Shared posts

01 Mar 22:15

Kino Lorber Lets You Stream 146 Films on YouTube: Tilda Swinton, Samuel L. Jackson, Steve Buscemi, Buster Keaton & More

by OC

The film distribution company Kino Lorber now allows you to stream complete films on YouTube for free. Since we first mentioned this initiative back in 2022, the list of streamable films has grown. Among the now 146 films, you will find a mixture of documentaries and cinematic works, including Derek Jarman’s Blue; Fela Kuti: Music Is The Weapon (a documentary exploring the life and work of the African musician); The Search for One-Eye Jimmy with Steve Buscemi, Samuel L. Jackson, and John Turturro; Buster Keaton’s Three Ages; Gary Cooper in A Farewell to Arms; Genius Within: The Inner Life of Glenn Gould; and War Requiem with Tilda Swinton, Derek Jarman and Laurence Olivier.

Find the list of 146 films here, or stream them all above.

Related Content 

How to Watch Hundreds of Free Movies on YouTube

Watch 70+ Soviet Films Free Online, Courtesy of Mosfilm, the Hollywood of the Soviet Union

Watch Free Cult Films by Stanley Kubrick, Fritz Lang, Boris Karloff, Bela Lugosi & More on the New Kino Cult Streaming Service

17 Feb 00:18

Japan To Introduce Six-Month Residency Visa For 'Digital Nomads'

by BeauHD
In an effort to boost tourism and innovation, Japan will launch a new visa program for digital nomads, allowing remote workers to work in the country for up to six months while enjoying sightseeing trips. Tech Times reports: Starting from the end of March, Japan will introduce a unique visa status aimed at IT engineers and remote workers employed by overseas companies. The program is designed to cater to the evolving work landscape, recognizing the surge in digital nomads-individuals who can seamlessly work from anywhere in the world. Nikkei Asia (paywalled) tells us that to be eligible for this digital nomad visa, applicants must boast an annual income of at least 10 million yen ($68,000). Citizens from 50 countries and regions, including the U.S., Australia, and Singapore, which have existing visa waiver agreements with Japan, can apply. Private health insurance is a prerequisite, ensuring the well-being of the visa holders during their stay. Self-employed individuals engaged in overseas business can also benefit from this innovative program. Moreover, they have the option to bring their family members along, provided they are covered by private health insurance. While the program offers the freedom to explore Japan, it has unique conditions. Digital nomads under this visa will not receive a residence card or certificate, limiting access to specific government benefits. The visa is non-renewable, requiring reapplication after a six-month interval, and applicants must spend that time outside the country. Japan joins the ranks of over 50 countries issuing digital nomad visas. Notably, South Korea allows up to two years, while Taiwan offers a three-year stay, with the possibility of permanent residency. The diverse offerings cater to digital nomads' varied needs and preferences, seeking a balance between work and exploration.

Read more of this story at Slashdot.

16 Feb 18:49

The Raw-Meat-Eating Guy Is Back on Instagram

by Dennis Lee
Bgarland

No, no, no, no, no. No.

Social media encourages some pretty unusual behavior sometimes. Often, those behaviors involve chicken. And right now, an Instagram user with 391,000 followers is undertaking a particularly gnarly poultry experiment. The user, who simply goes by John, has been posting to an account called @rawchickenexperiment. Given…

Read more...

02 Feb 20:18

Meet Kagen Sound, the Award-Winning Designer Behind the World’s Most Intricate Puzzle Boxes

by Grace Ebert

As a child, Kagen Sound crafted a cardboard puzzle box that, to open, required the user to move a piece hidden within the work. The Rubik’s Cube-esque project sparked a lifelong passion for the designer, who’s now known worldwide for his wildly intricate patterns and sequences.

In a new documentary, the Wired team visits Sound’s garage studio, where he walks viewers through his process and workspace. Melding his background in math with 20 years of woodworking experience, the designer uses simple joinery techniques to formulate springs, geometric slides, and elegant motifs made with interlaced materials. “A lot of times if I can determine a finish for a particular kind of wood, it will unlock a project in itself,” he says. Containing secret mechanisms and maneuvers, these mind-boggling works have brought Sound international recognition as one of the best puzzle box designers in the world.

Watch the short documentary above, and check out Sound’s Instagram and YouTube to see his projects in action. (via The Kids Should See This)

 

a gif of two hands turning round mechanisms in a wooden puzzle box

two hands hold a round wooden sculpture with angular wooden segments called "The Hedgehog"

a gif of two hands shifting mechanisms in a wooden puzzle box

two hands hold a square wooden box titled "The Pinwheel Box"

a video still showing drawn diagrams and notes pinned to a wall with some wooden mockups nearby

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Meet Kagen Sound, the Award-Winning Designer Behind the World’s Most Intricate Puzzle Boxes appeared first on Colossal.

31 Jan 15:25

A Mammoth Book Catalogs a Vibrant Spectrum of Color Charts Spanning 600 Years

by Grace Ebert
a three-page spread with various colors and descriptions

Detail of Astrolin Color Card, Établissement Georget Fils Peintures Laquées et Vernis, Chantenay-Lès-Nantes (c. 1906). Image courtesy of Bibliothèque Forney, Paris. All images courtesy of Princeton University Press, shared with permission

From chemists’ plant-derived dyes to consumer paint swatches displayed at the hardware store, the history of color charts reflects a varied relationship between pigments, science, culture, and commerce. Anne Varichon in her forthcoming book explores the entwined evolution of this categorization through nearly 200 vibrant samples from the 15th century to modern day.

Translated by Kate Deimling, Color Charts: A History is a hefty survey of hundreds of grids and illustrations cataloging a remarkable spectrum of hues, materials, and uses. Inside its pages are swatches of 19th-century silk ribbons, thin fragments of wool roving, and a 1960s diagram featuring a linoleum collection that appears like a celestial map. While many of the charts included haven’t been published previously, the book also references classics like Werner’s Nomenclature of Colours, a wildly popular guide of hues for naturalists and artists.

Published by Princeton University Press, Color Charts outlines the way color has always informed consumer choice, from hand-dyed fabrics to the vast options of mass-produced goods we know today. Dive further into the history by pre-ordering your copy from Bookshop.

 

a chart with concentric half circles and small spheres with various linoleum colors on it

Detail of Sarlino Reims’ ‘Linoleum Collection’ (1966-1967). Image courtesy of Bibliothèque Forney, Paris

Four pages of yellow, blue, green, and purple silk swatches

Detail of color chart of silk velvet ribbons, G.G. & Cie, France, Leporello, late nineteenth century. Image courtesy of Bibliothèque Forney, Paris

a chart of dyed wool with numbers next to each swatch

M. D. Gonfreville’s ‘Art of Dyeing Wools in Fleece, Yarn, and Fabrics,’ Librairie Scientifique, Industrielle et Agricole Lacroix et Baudry, Paris (1848). Image courtesy of Bibliothèque Nationale de France, Paris

three images with felt swaches in blues, purples, and greens shaped like hats

Acid Dyes for Felt Pile, Base Colors, Société Anonyme des Matières Colorantes et Produits Chimiques de Saint-Denis, Saint-Denis, November 1930, leporella. Image courtesy of Anne Varichon

Four pages of pink, blue, green, and purple silk swatches

Detail of color chart of silk velvet ribbons, G.G. & Cie, France, Leporello, late nineteenth century. Image courtesy of Bibliothèque Forney, Paris

three illustrations from an l'astrolin pamphlet, on the right is an illustration of a man in yellow painting the moon

Detail of Astrolin Color Card, Établissement Georget Fils Peintures Laquées et Vernis, Chantenay-Lès-Nantes (c. 1906). Image courtesy of Bibliothèque Forney, Paris

six book pages open to reveal color charts made of fabric

Detail of Oscar Piéquet’s ‘The Chemistry of Dyers, New Theoretical and Practical Treatise on the Art of Dyeing and Printing Fabrics’ (1892), Paris. Image courtesy of Ôkhra-Ecomuseum of Ocher, Roussillon

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article A Mammoth Book Catalogs a Vibrant Spectrum of Color Charts Spanning 600 Years appeared first on Colossal.

31 Jan 14:40

Framed by Frozen Lakes, Richard Johnson’s ‘Ice Huts’ Capture Wintertime Communities in Canada

by Kate Mothes

“Ice Hut GRID #6” From the Series ‘Ice Huts’ (2007-2019). All images © Richard Johnson Photography, Inc., shared with permission

Starting in late December and January when the temperatures stay consistently below freezing, bodies of water in the northern United States and Canada begin to freeze. As the ice reaches thicknesses over four inches, it becomes safe to walk on, and at more than five inches, it is usually safe for snowmobiles. Then, in droves, residents take to the lakes. Ontario’s 279-square-mile Lake Simcoe, for example, draws more people for its ice fishing than any other lake in North America, attracting upwards of 4,000 huts each year.

The colorful villages of hand-built structures that populate many popular spots during the coldest months caught the eye of Toronto-based architectural photographer Richard Johnson (1957-2021), who captured hundreds of the structures, from the artistic to the ad-hoc, in a series of bold portraits taken between 2007 and 2019. “I have always been fascinated with small structures,” Johnson said. He continued:

My earliest recollection of shelter was as a 6-year-old growing up in Trinidad. It was a guard house for our neighbour. No more than three walls and a lean to roof, it was a simple solution to shade the harsh sun and protect from tropical rains. These shelters, built by individuals with available materials, inspired me to take notice.

The photos highlight a wide array of materials and design choices that comprise the seasonal communities, from plastic tarps wrapped around poles to one-person sheds to comparatively sophisticated board-and-batten buildings. Johnson captured the individual personality of each hut in a square format, framed by a snowy landscape, with their inhabitants typically out of view. Small enough to be towed onto the ice with a vehicle, some versions boast unique decor and enough space to hold several people, a small stove, and basic provisions.

See more on Richard Johnson Gallery’s website, where prints are available for purchase.

 

“Ice Hut #356” (2010), La Baie Des Ha! Ha!, Saguenay River, Québec

“Ice Village #178” (2016), Péribonka, Lac Saint-Jean, Québec

“Ice Hut GRID #11”

“Ice Hut #220” (2009), Killarney Beach, Lake Simcoe, Ontario

“Ice Hut #137” (2008), Gilford, Lake Simcoe, Ontario

“Ice Hut #998” (2017), New Liskeard, Lake Timiskaming, Ontario

“Ice Village #47” (2013), Renforth, Kennebecasis River, New Brunswick

“Ice Hut #946” (2016), Péribonka, Lac Saint-Jean, Québec

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Framed by Frozen Lakes, Richard Johnson’s ‘Ice Huts’ Capture Wintertime Communities in Canada appeared first on Colossal.

31 Jan 14:39

Meet Alma Deutscher, the Classical Music Prodigy: Watch Her Performances from Age 6 to 14

by Ayun Halliday
Bgarland

She's amazing!

One needn’t think too hard to come up with a list of celebrated children who seem somehow less exceptional when their baby fat comes off and their permanent teeth come in.

We’ll eat Werner Herzog’s shoe if Alma Deutscher’s name is on it.

When she was 11, conductor Johannes Wildner told the New York Times that “she is not good because she is young. She is good because she is extremely talented and has matured very early.”

Her parents were the first to recognize her extraordinary abilities.

It’s nice when a musically gifted child is born to parents who are not only willing to cultivate that seed, they understand that their 18 month old sings with perfect pitch…

She was nearing the age of reason when the general public became acquainted with the pigtailed composer who played piano and violin, loved improvising and drew constant, not universally welcome comparisons to Mozart.

At seven, she penned a short opera inspired by “The Sweeper of Dreams”, a short story by Neil Gaiman.

 

She followed that up with a full length operatic reimagining of Cinderella (age 10) and rigorous training that built on her early exposure to Partimenti — keyboard improvisation.

Now 18, Alma continues to spellbind listeners with her seemingly magical ability to conjure a piano sonata using randomly selected notes in less that a minute, just as she wowed 60 Minutes correspondent Scott Pelley after he picked a B, an A, an E flat, and a G from a hat back in 2017, when she was 12.

She’s was unabashed about her love of melody in the 60 Minutes appearance, and has remained so, explaining the reasoning behind her piece, Waltz of the Sirens, to a 2019 Carnegie Hall audience by saying that she’s always wanted to write beautiful music:

Music that comes out of the heart and speaks directly to the heart, but some people have told me that nowadays melodies and beautiful harmonies are no longer acceptable in serious classical music because in the 21st century, music must reflect the ugliness of the modern world. Well, in this waltz, instead of trying to make my music artificially ugly in order to reflect the modern world, I went in exactly the opposite direction. I took some ugly sounds from the modern world, and I tried to turn them into something more beautiful through music.

The full length opera The Emperor’s New Waltz is the soon to be 19-year-old’s first major adult achievement in what promises to be a long career.

Taking her inspiration from Hans Christian Andersen’s The Emperor’s New Clothes, she sought to create a love story that would appeal to young pop fans (while also getting a few swipes in at the “tuneless world of atonal contemporary music.”)

As she noted in an interview with Germany’s Klassik Radio, it’s “definitely the beautiful melodies that unite pop and classical music:”

I’m sure that if Mozart or Schubert had heard the most beautiful melodies of ABBA, or Queen or Elton John, then they would have been jealous and they would have said, “I wish I had thought of that!”

Related Content

Leonard Bernstein Introduces 7‑Year-Old Yo-Yo Ma: Watch the Youngster Perform for John F. Kennedy (1962)

Leonard Bernstein’s First “Young People’s Concert” at Carnegie Hall Asks, “What Does Music Mean?”

Hear the Highest Note Sung in the 137-Year History of the Metropolitan Opera

– Ayun Halliday is the Chief Primatologist of the East Village Inky zine and author, most recently, of Creative, Not Famous: The Small Potato Manifesto and Creative, Not Famous Activity Book. Follow her @AyunHalliday.

31 Jan 14:35

Sozai Center Designs a Durable Speckled Fabric Made Entirely of Recycled Apple Waste

by Grace Ebert
a hand slots between two sheets of speckled fabric

All images © Sozai Center, shared with permission

About 60 percent of Japan’s apples grow in Aomori Prefecture, and as with any agricultural crop, the region also generates a significant amount of production waste, particularly as the fruits are squeezed and pressed for juice. The designers at Sozai Center engineered a new technology that recycles the leftover pomace into an elegant fabric called “Adam.”

In collaboration with KOMORU Corporation and M&T, the center gathers leftover matter from local farmers and fashions translucent sheets speckled with deep red flecks from a powder of stems, skins, and cores. Water-resistant and durable enough for frequent washing, “Adam” is suitable for garments and furniture. In addition to selling the raw fabric, Sozai Center also designed a small wallet and crossbody pouch for everyday use.

Shotaro Oshima, the studio’s director, shares that the team is currently working on creating boards from scallops and straw waste. Follow the latest developments on Instagram. (via designboom)

 

a detail of sheets of speckled fabric rolled

a sheet of speckled fabric drapes over a hand

a detail of sheets of speckled fabric folded

a sheet of speckled fabric

hands slot a blue oyster card into a translucent speckled wallet

hands slot a red passport into a translucent speckled wallet

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Sozai Center Designs a Durable Speckled Fabric Made Entirely of Recycled Apple Waste appeared first on Colossal.

31 Jan 14:31

Explore the Surface of Mars in Spectacular 4K Resolution

by OC

?si=RFbzFSzSNWzua3‑7

Could you use a mental escape? Maybe a trip to Mars will do the trick. Above, you can find high definition footage captured by NASA’s three Mars rovers–Spirit, Opportunity and Curiosity. The footage (also contributed by JPL-CaltechMSSSCornell University and ASU) was stitched together by ElderFox Documentaries, creating what they call the most lifelike experience of being on Mars. Adding more context, Elder Fox notes:

The footage, captured directly by NASA’s Mars rovers — Spirit, Opportunity, Curiosity, and Perseverance — unveils the red planet’s intricate details. These rovers, acting as robotic geologists, have traversed varied terrains, from ancient lake beds to towering mountains, uncovering Mars’ complex geological history.

As viewers enjoy these images, they will notice informal place names assigned by NASA’s team, providing context to the Martian features observed. Each rover’s unique journey is highlighted, showcasing their contributions to Martian exploration.

Safe travels.

If you would like to sign up for Open Culture’s free email newsletter, please find it here. Or follow our posts on Threads, Facebook, BlueSky or Mastodon.

If you would like to support the mission of Open Culture, consider making a donation to our site. It’s hard to rely 100% on ads, and your contributions will help us continue providing the best free cultural and educational materials to learners everywhere. You can contribute through PayPal, Patreon, and Venmo (@openculture). Thanks!

Related Content:

Behold Colorful Geologic Maps of Mars Released by The United States Geological Survey

Carl Sagan Presents Six Lectures on Earth, Mars & Our Solar System … For Kids (1977)

NASA Releases a Massive Online Archive: 140,000 Photos, Videos & Audio Files Free to Search and Download

Hear the Very First Sounds Ever Recorded on Mars, Courtesy of NASA

28 Jan 18:13

Books Fatal to Their Authors (1895)

This strange volume puts the lie to Ditchfield’s title: tyrants, not books, kill authors.

28 Jan 18:05

Twitter alternative Bluesky launches RSS feeds

by Rob Beschizza

Twitter is getting worse than ever under its new ownership: every popular tweet is deluged with AI bots, right-wing memes and ads for sex workers, dropshipped gadgets and crypto scams. But Threads is a grimly proprietary affair, and has its own quality issues as it must grow fast or die in the context of the big tech business model. — Read the rest

The post Twitter alternative Bluesky launches RSS feeds appeared first on Boing Boing.

28 Jan 18:05

UPDATED: World’s Biggest Data Breaches – 450+ hacks in one visualisation

by Sven Ehmann

23andMe, Xfinity, X/Twitter and the Indonesian people (yes all of them) – are among the latest victims listed in our ongoing visualisation of data leaks, hacks and breaches (2023-2004)

We’ve also updated the new interactive graphic – Breaches by Data Sensitivity – so you can see what kinds of records have been leaked (passwords, social security numbers, medical data). All made with our tool VizSweet.

We’re now in our eighth year of updates. Let us know if we’ve missed any (but pretty please review the datasheet first).

» Safely check if your details have been compromised in any recent data breaches @ haveibeenpwned.com

23 Jan 19:02

Free Download: A Knitting Pattern for a Sweater Depicting an Iconic Cover of George Orwell’s 1984

by OC
Bgarland

Finally, something that makes me want to learn to knit.

16 Jan 01:24

The Last Repair Shop: A Heartwarming Documentary Visits the Warehouse Servicing 80,000+ Instruments for L.A. Students

by Grace Ebert

The Los Angeles public school system is one of few administrations in the U.S. that still provides instruments to its students for free. Tens of thousands of young musicians learn to play the saxophone or tuba on borrowed equipment, a program running since 1959 that offers greater and more equitable access to the arts.

A short documentary directed by Ben Proudfoot and Kris Bowers visits the unassuming warehouse where more than 80,000 student instruments are maintained. “The Last Repair Shop” shares the stories of how the four craftspeople came to their roles, punctuated by testimonies from students who’ve benefited from their work. Glimpsing their mending techniques and skill at repairing even the smallest cracks, the documentary is both a testimony to the necessity of public services like this program and the indelible impact music has on people of all ages and backgrounds.

“This is not just a musical instrument repair shop. When an instrument breaks, there’s a student without an instrument,” says Steve, a piano technician and the workshop supervisor. “No. Not in our city.”

Watch “The Last Repair Shop” above, and find more from the directors on Vimeo.

 

a girl plays a saxophone

a man holds up a violin

a hand uses a wrench on part of a piano

a young man holds a silver tuba around his body

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article The Last Repair Shop: A Heartwarming Documentary Visits the Warehouse Servicing 80,000+ Instruments for L.A. Students appeared first on Colossal.

16 Jan 01:22

Dizzying Gifs by Etienne Jacob Infuse Mathematical Equations into Endless Loops

by Grace Ebert
a black and white animated gif of lines with dots at the end spinning around a central axis

“Rotating dandelion.” All gifs © Etienne Jacob, shared with permission

Paris-based software engineer Etienne Jacob (previously) takes a creative approach to coding with his mesmerizing animations that fall at the intersection of art and math. Gravitating toward space-filling curves and spiral equations, Jacob designs engrossing geometries that twirl around a central axis, coil into parallel black holes, and disperse into individual dots.

Looping is an essential part of each animation, he tells Colossal, noting that the constraint influences the shapes and movements he’s able to create. Most designs are planned, although Jacob diverges when a new technique or method seems appealing. “When I start to code a loop, I give the project a name that sums up the main idea I’m planning to work on, and it seems that the end result always matches that initial project name (and idea), despite the experimentation and unplanned features,” he shares.

Jacob shares much of his work on Tumblr, along with tutorials on his website.

 

a black and white animated gif of a wave dispersing a sphere made of dots

“Sphere wave”

a black and white animated gif of a curved torus curve on the outer and inner edges

“Torus curve”

a black and white animated gif of cubes shifting on a screen of dots

“Cubes camouflage” made in collaboration with jn3008

a black and white animated gif of a sphere twisting and spiraling

“Circle to double spiral”

a black and white animated gif of cubes shifting and appearing to grow and grow

“Fractal sliding 2d”

a black and white animated gif of two loops roiling in contstant movement

“Path with 2 holes”

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Dizzying Gifs by Etienne Jacob Infuse Mathematical Equations into Endless Loops appeared first on Colossal.

19 Dec 15:45

Why Google Will Stop Telling Law Enforcement Which Users Were Near a Crime

by EditorDavid
Earlier this week Google Maps stopped storing user location histories in the cloud. But why did Google make this move? Bloomberg reports that it was "so that the company no longer has access to users' individual location histories, cutting off its ability to respond to law enforcement warrants that ask for data on everyone who was in the vicinity of a crime." The company said Thursday that for users who have it enabled, location data will soon be saved directly on users' devices, blocking Google from being able to see it, and, by extension, blocking law enforcement from being able to demand that information from Google. "Your location information is personal," said Marlo McGriff, director of product for Google Maps, in the blog post. "We're committed to keeping it safe, private and in your control." The change comes three months after a Bloomberg Businessweek investigation that found police across the US were increasingly using warrants to obtain location and search data from Google, even for nonviolent cases, and even for people who had nothing to do with the crime. "It's well past time," said Jennifer Lynch, the general counsel at the Electronic Frontier Foundation, a San Francisco-based nonprofit that defends digital civil liberties. "We've been calling on Google to make these changes for years, and I think it's fantastic for Google users, because it means that they can take advantage of features like location history without having to fear that the police will get access to all of that data." Google said it would roll out the changes gradually through the next year on its own Android and Apple Inc.'s iOS mobile operating systems, and that users will receive a notification when the update comes to their account. The company won't be able to respond to new geofence warrants once the update is complete, including for people who choose to save encrypted backups of their location data to the cloud. The EFF general counsel also pointed out to Bloomberg that "nobody else has been storing and collecting data in the same way as Google." (Apple, for example, is technically unable to provide the same data to police.)

Read more of this story at Slashdot.

12 Dec 20:27

ICANN Launches Service to Help With WHOIS Lookups

by BrianKrebs

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars.

In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — instructed all registrars to redact the customer’s name, address, phone number and email from WHOIS, the system for querying databases that store the registered users of domain names and blocks of Internet address ranges.

ICANN made the policy change in response to the General Data Protection Regulation (GDPR), a law enacted by the European Parliament that requires companies to gain affirmative consent for any personal information they collect on people within the European Union. In the meantime, registrars were to continue collecting the data but not publish it, and ICANN promised it would develop a system that facilitates access to this information.

At the end of November 2023, ICANN launched the Registration Data Request Service (RDRS), which is designed as a one-stop shop to submit registration data requests to participating registrars. This video from ICANN walks through how the system works.

Accredited registrars don’t have to participate, but ICANN is asking all registrars to join and says participants can opt out or stop using it at any time. ICANN contends that the use of a standardized request form makes it easier for the correct information and supporting documents to be provided to evaluate a request.

ICANN says the RDRS doesn’t guarantee access to requested registration data, and that all communication and data disclosure between the registrars and requestors takes place outside of the system. The service can’t be used to request WHOIS data tied to country-code top level domains (CCTLDs), such as those ending in .de (Germany) or .nz (New Zealand), for example.

The RDRS portal.

As Catalin Cimpanu writes for Risky Business News, currently investigators can file legal requests or abuse reports with each individual registrar, but the idea behind the RDRS is to create a place where requests from “verified” parties can be honored faster and with a higher degree of trust.

The registrar community generally views public WHOIS data as a nuisance issue for their domain customers and an unwelcome cost-center. Privacy advocates maintain that cybercriminals don’t provide their real information in registration records anyway, and that requiring WHOIS data to be public simply causes domain registrants to be pestered by spammers, scammers and stalkers.

Meanwhile, security experts argue that even in cases where online abusers provide intentionally misleading or false information in WHOIS records, that information is still extremely useful in mapping the extent of their malware, phishing and scamming operations. What’s more, the overwhelming majority of phishing is performed with the help of compromised domains, and the primary method for cleaning up those compromises is using WHOIS data to contact the victim and/or their hosting provider.

Anyone looking for copious examples of both need only to search this Web site for the term “WHOIS,” which yields dozens of stories and investigations that simply would not have been possible without the data available in the global WHOIS records.

KrebsOnSecurity remains doubtful that participating registrars will be any more likely to share WHOIS data with researchers just because the request comes through ICANN. But I look forward to being wrong on this one, and will certainly mention it in my reporting if the RDRS proves useful.

Regardless of whether the RDRS succeeds or fails, there is another European law that takes effect in 2024 which is likely to place additional pressure on registrars to respond to legitimate WHOIS data requests. The new Network and Information Security Directive (NIS2), which EU member states have until October 2024 to implement, requires registrars to keep much more accurate WHOIS records, and to respond within as little as 24 hours to WHOIS data requests tied everything from phishing, malware and spam to copyright and brand enforcement.

12 Dec 20:26

A Busy Person’s Introduction to Large Language Models (LLMs)

by OC

You’re busy. You don’t have much time to figure out the deal with Large Language Models (aka LLMs). But you have some curiosity. Enter Andrej Karpathy and his presentation, “A Busy Person’s Introduction to Large Language Models.” It’s a one-hour tutorial that explains “the core technical component behind systems like ChatGPT, Claude, and Bard.” Designed for a general audience, the video explains what Large Language Models (LLMs) are, and where Karpathy sees them going. Andrej knows what he’s talking about. He currently works for OpenAI (the maker of ChatGPT), and, before that, he served as the director of artificial intelligence at Tesla.

As one YouTube commenter put it, “Andrej is hands-down one of the best ML [Machine Learning] educators out there.” At Stanford, he was the primary instructor for the first deep learning class, which has become one of the largest courses at the university. Enjoy.

Related Content 

Generative AI for Everyone: A Free Course from AI Pioneer Andrew Ng

Neural Networks for Machine Learning: A Free Online Course Taught by Geoffrey Hinton

Google Launches a Free Course on Artificial Intelligence: Sign Up for Its New “Machine Learning Crash Course”

Stephen Fry Reads Nick Cave’s Stirring Letter About ChatGPT and Human Creativity: “We Are Fighting for the Very Soul of the World”

Noam Chomsky on ChatGPT: It’s “Basically High-Tech Plagiarism” and “a Way of Avoiding Learning”

12 Dec 20:24

Glen Hansard & Lisa O’Neill Perform a Stirring Version of “Fairytale of New York” at Shane MacGowan’s Funeral: Watch Their Send-Off

by OC

On Friday, Glen Hansard & Lisa O’Neill performed “Fairytale of New York” at Shane MacGowan’s funeral, giving the Pogues’ frontman quite the send-off. The moving performance took place before a packed church in Nenagh, a country town in Ireland. And it all ends, perhaps fittingly, with mourners dancing in the aisles. Below, you can also watch Nick Cave perform a Pogues song from 1986, “A Rainy Night in Soho.”

Related Content

The Story of The Pogues’ “Fairytale of New York,” the Boozy Ballad That Has Become One of the Most Beloved Christmas Songs of All Time

Shane MacGowan & Sinéad O’Connor Duet Together, Performing a Moving Rendition of “Haunted”

RIP Shane MacGowan: Watch the Celtic Punk Rocker Perform with Nick Cave, Kirsty MacColl & the Dubliners

The Wondrous Night When Glen Hansard Met Van Morrison

01 Dec 16:03

Vibrant Figures Soar and Swing Above Buzzing Cities in Millo’s Vibrant Murals

by Kate Mothes
A mural on the side of a building of a figure soaring over a city on a striped kite.

“Soltar Papagaio” (2023), Itabira, Brazil. All images © Millo, shared with permission

Italian artist Francesco Camillo Giorgino, who works as Millo (previously), has a penchant for transforming featureless walls into emotive, airy scenes. Floating above black-and-white cityscapes dotted with clouds and airplanes, central figures pop with color as they soar on kites or swings, haul heavy loads, or interact with flora and fauna.

The artist’s bold, outlined style lends itself to a puzzle-like interplay between the painting and the architecture, sometimes drawing attention to apertures, like in “An Open Door,” or incorporating the outline of a roof. “I’ve been into murals for a long time, but recently I focused a bit more into details,” Millo tells Colossal. “I’ve always been into black-and-white, even if in the last few years, a lot of colors and shades started to appear in my artworks. Now, for example, I not only try to improve the quality of my artworks, but I love to hide little easter eggs in my murals.”

Millo’s compositions are inspired by a wide variety of everyday experiences, from news heard on the radio to an interesting fact in an old history book. “As you’ll notice, scrolling through the pages of my works, all of them convey different messages. Most of the time, they depend on the places where I’m painting,” he says. Millo wants his murals to fit into their sites and reflect the histories of each place, presenting specific stories as a universal experiences.

See more of Millo’s work on his website, and follow him on Instagram for updates.

 

A mural on the side of a building of a figure wearing a yellow shirt, pulling a large load of furniture and appliances tied in rope across a black-and-white cityscape.

“Coração cheio” (2023), Lagoinha, São Paulo, Brazil. Photo by Thiago Santos Martins

A mural on the side of a building of a young girl standing on a swing, in front of a black-and-white cityscape.

“A Moment” (2022), Leeuwarden, Netherland

A mural on the side of a building of a figure in a bath inside of a jar with plants in it, in front of a black-and-white cityscape.

“Essential” (2022), Amman, Jordan. Photo by Mirella Moschella

A mural on the side of a building of a figure opening a window and a plane is about to fly through, in front of a black-and-white cityscape.

“An Open Door” (2022), Le Barcarès, France

A mural on the side of a building of a young girl in a red dress dancing with a tree, in front of a black-and-white cityscape.

“Lymph” (2021), Monticello Amiata, Tuscany, Italy

A mural on the side of a building of a woman in a blue dress with her hair made of roses, in front of a black-and-white cityscape.

“Blooming Again” (2022), Mostar, Bosnia and Herzegovina

A mural on the side of a building of a young girl in a blue dress, seated on a red seahorse, in front of a black-and-white cityscape.

“The Sound of the Waves” (2021), Sant’Antioco, Sardinia Italy

A mural on the side of a building of two young figures sitting inside of a red poppy, in front of a black-and-white cityscape.

“When We Thought We Could Fly” (2023), Pristina, Kosovo

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Vibrant Figures Soar and Swing Above Buzzing Cities in Millo’s Vibrant Murals appeared first on Colossal.

09 Nov 21:17

The A24 Movie Browser

by David McCandless

Just a little explorer, an oeuvrexplorer if you like, for A24 – one of our favourite movie studios.

They released Everything, Everywhere, All at Once and many others you may have liked / seen (MidSommar, Under the Skin, Ex Machina, Moonlight).

We’ve fitted the interactive with a Rotten Tomatoes audience and critics slider, so you can use the viz to decide which cinematic treat to pluck next from their selection box.

» See the visualisation
» Explore the data

29 Oct 11:35

A Choir with 1,000 Singers Pays Tribute to Sinéad O’Connor & Performs “Nothing Compares 2 U”

by Ayun Halliday

The building that houses Dublin’s 3Olympia Theatre began life as Dan Lowrey’s Star of Erin Music Hall.

It has undergone several name changes over the course of its 145 years, and played host to drama, opera, ballet, films, oratorio, pantomime, variety shows, and world-famous popular musicians like David Bowie, REM, Foo Fighters… and Dublin native Sinéad O’Connor, who arrived at the venue in 2011, unceremoniously toting her aluminum foil-wrapped lunch.

Her fifteen-year-old daughter, Róisín Waters, sang back up.

Reviewer Nicola Byrne wrote in Golden Plec that “a single spotlight illuminated O’Connor on the middle of the stage, as she launched into “I Am Stretched On Your Grave,” a song she ‘Usually dedicates to any dead people that may be present:’”

With no instrumental, all attention was on that spotlight. If a pin had’ve been dropped in the Olympia, I would’ve known about it.

O’Connor dedicated that evening’s performance of “Nothing Compares To You” to her 7-year-old son, Shane Lunny, who died by suicide in January 2022, a year and a half before his mother also took her leave.

A few weeks ago, Nobu Adilman and Daveed Goldman, founders of Choir! Choir! Choir!, swung by 3Olympia Theatre, to lead a 1000-member strong spontaneous choir of ticket holders in a moving cover of “Nothing Compares 2 You,” at the top of the page.

It was a meaningful way for fans to connect to an artist who spoke to them.

Choir! Choir! Choir! previously paid tribute to David Bowie with “Space Oddity,” and Prince (composer of “Nothing Compares 2 You)” with “When Doves Cry” not long after their deaths.

Prior to Dublin, Choir! Choir! Choir! honored O’Connor with a singalong of “Nothing Compares 2 You” at the Toronto Opera House, in the town where their movement got its start.

Ticket purchases benefited CAMH: The Centre for Addiction and Mental Health. Adilman and Goldman were joined onstage by the producer of “Nothing Compares 2 U,” Chris Birkett, and Toronto-based singer-songwriter Feist, whose first album purchase was O’Connor’s debut, The Lion and the Cobra.

“I remember so clearly the first time I heard her at a friend’s house after school,” she told Index Magazine in 2005:

 She blew my mind. Her voice sounded like it was from another universe. She redefined everything for me.

Turning the clock back to 2016, we find Choir! Choir! Choir! participants tackling “Nothing Compares 2” as a way of getting the jump on February’s most fraught holiday:

Valentine’s Day kinda sucks so last night, in anticipation, we celebrated EPIC HEARTBREAKS with the one and only Sinéad O’Connor. Props to Prince (yes, we know he wrote this amazing tune!) for not taking this video down in 7 hours and 15 days.

Related Content 

Watch David Byrne Lead a Massive Choir in Singing David Bowie’s “Heroes”

Sinéad O’Connor’s Raw Isolated Vocals for “Nothing Compares 2 U”

Sinéad O’Connor Makes Her First US Television Appearance: Watch Her Sing “Mandinka” on Late Night with David Letterman (1988)

– Ayun Halliday is the Chief Primatologist of the East Village Inky zine and author, most recently, of Creative, Not Famous: The Small Potato Manifesto and Creative, Not Famous Activity Book. Follow her @AyunHalliday.

29 Oct 11:14

‘Ghost Rivers’ Visualizes a Mile-Long Stream Buried Deep Beneath Baltimore

by Grace Ebert
A blue Ghost River installation sign with text and a blue curvy line running on the ground underneath it

Photo © Public Mechanics. All images shared with permission

How much do we really know about the land we walk on each day? For those of us in urban areas, pavement and buildings mask what were once prairies, forests, or glaciers, with any natural terrain often disguised in swaths of concrete and blacktop.

But in some cities, the remnants of the former landscape still haunt the streets. From Paris to Auckland to New York, communities are deciding to daylight the streams and rivers that were buried underground during development as a way to reduce pollution from urban runoff and prevent disastrous flooding. Baltimore alone is home to nearly 50 waterways that run for miles across the city—including the well-known Jones Falls that flows beneath I-83—and a new public art project is drawing attention to one of the bodies hidden below several central and northern neighborhoods.

 

an aerial image of a blue river running through an intersection

Photo © Frank Hamilton

The creation of artist Bruce Willen of Public Mechanics, Ghost Rivers is a multi-site installation and walking tour that visualizes the path of Sumwalt Run, which travels in culverts nearly 40 feet below Remington and Charles Village. “I first stumbled across this buried stream eight or nine years ago, on an antique map of Baltimore. On this 1870s-era map, a creek and a large pond cut across several miles of central and north Baltimore, not far from where I live,” Willen tells Colossal. “I was curious about this missing stream that once ran just a few blocks from my house.”

While walking around his neighborhood a few years later, Willen could hear water run in the storm drains when he reached lower elevations, which revived his interest in the hidden streams and instigated Ghost Rivers. Ten installations currently comprise the project, which overlays a wavy blue line on the pavement to help visualize where Sumwalt Run once was. The stream is shown haphazardly cutting through the center of an intersection and across roadways, revealing an inherent incongruity with Baltimore’s grid and urban life.

 

A blue Ghost Rivers installation sign on a city street

Photo © Public Mechanics

Thanks to support from the Greater Remington Improvement Association, Willen learned there was community interest in learning about the hidden waterways as he developed the project, and so self-guided tours became an important component of Ghost Rivers—for those of us not in Baltimore, there’s also a virtual option with detailed histories, archival photos, and maps. He shares about the tours:

Walking along the hidden path of the stream and imagining lost landscapes and ecologies really changes how you perceive the urban environment. When you encounter this permanent cartographic overlay and follow it through the city streets, these visions become more real, impactful, and deeply engaging.

While not all cities boast installations to visually communicate their histories, reviving interest in these once-visible waterways tends to be part of the goal, something Ghost Rivers is particularly adept at. It reveals what’s been lost to urbanization, explains the effects of burying a body of water, and leads us down a path that envisions a more symbiotic, sustainable future.

The few remaining Ghost Rivers sites are slated for completion next year. Check out the project website for more information, and follow Willen on Instagram to keep up with his upcoming public artworks, including bus shelter seating and light installations.

 

A blue line like a river runs across a roadway

Photo © Public Mechanics

A blue Ghost Rivers installation sign in front of a brick building

Photo © Public Mechanics

a blue river runs across a roadway

Photo © Frank Hamilton

a blue line on the grounds runs across a road and into a greenspace

Photo © Public Mechanics

someone leads a Ghost Rivers tour near a blue installation sign

Photo © Side A Photography

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article ‘Ghost Rivers’ Visualizes a Mile-Long Stream Buried Deep Beneath Baltimore appeared first on Colossal.

17 Oct 11:32

Watch a Strange Animation of Edgar Allan Poe’s “Tell-Tale Heart,” Voted the 24th Best Cartoon of All Time (1953)

by OC

Animation studio UPA—United Productions of America—is best known these days as the studio that gave us Mr. Magoo and Gerald McBoing Boing (which inspired a certain website). But the studio, originally created by three former Disney employees, wanted to broaden horizons back in the 1950s, and created this quite disturbing adaptation of Edgar Allan Poe’s “The Tell-Tale Heart,” narrated by the venerable James Mason.

Due to its adult subject matter, it was the first animated film to receive an “X” rating
(or “suitable for those aged 16 and over”) in the UK. Though not intended for children, many undoubtedly saw the film as kids and were profoundly affected by it. The film, designed by Paul Julian, borrows both from Dali-esque surrealism and German expressionism.

And while it does feature some traditional cell animation, there’s a mix of techniques that keep the film in the realm of the dreamlike and avant-garde: sudden zooms, shadows that fade in and out, flattened perspectives, inventive use of chiaroscuro. In this film, one can see both the future careers of Roger Corman and Dario Argento, both grabbing influences left and right.

In fact, though designer Paul Julian is best known for his background work at Warner Bros. animation studios (he also is known as the creator of the Road Runner’s beep-beep sound), he wound up providing director Roger Corman with artwork for movies like Dementia 13 and The Terror.

UPA continued to produce films with its modern and flat space-age aesthetic during the ‘50s, but it never really hit these adult heights again. The ‘60s however, would pick up from where UPA left off.

Julian’s “The Tell-Tale Heart” was voted the 24th greatest cartoon of all time, in a 1994 survey of 1,000 animation professionals. It was also nominated for the Academy Award for Best Animated Short Film. We hope you enjoy this glimpse into disturbia. It will be added to our list of Free Animations, a subset of our collection, 4,000+ Free Movies Online: Great Classics, Indies, Noir, Westerns, Documentaries & More.

Note: An earlier version of this post appeared on our site in 2017.

Related Content:

Christopher Lee Reads “The Tell-Tale Heart,” Edgar Allan Poe’s 1843 Classic

Watch Vincent Price Turn Into Edgar Allan Poe & Read Four Classic Poe Stories (1970)

Famous Edgar Allan Poe Stories Read by Iggy Pop, Jeff Buckley, Christopher Walken, Marianne Faithful & More

Ted Mills is a freelance writer on the arts who currently hosts the FunkZone Podcast. You can also follow him on Twitter at @tedmills, read his other arts writing at tedmills.com and/or watch his films here.

29 Sep 15:04

What living through COVID in jail taught me about abolition

by David Campbell
Having spent the first wave of COVID-19 in Rikers Island, David Campbell found the pandemic lockdowns he was met with after his release strangely familiar. The parallels of self-quarantine and incarceration can be tools for abolitionist solidarity.

Having spent the first wave of COVID-19 in Rikers Island, David Campbell found the pandemic lockdowns he was met with after his release strangely familiar. The parallels of self-quarantine and incarceration can be tools for abolitionist solidarity.

Read more via Scalawag: What living through COVID in jail taught me about abolition.

29 Sep 14:53

A Colossal Interview: Zoë Buckman On Tenderness, Her Evolution as a Woman and Mother, and Embroidering Her Largest Works To Date

by Grace Ebert
One woman draws on another's back and both are surrounded by floral embroideries

“songs leak from my bedroom walls” (2023). Photo by Charles Benton. All images © Zoë Buckman, courtesy of Lyes & King, shared with permission

What responsibility does an artist have to care for her viewers? Zoë Buckman thinks deeply about this question and discusses it in a recent conversation with Colossal.

One thing that’s important to me has to do with beauty and softness. Those are definitely tools that I embrace and harness. I know that I’m exploring something that is very difficult and triggering. It’s always been important to me that I make work that draws people in and creates an environment for conversations about violence, rape, abortion, miscarriage, and all of these things. In the work itself, I am trying to care for viewers.

Much of Buckman’s output during the past few years has championed the fight: that of resilient survivors, of rebelling against the patriarchy, and of her own sparring with the art world as she sought to use mediums historically associated with “women’s work” to put critical issues front and center. Her new series, though, titled Tended and on view at Lyes & King, takes a softer approach, which Buckman discusses in this conversation about her early indoctrination in feminism and what it’s like to raise a child around such difficult, and undoubtedly necessary, work.

Read the interview.

 

two images of embroidered portraits, on the left, a woman looks directly at the viewer with a black eye while a younger girl sees blood in her underwear. on the right, a child sits in between her mom's legs as she does her hair

Left: “holy ash” (2023). Right: “thoughts run out my hands like a gecko” (2023). Photos by Charles Benton

a close up of a woman's face with loose threads and floral applique

Detail of “songs leak from my bedroom walls” (2023)

a close up of a child's face with loose threads and embroidered details

Detail of “thoughts run out my hands like a gecko” (2023)

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article A Colossal Interview: Zoë Buckman On Tenderness, Her Evolution as a Woman and Mother, and Embroidering Her Largest Works To Date appeared first on Colossal.

19 Sep 18:06

Ememem Playfully Revitalizes Cracked Pavement With Vibrantly Patterned Tiles

by Kate Mothes
A crack in street pavement filled with colorful tiles.

Lyon, France. All images © Ememem, shared with permission

No crack in a wall, step, or curb is safe from Ememem’s delightful interventions. The Lyon-based artist (previously), also known as “the pavement surgeon,” continues to scout out gaps in sidewalks that he fills with colorful tiles. Akin to kintsugi, the Japanese practice of repairing broken pottery with gold to embrace the history of the object, Ememem’s technique doesn’t hide imperfections so much as highlight their possibilities. While making the surfaces safer to traverse, he adds gives new life to decaying urban walkways.

Find more of the artist’s work on his website, and keep track of new pieces on Instagram.

 

A crack in street pavement filled with colorful tiles.

Corse, France

Decazeville, France

A crack in street pavement filled with colorful tiles.

Arles, France

Marseille, France

A crack in street pavement filled with colorful tiles.

Modena, Italy

A crack in street pavement filled with colorful tiles.

Nantua, France

A crack in street pavement filled with colorful tiles.

Paris, France

A crack in street pavement filled with colorful tiles.

Zagreb, Croatia

A crack in street pavement filled with colorful tiles.

Zagreb, Croatia

Do stories and artists like this matter to you? Become a Colossal Member today and support independent arts publishing for as little as $5 per month. The article Ememem Playfully Revitalizes Cracked Pavement With Vibrantly Patterned Tiles appeared first on Colossal.

18 Sep 14:02

Original Buffy the Vampire Slayer cast members reunite for new audiobook sequel to the show

by Thom Dunn

Audible just announced a new audiobook set in the universe of the original Buffy the Vampire Slayer TV show, featuring members of the original cast. Written by Amber Benson who played Tara, along with Chris Golden, Slayers: A Buffyverse Story will feature voice performances from James Marsters (Spike), Charisma Carpenter (Cordelia), Anthony Head (Giles), Juliet Landau (Drusilla), Emma Caulfield Ford (Anya), Danny Strong (Jonathan), and others. — Read the rest

11 Sep 15:29

Pepperoni Rolls Deserve Nationwide Recognition

by Danny Palumbo

When it comes to quick and satisfying comfort food, handhelds reign supreme. Whether it’s a jelly doughnut, a bag full of empanadas, or a sausage-stuffed Texas kolache, the delicious convenience of doughy, stuffed foods can’t be overstated. But there’s one handheld giant that most people aren’t aware of, and I can…

Read more...

06 Sep 14:38

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

by BrianKrebs

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Taylor Monahan is lead product manager of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain. Since late December 2022, Monahan and other researchers have identified a highly reliable set of clues that they say connect recent thefts targeting more than 150 people. Collectively, these individuals have been robbed of more than $35 million worth of crypto.

Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals. Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one’s email and/or mobile phone accounts.

“The victim profile remains the most striking thing,” Monahan wrote. “They truly all are reasonably secure. They are also deeply integrated into this ecosystem, [including] employees of reputable crypto orgs, VCs [venture capitalists], people who built DeFi protocols, deploy contracts, run full nodes.”

Monahan has been documenting the crypto thefts via Twitter/X since March 2023, frequently expressing frustration in the search for a common cause among the victims. Then on Aug. 28, Monahan said she’d concluded that the common thread among nearly every victim was that they’d previously used LastPass to store their “seed phrase,” the private key needed to unlock access to their cryptocurrency investments.

MetaMask owner Taylor Monahan on Twitter. Image: twitter.com/tayvano_

Armed with your secret seed phrase, anyone can instantly access all of the cryptocurrency holdings tied to that cryptographic key, and move the funds to anywhere they like.

Which is why the best practice for many cybersecurity enthusiasts has long been to store their seed phrases either in some type of encrypted container — such as a password manager — or else inside an offline, special-purpose hardware encryption device, such as a Trezor or Ledger wallet.

“The seed phrase is literally the money,” said Nick Bax, director of analytics at Unciphered, a cryptocurrency wallet recovery company. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. And you can transfer my funds.”

Bax said he closely reviewed the massive trove of cryptocurrency theft data that Taylor Monahan and others have collected and linked together.

“It’s one of the broadest and most complex cryptocurrency investigations I’ve ever seen,” Bax said. “I ran my own analysis on top of their data and reached the same conclusion that Taylor reported. The threat actor moved stolen funds from multiple victims to the same blockchain addresses, making it possible to strongly link those victims.”

Bax, Monahan and others interviewed for this story say they’ve identified a unique signature that links the theft of more than $35 million in crypto from more than 150 confirmed victims, with roughly two to five high-dollar heists happening each month since December 2022.

KrebsOnSecurity has reviewed this signature but is not publishing it at the request of Monahan and other researchers, who say doing so could cause the attackers to alter their operations in ways that make their criminal activity more difficult to track.

But the researchers have published findings about the dramatic similarities in the ways that victim funds were stolen and laundered through specific cryptocurrency exchanges. They also learned the attackers frequently grouped together victims by sending their cryptocurrencies to the same destination crypto wallet.

A graphic published by @tayvano_ on Twitter depicting the movement of stolen cryptocurrencies from victims who used LastPass to store their crypto seed phrases.

By identifying points of overlap in these destination addresses, the researchers were then able to track down and interview new victims. For example, the researchers said their methodology identified a recent multi-million dollar crypto heist victim as an employee at Chainalysis, a blockchain analysis firm that works closely with law enforcement agencies to help track down cybercriminals and money launderers.

Chainalysis confirmed that the employee had suffered a high-dollar cryptocurrency heist late last month, but otherwise declined to comment for this story.

Bax said the only obvious commonality between the victims who agreed to be interviewed was that they had stored the seed phrases for their cryptocurrency wallets in LastPass.

“On top of the overlapping indicators of compromise, there are more circumstantial behavioral patterns and tradecraft which are also consistent between different thefts and support the conclusion,” Bax told KrebsOnSecuirty. “I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”

LastPass declined to answer questions about the research highlighted in this story, citing an ongoing law enforcement investigation and pending litigation against the company in response to its 2022 data breach.

“Last year’s incident remains the subject of an ongoing investigation by law enforcement and is also the subject of pending litigation,” LastPass said in a written statement provided to KrebsOnSecurity. “Since last year’s attack on LastPass, we have remained in contact with law enforcement and continue to do so.”

Their statement continues:

“We have shared various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts as well as our internal and external threat intelligence and forensic partners in an effort to try and help identify the parties responsible. In the meantime, we encourage any security researchers to share any useful information they believe they may have with our Threat Intelligence team by contacting securitydisclosure@lastpass.com.”

THE LASTPASS BREACH(ES)

On August 25, 2022, LastPass CEO Karim Toubba wrote to users that the company had detected unusual activity in its software development environment, and that the intruders stole some source code and proprietary LastPass technical information. On Sept. 15, 2022, LastPass said an investigation into the August breach determined the attacker did not access any customer data or password vaults.

But on Nov. 30, 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault.

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”

Dan Goodin at Ars Technica reported and then confirmed that the attackers exploited a known vulnerability in a Plex media server that the employee was running on his home network, and succeeded in installing malicious software that stole passwords and other authentication credentials. The vulnerability exploited by the intruders was patched back in 2020, but the employee never updated his Plex software.

As it happens, Plex announced its own data breach one day before LastPass disclosed its initial August intrusion. On August 24, 2022, Plex’s security team urged users to reset their passwords, saying an intruder had accessed customer emails, usernames and encrypted passwords.

OFFLINE ATTACKS

A basic functionality of LastPass is that it will pick and remember lengthy, complex passwords for each of your websites or online services. To automatically populate the appropriate credentials at any website going forward, you simply authenticate to LastPass using your master password.

LastPass has always emphasized that if you lose this master password, that’s too bad because they don’t store it and their encryption is so strong that even they can’t help you recover it.

But experts say all bets are off when cybercrooks can get their hands on the encrypted vault data itself — as opposed to having to interact with LastPass via its website. These so-called “offline” attacks allow the bad guys to conduct unlimited and unfettered “brute force” password cracking attempts against the encrypted data using powerful computers that can each try millions of password guesses per second.

“It does leave things vulnerable to brute force when the vaults are stolen en masse, especially if info about the vault HOLDER is available,” said Nicholas Weaver, a researcher at University of California, Berkeley’s International Computer Science Institute (ICSI) and lecturer at UC Davis. “So you just crunch and crunch and crunch with GPUs, with a priority list of vaults you target.”

How hard would it be for well-resourced criminals to crack the master passwords securing LastPass user vaults? Perhaps the best answer to this question comes from Wladimir Palant, a security researcher and the original developer behind the Adblock Plus browser plugin.

In a December 2022 blog post, Palant explained that the crackability of a LastPass master password depends largely on two things: The complexity of the master password, and the default settings for LastPass users, which appear to have varied quite a bit based on when those users began patronizing the service.

LastPass says that since 2018 it has required a twelve-character minimum for master passwords, which the company said “greatly minimizes the ability for successful brute force password guessing.”

But Palant said while LastPass indeed improved its master password defaults in 2018, it did not force all existing customers who had master passwords of lesser lengths to pick new credentials that would satisfy the 12-character minimum.

“If you are a LastPass customer, chances are that you are completely unaware of this requirement,” Palant wrote. “That’s because LastPass didn’t ask existing customers to change their master password. I had my test account since 2018, and even today I can log in with my eight-character password without any warnings or prompts to change it.”

Palant believes LastPass also failed to upgrade many older, original customers to more secure encryption protections that were offered to newer customers over the years. One important setting in LastPass is the number of “iterations,” or how many times your master password is run through the company’s encryption routines. The more iterations, the longer it takes an offline attacker to crack your master password.

Palant noted last year that for many older LastPass users, the initial default setting for iterations was anywhere from “1” to “500.” By 2013, new LastPass customers were given 5,000 iterations by default. In February 2018, LastPass changed the default to 100,100 iterations. And very recently, it upped that again to 600,000.

Palant said the 2018 change was in response to a security bug report he filed about some users having dangerously low iterations in their LastPass settings.

“Worse yet, for reasons that are beyond me, LastPass didn’t complete this migration,” Palant wrote. “My test account is still at 5,000 iterations, as are the accounts of many other users who checked their LastPass settings. LastPass would know how many users are affected, but they aren’t telling that. In fact, it’s painfully obvious that LastPass never bothered updating users’ security settings. Not when they changed the default from 1 to 500 iterations. Not when they changed it from 500 to 5,000. Only my persistence made them consider it for their latest change. And they still failed implementing it consistently.”

A chart on Palant’s blog post offers an idea of how increasing password iterations dramatically increases the costs and time needed by the attackers to crack someone’s master password. Palant said it would take a single GPU about a year to crack a password of average complexity with 500 iterations, and about 10 years to crack the same password run through 5,000 iterations.

Image: palant.info

However, these numbers radically come down when a determined adversary also has other large-scale computational assets at their disposal, such as a bitcoin mining operation that can coordinate the password-cracking activity across multiple powerful systems simultaneously.

Weaver said a password or passphrase with average complexity — such as “Correct Horse Battery Staple” is only secure against online attacks, and that its roughly 40 bits of randomness or “entropy” means a graphics card can blow through it in no time.

“An Nvidia 3090 can do roughly 4 million [password guesses] per second with 1000 iterations, but that would go down to 8 thousand per second with 500,000 iterations, which is why iteration count matters so much,” Weaver said. “So a combination of ‘not THAT strong of a password’ and ‘old vault’ and ‘low iteration count’ would make it theoretically crackable but real work, but the work is worth it given the targets.”

Reached by KrebsOnSecurity, Palant said he never received a response from LastPass about why the company apparently failed to migrate some number of customers to more secure account settings.

“I know exactly as much as everyone else,” Palant wrote in reply. “LastPass published some additional information in March. This finally answered the questions about the timeline of their breach – meaning which users are affected. It also made obvious that business customers are very much at risk here, Federated Login Services being highly compromised in this breach (LastPass downplaying as usual of course).”

Palant said upon logging into his LastPass account a few days ago, he found his master password was still set at 5,000 iterations.

INTERVIEW WITH A VICTIM

KrebsOnSecurity interviewed one of the victims tracked down by Monahan, a software engineer and startup founder who recently was robbed of approximately $3.4 million worth of different cryptocurrencies. The victim agreed to tell his story in exchange for anonymity because he is still trying to claw back his losses. We’ll refer to him here as “Connor” (not his real name).

Connor said he began using LastPass roughly a decade ago, and that he also stored the seed phrase for his primary cryptocurrency wallet inside of LastPass. Connor chose to protect his LastPass password vault with an eight character master password that included numbers and symbols (~50 bits of entropy).

“I thought at the time that the bigger risk was losing a piece of paper with my seed phrase on it,” Connor said. “I had it in a bank security deposit box before that, but then I started thinking, ‘Hey, the bank might close or burn down and I could lose my seed phrase.'”

Those seed phrases sat in his LastPass vault for years. Then, early on the morning of Sunday, Aug. 27, 2023, Connor was awoken by a service he’d set up to monitor his cryptocurrency addresses for any unusual activity: Someone was draining funds from his accounts, and fast.

Like other victims interviewed for this story, Connor didn’t suffer the usual indignities that typically presage a cryptocurrency robbery, such as account takeovers of his email inbox or mobile phone number.

Connor said he doesn’t know the number of iterations his master password was given originally, or what it was set at when the LastPass user vault data was stolen last year. But he said he recently logged into his LastPass account and the system forced him to upgrade to the new 600,000 iterations setting.

“Because I set up my LastPass account so early, I’m pretty sure I had whatever weak settings or iterations it originally had,” he said.

Connor said he’s kicking himself because he recently started the process of migrating his cryptocurrency to a new wallet protected by a new seed phrase. But he never finished that migration process. And then he got hacked.

“I’d set up a brand new wallet with new keys,” he said. “I had that ready to go two months ago, but have been procrastinating moving things to the new wallet.”

Connor has been exceedingly lucky in regaining access to some of his stolen millions in cryptocurrency. The Internet is swimming with con artists masquerading as legitimate cryptocurrency recovery experts. To make matters worse, because time is so critical in these crypto heists, many victims turn to the first quasi-believable expert who offers help.

Instead, several friends steered Connor to Flashbots.net, a cryptocurrency recovery firm that employs several custom techniques to help clients claw back stolen funds — particularly those on the Ethereum blockchain.

According to Connor, Flashbots helped rescue approximately $1.5 million worth of the $3.4 million in cryptocurrency value that was suddenly swept out of his account roughly a week ago. Lucky for him, Connor had some of his assets tied up in a type of digital loan that allowed him to borrow against his various cryptocurrency assets.

Without giving away too many details about how they clawed back the funds, here’s a high level summary: When the crooks who stole Connor’s seed phrase sought to extract value from these loans, they were borrowing the maximum amount of credit that he hadn’t already used. But Connor said that left open an avenue for some of that value to be recaptured, basically by repaying the loan in many small, rapid chunks.

WHAT SHOULD LASTPASS USERS DO?

According to MetaMask’s Monahan, users who stored any important passwords with LastPass — particularly those related to cryptocurrency accounts — should change those credentials immediately, and migrate any crypto holdings to new offline hardware wallets.

“Really the ONLY thing you need to read is this,” Monahan pleaded to her 70,000 followers on Twitter/X: “PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END. Split up your assets. Get a hw [hardware] wallet. Migrate. Now.”

If you also had passwords tied to banking or retirement accounts, or even just important email accounts — now would be a good time to change those credentials as well.

I’ve never been comfortable recommending password managers, because I’ve never seriously used them myself. Something about putting all your eggs in one basket. Heck, I’m so old-fashioned that most of my important passwords are written down and tucked away in safe places.

But I recognize this antiquated approach to password management is not for everyone. Connor says he now uses 1Password, a competing password manager that recently earned the best overall marks from Wired and The New York Times.

1Password says that three things are needed to decrypt your information: The encrypted data itself, your account password, and your Secret Key. Only you know your account password, and your Secret Key is generated locally during setup.

“The two are combined on-device to encrypt your vault data and are never sent to 1Password,” explains a 1Password blog post ‘What If 1Password Gets Hacked?‘ “Only the encrypted vault data lives on our servers, so neither 1Password nor an attacker who somehow manages to guess or steal your account password would be able to access your vaults – or what’s inside them.

Weaver said that Secret Key adds an extra level of randomness to all user master passwords that LastPass didn’t have.

“With LastPass, the idea is the user’s password vault is encrypted with a cryptographic hash (H) of the user’s passphrase,” Weaver said. “The problem is a hash of the user’s passphrase is remarkably weak on older LastPass vaults with master passwords that do not have many iterations. 1Password uses H(random-key||password) to generate the password, and it is why you have the QR code business when adding a new device.”

Weaver said LastPass deserves blame for not having upgraded iteration counts for all users a long time ago, and called the latest forced upgrades “a stunning indictment of the negligence on the part of LastPass.”

“That they never even notified all those with iteration counts of less than 100,000 — who are really vulnerable to brute force even with 8-character random passwords or ‘correct horse battery staple’ type passphrases — is outright negligence,” Weaver said. “I would personally advocate that nobody ever uses LastPass again: Not because they were hacked. Not because they had an architecture (unlike 1Password) that makes such hacking a problem. But because of their consistent refusal to address how they screwed up and take proactive efforts to protect their customers.”

Bax and Monahan both acknowledged that their research alone can probably never conclusively tie dozens of high-dollar crypto heists over the past year to the LastPass breach. But Bax says at this point he doesn’t see any other possible explanation.

“Some might say it’s dangerous to assert a strong connection here, but I’d say it’s dangerous to assert there isn’t one,” he said. “I was arguing with my fiance about this last night. She’s waiting for LastPass to tell her to change everything. Meanwhile, I’m telling her to do it now.”