Language Selection

English French German Italian Portuguese Spanish

Development

Programming/Development Leftovers

Submitted by Roy Schestowitz on Sunday 23rd of June 2019 02:01:52 PM Filed under
Development
  • What's the Most Secure Programming Language?

    WhiteSource recently put out a report, taking a deeper dive into the security of the most popular programming languages.

  • SD Times Open-Source Project of the Week: Plum UI Kit

    The mobile framework NativeScript team is releasing a new open-source project this week designed to help developers style their applications. The team calls the Plum UI Kit a “kitchen sink native app” meant to provide common app scenarios with copy-and-paste abilities.

  • Kedro Open Source library For Machine Learning

    A new open source development workflow framework for creating machine learning code has been released. Kedro has PySpark integration and an SDK for working with datasets.

    Kedro has been developed by QuantumBlack, an analytics firm acquired by McKinsey's in 2015, and the name Kedro derives from the Greek word meaning center or core. Kedro helps structure your data pipeline using software engineering principles. It also provides a standardized approach to collaboration for teams.

  • Prisons Are Banning Books That Teach Prisoners How to Code

    According to public records obtained by the Salem Reporter, the Oregon Department of Corrections has banned dozens of books related to programming and technology as they come through the mail room, ensuring that they don’t get to the hands of prisoners.

  • Oregon prisons ban dozens of technology and programming books over security concerns

    Chan said he understands security concerns for books related to hacking, but they often see introductory or basic books disallowed.

»

Programming: PNG, AArch64, Python and Tor

Submitted by Roy Schestowitz on Sunday 23rd of June 2019 02:14:43 AM Filed under
Development
  • Segfaults and Twitter monkeys: a tale of pointlessness

    For a few years in the 1990s, when PNG was just getting established as a Web image format, I was a developer on the libpng team.

    One reason I got involved is that the compression patent on GIFs was a big deal at the time. I had been the maintainer of GIFLIB since 1989; it was on my watch that Marc Andreesen chose that code for use in the first graphics-capable browser in ’94. But I handed that library off to a hacker in Japan who I thought would be less exposed to the vagaries of U.S. IP law. (Years later, after the century had turned and the LZW patents expired, it came back to me.)

    Then, sometime within a few years of 1996, I happened to read the PNG standard, and thought the design of the format was very elegant. So I started submitting patches to libpng and ended up writing the support for six of the minor chunk types, as well as implementing the high-level interface to the library that’s now in general use.

    As part of my work on PNG, I volunteered to clean up some code that Greg Roelofs had been maintaining and package it for release. This was “gif2png” and it was more or less the project’s official GIF converter.

  • AArch64 support for ELF Dissector

    After having been limited to maintenance for a while I finally got around to some feature work on ELF Dissector again this week, another side-project of mine I haven’t written about here yet. ELF Dissector is an inspection tool for the internals of ELF files, the file format used for executables and shared libraries on Linux and a few other operating systems.

    [...]

    ELF Dissector had its first commit more than six years ago, but it is still lingering around in a playground repository, which doesn’t really do it justice. One major blocker for making it painlessly distributable however are its dependencies on private Binutils/GCC API. Using the Capstone disassembler is therefore also a big step towards addressing that, now only the use of the demangler API remains.

  • Weekly Python StackOverflow Report: (clxxxiii) stackoverflow python report
  • denemo @ Savannah: Release 2.3 is imminent - please test.
  • Arguments | Another way to work with user inputs – Part 7
  • Call for setting up new obfs4 bridges

    BridgeDB is running low on obfs4 bridges and often fails to provide users with three bridges per request. Besides, we recently fixed a BridgeDB issue that could get an obfs4 bridge blocked because of its vanilla bridge descriptor: <https://bugs.torproject.org/28655>

    We therefore want to encourage volunteers to set up new obfs4 bridges to help censored users. Over the last few weeks, we have been improving our obfs4 setup guide which walks you through the process: <https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy>p>

»

today's howtos and programming bits

Submitted by Roy Schestowitz on Saturday 22nd of June 2019 03:52:04 AM Filed under
Development
HowTos
»

Development: bzip2, curl, debci and programming leftovers (C++, Python etc.)

Submitted by Roy Schestowitz on Friday 21st of June 2019 05:02:35 PM Filed under
Development
  • Preparing the bzip2-1.0.7 release

    From bzip2-1.0.1 (from the year 2000), until bzip2-1.0.6 (from 2010), release tarballs came with a special Makefile-libbz2_so to generate a shared library instead of a static one.

    This never used libtool or anything; it specified linker flags by hand. Various distributions either patched this special makefile, or replaced it by another one, or outright replaced the complete build system for a different one.

  • Bzip2 Is About To See Its First Real Update In Close To A Decade

    The Bzip2 open-source compression program is about to see its first real release since September 2010. This new version brings new build systems, security fixes, and much more. 

    Earlier this month we wrote about Bzip2 seeing a revival under new maintainership. With Federico Mena-Quintero having taken the reigns from Bzip2 creator Julian Seward, he's busy working on this imminent 1.0.7 release as well as longer-term plans like potentially porting parts of the program to Rust.

  • Kids can be so crurl: Lead dev unchuffed with Google's plan to remake curl in its own image

    Google is planning to reimplement parts of libcurl, a widely used open-source file transfer library, as a wrapper for Chromium's networking API – but curl's lead developer does not welcome the "competition".

    Issue 973603 in the Chromium bug tracker describes libcrurl,"a wrapper library for the libcurl easy interface implemented via Cronet API".

    Cronet is the Chromium network stack, used not only by Google's browser but also available to Android applications.

  • Java and JavaScript remain the most popular programming languages

    That's according to State of Developer Ecosystem report out of JetBrains, which saw the firm survey 7,000 coders about key industry trends. The main takeaways are that Java is the most popular primary programming language; JavaScript is the most used overall; Go is the most promising; and Python is the most studied.

    69 per cent of developers (nice) have used JavaScript over the past 12 months, followed by HTML/CSS (61 per cent), SQL (56 per cent), Java (50 per cent), Python (49 per cent) and Shell scripting languages (40 per cent).

  • Candy Tsai: Outreachy Week 5: What is debci?

    After being asked sooo many times what am I doing for this internship, I think I never explained it well enough so that others could understand. Let me give it a try here.

    debci is short for “Debian Continuous Integration”, so I’ll start with a short definition of what “Continuous Integration” is then!

  • Token Based Authentication for Django Rest Framework

    Django is of the popular web development framework based on python having a large community and is used by many top websites presently. And Django Rest Framework, one of the most popular python package meant for Django to develop rest api’s and it made things really easier from authentication to responses each and everything.

  • Report from February 2019 ISO WG21 C++ Standards Committee Meeting

    The February 2019 ISO C++ meeting was held in Kailua-Kona, Hawaii. As usual, Red Hat sent three of us to the meeting: I attended in the SG1 (parallelism and concurrency) group, Jonathan Wakely in Library, and Jason Merrill in the Core Working Group (see Jason’s report here). In this report, I’ll cover a few highlights of the meeting, focusing on the papers that were discussed.

    The first part of the week in SG1 was spent primarily on papers related to the Executors proposal (p0443). First up was “Integrating executors with the parallel algorithms” (p1019). SG1 also saw this paper at the Fall WG21 meeting in San Diego (see my Fall 2018 trip report). Much of the discussion around this paper in Kona centered on whether supplying an executor to an algorithm required that the algorithm must execute on the supplied executor. Currently, execution policies are just hints to the algorithm, and the algorithm is free to ignore the hint (e.g., some algorithms have no profitable parallelization, or parallelization may not be profitable for small input ranges, so an algorithm may ignore the user’s request for parallelization).

    We also spent some time trying to get a clearer definition of what counts as a Thread of Execution (ToE) in the context of p1019 (e.g., does a ToE imply TLS? What about fibers, SIMD lanes, etc.?) and the standard parallel algorithms, as well as how exceptions might be handled. Currently, exceptions in parallel algorithms terminate the calling program. The consensus was that we’d like to aim for executors supplied to algorithms to require that the algorithm strictly execute on the supplied executor. The author was asked to work on a subsequent revision of the paper with this guidance in mind. No conclusions were reached on the topic of exception propagation or what specifically constitutes a ToE in this context.

    Next, there was a brief discussion on an experience report I wrote for the Fall meeting (p1192). I had no new information on this paper for Kona but expect to bring either an update or a new paper based on work I will be doing to replace the default execution backend of the libstdc++ implementation of parallel algorithms from Intel’s Thread Building Blocks to a backend based on OpenMP.

  • 3D – Interactions with Qt, KUESA and Qt Design Studio, Part 1

    I’m a 3D designer, mostly working in blender. Sometimes I come across interesting problems and I’ll try to share those here. For example, trying to display things on low-end hardware – where memory is sometimes limited, meaning every polygon and triangle counts; where the renderer doesn’t do what the designer wants it to, that sort of thing. The problem that I’ll cover today is, how to easily create a reflection in KUESA or Qt 3D Studio.

    Neither KUESA or Qt 3D Studio will give you free reflections. If you know a little about 3D, you know that requires ray tracing software, not OpenGL. So, I wondered if there would be an easy way to create this effect. I mean, all that a reflection is, is a mirror of an object projected onto a plane, right? So, I wondered, could this be imitated?

  • Linear Regression in Python

    Linear Regression is a supervised statistical technique where we try to estimate the dependent variable with a given set of independent variables. We assume the relationship to be linear and our dependent variable must be continuous in nature.

  • Announcing GitLabracadabra 0.2.1

    Mid-October I started at work a tool in Python to create and update our projects hosted in our GitLab instance.

  • Kubernetes 1.15 Releaased, Offensive Security Reveals the 2019-2020 Roadmap for Kali Linux, Canonical Releases a New Kernel Live Patch for Ubuntu 18.04 and 16.04 LTS, Vivaldi 2.6 Now Available, and Mathieu Parent Announces GitLabracadabra

    Mathieu Parent today announces GitLabracadabra 0.2.1. He started working on the tool to in Python to create and update projects in GitLab. He notes that "This tool is still very young and documentation is sparse, but following the 'release early, release often' motto I think it is ready for general usage."

  • Let’s Build A Simple Interpreter. Part 15.

    Before moving on to topics of recognizing and interpreting procedure calls, let’s make some changes to improve our error reporting a bit. Up until now, if there was a problem getting a new token from text, parsing source code, or doing semantic analysis, a stack trace would be thrown right into your face with a very generic message. We can do better than that.

    To provide better error messages pinpointing where in the code an issue happened, we need to add some features to our interpreter. Let’s do that and make some other changes along the way. This will make the interpreter more user friendly and give us an opportunity to flex our muscles after a “short” break in the series. It will also give us a chance to prepare for new features that we will be adding in future articles.

»

Programming Leftovers

Submitted by Roy Schestowitz on Friday 21st of June 2019 01:13:22 PM Filed under
Development
  • Getting Started with Rust: Working with Files and Doing File I/O

    This article demonstrates how to perform basic file and file I/O operations in Rust, and also introduces Rust's ownership concept and the Cargo tool. If you are seeing Rust code for the first time, this article should provide a pretty good idea of how Rust deals with files and file I/O, and if you've used Rust before, you still will appreciate the code examples in this article.

  • PyCharm 2019.2 EAP 4

    This week’s Early Access Program (EAP) version of PyCharm can now be downloaded from our website.

  • The First Step in Contributing to Open Source Projects

    I've been "programming" in Python for a while now, enough to be dangerous as they say. I've learned enough to be able to help others from time to time, but new enough that I still get distracted by the next shiny package I hear about on a podcast.

    I recently decided that, to help progress me further and to give back a little, I would help contribute to a package. I've heard the call to arms a few times, "Update the documentation, fix the bugs, build new features!". It's the Emerald City of the open source world. Being able to give back to the community that gives me something I enjoy so much was something that couldn't be ignored.

    But where to start? PyPI has over 100,000 packages, how does one just randomly pick one? Do I pick a well known product? Surely they can always use the help, but the large packages are so refined. With dozens of contributors already helping how could I possibly add something of value? Is it better to go for a smaller package? Find one that still needs work?

  • Python Pandas : Drop columns from Dataframe
  • What's the difference between PyQt5 and PySide2?
  • #135 macOS deprecates Python 2, will stop shipping it (eventually)
  • For Loop – Python Programming
  • EuroPython 2019: Beginners’ Day Workshop
  • GNU Guile: GNU Guile 2.2.5 released

    We are pleased to announce GNU Guile 2.2.5, the fifth bug-fix release in the new 2.2 stable release series. This release represents 100 commits by 11 people since version 2.2.4. It fixes bugs that had accumulated over the last few months, notably in the SRFI-19 date and time library and in the (web uri) module. This release also greatly improves performance of bidirectional pipes, and introduces the new get-bytevector-some! binary input primitive that made it possible.

»

Programming/Development Leftovers

Submitted by Roy Schestowitz on Thursday 20th of June 2019 02:05:48 PM Filed under
Development
  • ‘I code in my dreams too’, say developers in Jetbrains State of Developer Ecosystem 2019 Survey

    Last week, Jetbrains published its annual survey results known as The State of Developer Ecosystem 2019. More than 19,000 people participated in this developer ecosystem survey. But responses from only 7000 developers from 17 countries were included in the report. The survey had over 150 questions and key results from the survey are published, complete results along with the raw data will be shared later. Jetbrains prepared an infographics based on the survey answers they received. Let us take a look at their key takeaways:

  • Python and "dead" batteries

    Python is, famously, a "batteries included" language; it comes with a rich standard library right out of the box, which makes for a highly useful starting point for everyone. But that does have some downsides as well. The standard library modules are largely maintained by the CPython core developers, which adds to their duties; the modules themselves are subject to the CPython release schedule, which may be suboptimal. For those reasons and others, there have been thoughts about retiring some of the older modules; it is a topic that has come up several times over the last year or so.

    It probably had been discussed even earlier, but a session at the 2018 Python Language Summit (PLS) is the starting point this time around. At that time, Christian Heimes listed a few modules that he thought should be considered for removal; he said he was working on a PEP to that end. PEP 594 ("Removing dead batteries from the standard library") surfaced in May with a much longer list of potentially dead batteries. There was also a session at this year's PLS, where Amber Brown advocated moving toward a much smaller standard library, arguing that including modules in the standard library stifles their growth. Some at PLS seemed to be receptive to Brown's ideas, at least to some extent, though Guido van Rossum was apparently not pleased with her presentation and "stormed from the room".

  • When and How to Win With New Programming Languages
  • Understanding Data Ops and it's impact on Application Quality
»

Programming: Firefox Binaries, Python, GCC, Kotlin, C++ and Rust

Submitted by Roy Schestowitz on Thursday 20th of June 2019 12:16:53 PM Filed under
Development
  • Stack Write Traffic In Firefox Binaries

    I became interested in how much CPU memory write traffic corresponds to "stack writes". For x86-64 this roughly corresponds to writes that use RSP or RBP as a base register (including implicitly via PUSH/CALL). I thought I had pretty good intuitions about x86 machine code, but the results surprised me.

  • Louis-Philippe Véronneau: membernator -- validate membership cards

    I currently work part-time for student unions in Montreal and they often have large general assemblies (more than 2000 people). As you can likely figure out by yourself, running through paper lists to validate people's identity is a real PITA and takes quite a long time.

    For example, even if you have 4 people checking names, if validating someone's identity takes 5 seconds on average (that's pretty fast), it takes around 40 minutes to go through 2000 people.

    Introducing membernator, a python program written using pygame that validates membership cards against a CSV database! The idea is to use barcode scanners to scan people's school ID cards and see if they are in our digital lists. Hopefull, it will make our GA process easier for everyone.

  • Developer Toolset 8.1 and GCC 8.3 now available for Red Hat Enterprise Linux 7

    Red Hat Developer Toolset delivers GCC, GDB, and a set of complementary development tools for Red Hat Enterprise Linux via two release trains per year. We are pleased to share that Developer Toolset 8.1 with GCC 8.3 is now available and supported on Red Hat Enterprise Linux 7.

    The Red Hat Developer Toolset 8.1 release includes many enhancements and changes, but here are a few of the highlights...

  • Finished converting all the buildfiles to groovy and downgraded to gradle 4.4.1; week 3+ update

    During the third week I mainly spent my time converting all the buildfiles in the "dist" task graph to groovy from kotlin-dsl.

    I finished converting all the build files from kotlin-dsl to groovy. I then proceeded to build the entire project with only the subprojects required for the dist task so that we can avoid converting all the uneeded subproject buildfiles to groovy. Ran tests on the binary obtained from the newly onverted project and compared it to the test result on an original unconverted project. Since the new project only contains the needed subprojects this new project is unable to run all the needed tests. So inorder to overcome this we copy the binaries built by our new project and run the tests using the original unaltered projects. The compiler test task we need is "compilerTest"; this is the only aplicalbe test for out build binary from the "dist" task. I have run "distTest" for the unaltered project and uploaded it here; "distTest" task encompasses compilerTest task within it. Here is the log of the "compilerTest" run on the geenrated binaries.

  • Intel Developing "Data Parallel C++" As Part Of OneAPI Initiative

    Intel announced an interesting development in their oneAPI initiative: they are developing a new programming language/dialect.

    Intel originally began talking about oneAPI last December for optimizing code across CPUs / GPUs / FPGAs and as part of "no transistor left behind." Early details sounded similar to HSA while with time more bits have become known while the big reveal isn't expected until Q4'2019 when it will enter beta.

    We've known OpenCL will take a big role and their LLVM upstreaming effort around their SYCL compiler back-end. The SYCL single-source C++ programming standard from The Khronos Group we've expected Intel to use as their basis for oneAPI while now it seems they are going a bit beyond just targeting SYCL.

  • You can't buy DevOps [Ed: Poor article about mere buzzwords]
  • This Week in Rust 291
»

Programming: Lucid Vision Labs, Librem 5, Instana, Python and GNU

Submitted by Roy Schestowitz on Wednesday 19th of June 2019 07:10:02 PM Filed under
Development
  • Time-of-Flight camera is powered by Jetson TX2

    Lucid Vision Labs unveiled a MIPI-CSI2 equipped “Helios Embedded” version of its new Helios Time of Flight 3D camera that combines a Jetson TX2 with a Sony DepthSense IMX556PLR ToF sensor with under-5mm accuracy at 0.3 to 1.5 meters.

    Time-of-Flight (ToF) technology spans a range of infrared laser scanners from 3D imaging and navigation systems found on autonomous robots and self-driving cars to the camera flash mechanism inside the Huawei Honor View 20 phone. Most ToF cameras are controlled from a Windows or Linux PCs, such as the Basler ToF Camera, the Terabee 3Dcam 80×60, or Lucid Vision Labs’ Helios ToF Camera, which was announced last October and is due to ship later this month. Now Lucid has announced a similar Helios Embedded version of the Helios ToF due in Q4 2019 that can operate autonomously thanks to its Jetson TX2 module.

  • Librem 5 June Software Update

    Hi everyone! The Librem 5 team has been hard at work, and we want to update you all on our software progress.

    Conferences

    A couple of blog posts back, we mentioned that our hardware engineer gave a talk at KiCon—and it is available for watching now!

    Also, recently Tobias Bernard attended the Libre Graphics Meeting, where he had lots of conversation around the future photo viewing application for the Librem 5 phone.

  • Instana Releases Red Hat OpenShift Kubernetes Operator Built on Quarkus

    Red Hat OpenShift introduced Kubernetes (K8s) Operator support with version 3.11. Since that time, the number of Operators created by the OpenShift community has been steadily growing. Instana introduced our Red Hat OpenShift Kubernetes Operator at Red Hat Summit 2019, and will be demonstrating our K8s capabilities at KubeCon Barcelona this week.

  • Book Contest: Creating GUI Applications with wxPython
  • How to Use Python lambda Functions
  • Event - GNU Hackers Meeting (Madrid, Spain)

    Twelve years after its first edition in Orense, the GNU Hackers Meeting (2019-09-04–06) will help in Spain again. This is an opportunity to meet, hack, and learn with other free software enthusiasts.

»

Qt 5.13 Released!

Submitted by Roy Schestowitz on Wednesday 19th of June 2019 04:11:17 PM Filed under
Development

Today, we have released Qt 5.13 and I’m really proud of all the work that everyone has put into it. As always, our releases come with new features, updates, bug fixes, and improvements. For Qt 5.13, we have also been focused on our tooling that makes designing, developing and deploying software with Qt more efficient for designers and developers alike. Let’s take a look at some of the highlights of Qt 5.13 as well as some of the updates on the tooling side.

I will also be holding a webinar summarizing all the news around Qt 5.13 together with our Head of R&D Tuukka Turunen on July 2. Please sign up and ask us your questions.

Read more

Also: Qt 5.13 Released With glTF 2.0 Importing, Wayland Improvements, Lottie Animation Support

»

Python: Leading, Developing for Android and New RCs

Submitted by Roy Schestowitz on Wednesday 19th of June 2019 09:05:39 AM Filed under
Development
  • Leading in the Python community

    Naomi began her career in the Classics; she earned a PhD in Latin and Ancient Greek with a minor in Indo-European Linguistics, as she says, "several decades ago." While teaching Latin at a private school, she began tinkering with computers, learning to code and to take machines apart to do upgrades and repairs. She started working with open source software in 1995 with Yggdrasil Linux and helped launch the Fort Wayne, Indiana, Linux User Group.

  • What’s the Best Language for Android App Developers: Java or Python?

    Few things can be so divisive among developers as their choice of programming languages. Developers will promote one over the other, often touting their chosen language’s purity, speed, elegance, efficiency, power, portability, compatibility or any number of other features.

    Android app developers are no exception, with many developers divided between using Java or Python to develop their applications. Let’s look at these two languages and see which is best for Android app developers.

  • Python 3.7.4rc1 and 3.6.9rc1 are now available

    Python 3.7.4rc1 and 3.6.9rc1 are now available. 3.7.4rc1 is the release preview of the next maintenance release of Python 3.7, the latest feature release of Python. 3.6.9rc1 is the release preview of the first security-fix release of Python 3.6. Assuming no critical problems are found prior to 2019-06-28, no code changes are planned between these release candidates and the final releases. These release candidates are intended to give you the opportunity to test the new security and bug fixes in 3.7.4 and security fixes in 3.6.9. We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that these are preview releases and, thus, their use is not recommended for production environments.

»
Syndicate content

More in Tux Machines

One Mix Yoga 3 mini laptop demostrated running Ubuntu

If you are in interested in seeing how the Ubuntu Linux operating system runs on the new One Mix Yoga 3 mini laptop. You are sure to be interested in the new video created by Brad Linder over at Liliputing. “ I posted some notes about what happened when I took Ubuntu 19.04 for a spin on the One Mix 3 Yoga in my first-look article, but plenty of folks who watched my first look video on YouTube asked for a video… so I made one of those too.” The creators of the One Mix Yoga 3 have made it fairly easy to boot an alternative operating system simply by plugging in a bootable flash drive or USB storage device. As the mini laptop is powering up simply hit the delete key and you will be presented by the BIOS/UEFI menu. Simply change the boot priority order so that the computer will boot from a USB device and you are in business. Read more

Security: Curl, Fedora, Windows and More

  • Daniel Stenberg: openssl engine code injection in curl

    This flaw is known as CVE-2019-5443. If you downloaded and installed a curl executable for Windows from the curl project before June 21st 2019, go get an updated one. Now.

  • Fedora's GRUB2 EFI Build To Offer Greater Security Options

    In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader. GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

  • Fedora 31 Will Finally Disable OpenSSH Root Password-Based Logins By Default

    Fedora 31 will harden up its default configuration by finally disabling password-based OpenSSH root log-ins, matching the upstream default of the past four years and behavior generally enforced by other Linux distributions. The default OpenSSH daemon configuration file will now respect upstream's default of prohibiting passwords for root log-ins. Those wishing to restore the old behavior of allowing root log-ins with a password can adjust their SSHD configuration file with the PermitRootLogin option, but users are encouraged to instead use a public-key for root log-ins that is more secure and will be permitted still by default.

  • Warning Issued For Millions Of Microsoft Windows 10 Users

    Picked up by Gizmodo, acclaimed Californian security company SafeBreach has revealed that software pre-installed on PCs has left “millions” of users exposed to hackers. Moreover, that estimate is conservative with the number realistically set to be hundreds of millions. The flaw lies in PC-Doctor Toolbox, systems analysis software which is rebadged and pre-installed on PCs made by some of the world’s biggest computer retailers, including Dell, its Alienware gaming brand, Staples and Corsair. Dell alone shipped almost 60M PCs last year and the company states PC-Doctor Toolbox (which it rebrands as part of ‘SupportAssist’) was pre-installed on “most” of them. What SafeBreach has discovered is a high-severity flaw which allows attackers to swap-out harmless DLL files loaded during Toolbox diagnostic scans with DLLs containing a malicious payload. The injection of this code impacts both Windows 10 business and home PCs and enables hackers to gain complete control of your computer. What makes it so dangerous is PC-makers give Toolbox high-permission level access to all your computer’s hardware and software so it can be monitored. The software can even give itself new, higher permission levels as it deems necessary. So once malicious code is injected via Toolbox, it can do just about anything to your PC.

  • Update Your Dell Laptop Now to Fix a Critical Security Flaw in Pre-Installed Software

    SafeBreach Labs said it targeted SupportAssist, software pre-installed on most Dell PCs designed to check the health of the system’s hardware, based on the assumption that “such a critical service would have high permission level access to the PC hardware as well as the capability to induce privilege escalation.” What the researchers found is that the application loads DLL files from a folder accessible to users, meaning the files can be replaced and used to load and execute a malicious payload. There are concerns the flaw may affect non-Dell PCs, as well. The affected module within SupportAssist is a version of PC-Doctor Toolbox found in a number of other applications, including: Corsair ONE Diagnostics, Corsair Diagnostics, Staples EasyTech Diagnostics, Tobii I-Series Diagnostic Tool, and Tobii Dynavox Diagnostic Tool. The most effective way to prevent DLL hijacking is to quickly apply patches from the vendor. To fix this bug, either allow automatic updates to do its job, or download the latest version of Dell SupportAssist for Business PCs (x86 or x64) or Home PCs (here). You can read a full version of the SafeBreach Labs report here.

  • TCP SACK PANIC Kernel Vulnerabilities Reported by Netflix Researchers

    On June 17th, Researchers at Netflix have identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

  • DNS Security - Getting it Right

    This paper addresses the privacy implications of two new Domain Name System (DNS) encryption protocols: DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH). Each of these protocols provides a means to secure the transfer of data during Internet domain name lookup, and they prevent monitoring and abuse of user data in this process. DoT and DoH provide valuable new protection for users online. They add protection to one of the last remaining unencrypted ‘core’ technologies of the modern Internet, strengthen resistance to censorship and can be coupled with additional protections to provide full user anonymity. Whilst DoT and DoH appear to be a win for Internet users, however, they raise issues for network operators concerned with Internet security and operational efficiency. DoH in particular makes it extremely difficult for network operators to implement domain-specific filters or blocks, which may have a negative impact on UK government strategies for the Internet which rely on these. We hope that a shift to encrypted DNS will lead to decreased reliance on network-level filtering for censorship.

Drawpile 2.1.11 release

Version 2.1.11 is now out. In addition to bug fixes, this release adds one long awaited feature: the ability to detach the chat box into a separate window. Another important change is to the server. IP bans now only apply to guest users. When a user with a registered account is banned, the ban is applied to the account only. This is to combat false positives caused by many unrelated people sharing the same IP address because of NAT. Read more Also: Drawpile 2.1.11 Released! Allow to Detach Chat Box into Separate

Audiocasts/Shows: Going Linux, Linux Action News, TechSNAP, GNU World Order, Linux in the Ham Shack, Python Podcast

  • Going Linux #371 · Listener Feedback

    Bill continues his distro hopping. We discuss the history of Linux and a wall-mountable timeline. Troy gives feedback on Grub. Grubb give feedback on finding the right distribution. Highlander talks communication security and hidden files. Ro's Alienware computer won't boot. David provides liks to articles.

  • Linux Action News 111

    Ubuntu sets the Internet on fire, new Linux and FreeBSD vulnerabilities raise concern, while Mattermost raises $50M to compete with Slack. Plus we react to Facebook’s Libra confirmation and the end of Google tablets.
  • SACK Attack | TechSNAP 406

    A new vulnerability may be the next ‘Ping of Death’; we explore the details of SACK Panic and break down what you need to know. Plus Firefox zero days targeting Coinbase, the latest update on Rowhammer, and a few more reasons it’s a great time to be a ZFS user.

  • GNU World Order 13x26
  • LHS Episode #289: Linux Deep Dive

    Hello and welcome to Episode #289 of Linux in the Ham Shack. In this episode, LHS gets a visit from Jon "maddog" Hall, a legend in the open source and Linux communities. He discusses--well--Linux. Everything you ever wanted to know about Linux from its early macro computing roots all the way up to the present. If there's something you didn't know about Linux, you're going to find it here. Make sure to listen to the outtake after the outro for 30 more minutes on Linux you problem didn't know anything about. Thanks to Jon for an illuminating and fascinating episode.

  • Podcast.__init__: Behind The Scenes At The Python Software Foundation

    One of the secrets of the success of Python the language is the tireless efforts of the people who work with and for the Python Software Foundation. They have made it their mission to ensure the continued growth and success of the language and its community. In this episode Ewa Jodlowska, the executive director of the PSF, discusses the history of the foundation, the services and support that they provide to the community and language, and how you can help them succeed in their mission.

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6