Language Selection

English French German Italian Portuguese Spanish

Security: Updates, Mirai and Singapore's Massive Breach

Filed under
Security
  • Security updates for Friday
  • Mirai botnet hackers [sic] avoid jail time by helping FBI

    The three men, Josiah White, 21, Dalton Norman, 22, and Paras Jha, 22, all from the US, managed to avoid the clink by providing "substantial assistance in other complex cybercrime investigations", according to the US Department of Justice. Who'd have thought young hacker [sic] types would roll over and show their bellies when faced with prison time....

  • A healthcare IT foundation built on gooey clay

    Today, there was a report from the Solicitor General of Singapore about the data breach of the SingHealth systems that happened in July.

    These systems have been in place for many years. They are almost exclusively running Microsoft Windows along with a mix of other proprietary software including Citrix and Allscript. The article referred to above failed to highlight that the compromised “end-user workstation” was a Windows machine. That is the very crucial information that always gets left out in all of these reports of breaches.

    I have had the privilege of being part of an IT advisory committee for a local hospital since about 2004 (that committee has disbanded a couple of years ago, btw).

    [...]

    Part of the reason is because decision makers (then and now) only have experience in dealing with proprietary vendor solutions. Some of it might be the only ones available and the open source world has not created equivalent or better offerings. But where there are possibly good enough or even superior open source offerings, they would never be considered – “Rather go with the devil I know, than the devil I don’t know. After all, this is only a job. When I leave, it is someone else’s problem.” (Yeah, I am paraphrasing many conversations and not only from the healthcare sector).

    I recall a project that I was involved with – before being a Red Hatter – to create a solution to create a “computer on wheels” solution to help with blood collection. As part of that solution, there was a need to check the particulars of the patient who the nurse was taking samples from. That patient info was stored on some admission system that did not provide a means for remote, API-based query. The vendor of that system wanted tens of thousands of dollars to just allow the query to happen. Daylight robbery. I worked around it – did screen scrapping to extract the relevant information.

    Healthcare IT providers look at healthcare systems as a cashcow and want to milk it to the fullest extent possible (the end consumer bears the cost in the end).

    Add that to the dearth of technical IT skills supporting the healthcare providers, you quickly fall into that vendor lock-in scenario where the healthcare systems are at the total mercy of the proprietary vendors.

More in Tux Machines

Graphics: Vulkan, AMDGPU and AMDVLK

  • A Vulkan Extension Is Being Worked On To Acquire Exclusive Control Of A Wayland Display

    Drew DeVault of Sway/WLROOTS fame has been dabbling with his first Vulkan extension as part of work with other upstream Wayland developers on DRM lease support and better supporting VR headsets under Wayland. Being worked on in-step with DRM lease protocol support for Wayland, Drew is also drafting a "VK_EXT_acquire_wl_display" extension for Vulkan. That new extension is akin to VK_EXT_acquire_xlib_display for X11 but for working on Wayland. The existing VK_EXT_acquire_xlib_display extension allows a Vulkan application / game engine to take exclusive control of a display currently associated with an X11 screen. This goes along with the DRM lease support and was spearheaded by Red Hat, Valve, NVIDIA, and Intel as part of Steam VR support on Linux.

  • AMDGPU DC Gets A Number Of Fixes For Navi & Other Clean-Ups

    The past few weeks while AMD open-source developers were busy getting their Navi enablement code public and aligned for the Linux 5.3 merge window, the display core "DC" frequent code drops ceased. Every so often AMD developers volley their DC patches from their internal development trees to the public mailing list for queuing ahead of the next cycle. Now that Navi is out there and getting stabilized, they've issued a new set of DC patches and it's coming in heavy. Given that it's been a while during Navi review and upstreaming, the AMDGPU DC patches sent out on Monday are 87 patches that add nearly ten thousand lines of new code.

  • AMDVLK 2019.Q3.2 Released With Navi 10 Support

    Just over one week after the Radeon RX 5700/5700XT "Navi" graphics cards began shipping, the AMDVLK open-source AMD Radeon Vulkan Linux driver support is now available for these first RDNA offerings. AMDVLK is the official open-source AMD Vulkan Linux driver and is based on the same sources as the Windows/Linux Radeon Software Vulkan driver. The open-source AMDVLK, however, uses their LLVM-based shader compiler rather than AMD's long-standing proprietary shader compiler. AMDVLK is an alternative to the Mesa RADV Vulkan driver maintained by the "community" (principally, Red Hat, Google, and Valve) that did see launch-day support last week for Navi.

Arduino from the Command Line: Break Free from the GUI with Git and Vim!

The word "Arduino" often invokes a wide range of opinions and sometimes emotion. For many, it represents a very low bar to entry into the world of microcontrollers. This world before 2003 often required costly, obscure and closed-source development tools. Arduino has been a great equalizer, blowing the doors off the walled garden. Arduino now represents a huge ecosystem of hardware that speaks a (mostly) common language and eases transition from one hardware platform to another. Today, if you are a company that sells microcontrollers, it's in your best interest to get your dev boards working with Arduino. It offers a low-friction path to getting your products into lots of hands quickly. It's also important to note that Arduino's simplicity does not inhibit digging deep into the microcontroller. Nothing stops you from directly twiddling registers and using advanced features. It does, however, decrease your portability between boards. Read more Also: First the E-Bike, Next the Flying Car

Games: Emberlight, Rings of Saturn, Defend The Keep, Path of Titans, Kind Words, Kingdoms of the Dump

Today in Techrights