Language Selection

English French German Italian Portuguese Spanish

Programming: GNU, Git, Perl, Python and Django

Filed under
Development
  • Experimental Support For C++20 Coroutines Has Landed In GCC 10

    As of this morning experimental support for C++20 coroutines has been merged into the GCC 10 compiler!

    Coroutines allow a function to have its execution stopped/suspended and then to be resumed later. Coroutines is one of the big features of C++20. Sample syntax and more details on C++ coroutines can be found at cppreference.com.

    Coroutines support for GCC has been under development for months and now as a late addition to GCC 10 is the experimental implementation.

  • GNU Binutils 2.34 Branched - Bringing With It "debuginfod" HTTP Server Support

    With GNU Binutils 2.34 comes debuginfod support, which is the HTTP server catching our eye while the debuginfod server is distributed as part of the latest elfutils package. This isn't for a general purpose web server thankfully but is an HTTP server for distributing ELF/DWARF debugging information and source code. With debuginfod enabled, Binutils' readelf and objdump utilities can query the HTTP server(s) for debug files that cannot otherwise be found. Enabling this option requires building Binutils using --with-debuginfod.

  • Announcing git-cinnabar 0.5.3

    Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

  • Steve Kemp: Announce: github2mr

    myrepos is an excellent tool for applying git operations to multiple repositories, and I use it extensively.

    I've written several scripts to dump remote repository-lists into a suitable configuration format, and hopefully I've done that for the last time.

  • Term::ANSIColor 5.01

    This is the module included in Perl core that provides support for ANSI color escape sequences.

    This release adds support for the NO_COLOR environment variable (thanks, Andrea Telatin) and fixes an error in the example of uncolor() in the documentation (thanks, Joe Smith). It also documents that color aliases are expanded during alias definition, so while you can define an alias in terms of another alias, they don't remain linked during future changes.

  • Python 3.7.5 : Django security issues - part 001.

    Django like any website development and framework implementation requires security settings and configurations.
    Today I will present some aspects of this topic and then I will come back with other information.

  • How to display flash messages in Django templates

    Sometimes we need to show the one-time notification, also known as the flash messages in our Django application. For this Django provides the messages framework. We are going to use the same here.

    To show flash messages in the Django application, we will extend our previous project Hello World in Django 2.2. Clone the git repository, check out the master branch and set up the project on your local machine by following the instructions in the README file.

More in Tux Machines

Security Leftovers

  • More good news: Medical equipment is still prone to [cracker] attacks [iophk: Windows TCO]

    A new report from Unit 42 says 72% of health care networks mix [Internet] of things (IoT) and information technology assets, allowing malware to spread from users’ computers to vulnerable IoT devices on the same network. The report also offers a lot of data on non-medical IoT attacks.

    There is a 41% rate of attacks exploiting device vulnerabilities, as IT-borne attacks scan through network-connected devices in an attempt to exploit known weaknesses. And Unit 42 has seen a shift from IoT botnets conducting denial-of-service attacks to more sophisticated attacks targeting patient identities, corporate data, and monetary profit via ransomware.

  • Conficker a Twelve Years Old Malware Attack Connected Objects [iophk: Windows TCO]

    Twelve years after its creation Conficker malware is now attacking connected objects. The American firm Palo Alto Networks announces that it has detected Conficker on the connected devices of a hospital, activating a resurgence of the twelve-year-old computer worm. It calls on all owners of connected objects to adopt the security measures recommended by specialists.

    According to a report released Tuesday, March 10, 2020, by IT expert Palo Alto Networks, a twelve years old computer worm called Conficker has recently made a comeback. The latter, which emerged in 2008 by taking advantage of security vulnerabilities in Microsoft’s Windows XP operating system, has generated a whole network of zombie machines.

    In 2009, Conficker reportedly infected up to 15 million machines. Still active, although it is considered a minor phenomenon and without real risk, it still infected some 400,000 computers in 2015. The proliferation of connected objects would have increased this number to 500,000 devices today.

  • [Older] Maastricht Univ. paid €250K to ransomware [attackers]: report [iophk: Windows TCO]

    Maastricht University paid between 200 thousand and 300 thousand euros to [attackers] who had blocked access to the university's digital systems with ransomware, various people involved told the Volkskrant. The university board was forced to pay because the university's backups were also hijacked. The backups [sic] - stored on the university servers - contain research data and data from students and staff from the past decades.

  • [Older] University of Maastricht says it paid [attackers] 200,000-euro ransom [iophk: Windows TCO]

    The University of Maastricht on Wednesday disclosed that it had paid [attackers] a ransom of 30 bitcoin — at the time worth 200,000 euros ($220,000) — to unblock its computer systems, including email and computers, after an attack that unfolded on Dec. 24.

  • [Older] Maastricht University Pays 30 Bitcoins as Ransom to TA505 Group[iophk: Windows TCO]

    A management summary of the Fox-IT report and Maastricht University’s response found that during the time frame of October 15 to 23 December 2019 (inclusive of both dates), the TA505 gained control over multiple servers. Following is the timeline of the events in the leadup to the final ransomware attack: [...]

  • FBI warns Zoom, teleconference meetings vulnerable to hijacking

    “The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the FBI cautioned. “As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts.”

    It’s not just private businesses and children whose meetings could be Zoombombed. Privacy and security issues in conferencing software may also pose risks to national security, as world leaders convene Zoom meetings. In some cases, world leaders such as U.K. Prime Minister Boris Johnson have shared screenshots of their teleconferencing publicly only to reveal Zoom meeting IDs, raising concerns that sensitive information could be compromised.

  • Qakbot malspam sent from an infected Windows host [iophk: Windows TCO]

    Every once in a while, I'll see spambot-style traffic from the Windows hosts I infect in my lab environment. On Tuesday 2020-03-31, this happened during a Qakbot infection. I've covered examining Qakbot traffic before, but that didn't include examples of spambot emails sent from an infected Windows computer. Today's diary provides a quick review of some email examples from spambot traffic by my Qakbot-infected lab host.

  • Varonis Exposes Global Cyber Campaign: C2 Server Actively Compromising Thousands of Victims [iophk: Windows TCO]

    During the analysis, we reversed this strain of Qbot and identified the attacker’s active command and control server, allowing us to determine the scale of the attack. Based on direct observation of the C2 server, thousands of victims around the globe are compromised and under active control by the attackers. Additional information uncovered from the C&C server exposed traces of the threat actors behind this campaign.

    [...]

    Qbot (or Qakbot) was first identified in 2009 and has evolved significantly. It is primarily designed for collecting browsing activity and data related to financial websites. Its worm-like capabilities allow it to spread across an organization’s network and infect other systems.

  • os x ssh fails when using -p flag/a>

    /usr/bin/ssh in macos 10.15.4 hangs if used with the -p flag to specify an alternate port and used with a hostname. This was not present in macos 10.15.3

What is Arch User Repository (AUR)? How to Use AUR on Arch and Manjaro Linux?

What is AUR? What are the pros and cons of using AUR? How to use AUR in Arch-based Linux distributions? This beginner’s guide answers all such questions.What is AUR? What are the pros and cons of using AUR? How to use AUR in Arch-based Linux distributions? This beginner’s guide answers all such questions. Read more

How to Setup CTRL+ALT+DEL As Task Manager in Ubuntu

If you are a beginner in Ubuntu Linux and migrated from Windows, this guide is for you. You can easily setup CTRL+ALT+DEL as Task Manager in Ubuntu Linux with just a few tweaks. Read more

today's leftovers

  • Linaro Tech Days: Wayland, Weston & Open Source GPU drivers

    This week, Daniel Stone and Tomeu Vizoso will be taking part in Linaro Tech Days, a series of technical sessions presented live online via Zoom webinar and streamed on YouTube. These sessions are free to attend and open to the public, however registration is recommended to view full session details, joining instructions, and more.

  • Mesa Developers Discussing Again Whether To Fork Or Drop Non-Gallium3D Drivers

    Back in December was a developer discussion over dropping or forking non-Gallium3D drivers. Since then the Intel "Iris" Gallium3D driver has successfully become the default OpenGL driver for Broadwell/Gen8 and newer while the non-Gallium3D drivers continue to just face bit rot. The discussion over dropping/forking non-Gallium3D Mesa drivers has been reignited. This mailing list thread is active again with discussions over getting rid of the Mesa "classic" drivers to allow better focusing on the modern Gallium3D drivers and Mesa's Vulkan drivers. Eliminating the classic drivers avoids the associated maintenance burden and also allows simplifying/improving the modern drivers without risking breakage/regressions and other headaches with the old drivers.

  • Gumstix’s Nano carrier quartet includes Snapshot board for connecting 16x HD cams

    Gumstix has launched four customizable carriers for Nvidia’s Jetson Nano including a Nano Snapshot model with 4x GbE-switched Nano modules for driving up to 16x HD streams via RPi cameras. A Yocto SDK includes TensorFlow support. Gumstix has launched a quartet of carrier boards that build on Nvidia’s Jetson Nano module, joining other Nano carriers from Aetina, AntMicro, Auvidea, AverMedia, and Nvidia itself. The boards are billed as “Edge AI devices designed to meet the demands of machine-learning applications moving massive data from the networks edge.”

  • Extensions in Firefox 75

    In Firefox 75 we have a good mix of new features and bugfixes. Quite a few volunteer contributors landed patches for this release please join me in cheering for them!

  • D.I.Y. Coronavirus Solutions Are Gaining Steam

    Mr. Cavalcanti, 33, is the founder of the Open Source COVID19 Medical Supplies, a Facebook group that is crowdsourcing solutions to address the diminishing stock of medical equipment around the world. Mr. Cavalcanti, the founder and C.E.O. of MegaBots, a robotics company, initially intended to focus on ventilators. A front-line surgeon in the Bay Area convinced him to go after the low-hanging fruit: sanitizer, gloves, gowns and masks for medical professionals. Stacks of ventilators wouldn’t do the public any good if there were no health care workers to operate them.

  • Join Us for SUSECON Digital on Wednesday, May 20

    I am thrilled to share that SUSECON Digital will launch on Wednesday, March 20! Whether you are tuning in from your mobile device or on your computer, SUSCON Digital will help you Be the Difference by ensuring you get the tools, skills, and insights you need to simplify, modernize, and accelerate your business – for free! You can register now.