In continuation of their 5th anniversary celebration, Terrapin Crossroads hosted Scott Law & Ross James’ Cosmic Twang for the Wednesday night show. Unfortunately venue founder and Grateful Dead bassist Phil Lesh fell sick with a cold, but recruited Widespread Panic’s Dave Schools to fill in on bass for the entire show.Scott Law & Ross James’ Cosmic Twang were also joined by keyboardist Jason Crosby, vocalist Nicki Bluhm, Cass McCombs, Barry Sless, and drummers Mark Levy and Alex Koford throughout the evening. Thanks to YouTube User MarkoVision Films, you can watch both guest-filled sets below. Setlist: Scott Law & Ross James’ Cosmic Twang | Terrapin Crossroads | San Rafael, CA | 3/8/17:Set I: Sittin’ on Top of the World (SL), Luxury Liner (NB), West L.A. Fadeaway (RJ, NB, AK), Million Dollar Bash (CM), Across the Great Divide (CM, NB), I Don’t Know You (SL, NB), Big Railroad Blues (RJ), Light Up or Leave Me Alone (AK) > New Speedway Boogie (AK) > The Other One (SL) > New Speedway Boogie (AK) > Light Up or Leave Me Alone (One Way or Another) > Light Up or Leave Me Alone (AK)Set II: China Cat Sunflower > (SL, CM) Lucy in the Sky with Diamonds > (CM) Help on the Way > (SL) Slipknot! > Franklin’s Tower (SL, JC, RJ, CM, NB), Get It While You Can (SL, NB), The Stranger (Two Souls in Communion) (CM), Grievous Angel (SL, NB)E: Sin City (SL, NB)[via JamBase][cover photo via Instagram User @stuartlevinephotography]
She started liking the poetry of India’s poet laureate Rabindranath Tagore while in school, and now China’s noted dulcimer player Liu Yuening has made the first Chinese transcription of Tagore’s songs with the aim of creating an enduring basis for India-China ties as the two countries embark on summit-level talks after a month of problems this week. ‘Tagore’s poetry is like music, it is melodic, sweet and lovely,’ Liu said in an interview here on her way back from Kolkata where she attended the opening of a China gallery at Rabindra Bharati University in Jorasanko, Tagore’s ancestral estate, earlier this week. The gallery has several photographs of Tagore and his family members’ visit to China. Also Read – ‘Playing Jojo was emotionally exhausting’ At a concert in Kolkata to mark the 150th anniversary Tagore’s birth in 2011, Liu on the dulcimer had presented a combination of Chinese and Indian music accompanied by Indian musicians and instruments like the tabla. Beyond her childhood love for Tagore’s poetry, it is her musical instrument – yangqin or the Chinese-hammered dulcimer – that has made Liu the leading exponent of the India-China music dialogue and a key ambassador of culture. The yangqin is a stringed musical instrument with the strings stretched over a trapezoidal sounding board. Also Read – Leslie doing new comedy special with Netflix ‘The first world-wide dialogue between Indian yangqin or santoor and Chinese yangqin was held in Calcutta in 2011 at the concert themed ‘Night of the Orient, When East Meets East’, said Liu, who has studied in India with noted santoor maestro Shiv Kumar Sharma. ‘More than 20 countries around the world have this instrument that originated in the Iran-Iraq region,’ Liu said of the Chinese dulcimer that is quite similar to the santoor.Liu undertook a seven-month research at the University of Delhi on a Ford Foundation fellowship in 2009 to explore the grammar of the two musical instruments of the same family. Liu, who is a professor at China’s Central Conservatory of Music and the youngest professor of yangqin in the country’s history, aims to create an enduring basis of dialogue ‘between our two oriental cultures’. ‘With my Indian gurus, I am trying to make a new style of India-China music… Chinese melody, put in the Indian raga structure to create a new sentence and style,’ Liu said.Liu directs a yangqin ensemble called Jasmine and plans to bring it to India on a music tour of the Buddhist heritage sites. In May 2009, Liu held a trio concert with an Indian band called the Kedia Brothers in Jharkhand, where the yangqin, the sitar and the sarod were played together. ‘The basic tones in Chinese music are also found in India music,’ said Liu. Chinese Premier arrived in the Capital to have the first summit-level formal talks.
Yesterday a remote code execution bug was found in the APT high-level package manager used by Debian, Ubuntu, and other related Linux distributions. Max Justicz, the security researcher who discovered the bug, says that the bug “allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package.” Justicz’s blog post states that the vulnerable versions of APT don’t properly sanitize certain parameters during HTTP redirects. An attacker can take advantage of this and perform a remote man-in-the-middle attack to inject malicious content, thus tricking the system to install certain altered packages. HTTP redirects while using apt-get command help Linux machines to automatically request packages from an appropriate mirror server when other servers are unavailable. If the first server fails, it returns the location of the next server from where the client should request the package. Justicz has also demonstrated this man-in-the-middle attack in a short video: Justicz told The Hacker News that a malicious actor intercepting HTTP traffic between APT utility and a mirror server, or just a malicious mirror, could execute arbitrary code on the targeted system with the highest level of privileges, i.e. root. He further adds, “You can completely replace the requested package, as in my proof of concept. You could substitute a modified package as well if you wanted to”. The APT is also used by major Linux distributions like Debian and Ubuntu, who have also acknowledged and released security patches for this vulnerability. Hacker News also points how this flaw comes around the time when cybersecurity experts are fighting over Twitter, in favor of not using HTTPS and suggesting software developers to rely on signature-based package verification since the APT on Linux also does the same. They further add that the APT exploitation could have been mitigated if the software download manager was strictly using HTTPS to communicate securely. The developers of APT have released version 1.4.9 that fixes the issue. The bug has also been fixed in APT 1.2.29ubuntu0.1, 1.7.0ubuntu0.1, 1.0.1ubuntu2.19, and 1.6.6ubuntu0.1 packages, as well as in APT 1.4.9 for the Debian distribution. You can head over to Max Justicz official blog for more insights on this news. Read Next Kali Linux 2018 for testing and maintaining Windows security – Wolf Halton and Bo Weaver [Interview] Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux serversHomebrew 1.9.0 released with periodic brew cleanup, beta support for Linux, Windows and much more!