Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Boeing Finds New Software Flaws on 737 Max

    The new flaws deepen the engineering challenge for Boeing as it tries to return its best-selling jet to the skies. One of the problems involves “hypothetical faults” in the computer’s microprocessor, which could lead the plane to climb or dive on its own, Boeing said. A safety system on the Max caused the jet to dive automatically in both accidents, but the problems aren’t related, Boeing said.

    The other newly revealed fault could potentially cause the autopilot to disengage as the aircraft prepares to land. Neither problem has been observed in flight, but the software changes will eliminate the possibility that they could occur, the company said. The modifications can be incorporated into the plane at the same time.

  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (firefox), Debian (chromium and firefox-esr), Oracle (ipmitool and telnet), Red Hat (firefox and qemu-kvm), Scientific Linux (firefox, krb5-appl, and qemu-kvm), Slackware (firefox), SUSE (gmp, gnutls, libnettle and runc), and Ubuntu (firefox, gnutls28, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, and linux-azure, linux-gcp, linux-gke-5.0, linux-oem-osp1, linux-oracle-5.0).

  • Linux Security Feature Revised For Randomizing The Kernel Stack Offset At Each System Call

    Patches have been revised for allowing Linux to support kernel stack base address offset randomization for each system call.

    This feature is designed for preventing various stack-based attacks that rely upon a known layout of the stack structure. With these patches and enabling the feature, the stack offset would be randomized on each system call so the layout changes for each syscall.

    The PaX/GrSecurity folks previously implemented a "RANDKSTACK" feature for which this upstream work is based on their idea but with a different implementation approach.

More in Tux Machines

Programming Leftovers

  • Choosing a technology stack for your web application

    There are several factors you need to consider in choosing the technologies to include in your technology stack. These factors may consist of the purpose of your application or website, business size, and organizational culture. Examples of the most popular technology stacks are the LAMP (Linux, Apache, MySQL, and PHP) and MEAN (MongoDB, Express.js, AngularJS, and Node.js).

  • Documentation as knowledge capture

    Maybe you’re one of the tiny minority of programmers that, like me, already enjoys writing documentation and works hard at doing it right. If so,the rest of this essay is not for you and you can skip it. Otherwise, you might want to re-read (or at least re-skim) Ground-Truth Documents before continuing. Because ground-truth documents are a special case of a more general reason why you might want to try to change your mindset about documentation. In that earlier essay I used the term “knowledge capture” in passing. This is a term of art from AI; it refers to the process of extracting domain knowledge from the heads of human experts into a form that can be expressed as an algorithm executable by the literalistic logic of a computer. What I invite you to think about now is how writing documentation for software you are working on can save you pain and effort by (a) capturing knowledge you have but don’t know you have, and (b) eliciting knowledge that you have not yet developed.

  • What's the difference between DevSecOps and agile software development

    There is a tendency in the tech community to use the terms DevSecOps and agile development interchangeably. While there are some similarities, such as that both aim to detect risks earlier, there are also distinctions that drastically alter how each would work in your organization. DevSecOps built on some of the principles that agile development established. However, DevSecOps is especially focused on integrating security features, while agile is focused on delivering software. Knowing how to protect your website or application from ransomware and other threats really comes down to the software and systems development you use. Your needs may impact whether you choose to utilize DevSecOps, agile development, or both.

  • You've only added two lines - why did that take two days!

    Why did a fix that seems so simple when looking at the changes made take two days to complete?

  •        
  • SanDiego.pm Meeting, Tuesday, July 14th, 2020

    Because of the pesky disease that's been spreading, we'll be gathering online. The agenda for tonight is: Normal conversation and seeing how everyone is doing; if there are any questions that need to be answered, we'll do that; followed by jumping into our presentations. We have at least three, though if anybody would like to step up and add another to the mix, please let me know.

  •        
  • Grow Your Python Portfolio With 13 Intermediate Project Ideas

    Now that you know the basics of Python, you can put that knowledge to use by building projects to put in your portfolio. The trick is finding project ideas that are just right for your level. Creating a variety of applications is a way to demonstrate your knowledge and share it with others.

  • Your First Stock Trading Bot Part 2: Buy & Sell Stocks in Python w/ Alpaca!

    After installing the alpaca_trade_api library in Python, we are ready to place buy & sell orders! This will allow us to simulate profit & loss in our algorithms!

  • EuroPython 2020: Please configure your tickets
  • PSF GSoC students blogs: Week 6 Check-in
  • PSF GSoC students blogs: Week 7 check-in!
  • PyCoder’s Weekly: Issue #429 (July 14, 2020)
  • A quick repair job on a dislocated table

    The tab-separated data table I was auditing had 5463 records with 21 fields each, but something was seriously wrong.

  • An example of very lightweight RESTful web services in Java

    Web services, in one form or another, have been around for more than two decades. For example, XML-RPC services appeared in the late 1990s, followed shortly by ones written in the SOAP offshoot. Services in the REST architectural style also made the scene about two decades ago, soon after the XML-RPC and SOAP trailblazers. REST-style (hereafter, Restful) services now dominate in popular sites such as eBay, Facebook, and Twitter. Despite the alternatives to web services for distributed computing (e.g., web sockets, microservices, and new frameworks for remote-procedure calls), Restful web services remain attractive for several reasons

Kernel: Microconference, The Kernel Report, More Intel Issues and Linux 5.9

  • linux/arch/* Microconference Accepted into 2020 Linux Plumbers Conference

    We are pleased to announce that the linux/arch/* Microconference has been accepted into the 2020 Linux Plumbers Conference! Linux supports over twenty architectures. Each architecture has its own sub-directory within the Linux-kernel arch/ directory containing code specific for that architecture. But that code is not always unique to the architecture. In many cases, code in one architecture was copy-pasted from another, leaving for a lot of unnecessary code duplication. This makes it harder to fix, update and maintain functionality relying on the architecture specific code.

  • Linux Plumbers Conference: Reminder for LPC 2020 Town Hall: The Kernel Report

    On July 16th at 8am PST / 11am EST / 3pm GMT the Kernel Report talk by Jon Corbet of LWN will take place on the LPC Big Blue Button platform!

  • Ice Lake Xeons Will Ramp Up Frequencies Slower, So Linux Is Preparing A Workaround

    While being very eager to learn more about Intel next-gen Ice Lake Xeon processors as their move in the server space finally from 14nm to 10nm+, we continue to learn new tid-bits from the open-source Linux kernel activity. Though the process advancements of Ice Lake allow for power efficiency improvements, the latest kernel activity is pointing to Ice Lake Xeon CPUs actually yielding slower behavior when it comes to ramping up clock frequencies from sleep.

  • Linux 5.9 To Allow Defaulting To FQ-PIE Queuing Discipline For Fighting Bufferbloat

    Flow Queue Proportional Integral controller Enhanced (FQ-PIE) that has been mainline for a while in the Linux kernel's networking code will now be supported as an option for the default queuing discipline (qdisc) with the Linux 5.9 kernel.

Deepin OS could soon support tablets, suggests newly leaked images

Deepin, a Linux operating system for computers, seems to be getting ready to power tablets. An image of the Deepin OS powering a laptop as well as a tablet has surfaced online through Weibo. This seems to indicate that the company is gearing up to launch a tablet version of its operating system and thus, will support multi-terminal collaboration. Currently, not much information is available regarding this development. Read more

AWOW AK41 Mini Desktop PC – Running Linux – Benchmarks – Week 2

This is a weekly blog chronicling my experiences of running the AWOW AK41 Mini Desktop PC on Linux. I was intending to kick off Week 2 of this series with testing multimedia on the AK41. But we’ve received requests to benchmark this Mini Desktop Computer. For this week’s blog, I’ve run a variety of benchmarking tests on the AWOW AK41 Mini PC together with three other systems to put the results into context. All the tests use the Phoronix Test Suite, unless otherwise stated. For ease of reference, I list system information about the 4 machines under the spotlight on each page. Together with the AWOW AK41, I’ve included another Mini PC from AWOW. This is the NYI3. I’ve also included a laptop from ASUS (UX305FA), and a Mini PC from Gigabyte (BXBT-1900). They are all low-power machines. Read more