Software: libvpx 1.7.0, GNU Binutils, Prometheus, Fuzzing
-
Libvpx 1.7.0 Released With AVX Optimizations & More
Google's WebM folks quietly released libvpx 1.7.0 earlier this week as the latest version of their VP8/VP9 encoder/decoder library.
-
FSF Binutils release 2.30 now available
-
GNU Binutils 2.30 Released
Released this weekend is Binutils 2.30 as the latest collection of these GNU utilities important to the open-source ecosystem.
-
Monitoring with Prometheus 2.0
Prometheus is a monitoring tool built from scratch by SoundCloud in 2012. It works by pulling metrics from monitored services and storing them in a time series database (TSDB). It has a powerful query language to inspect that database, create alerts, and plot basic graphs. Those graphs can then be used to detect anomalies or trends for (possibly automated) resource provisioning. Prometheus also has extensive service discovery features and supports high availability configurations. That's what the brochure says, anyway; let's see how it works in the hands of an old grumpy system administrator. I'll be drawing comparisons with Munin and Nagios frequently because those are the tools I have used for over a decade in monitoring Unix clusters.
-
A survey of some free fuzzing tools
Many techniques in software security are complicated and require a deep understanding of the internal workings of the computer and the software under test. Some techniques, though, are conceptually simple and do not rely on knowledge of the underlying software. Fuzzing is a useful example: running a program with a wide variety of junk input and seeing if it does anything abnormal or interesting, like crashing. Though it might seem unsophisticated, fuzzing is extremely helpful in finding the parsing and input processing problems that are often the beginning of a security vulnerability.
Many common types of security vulnerabilities occur when something goes wrong while processing input — for example, the classic buffer overflow. These are interesting in that they tend to manifest first as instability: when input too long for the buffer is read, the program will probably misbehave and simply crash. With careful design of the too-long input, it might be possible to turn this crash into arbitrary code execution. The goal of fuzzing is to find any situations where a program crashes due to unusual input. While fixing these bugs makes the software more stable, it also closes the door on any security issues that could result from them.
- Login or register to post comments
- Printer-friendly version
- 2389 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago