GNOME Desktop/GTK Leftovers Andrei Lisita: Almost there All good things come to an end and so does the 2019 Google Summer of Code. With the last coding period having officially started my project is slowly approaching it’s last commit. Lately I have been working mostly on various issues regarding the looks and the behavior of the Savestates Manager, but there are also two new visible UI changes...

g_assert_finalize_object() in GLib 2.61.2 One more API in this mini-series! g_assert_finalize_object(), which is available in GLib 2.61.2, which was released today. This one’s useful when writing tests (and only when writing tests). It’s been put together by Simon McVittie to implement the common pattern needed in tests, where you want to unref a GObject and assert that you just dropped the final reference to the object — i.e., check that no references to the object have been leaked in the test.

Finally TagEditor! After a lot of Merge Requests related with MBIDS and AcoustID, finally I started working on acoustid plugin. Before the logic was to return the recording with most sources. Now, we need to return multiple results. We need to retrieve first release belonging to each release group of each recording which matched with the given chromaprint.

Security: Cyberattack on Elasticseach, Available Updates, AT&T Liability and New HardenedBSD Release Cyberattack on Elasticseach Databases turns DBs into Zombies/Botnets Recently a new cyberattack added into the list of Elasticsearch which is making Elasticsearch databases into Zombies or botnets. There is a list of attacks conducted on Elasticsearch databases in the past few years. The new one raises more tension among security experts due to its complexity and use of different tactics to evade security system and carry forward the attack successfully. Elasticsearch is a popular tool that helps companies managing billions of records in the database easily. Its source code is open and big companies like Netflix, Uber, Dell, and Adobe are already using Elasticsearch. I hope you now have an idea of how important it is for hackers to find vulnerabilities in this tool and exploit them to gain systems control. Recently, Trend Micro, a cybersecurity company revealed hackers have targetted publicly available Elasticsearch databases by delivering a backdoor as a payload. The attack requires multiple scripts to be executed on the system, starting from disabling the system firewall and stopping all the crypto mining processes running on the system. Once these tasks are completed successfully then hackers download another script to the server from a compromised or a grey website.

Security updates for Monday Security updates have been issued by Debian (patch, sdl-image1.2, and unzip), Fedora (deepin-clone, dtkcore, dtkwidget, and sqlite), Mageia (virtualbox), openSUSE (firefox), and SUSE (cronie and firefox).

Court Will Decide If AT&T Is Liable For Cryptocurrency Theft Caused By Shoddy Security Wireless carriers are coming under increasing fire for failing to protect their users from SIM hijacking. The practice involves posing as a wireless customer, then fooling a wireless carrier to port the victim's cell phone number right out from underneath them, letting the attacker then pose as the customer to potentially devastating effect. Back in February, a man sued T-Mobile for failing to protect his account after a hacker pretending to be him, ported out his phone number, then managed to use his identity to steal thousands of dollars worth of cryptocoins. T-Mobile customers aren't the only users who've experienced this problem. US entrepreneur and cryptocurrency investor Michael Terpin sued AT&T last summer (pdf) for the same thing: somebody ran a SIM hijacking scam on AT&T, then stole his identity and, in turn, stole $23.8 million in cryptocurrency.

Stable release: HardenedBSD-stable 12-STABLE v1200059.2