Security Leftovers

• Researchers Build App That Kills To Highlight Insulin Pump Exploit

  By now the half-baked security in most internet of things (IOT) devices has become a bit of a running joke, leading to amusing Twitter accounts like Internet of Shit that highlight the sordid depth of this particular apathy rabbit hole. And while refrigerators leaking your gmail credentials and tea kettles that expose your home networks are entertaining in their own way, it's easy to lose sight of the fact that the same half-assed security in the IOT space also exists on most home routers, your car, your pacemaker, and countless other essential devices and services your life may depend on. Case in point: just about two years ago, security researchers discovered some major vulnerabilities Medtronic's popular MiniMed and MiniMed Paradigm insulin pumps. At a talk last year, they highlighted how a hacker could trigger the pumps to either withhold insulin doses, or deliver a lethal dose of insulin remotely. But while Medtronic and the FDA warned customers about the vulnerability and issued a recall over time, security researchers Billy Rios and Jonathan Butts found that initially, nobody was doing much to actually fix or replace the existing devices. [...] And of course that's not just a problem in the medical sector, but most internet-connected tech sectors. As security researcher Bruce Schneier often points out, it's part of a cycle of dysfunction where the consumer and the manufacturer of a flawed product have already moved on to the next big purchase, often leaving compromised products, and users, in a lurch. And more often than not, when researchers are forced to get creative to highlight the importance of a particular flaw, the companies in question enjoy shooting the messenger.

• Desktop Operating Systems: Which is the safest? [Ed: This shallow article does not discuss NSA back doors and blames on "Linux" devices with open ports and laughable passwords -- based on narrative often pushed by corporate media to give illusion of parity. Also pushes the lie of Linux having minuscule usage.]

• How Open Source Data Can Protect Consumer Credit Card Information

• Open Source Hacking Tool Grows Up

  An open source white-hat hacking tool that nation-state hacking teams out of China, Iran, and Russia have at times employed to avoid detection....

Games: Dota Underlords and Stadia

• Dota Underlords has another update out, this one changes the game quite a lot

  Valve continue to tweak Dota Underlords in the hopes of keeping players happy, this mid-Season gameplay update flips quite a few things on their head. I like their sense of humour, with a note about them removing "code that caused crashes and kept code that doesn't cause crashes". There's a few smaller changes like the addition of Loot Round tips to the Season Info tab, the ability to change equipped items from the Battle Pass and some buffs to the amount XP awarded for your placement in matches and for doing the quests. Meaning you will level up the Battle Pass faster.

• Interested in Google's Stadia game streaming service? We have a few more details now

  With Google's game streaming service Stadia inching closer, we have some more information to share about it. Part of this, is thanks to a recent AMA (Ask Me Anything) they did on Reddit. I've gone over what questions they answered, to give you a little overview. Firstly, a few points about the Stadia Pro subscription: The Pro subscription is not meant to be like a "Netflix for Games", something people seem to think Stadia will end up as. Google said to think of it more like Xbox Live Gold or Playstation Plus. They're aiming to give Pro subscribers one free game a month "give or take". If you cancel Stadia Pro, you will lose access to free games claimed. However, you will get the previously claimed games back when you re-subscribe but not any you missed while not subscribed. As for Stadia Base, as expected there will be no free games included. As already confirmed, both will let you buy games as normal.

LabPlot has got some beautifying and lots of datasets

Hello everyone! The second part of this year's GSoC is almost over, so I was due to let you know the progress made in the last 3 weeks. I can assure you we haven't lazed since then. I think I managed to make quite good progress, so everything is going as planned, or I could say that even better. If you haven't read about this year's project or you just want to go through what has already been accomplished you can check out my previous post. So let's just go through the new things step by step. I'll try to explain the respective feature, and also give examples using videos or screenshots. The first step was to improve the welcome screen and make it easily usable, dynamic, clean and intuitive for users. This step was very important since the welcome screen is what the users will first get in contact with when they start using LabPlot.

Graphics: Weston 7.0 Reaches Alpha and RadeonSI Gallium3D Driver Adds Navi Wave32 Support

• weston 6.0.91

  This is the alpha release for weston 7.0.  A lot of new features and
  fixes are shipped in this release, including:
  
  - New internal debug scopes and logging framework
  - Improved documentation
  - HDCP support
  - A new PipeWire plugin
  
  Thanks to all contributors!
  
  We've moved to Meson as our only build system, autotools support has
  been removed.  Package maintainers: please report any issues you have
  with Meson before the stable release.
  
  Full commit history below.
  

• Weston 7.0 Reaches Alpha With PipeWire, HDCP, EGL Partial Updates & Mores

  Wayland release manager Simon Ser announced the alpha release of the Weston 7.0 reference compositor on Friday that also marks the feature freeze for this Wayland compositor update. Some of the major changes to Weston 7.0 include HDCP content protection support, better documentation, new debugging and logging framework support, and the just-added PipeWire plug-in for remote streaming. There are also less prominent additions like EGL partial update support, various DRM compositor back-end restructuring, build system updates, and a variety of libweston updates.

• RadeonSI Gallium3D Driver Adds Navi Wave32 Support

  One of the new features to the RDNA architecture with Navi is support for single cycle issue Wave32 execution on SIMD32. Up to now the RadeonSI code was using just Wave64 but now there is support in this AMD open-source Linux OpenGL driver for Wave32. Well known AMD open-source developer Marek Olšák landed this Wave32 support on Friday for the RadeonSI driver. The Wave32 support landed over several commits to Mesa 19.2-devel and is enabled for vertex, geometry, and tessellation shaders. Wave32 isn't enabled for pixel shaders but rather Wave64. Additionally, Wave32 isn't yet enabled for compute shaders due to Piglit OpenGL test case failures.