, added Cotter.

Read more of this story at Slashdot.

Over 50 small press books under the fold! (previous: 1, 2, and 3)

The Ace and Aro Relationship Guide: Making It Work in Friendship, Love, and Sex by Cody Daigle-Orians (Jessica Kingsley Publishers, 21 Oct 2024): Whether we're talking about friendships, romantic relationships, casual dates or intimate partners, this guide will help you not only live authentically in your ace and aro identity, but joyfully share it with others. (Amazon; Bookshop) And Then There Was One by Michele Castleman (Bold Strokes Books, 1 June 2024): Six weeks after Lyla Smith dragged her sister's dead body onto the Lake Erie shore, she escapes her small Ohio town to work as a nanny for distant relatives on their remote private island. (Amazon; Bookshop) Antiquity by Hanna Johannson, trans. Kira Josefsson (Catapult, 6 Feb 2024): Elegant, slippery, and provocative, Antiquity is a queer Lolita story by prize-winning Swedish author Hanna Johansson—a story of desire, power, obsession, observation, and taboo. (Amazon; Bookshop) Born Backwards by Tanya Olson (YesYes Books, 18 Jun 2024): Olson's third poetry collection "reports from inside butch culture in the 1980s American South as it traces how geography, family, experiences, and popular culture shape one queer life." (Amazon; Bookshop) Broughtupsy by Christina Cooke (Catapult, 23 Jan 2024): At once cinematic yet intimate, Broughtupsy is an enthralling debut novel about a young Jamaican woman grappling with grief as she discovers her family, her home, is always just out of reach. (Amazon; Bookshop) The Call Is Coming from Inside the House: Essays by Allyson McOuat (ECW Press, Apr 2024): In a series of intimate and humorous dispatches, McOuat examines her identity as a queer woman, and as a mother, through the lens of the pop culture moments in the '80s and '90s that molded her identity. (Amazon; Bookshop) Dances of Time and Tenderness by Julian Carter (Nightboat Books, 4 June 2024): A cycle of stories linking queer memory, activism, death, and art in a transpoetic history of desire and touch. (Amazon; Bookshop) The Dragonfly Gambit by A. D. Sui (Neon Hemlock Press, 16 Apr 2024): Nearly ten years after Inez Kato sustained a career-ending injury during a military exercise gone awry, she lies, cheats, and seduces her way to the very top, to destroy the fleet that she was once a part of, even at the cost of her own life. Ennis Rezál, Third Daughter of the Rule, has six months left to live. She is desperate to end the twenty-year war she was birthed to fight. But when she brings Inez aboard the mothership, a chess game of manipulation and double-crossing begins to unfold, and the Rule doesn't stand a chance. (Amazon; Bookshop) An Evening with Birdy O'Day by Greg Kearney (Arsenal Pulp, 16 Apr 2024): A funny, boisterous, and deeply moving novel about aging hairstylist Roland's childhood friendship with Birdy O'Day, whose fevered quest for pop music glory drives them apart. (Amazon; Bookshop) Finding Echoes by Foz Meadows (Neon Hemlock, 30 Jan 2024): Snow Kidama speaks to ghosts amongst the local gangs of Charybdis Precinct, isolated from the rest of New Arcadia by the city's ancient walls. But when his old lover, Gem—a man he thought dead—shows up in need of his services, Snow is forced to reevaluate everything. (Amazon; Bookshop) Firebugs by Nino Bulling (Drawn & Quarterly, 13 Feb 2024): After a trip to Paris, Ingken returns home ready for a break from drugs. Their supportive partner, Lily, is flushed, excited about a new connection she's made. Although Ingken wants to be happy for her, there's a discomfort they can't shake. Sleepless nights fill with an endless scroll of images and headlines about climate disaster. A vague dysphoria simmers under their skin; they are able to identify that like Lily, they are changing, but they're not sure exactly how and at what pace. Everyone keeps telling them to burn themself to the ground and build themself back up but they worry about the kind of debris that fire might leave behind. (Amazon; Bookshop) The Future Was Color by Patrick Nathan (Counterpoint LLC, 4 June 2024): As a Hungarian immigrant working as a studio hack writing monster movies in 1950s Hollywood, George Curtis must navigate the McCarthy-era studio system filled with possible communists and spies, the life of closeted men along Sunset Boulevard, and the inability of the era to cleave love from persecution and guilt. But when Madeline, a famous actress, offers George a writing residency at her estate in Malibu to work on the political writing he cares most deeply about, his world is blown open. (Amazon; Bookshop) Getting Glam at Gram's by Sara Weed, ill. Erin Hawryluk (Arsenal Pulp, 3 Sept 2024): A colourful and celebratory picture book that embraces all gender expressions through a fun family fashion show. (Amazon; Bookshop) God of River Mud by Vic Sizemore (West Virginia UP, Jan 2024): To escape a life of poverty and abuse, Berna Cannaday marries Zechariah Minor, a fundamentalist Baptist preacher, and commits herself to his faith, trying to make it her own. After Zechariah takes a church beside the Elk River in rural Clay, West Virginia, Berna falls in love with someone from their congregation—Jordan, a woman who has known since childhood that he was meant to be a man. (Amazon; Bookshop) Healthy Chest Binding for Trans and Non-Binary People: A Practical Guide by Frances Reed (Jessica Kingsley Publishers, 18 Apr 2024): Binding is a crucial strategy in many transgender and non-binary people's lives for coping with gender dysphoria, yet the vast majority of those who bind report some negative physical symptoms. Written by Frances Reed, a licensed bodywork and massage therapist specialising in gender transition, this comprehensive guide helps you make the healthiest choices from the very start of your binding journey. (Amazon; Bookshop) If We Were Stars by Eule Grey (Ninestar Press, 2 Apr 2024): Best friends since they were ten years old, Kurt O'Hara and Beast Harris tackle the typical teenage challenges together: pronouns, AWOL bodies, not to mention snogging. A long-distance relationship with an alien named Iuvenis is the least of their troubles. (Amazon) Keep This Off The Record by Arden Joy (Rising Action, 31 Jan 2024): A romance: Abigail Meyer and Freya Jonsson can't stand one another. But could their severe hatred be masking something else entirely? (Amazon; Bookshop) The Long Hallway by Richard Scott Larson (University of Wisconsin Press, 16 Apr 2024): Growing up queer, closeted, and afraid, Richard Scott Larson found expression for his interior life in horror films, especially John Carpenter's 1978 classic, Halloween. He developed an intense childhood identification with Michael Myers, Carpenter's inscrutable masked villain, as well as Michael's potential victims. Larson scrutinizes this identification, meditating on horror as a metaphor for the torments of the closet. (Amazon; Bookshop) Love, Leda by Mark Hyatt (Nightboat Books, 24 Sept 2024): This portrait of queer, working class London drifts from coffee shop to house party, in search of the next tryst. (Amazon; Bookshop) Lush Lives by J. Vanessa Lyon (Grove Atlantic/Roxane Gay Books, 20 Aug 2024): With beguiling wit and undeniable passion, Lush Lives is a deliciously queer and sexy novel about bold, brilliant women unafraid to take risks and fight for what they love (Amazon; Bookshop) Medusa of the Roses by Navid Sinaki (Grove Atlantic, 13 Aug 2024): Sex, vengeance, and betrayal in modern day Tehran—Navid Sinaki's bold and cinematic debut is a queer literary noir following Anjir, a morbid romantic and petty thief whose boyfriend disappears just as they're planning to leave their hometown for good. (Amazon; Bookshop) Portrait of a Body by Julie Delporte (Drawn & Quarterly, 16 Jan 2024): As she examines her life experience and traumas with great care, Delporte faces the questions about gender and sexuality that both haunt and entice her. Deeply informed by her personal relationships as much as queer art and theory, Portrait of a Body is both a joyous and at times hard meditation on embodiment—a journey to be reunited with the self in an attempt to heal pain and live more authentically. (Amazon; Bookshop) Power to Yield and Other Stories by Bogi Takács (Broken Eye Books, 6 Feb 2024): An AI child discovers Jewish mysticism. A student can give no more blood to their semi-sentient apartment and plans their escape. A candidate is rigorously evaluated for their ability to be a liaison to alien newcomers. A young magician gains perspective from her time as a plant. A neurodivergent woman tries to survive on a planetoid where thoughts shape reality... (Amazon; Bookshop) So Long Sad Love by Mirion Malle, trans. Aleshia Jensen (Drawn & Quarterly, 23 Apr 2024): This graphic novel swaps out the wobbly transition of weaving a new existence into being post-heartbreak for the surprising effortlessness and simplicity of a life already rebuilt. Cleo not only rediscovers her identity as an artist but uncovers her capacity to find love where she has always been most at home: with other women. Mirion Malle dares to tell a story with a happier ending in a stunning, full-color follow-up to the multi-award nominated This is How I Disappear. (Amazon; Bookshop) Sons, Daughters by Ivana Bodrožić, trans. Ellen Elias-Bursać (Seven Stories Press, 30 Apr 2024): This novel tells a story of being locked in: socially, domestically and intimately. Here the Croatian poet and writer depicts a wrenching love between a transgender man and a woman as well as a demanding love between a mother and a daughter in a narrative about breaking through and liberation of the mind, family, and society. (Amazon; Bookshop) Vantage Points: On Media as Trans Memoir by Chase Joynt (Arsenal Pulp, 17 Sep 2024): Following the death of the family patriarch, a box of newly procured family documents reveals writer-filmmaker Chase Joynt's previously unknown connection to Canadian media maverick Marshall McLuhan. Vantage Points takes up the surprising appearance of McLuhan in Joynt's family archive as a way to think about legacies of childhood sexual abuse and how we might process and represent them. (Amazon; Bookshop) You Can't Go Home Again by Jeanette Bears (Bold Strokes Books, 13 Aug 2024): Contemporary romance. Raegan Holcolm thought all they wanted was a proud military career, and that's what they had. But a sudden injury sends them back to their hometown with a wealth of pain, both physical and emotional, insecurities, and the reality that the career they'd chosen above all else has rejected them. The first time they fell in love, Rae left Jules behind. For love to have a second chance, they'll need to realize all along that home might have been a person just as much as a place. (Amazon; Bookshop) Previous roundups 1, 2, and 3 also included Bad Seed by Gabriel Carle, trans. Heather Houde (Feminist Press), The Default World by Naomi Kanakia (Feminist Press), Disobedience by Daniel Sarah Karasik (Book*hug), Indian Winter by Kazim Ali (Coach House), Love the World Or Get Killed Trying by Alvina Chamberland (Noemi), My Body Is Paper by Gil Cuadros (City Lights), These Letters End In Tears by Musih Tedji Xaviere (Catapult), and, finally, How We Named the Stars by Andrés N. Ordorica (Tin House) which Bookshop included in its Pride Month 15% off sale with code PRIDE24. The Bookshop sale also includes these small press titles that I haven't previously listed:

• All-Night Pharmacy (Ruth Madievsky, Catapult, Winner of the National Jewish Book Award for Debut Fiction)
• Birthright (George Abraham, Button Poetry, "every pronoun is a Free Palestine," Bisexual Poetry Finalist in the 2021 Lambda Literary Awards; Button Poetry also has a 3 for $36 Pride Month deal going on, including Birthright and poetry by Blythe Baird, Sierra DeMulder, Andrea Gibson, Ebony Stewart, and more)
• Boulder (Eva Baltasar, trans. Julia Sanches, And Other Stories, a queer couple struggles with motherhood, shortlisted for the 2023 International Booker Prize)
• Brown Neon: Essays (Raquel Gutiérrez, Coffee House Press, "part butch memoir, part ekphrastic travel diary, part queer family tree")
• Cecilia (K-Ming Chang, Coffee House Press, an "erotic, surreal novella")
• Corey Fah Does Social Mobility (Isabel Waidner, Graywolf, "A novel that celebrates radical queer survival and gleefully takes a hammer to false notions of success")
• A Dream of a Woman (Casey Plett, Arsenal Pulp Press, short stories by the author of the Lambda Literary Award-winning Little Fish)
• Everything for Everyone: An Oral History of the New York Commune, 2052-2072 (Eman Abdelhadi & M. E. O'Brien, Common Notions, speculative fiction)
• Feed (Tommy Pico, Tin House Books, fourth book in Teebs tetralogy, "an epistolary recipe for the main character, a poem of nourishment, and a jaunty walk through New York's High Line park, with the lines, stanzas, paragraphs, dialogue, and registers approximating the park's cultivated gardens of wildness")
• Females (Andrea Long Chu, Verso, provocative genre-defying investigation into femaleness)
• The Free People's Village (Sim Kern, Levine Querido, a novel of "eat-the-rich climate fiction")
• The Future Is Disabled: Prophecies, Love Notes and Mourning Songs (Lambda Literary Award-winning Leah Lakshmi Piepzna-Samarasinha, Arsenal Pulp Press, disability justice, care and mutual aid)
• Her Body and Other Parties: Stories (Carmen Maria Machado, Graywolf Press, "blithely demolishes the arbitrary borders between psychological realism and science fiction... to shape startling narratives that map the realities of women's lives and the violence visited upon their bodies")
• High-Risk Homosexual: A Memoir (Edgar Gomez, Soft Skull, "a touching and often hilarious spiralic path to embracing a gay, Latinx identity against a culture of machismo")
• Homie: Poems (Danez Smith, Graywolf Press, finalist for the National Book Critics Circle Award for Poetry and the NAACP Image Award for Poetry)
• How to Fuck Like a Girl (Vera Blossom, Dopamine/Semiotext(e), a how-to guide)
• I Love This Part (Tillie Walden, Avery Hill Publishing, graphic novel of teen queer love)
• It Came from the Closet: Queer Reflections on Horror (ed. Joe Vallese, Feminist Press, essays by Carmen Maria Machado, Bruce Owens Grimm, Richard Scott Larson)
• Love Is an Ex-Country: A Memoir (Randa Jarrar, Catapult, "Queer. Muslim. Arab American. A proudly Fat femme.")
• Mrs. S (K. Patrick, Europa Editions, a butch English boarding school matron begins an illicit affair with the headmaster's wife)
• Outwrite: The Speeches That Shaped LGBTQ Literary Culture (eds. Julie R. Enszer, Elena Gross, Rutgers UP, 27 of the most memorable speeches from the OutWrite conference)
• Playboy (Constance Debre, trans. Holly James, Semiotext(e), the first volume of the renowned trilogy on the author's decision to abandon her bourgeois Parisian life to become a lesbian and writer)
• Sluts: Anthology (ed. Michelle Tea, Dopamine Books, anthology of essays and stories on sexual promiscuity in contemporary American culture)
• Stone Fruit (Lee Lai, Fantagraphics Books, a queer couple opens up to their families in this 2022 Lambda Literary Award winner for Comics)
• Survival Takes a Wild Imagination: Poems (Fariha Róisín, Andrews McMeel Publishing, "Who is my family? My father? How do I love a mother no longer here? Can I see myself? What does it mean to be Bangladeshi? What is a border?")
• Time Is the Thing a Body Moves Through (T. Fleischmann, Coffee House Press, "an autobiographical narrative of embodiment, visual art, history, and loss")
• Thunder Song: Essays (Sasha Lapointe, Counterpoint LLC, what it means to be a proudly queer indigenous woman in the USA)
• The Tradition (Jericho Brown, Copper Canyon Press, Pulitzer Prize-winning poetry that examines black bodies, desire, privilege and resistance)
• When We Were Sisters (Fatimah Asghar, One World, "traces the intense bond of three orphaned siblings," longlisted for the National Book Award)
• You Exist Too Much (Zaina Arafat, Catapult: Palestinian American queer coming-of-age novel)
• Your Emergency Contact Has Experienced an Emergency (Chen Chen, BOA Editions, "What happens when everything falls away, when those you call on in times of need are themselves calling out for rescue?")

With management's blessing, I set up a MeFi affiliate membership with Bookshop, so the links above will benefit MetaFilter.

The latest: Personal disaster zone Rishi "Bring Back National Service" Sunak couldn't do an afternoon of his own, bailing on D-day commemorations to pre-record a TV interview, and is now campaigning while hiding from the media, public, and his local rival. In Scotland, unpopular referee and malevolent garden gnome Douglas Ross has picked a seat by ejecting the sitting Tory candidate, while in England the Conservative chair has been parachuted into a seat to fight. But it's not all good for the other parties; Hank Hill lookalike Keir Starmer failed to convince in a 1-2-1 debate, while in Wales the (Labour) First Minister loses a confidence vote. Also, Ed Davey continues his bizarre "Mr Blobby incident lifestyle" election campaign, while Farage continues to be a [Previously] [Countdown].

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files.

The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

The UK is the first country to ban default passwords on IoT devices.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

The UK may be the first country, but as far as I know, California is the first jurisdiction. It banned default passwords in 2018, the law taking effect in 2020.

This sort of thing benefits all of us everywhere. IoT manufacturers aren’t making two devices, one for California and one for the rest of the US. And they’re not going to make one for the UK and another for the rest of Europe, either. They’ll remove the default passwords and sell those devices everywhere.

Another news article.

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.

Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.

Customer case studies published on onerep.com state that it struck a deal to offer the service to employees of Permanente Medicine, which represents the doctors within the health insurance giant Kaiser Permanente. Onerep also says it has made inroads among police departments in the United States.

But a review of Onerep’s domain registration records and that of its founder reveal a different side to this company. Onerep.com says its founder and CEO is Dimitri Shelest from Minsk, Belarus, as does Shelest’s profile on LinkedIn. Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address dmitrcox2@gmail.com.

A search in the data breach tracking service Constella Intelligence for the name Dimitri Shelest brings up the email address dimitri.shelest@onerep.com. Constella also finds that Dimitri Shelest from Belarus used the email address d.sh@nuwber.com, and the Belarus phone number +375-292-702786.

Nuwber.com is a people search service whose employees all appear to be from Belarus, and it is one of dozens of people-search companies that Onerep claims to target with its data-removal service. Onerep.com’s website disavows any relationship to Nuwber.com, stating quite clearly, “Please note that OneRep is not associated with Nuwber.com.”

However, there is an abundance of evidence suggesting Mr. Shelest is in fact the founder of Nuwber. Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address dmitrcox@gmail.com. Recall that Onerep.com’s domain registration records in 2018 list the email address dmitrcox2@gmail.com.

It appears Mr. Shelest sought to reinvent his online identity in 2015 by adding a “2” to his email address. The Belarus phone number tied to Nuwber.com shows up in the domain records for comversus.com, and DomainTools says this domain is tied to both dmitrcox@gmail.com and dmitrcox2@gmail.com. Other domains that mention both email addresses in their WHOIS records include careon.me, docvsdoc.com, dotcomsvdot.com, namevname.com, okanyway.com and tapanyapp.com.

A search in DomainTools for the email address dmitrcox@gmail.com shows it is associated with the registration of at least 179 domain names, including dozens of mostly now-defunct people-search companies targeting citizens of Argentina, Brazil, Canada, Denmark, France, Germany, Hong Kong, Israel, Italy, Japan, Latvia and Mexico, among others.

Those include nuwber.fr, a site registered in 2016 which was identical to the homepage of Nuwber.com at the time. DomainTools shows the same email and Belarus phone number are in historic registration records for nuwber.at, nuwber.ch, and nuwber.dk (all domains linked here are to their cached copies at archive.org, where available).

Update, March 21, 11:15 a.m. ET: Mr. Shelest has provided a lengthy response to the findings in this story. In summary, Shelest acknowledged maintaining an ownership stake in Nuwber, but said there was “zero cross-over or information-sharing with OneRep.” Mr. Shelest said any other old domains that may be found and associated with his name are no longer being operated by him.

“I get it,” Shelest wrote. “My affiliation with a people search business may look odd from the outside. In truth, if I hadn’t taken that initial path with a deep dive into how people search sites work, Onerep wouldn’t have the best tech and team in the space. Still, I now appreciate that we did not make this more clear in the past and I’m aiming to do better in the future.” The full statement is available here (PDF).

Original story:

Historic WHOIS records for onerep.com show it was registered for many years to a resident of Sioux Falls, SD for a completely unrelated site. But around Sept. 2015 the domain switched from the registrar GoDaddy.com to eNom, and the registration records were hidden behind privacy protection services. DomainTools indicates around this time onerep.com started using domain name servers from DNS provider constellix.com. Likewise, Nuwber.com first appeared in late 2015, was also registered through eNom, and also started using constellix.com for DNS at nearly the same time.

Listed on LinkedIn as a former product manager at OneRep.com between 2015 and 2018 is Dimitri Bukuyazau, who says their hometown is Warsaw, Poland. While this LinkedIn profile (linkedin.com/in/dzmitrybukuyazau) does not mention Nuwber, a search on this name in Google turns up a 2017 blog post from privacyduck.com, which laid out a number of reasons to support a conclusion that OneRep and Nuwber.com were the same company.

“Any people search profiles containing your Personally Identifiable Information that were on Nuwber.com were also mirrored identically on OneRep.com, down to the relatives’ names and address histories,” Privacyduck.com wrote. The post continued:

“Both sites offered the same immediate opt-out process. Both sites had the same generic contact and support structure. They were – and remain – the same company (even PissedConsumer.com advocates this fact: https://nuwber.pissedconsumer.com/nuwber-and-onerep-20160707878520.html).”

“Things changed in early 2016 when OneRep.com began offering privacy removal services right alongside their own open displays of your personal information. At this point when you found yourself on Nuwber.com OR OneRep.com, you would be provided with the option of opting-out your data on their site for free – but also be highly encouraged to pay them to remove it from a slew of other sites (and part of that payment was removing you from their own site, Nuwber.com, as a benefit of their service).”

Reached via LinkedIn, Mr. Bukuyazau declined to answer questions, such as whether he ever worked at Nuwber.com. However, Constella Intelligence finds two interesting email addresses for employees at nuwber.com: d.bu@nuwber.com, and d.bu+figure-eight.com@nuwber.com, which was registered under the name “Dzmitry.”

PrivacyDuck’s claims about how onerep.com appeared and behaved in the early days are not readily verifiable because the domain onerep.com has been completely excluded from the Wayback Machine at archive.org. The Wayback Machine will honor such requests if they come directly from the owner of the domain in question.

Still, Mr. Shelest’s name, phone number and email also appear in the domain registration records for a truly dizzying number of country-specific people-search services, including pplcrwlr.in, pplcrwlr.fr, pplcrwlr.dk, pplcrwlr.jp, peeepl.br.com, peeepl.in, peeepl.it and peeepl.co.uk.

The same details appear in the WHOIS registration records for the now-defunct people-search sites waatpp.de, waatp1.fr, azersab.com, and ahavoila.com, a people-search service for French citizens.

A search on the email address dmitrcox@gmail.com suggests Mr. Shelest was previously involved in rather aggressive email marketing campaigns. In 2010, an anonymous source leaked to KrebsOnSecurity the financial and organizational records of Spamit, which at the time was easily the largest Russian-language pharmacy spam affiliate program in the world.

Spamit paid spammers a hefty commission every time someone bought male enhancement drugs from any of their spam-advertised websites. Mr. Shelest’s email address stood out because immediately after the Spamit database was leaked, KrebsOnSecurity searched all of the Spamit affiliate email addresses to determine if any of them corresponded to social media accounts at Facebook.com (at the time, Facebook allowed users to search profiles by email address).

That mapping, which was done mainly by generous graduate students at my alma mater George Mason University, revealed that dmitrcox@gmail.com was used by a Spamit affiliate, albeit not a very profitable one. That same Facebook profile for Mr. Shelest is still active, and it says he is married and living in Minsk [Update, Mar. 16: Mr. Shelest’s Facebook account is no longer active].

Scrolling down Mr. Shelest’s Facebook page to posts made more than ten years ago show him liking the Facebook profile pages for a large number of other people-search sites, including findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, peepull.com, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke.com, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, webmeek.com, and many country-code variations of viadin.ca (e.g. viadin.hk, viadin.com and viadin.de).

Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address dmitrcox@gmail.com.

Mr. Shelest has not responded to multiple requests for comment. KrebsOnSecurity also sought comment from onerep.com, which likewise has not responded to inquiries about its founder’s many apparent conflicts of interest. In any event, these practices would seem to contradict the goal Onerep has stated on its site: “We believe that no one should compromise personal online security and get a profit from it.”

Max Anderson is chief growth officer at 360 Privacy, a legitimate privacy company that works to keep its clients’ data off of more than 400 data broker and people-search sites. Anderson said it is concerning to see a direct link between between a data removal service and data broker websites.

“I would consider it unethical to run a company that sells people’s information, and then charge those same people to have their information removed,” Anderson said.

Last week, KrebsOnSecurity published an analysis of the people-search data broker giant Radaris, whose consumer profiles are deep enough to rival those of far more guarded data broker resources available to U.S. police departments and other law enforcement personnel.

That story revealed that the co-founders of Radaris are two native Russian brothers who operate multiple Russian-language dating services and affiliate programs. It also appears many of the Radaris founders’ businesses have ties to a California marketing firm that works with a Russian state-run media conglomerate currently sanctioned by the U.S. government.

KrebsOnSecurity will continue investigating the history of various consumer data brokers and people-search providers. If any readers have inside knowledge of this industry or key players within it, please consider reaching out to krebsonsecurity at gmail.com.

Update, March 15, 11:35 a.m. ET: Many readers have pointed out something that was somehow overlooked amid all this research: The Mozilla Foundation, the company that runs the Firefox Web browser, has launched a data removal service called Mozilla Monitor that bundles OneRep. That notice says Mozilla Monitor is offered as a free or paid subscription service.

“The free data breach notification service is a partnership with Have I Been Pwned (“HIBP”),” the Mozilla Foundation explains. “The automated data deletion service is a partnership with OneRep to remove personal information published on publicly available online directories and other aggregators of information about individuals (“Data Broker Sites”).”

In a statement shared with KrebsOnSecurity.com, Mozilla said they did assess OneRep’s data removal service to confirm it acts according to privacy principles advocated at Mozilla.

“We were aware of the past affiliations with the entities named in the article and were assured they had ended prior to our work together,” the statement reads. “We’re now looking into this further. We will always put the privacy and security of our customers first and will provide updates as needed.”