Language Selection

English French German Italian Portuguese Spanish

Security

Security, Openwashing, Proprietary Software and Back Doors

Filed under
Security
  • Reproducible Builds in July 2020

    Welcome to the July 2020 report from the Reproducible Builds project.

    In these monthly reports, we round-up the things that we have been up to over the past month. As a brief refresher, the motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original free software source code to the pre-compiled binaries we install on our systems. (If you’re interested in contributing to the project, please visit our main website.)

  • Have I Been Pwned — which tells you if passwords were breached — is going open source

    While not all password checkup tools actually use Hunt’s database (a just-announced LastPass feature calls on one hosted by Enzoic instead), many of them are apparently based on the same “k-Anonymity” API that Cloudflare engineering manager Junade Ali originally designed to support Have I Been Pwned’s tool.

  • Facebook’s new open-source Pysa security tool detects [cr]ackable code

    Pysa is designed exclusively to analyze code written in Python. That limits the scenarios where the tool can be applied, but it could be still useful for other companies because Python is the world’s second most widely used programming language as of earlier this year. It’s especially popular in artificial intelligence development and is also the language in which most of the code for Instagram is written.

    Facebook has applied Pysa to the Instagram code base to great effect. According to the company, the tool was responsible for spotting 44% of the server-side security issues that it detected in the photo sharing service during the first half of 2020. Some 49 of the flaws Pysa caught were determined to be “severe” vulnerabilities.

    Under the hood, the tool works by employing a technique known as static code analysis. It sifts through Facebook developers’ raw code files without the delay of running them to quickly generate security assessments.

  • [Cr]ackers can still steal wads of cash from ATMs. Here's the vulnerabilities that could let them in.

    “You’re literally trusting this machine to hold thousands of dollars, but it’s running [Windows operating system] CE 6.0? It is just a computer, on a network, running an older operating system,” Keown said, noting that the latest release for CE 6.0 was over a decade ago in 2009. “This is still a problem. Let’s focus some effort here and see if we can’t move the needle in the right direction.”

  • Canon Admits Ransomware Attack in Employee Note, Report

    The consumer-electronics giant has suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.

  • Windows, Gates and a firewall: Microsoft's delicate castle in China

    Microsoft arrived in China in 1992 and opened its largest research and development centre outside the United States. It now employs around 6,200 people in China.

  • All you need to hijack a Mac is an old Office document and a .zip file

    The exploit uses a rigged Office document, saved in an archaic format (.slk), to trick the target machine into allowing Office to activate macros without consent and without notifying the user.

    The attack then takes advantage of two further vulnerabilities in order to seize control of the machine. By including a dollar sign at the start of the filename, [an attacker] can break free of the restrictive Office sandbox, while compressing the file within a .zip folder bypasses macOS controls that prevent downloaded items from accessing user files.

  • Apple’s Chinese business could be devastated by Trump’s WeChat ban

    Apple has a significant Chinese customer base, and nearly all of its critical manufacturing and assembly partners are based there. Trump’s ban might not only force Apple to remove WeChat from its App Store — which would destroy Apple’s Chinese smartphone business — it could existentially change how Apple is able to build and sell new products in the future.

  • It's Time To Stop Talking and Take Action Against the Beasts that Want to Control Us

    I know I have not been active on this BLOG the past year. No reasons. Anyway, I'm back at it. This time, I have a specific focus on Big Tech. The way I see it, the root of the problem is not the tech companies themselves, it starts with the software we use. This includes Adobe, Intuit, Microsoft. I call them AIM. They are the worst offenders in there attempts to control the free world.

Security, Fear, Uncertainty, Doubt

Filed under
Security

Security Leftovers

Filed under
Security
  • How a Fake WordPress Plugin Can Kill Your Site

    A nulled plugin is a copy of a premium WordPress plugin that’s distributed illegally online. People who do this argue it’s OK to do so because WordPress and its derivative works (like plugins) are licensed under a General Public License (GPL). According to them, that makes it OK to copy and distribute plugins how they like.

    While that’s technically true, pirating premium plugins comes with a cost. Legitimate WordPress plugin developers lose money and, more importantly, it compromises the security and integrity of WordPress websites using these nulled plugins. When you hear of a WordPress site being hacked, it’s often because they’re using a nulled plugin.

  • Security updates for Friday

    Security updates have been issued by CentOS (firefox, java-1.8.0-openjdk, java-11-openjdk, libvncserver, postgresql-jdbc, and thunderbird), Debian (firejail and gupnp), Fedora (cutter-re, postgresql-jdbc, radare2, and webkit2gtk3), openSUSE (chromium, firefox, kernel, and python-rtslib-fb), Oracle (container-tools:ol8, kernel, and nss and nspr), Scientific Linux (thunderbird), and SUSE (firefox, kernel, postgresql10 and postgresql12, python-ipaddress, and xen).

  • Reproducible Builds (diffoscope): diffoscope 155 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 155. This version includes the following changes:

    [ Chris Lamb ]
    * Bump Python requirement from 3.6 to 3.7 - most distributions are either
      shipping3.5 or 3.7, so supporting 3.6 is not somewhat unnecessary and also
      more difficult to test locally.
    * Improvements to setup.py:
      - Apply the Black source code reformatter.
      - Add some URLs for the site of PyPI.org.
      - Update "author" and author email.
    * Explicitly support Python 3.8.
    
    [ Frazer Clews ]
    * Move away from the deprecated logger.warn method logger.warning.
    
    [ Mattia Rizzolo ]
    * Document ("classify") on PyPI that this project works with Python 3.8.
    

  • Open source tool Infection Monkey allows security pros to test their network like never before

    Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework.

Security: Patches, L1TF/Foreshadow, PE Tree, IPFire and BootHole

Filed under
Security

  • Security updates for Thursday

    Security updates have been issued by Debian (clamav and json-c), Fedora (python2, python36, and python37), Red Hat (thunderbird), Scientific Linux (thunderbird), SUSE (java-11-openjdk, kernel, rubygem-actionview-4_2, wireshark, xen, and xrdp), and Ubuntu (openjdk-8 and ppp). 

  •        

  • Researchers Make More Discoveries Around L1TF/Foreshadow - It's Not Good

    Security researchers from Graz University of Technology and CISPA Helmholtz are out with their latest findings on CPU speculative execution vulnerabilities, namely taking another look at L1TF/Foreshadow. Their findings are bad news not only for Intel but potentially other CPU vendors as well.

    [...]

    The new vulnerability outlined in the paper is "Dereference Trap" for leaking registers from an SGX enclave in the presence of only a speculative register dereference. 

    The discovery of speculative dereferencing of a user-space register in the kernel as opposed to the prefetcher not only means that some mitigations may be inadequate, but they can improve the performance of the original attack and reportedly produce similar behavior on non-Intel CPUs. 

  • PE Tree: Free open source tool for reverse-engineering PE files

    PE Tree allows malware analysts to view Portable Executable (PE) files in a tree-view using pefile – a multi-platform Python module that parses and works with PE files – and PyQt5, a module that can be used to create graphical user interfaces.

    “PE Tree is developed in Python and supports the Windows, Linux and Mac operating systems. It can be installed and run as either a standalone application or an IDAPython plugin,” Tom Bonner, a threat researcher at BlackBerry, explained.

  •        

  • IPFire: A new location database for the Internet

    In the last couple of months, we, the IPFire development team, have launched a small side project: A new location database for the Internet. In this article, I would like to give you a brief background story on why and how it come to this...

    [...]

    Other applications would be threat prevention like we use it in IPFire. Connection attempts from certain countries can simply be blocked, or port forwardings can be limited to certain countries only.

    That is, however, not an exact science. The Internet changes constantly. IP address ranges are re-assigned from one party to another one, and often it can take some time until those location databases are all updated. Up to that point, you will see wrong information like the Google front page being shown in a wrong language. This might only be a bit of an inconvenience, but for a firewall, we need more recent and reliable data.

  •        

  • What to do about the BootHole vulnerability

    Late last month, security researchers discovered a major vulnerability in the software that controls how PCs boot their operating systems. This is one of those issues that sounds scarier than it is. Fixing it will be a major process, especially for Linux system administrators and corporate IT organizations with a mixture of different PC vintages and manufacturers. The problem has been named BootHole, and it could affect up to a billion computers.

Security: Zoom Holes, New Patches and etcd Project Security Committee

Filed under
Security
  • Zoombomber crashes court hearing on Twitter hack with Pornhub video
  • Security updates for Wednesday

    Security updates have been issued by Debian (net-snmp), Fedora (mingw-curl), openSUSE (firefox, ghostscript, and opera), Oracle (libvncserver and postgresql-jdbc), Scientific Linux (postgresql-jdbc), SUSE (firefox, kernel, libX11, xen, and xorg-x11-libX11), and Ubuntu (apport, grub2, grub2-signed, libssh, libvirt, mysql-8.0, ppp, tomcat8, and whoopsie).

  • The CNCF etcd project reaches a significant milestone with completion of security audit

    This week, a third-party security audit was published on etcd, the open source distributed key-value store that plays a crucial role in scaling Kubernetes in the cloud. For etcd, this audit was important in multiple ways. The audit validates the project’s maturity and sheds light on some areas where the project can improve. This sort of audit is required criteria for any project in the Cloud Native Computing Foundation (CNCF) to qualify for graduation from the CNCF.

    Read the CNCF blog post that I co-authored to learn more about the audit and what it uncovered. As one of the project maintainers and one of two members of the etcd Project Security Committee, I’d love to share a few reasons I’m hopeful for etcd’s future and why now is a great time to contribute to etcd’s open source community.

Security: Back Doors, EFF, Trump/Microsoft Blackmail and 1Password on GNU/Linux

Filed under
Security

  • Bill Barr Applauds FOSTA Sponsor's Clone Of Senate's Encryption-Breaking 'Lawful Access' Bill

    I guess those "rule of law" folks don't care if a law is any good or will do what it intends to do without causing significant collateral damage. All they care about is that it's a law and, as a law, everyone should just subject themselves to it with a minimum of complaining.

  • Supporting Digital Freedom at the (Virtual) Summer Security Conferences

    During a typical year, EFF staff members would be headed to Las Vegas to present our latest work to the world and ensure legal support for computer security researchers at the long-running hacker events BSidesLV, Black Hat, and DEF CON. These summer security conferences are a natural opportunity for the curious and the professional to geek out on tech. Hackers, tinkerers, and reverse engineers were among the first to embrace the excitement and potential of their own imaginations in digital space. They have been a core part of EFF and the online freedom community since the beginning, and we relish thanking them face to face.

    But this year, as we each grapple with a sobering pandemic, these conferences have had to undergo big changes and are all happening in virtual space. DEF CON is even free to attend. This pandemic, as well as far-reaching protests, have forced us to rethink much of our daily lives—and these questions can feel overwhelming.

  • TikTok Ban: A Seed of Genuine Security Concern Wrapped in a Thick Layer of Censorship

    It is ironic that, while purporting to protect America from China’s authoritarian government, President Trump is threatening to ban the TikTok app. Censorship of both speech and social media applications, after all, is one of the hallmarks of the Chinese Internet strategy.  While there is significant cause for concern with TikTok’s security, privacy, and its relationship with the Chinese government, we should resist a governmental power to ban a popular means of communication and expression.  

    As is too often the case with government pronouncements, the Trump administration has proposed a ban without specifying what the ban would actually be or what authority allows for it. Rather, the President has said broadly, “we’re banning them from the United States,” or most recently, “it's going to be out of business in the United States.” This could mean a ban on using the app, or perhaps a ban on distributing TikTok in app stores, or maybe something else. Any way you slice it, an effective ban of the scope suggested cannot be squared with the Constitution. 

  • ‘1Password’ App Coming To Linux, Initial Release Available For Download

    The user-friendly and cross-platform password manager app, 1Password, is finally coming for all Linux platforms with full-feature and native support. Currently, a development preview for Linux has been unveiled.

    This is the initial release for testing and validation purposes only. Hence, you should not use its Linux development preview for production or business environments.

    As planned, an official release with long-term support will be announced later this year after including new updates, features, and changes over the next few months. However, if you want a stable version of 1Password for Linux, you can use 1Password X in your browser.

    1Password is available for all devices, browsers, and operating systems such as Windows, macOS, iOS, Android, Chrome OS, Google Chrome, Brave, Edge, and Firefox. And now it is also going to be available for Linux desktop as well.

Security: Ransom, Patches and Back Doors

Filed under
Security

           

  • Dozens of NGOs hit by hack on US fundraising database

    A major ransomware attack has affected dozens of international NGOs and their records of private donations, but details of the hit on a US fundraising platform are scarce, and two weeks after being warned some aid groups are yet to notify their donors or the public.

    International aid groups – and their private donors – are among those whose data was hacked in a security breach at online service provider Blackbaud. Names, addresses, and records of individual donations were compromised by hackers, who were paid an undisclosed ransom to return the data and delete any copies. 

    World Vision, Save the Children, and Human Rights Watch are among the large nonprofits impacted by the breach, and media reports suggest at least 200 customers of US-based Blackbaud were involved, although the company has not provided a list of affected clients.

    Alan Bryce, an official at the Charity Commission – the legal regulator in England and Wales – told The New Humanitarian that, as of 4 August, 63 UK-based charities had notified them after being affected by the ransomware attack.

    Bryce suggested NGOs were likely to tighten up procedures following the incident, in which hackers gained control of client data on Blackbaud’s systems and locked the company out until payment was made. “Charities who have suffered cybercrime go on to revise their IT security, their training programmes, or their website security,” he said. “Do not wait until it is too late for your charity.”

  • The fixes to the Linux BootHole fixes are in

    The first release of patches to the Linux BootHole came with a show-stopping problem. The fixed machines wouldn't boot. For the most part, that problem has been solved.

  • GRUB2 Boot Failure Issues Fixed in Debian and Ubuntu, Update Now

    The recent GRUB2 updates that patched some serious security vulnerabilities also caused boot failure issues for some users, so fixes for these regressions have started appearing for some distros, including Debian and Ubuntu.

    Last week, I was reporting on the BootHole vulnerability (and some other seven flaws) found in the GRUB2 bootloader, which is used by almost all GNU/Linux distributions out there. The issues opened up systems using Secure Boot to attacks, allowing local attackers to bypass UEFI Secure Boot restrictions and execute arbitrary code.

    Due to a highly coordinated effort between the security researchers who discovered the vulnerability and Linux OS maintainers, most GNU/Linux distributions were able to provide patches for their users. However, for some, these patches broke the Secure Boot implementation and left people with unbootable systems.

  •        

  • IoT Security Vulnerabilities are Ubiquitous: How To Secure Your Router and Your Linux System Now

    Luckily, there are various measures that Linux users can take to secure their wireless routers and protect their systems - most notably, conducting a Linux firmware replacement. This article will explore the benefits of “flashing” your wireless router with alternative open-source firmware, and will introduce some great alternative firmwares and single-purpose OSes that you may wish to look into.

    [...]

    Recent security research has made it clear that router manufacturers are dropping the ball on security - a discouraging trend in the industry that needs to change. However, given this unfortunate reality, it is imperative that users assume responsibility for securing their wireless routers.

Security Leftovers

Filed under
Security

           

  • DNS configuration recommendations for IPFire users

    If you are familiar with IPFire, you might have noticed DNSSEC validation is mandatory, since it defeats entire classes of attacks. We receive questions like "where is the switch to turn off DNSSEC" on a regular basis, and to say it once and for all: There is none, and there will never be one. If you are running IPFire, you will be validating DNSSEC. Period.

    Another question frequently asked is why IPFire does not support filtering DNS replies for certain FQDNs, commonly referred to as a Response Policy Zone (RPZ). This is because an RPZ does what DNSSEC attempts to secure users against: Tamper with DNS responses. From the perspective of a DNSSEC-validating system, a RPZ will just look like an attacker (if the queried FQDN is DNSSEC-signed, which is what we strive for as much of them as possible), thus creating a considerable amount of background noise. Obviously, this makes detecting ongoing attacks very hard, most times even impossible - the haystack to search just becomes too big.

    Further, it does not cover direct connections to hardcoded IP addresses, which is what some devices and attackers usually do, as it does not rely on DNS to be operational and does not leave any traces. Using an RPZ will not make your network more secure, it just attempts to cover up the fact that certain devices within it cannot be trusted.

    Back to DNSSEC: In case the queried FQDNs are signed, forged DNS replies are detected since they do not match the RRSIG records retrieved for that domain. Instead of being transparently redirected to a fradulent web server, the client will only display a error message to its user, indicating a DNS lookup failure. Large-scale attacks by returning forged DNS replies are frequently observed in the wild (the DNSChanger trojan is a well-known example), which is why you want to benefit from validating DNSSEC and more and more domains being signed with it.

  • Security updates for Tuesday

    Security updates have been issued by Debian (libx11, webkit2gtk, and zabbix), Fedora (webkit2gtk3), openSUSE (claws-mail, ghostscript, and targetcli-fb), Red Hat (dbus, kpatch-patch, postgresql-jdbc, and python-pillow), Scientific Linux (libvncserver and postgresql-jdbc), SUSE (kernel and python-rtslib-fb), and Ubuntu (ghostscript, sqlite3, squid3, and webkit2gtk). 

  •        

  • Official 1Password Linux App is Available for Testing

    An official 1Password Linux app is on the way, and brave testers are invited to try an early development preview.

    1Password is a user-friendly (and rather popular) cross-platform password manager. It provides mobile apps and browser extensions for Windows, macOS, Android, iOS, Google Chrome, Edge, Firefox — and now a dedicated desktop app for Linux, too.

  •        

  • FBI Warns of Increased DDoS Attacks

    The Federal Bureau of Investigation warned in a “private industry notification” last week that attackers are increasingly using amplification techniques in distributed denial-of-service attacks. There has been an uptick in attack attempts since February, the agency’s Cyber Division said in the alert.
    An amplification attack occurs when attackers send a small number of requests to a server and the server responds with numerous responses. The attackers spoof the IP address to make it look like the requests are coming from a specific victim, and the resulting responses overwhelms the victim’s network.

    “Cyber actors have exploited built-in network protocols, designed to reduce computation overhead of day-to-day system and operational functions to conduct larger and more destructive distributed denial-of-service amplification attacks against US networks,” the FBI alert said. Copies of the alert were posted online by several recipients, including threat intelligence company Bad Packets.

  • NSA issues BootHole mitigation guidance

    Following the disclosure of a widespread buffer-flow vulnerability that could affect potentially billions of Linux and Windows-based devices, the National Security Agency issued a follow-up cybersecurity advisory highlighting the bug and offering steps for mitigation.

    The vulnerability -- dubbed BootHole -- impacts devices and operating systems that use signed versions of the open-source GRUB2 bootloader software found in most Linux systems. It also affects any system or device using Secure Boot -- a root firmware interface responsible for validating the booting process -- with Microsoft's standard third party certificate authority. The vulnerability enables attackers to bypass Secure Boot to allow arbitrary code execution and “could be used to install persistent and stealthy bootkits,” NSA said in a press statement.

Security Leftovers

Filed under
Security

  • Security updates for Monday

    Security updates have been issued by Arch Linux (ffmpeg, libjcat, mbedtls, tcpreplay, and wireshark-cli), Debian (ark, evolution-data-server, libjpeg-turbo, libopenmpt, libpam-radius-auth, libphp-phpmailer, libssh, ruby-zip, thunderbird, and transmission), Fedora (chromium, clamav, claws-mail, evolution-data-server, freerdp, glibc, java-latest-openjdk, nspr, and nss), Gentoo (libsndfile, pycrypto, python, snmptt, thunderbird, and webkit-gtk), Mageia (botan2, chocolate-doom, cloud-init, dnsmasq, freerdp/remmina, gssdp/gupnp, java-1.8.0-openjdk, matio, microcode, nasm, openjpeg2, pcre2, php-phpmailer, redis, roundcubemail, ruby-rack, thunderbird, virtualbox, and xerces-c), openSUSE (claws-mail, ldb, and libraw), Oracle (firefox), Red Hat (bind, grub2, kernel-rt, libvncserver, nss and nspr, and qemu-kvm-rhev), Scientific Linux (firefox), Slackware (thunderbird), and SUSE (firefox, kernel, and targetcli-fb).

  • The 9 Best Cross-Platform Password Managers

    Bitwarden open-source password manager comes at no cost and rated as the best password manager. It provides a multi device sync option and unlimited passwords. Its free version helps in saving identities, credit cards and notes.

  • Linux Foundation announces new initiative to secure open-source software

    The Linux Foundation said today it’s presiding over a new foundation that brings some of the world’s most important open-source security initiatives under a new umbrella.

    The newly launched Open Source Security Foundation will host security projects such as the Core Infrastructure Initiative, which was set up in response to the infamous Heartbleed vulnerability discovered in the Open SSL protocol in 2014, and the Open Source Security Coalition, founded by GitHub Inc.’s Security Lab in 2019.

  • Technology and Enterprise Leaders Combine Efforts to Improve Open Source Security

    The Linux Foundation, today announced the formation of the Open Source Security Foundation (OpenSSF). The OpenSSF is a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub’s Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others. Additional founding members include ElevenPaths, GitLab, HackerOne, Intel, Okta, Purdue, SAFECode, StackHawk, Trail of Bits, Uber and VMware.

The Best Authenticator Apps for Linux Desktop

Filed under
GNU
Linux
Security

If you have ever used two-factor authentication before, then you have probably heard of tools like Google Authenticator. To make use of many of these services, you’ll have to have your phone near you. Luckily, there are desktop authenticator apps that can provide you with the secret key you need to log in to your account. Below are the best authenticator apps for the Linux desktop.

[...]

Yubico works with a hardware security token known as the Yubikey. You can store your credentials on this as opposed to on your device. This hardware security token can even be further secured by choosing to unlock it with either FaceID or TouchID.

With Yubico, you will also be able to easily transition between devices, even after upgrading. The Yubico app lets you generate multiple secrets across devices, making it simple for you to switch.

I have to admit that the security offered by a physical token like the Yubikey is great. However, users must bear in mind that they must have the key with them if they wish to use two-factor authentication. I know you may argue and say this is no better than having to carry a phone with you. However, you can’t put your phone on a keychain! Additionally, it’s tough to crack a hardware token. Someone would have to steal it from you if they wanted to access your data. Even after doing that, they still won’t know any of your passwords or anything else of the sort.

With Yubico Authenticator, you first have to insert your key before you can add services to the app. After inserting your key, you can then add a security token from a service you want to enable two-factor authentication for. This is an app more for a power user due to the steps that must be taken to get it set up.

Read more

Syndicate content

More in Tux Machines

Programming: Python, Rust, PHP, C++ and More

  • Python For Loop: Everything You Need to Know

    Loops are one of the essential elements in any programming language, and Python is not an exception to it. Loops are used to repeat a statement or a block of statements multiple times. If there were no concept of loops in programming languages, we have to write each statement again and again for the number of times we want to execute it. Python provides two types of loops to handle looping requirements, i.e., the while loop and the for loop. In this tutorial, we will learn everything about the for loop statement in Python. Before getting started with this tutorial, It is necessary to have Python installed and set up in your environment path. If you don’t have it installed already, refer to our step by step guide to install Python on Linux. The code presented in this tutorial can be run on the python shell, but it is recommended to run the code in a Python IDE. If you don’t have a python IDE installed in your system or want to know which IDE is a better choice to install, you can refer to our guide Top 10 best python IDE compared.

  • NihAV Is An Experimental Multimedia Framework Written In Rust

    NihAV is an experimental multimedia framework written in the Rust programming language. At the moment it's focused on diving into supporting decoders for different formats that lack open-source support right now / not yet reverse engineered, exploring new approaches for conventional multimedia concepts, and other experiments for advancing audio-video frameworks.

  • rra-c-util 8.3

    n this release of my utility library for my other packages, I finally decided to drop support for platforms without a working snprintf. This dates back to the early 2000s and a very early iteration of this package. At the time, there were still some older versions of UNIX without snprintf at all. More commonly, it was buggy. The most common problem was that it would return -1 if the buffer wasn't large enough rather than returning the necessary size of the buffer. Or, in some cases, it wouldn't support a buffer size of 0 and a NULL buffer to get the necessary size.

  • Embedded Programming and Beyond: An Interview with Warren Gay

    Interested in embedded programming? Warren Gay, an Ontario, Canada-based senior programmer, is an excellent resource for professional programmers, students, and makers alike. Here he talks about his new book, FreeRTOS for ESP32-Arduino (Elektor, 2020), and shares insights about FreeRTOS, ESP32, Arduino, embedded technologies, and more. You are sure to find his input informative and inspiring, especially if you plan to work with ESP32 or Arduino in the near future.

  • PHP 7.1 - 8 new features

    In the PHP 7.0 version function declaration accepts a return type, with the release of 7.1 version functions and parameters can return/accept null by prefixing the data type with a question mark(?). if the data type passed as parameter or returned by a function is different from the type specified a TypeError exception will be thrown.

  • Senior Developers don’t know Everything

    For about 20 years, I’ve been doing C++ and Qt and KDE development. I suppose that makes me a “senior software engineer”, also in the sense that I’ve hacked, programmed, futzed, designed, architected, tested, proved-correct, and cursed at a lot of software. But don’t let the label fool you: I look up just as much in the documentation as I ever did; senior developers don’t know everything.

Software and Games: Cloud Hypervisor, Joplin, Kodi, MuseScore, Bashtop, Grounded

  • Intel Cloud-Hypervisor 0.9 Brings io_uring Block Device Support For Faster Performance

    Intel's Cloud Hypervisor focused on being a Rustlang-based hypervisor focused for cloud workloads is closing in on the 1.0 milestone. With this week's release of Cloud-Hypervisor 0.9 there is one very exciting feature in particular but also a lot of other interesting changes. 

  • Joplin

    Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are searchable, can be copied, tagged and modified either from the applications directly or from your own text editor. The notes are in Markdown format. Notes exported from Evernote via .enex files can be imported into Joplin, including the formatted content (which is converted to Markdown), resources (images, attachments, etc.) and complete metadata (geolocation, updated time, created time, etc.). Plain Markdown files can also be imported. The notes can be synchronized with various cloud services including Nextcloud, Dropbox, OneDrive, WebDAV or the file system (for example with a network directory). When synchronizing the notes, notebooks, tags and other metadata are saved to plain text files which can be easily inspected, backed up and moved around.

  •          
  • Kodi 19 Alpha 1 Released With AV1 Decoding, Many Other HTPC Improvements

    Kodi 19 "Matrix" Alpha 1 has been released for this very popular, cross-platform open-source HTPC software.  Kodi 19 is bringing many exciting improvements as a major update to this open-source home theater software. 

  •        
  • Scorewriter MuseScore 3.5 Released with Chord Symbol Playback

    MuseScore, free music composition and notation software, released version 3.5 with long list of new features, bug fixes, and other improvements. MuseScore 3.5 contains one of the most requested features: Chord Symbol Playback. The feature is disabled by default so far. You can enable it by going to Edit > Preferences > Note Input.

  •        
  • Bashtop: An Htop Like System Monitor But Much More Useful

    As cool as Htop there is one thing that it's seriously lacking in and that is system monitoring tools, this may not be a problem for you but if you want a system monitor than bashtop is a much better option to choose, it let's you do most of the process management stuff that you want from htop but it comes with things like hard drive usage, network usage and cpu usage statistics. 

  • An Early Look at Grounded

    You’re in control of a child, who looks like he/she hasn’t entered the teenager years just yet. Among four different children — two boys and two girls — they’ve got a big problem: they’ve been shrunk to the size of an insect. Join them in their adventure — either by yourself or with a group of online friends — as they fight to survive in someone’s backyard, trying to build shelters whilst defending against bugs, and figure out why they’ve shrunk in the first place. Enter Grounded, developed by Obsidian Entertainment — the studio that brought us such titles as Pillars of Eternity, The Outer Worlds, and Star Wars: KOTOR2.

Fedora: LTO, Nest and More

  • Fedora 33 Moving Closer To LTO-Optimizing Packages

    Going back to last year Fedora has been working to enable link-time optimizations by default for their packages. That goal wasn't achieved for Fedora 32 but for Fedora 33 this autumn they still have chances of marking that feature off their TODO list.  LTO'ing the Fedora package set can offer not only performance advantages but in some cases smaller binaries as well. This is all about applying the compiler optimizations at link-time on the binary as a whole for yielding often sizable performance benefits and other optimizations not otherwise possible. LTO is great as we often show in benchmarks, especially in the latest GCC and LLVM Clang compilers. 

  • Zamir SUN: Report for session 1 of FZUG @ Nest with Fedora

    Last month, Alick suggested the Fedora Zhongwen User Group (FZUG) can do a online meetup during Nest with Fedora. And based on the survey, people registered for two time slots, the first one is 9:00 PM Saturday evening UTC+8 which is not a good time for Alick, so I take up the coordinating role for this session. As for the tool, we decided to use Jitsi, as it should work fine for most of us and do not have any limitations. What’s more, it’s totally open source. During the meeting, I firstly introduced Nest with Fedora and it’s previous offline version, Flock to Fedora, to the attendees. It’s interesting to see that during the past years, we not only have new users in China, but also new contributors. One attendee shares that his motivation of being a packager is that deploying packages for their research in the lab is cumbersome before. So he decided to package all into Fedora and then he can just simply install them on every machine. It is good to know that people contribute back because they want to solve their own problems. Maybe this can be a talking point to attract more contributors in the future. After the self introduction, we continue by sharing our interesting stores with Linux. That is a lot of fun.

  • Jon Chiappetta: Last piece of relay software needed for my home bridged network

    If you are running a bridged/relayd network with macs on it you may need to also forward the multicast broadcasts (mDNS related) that allow the devices to automatically discover each other. On the WRT wifi client side, there is a pkg called avahi-daemon and you can configure to operate in “reflector” mode to forward these broadcasts across the specified interfaces. Running this service along with the dhcprb C program which takes care of layer 2 arp requests & dhcp gateway forwarding has been pretty smooth so far!

Perl Programming: Exercises and DocKnot Release

  • The [Perl] Weekly Challenge #072

    I am glad, this week focus was more Array/List related. Technical speaking Array and List aren’t the same in Perl. I must admit until I read the article by brian d foy, I thought they were the same. As the famous saying, you learn something new every day.

  • Perl Weekly Challenge 72: One-Liners for Trailing Zeros and Line Ranges

    These are some answers to the Week 72 of the Perl Weekly Challenge organized by Mohammad S. Anwar. Spoiler Alert: This weekly challenge deadline is due in a few hours. This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.

  • Russ Allbery: DocKnot 3.05

    I keep telling myself that the next release of DocKnot will be the one where I convert everything to YAML and then feel confident about uploading it to Debian, and then I keep finding one more thing to fix to release another package I'm working on. Anyway, this is the package I use to generate software documentation and, in the long run, will subsume my static web site generator and software release workflow. This release tweaks a heuristic for wrapping paragraphs in text documents, fixes the status badge for software with Debian packages to do what I had intended, and updates dependencies based on the advice of Perl::Critic::Freenode.