Language Selection

English French German Italian Portuguese Spanish

Programming: Curl, BBC Microbit, Qt Creator 4.10 RC and More

Filed under
Development
  • Daniel Stenberg: The slowest curl vendors of all time

    In the curl project we make an effort to ship security fixes as soon as possible after we’ve learned about a problem. We also “prenotify” (inform them about a problem before it gets known to the public) vendors of open source OSes ahead of the release to alert them about what is about to happen and to make it possible for them to be ready and prepared when we publish the security advisory of the particular problems we’ve found.

    These distributors ship curl to their customers and users. They build curl from the sources they host and they apply (our and their own) security patches to the code over time to fix vulnerabilities. Usually they start out with the clean and unmodified version we released and then over time the curl version they maintain and ship gets old (by my standards) and the number of patches they apply grow, sometimes to several hundred.

    The distros@openwall mailing list allows no more than 14 days of embargo, so they can never be told any further than so in advance.

  • Getting started with the BBC Microbit

    Whether you are a maker, a teacher, or someone looking to expand your Python skillset, the BBC:Microbit has something for you. It was designed by the British Broadcasting Corporation to support computer education in the United Kingdom.

    The open hardware board is half the size of a credit card and packed with an ARM processor, a three-axis accelerometer, a three-axis magnetometer, a Micro USB port, a 25-pin edge connector, and 25 LEDs in a 5x5 array.

    I purchased my Microbit online for $19.99. It came in a small box and included a battery pack and a USB-to-Micro USB cable. It connects to my Linux laptop very easily and shows up as a USB drive.

  • Qt Creator 4.10 RC released

    We are happy to announce the release of Qt Creator 4.10 RC !

    The prebuilt binaries for this release are based on a Qt 5.13.1 snapshot, which should take care of regular crashes that some of you experienced with the earlier Beta releases.
    For more details on the 4.10 release, please have a look at the blog post for Beta1 and our change log.

  • Python Check Integer Number in Range

    This tutorial provides you multiple methods to check if an integer number lies in the given range or not. It includes several examples to bring clarity. Let’s first define the problem. We want to verify whether an integer value lies between two other numbers, for example, 1000 and 7000: So, we need a simple method that can tell us about any numeric value if it belongs to a given range.

More in Tux Machines

Android Leftovers

Security, Fear, Uncertainty, and Doubt

  • Security updates for Thursday

    Security updates have been issued by Debian (netty and netty-3.9), Fedora (ceph, dovecot, poppler, and webkit2gtk3), openSUSE (inn and rmt-server), Oracle (openjpeg2), Red Hat (rabbitmq-server), Scientific Linux (openjpeg2), SUSE (dnsmasq, rsyslog, and slurm), and Ubuntu (php7.0).

  • 30 The Most Common Hacking Techniques and How to Deal with Them [Ed: Cracking, not hacking. Not the same thing.]
  • A guide to developing a holistic IT security strategy

    In assessing how prevalent cyberattacks are for companies, 18 percent of respondents rated the security risk as very high. Half (50 percent) even stated that their company had suffered financial losses due to security incidents. Opinions differed as to whether the incidents were handled optimally: Almost half (49 percent) say that everything worked well, while the other half (49 percent) believe there is a lot of potential for improvement.

  • Linux and malware: Should you worry? [Ed: All those headlines with question marks mean that the answer is "No."]

    Gone are the days when the idea of viruses or other malware hitting Linux was almost universally greeted with quizzical glances, if not outright rejection. Long thought of as the perfect marriage of open-source goodness and strong, Unix-like security, Linux-based operating systems are now increasingly seen as another valuable – and viable – target. This shift in thinking is partly the result of a growing realization among both Linux hobbyists and system administrators that a compromised Linux system such as a web server provides attackers an excellent ‘return on investment’. Just as importantly, malware research in recent years has brought better visibility into threats facing Linux systems.

Devices: Raspberry Pi, Industrial/Panel PCs and RISC-V

         
  • How to play sound and make noise with your Raspberry Pi
           
             

    If your amazing project is a little too quiet, add high-fidelity sound with Raspberry Pi and the help of this handy guide from HackSpace magazine, written by PJ Evans.

  •       
  • Raspberry Pi 4 UEFI+ACPI Firmware Aims to Make the Board SBBR-Compliant

    As Arm wanted to enter the server market, they realized they had to provide systems that could boot standard operating system images without modifications or hacks – just as they do on x86 server -, so in 2014 the company introduced the Server Base System Architecture Specification (SBSA) so that all a single OS image can run on all ARMv8-A servers.

  • Linux-ready Apollo Lake panel PC has IP65 protection

    WinSystems’ IP65-protected, 12-inch “PPC12-427” capacitive panel PC runs on an Apollo Lake SoC with up to 8GB DDR3L ECC RAM, 2x GbE, 2x 4K DP, 4x USB, and -30 to 85°C support. Grand Prairie, Texas based WinSystems has announced a fanless, 12.1-inch, panel PC designed for signage, kiosk, food service, and industrial IoT HMI applications.

  • Modular Coffee Lake system has SUMIT and optional PCIe expansion

    Ibase’s “MAF800” industrial AI PC runs Ubuntu or Win 10 on an 8th Gen Coffee Lake CPU with 3x GbE, 2x SATA, 6x USB 3.0, and 2x SUMIT slots for an optional 4x PoE module. Other models offer PCIe x16, x8, and x4 slots. Last week, Taiwan-based Ibase announced it was pulling out of next week’s Embedded World show in Nuremberg due to concerns about the coronavirus. Other announced no-shows include Arm, Bridgetek, Digi-Key, FTDI, Kontron, and Rohm. Yet, Ibase and others appear to be pushing forward with their usual late February embedded product announcements.

  • Antmicro GEM ASIC Leverages zGlue Technology to Quickly Bring Custom Arm/RISC-V SoC’s to Market

    Introduced in 2018, ZiP (zGlue Integration Platform) chip-stacking technology aims to produce chips similar to Systems-in-Package (SiP) but at much lower costs and lead times.

  • Aldec and Codasip at Embedded World: Showcasing an Integrated UVM Simulation Environment for Verifying Custom Instructions with RISC-V Cores

    “Variability of the RISC-V ISA-based processor family brings new challenges to design flow. In particular, IP and SoC verification needs productivity boost tools and seamless integration into our design environment,” said Karel Masařík, CEO of Codasip. “Our generic UVM methodology combined with Aldec's simulation and code coverage efficiency analysis helps us add the desired RISC-V core extensions and provide core customization faster than our competition.”

Malicious Proprietary Software

  • Discord Is Not An Acceptable Choice For Free Software Projects

    Discord’s communication is not end to end (e2e) encrypted. It is encrypted only between the individual user and the servers operated by Discord Inc. Their spying extends to every single message sent and received by anyone, including direct messages betweeen users. The service can and does log every message sent, both in-channel and DMs. It is impossible to have a private conversation on Discord, as there will always be an unencrypted log of it stored by Discord. Discord can, at their option, provide those stored messages to any third party they wish, including cops or government snoops, for any reason, even without a legal order, without any obligation to tell you that they have done so.

  • [Attackers] Were Inside Citrix for Five Months

    Networking software giant Citrix Systems says malicious [attackers] were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

  • [Vulnerable] firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

    “Firmware is meant to be invisible to the user, and so it’s not surprising that most people don’t pay attention to it,” said Eclypsium CEO Yuriy Bulgin. “However, these components make up the foundation upon which every device, operating system, and application depends.”

    Researchers used unsigned firmware to show how an attacker could compromise an operating system remotely in order to steal network data. The highlighted flaws could also enable “direct-memory access” attacks which exploit a computer’s core operating system.

  • Aera Launches Cognitive ‘Business Brain’ Operating System [Ed: This is NOT an 'operating system". Terms misused these days.]

    Infor labels one of its core brands Infor OS and quite unashamedly uses the term operating system to explain the function of its industry-specific Enterprise Resource Planning (ERP) and Supply Chain Management (SCM) cloud software. Mountain View headquartered Aera Technology has used a similar naming convention within its branding and called its automation-centric cloud platform the Aera Cognitive Operating System.

  • Microsoft Defender ATP for Linux Now In Public Preview

    Microsoft Defender ATP for Linux is now available in a public preview that allows administrators and security professionals to test the product in six different Linux distributions.

  • Keen to check for 'abnormal' user behaviours? Microsoft talks insider risk, AWS imports and compliance at infosec shindig RSA [Ed: “Microsoft talks insider risk”; but Microsoft is the risk]

    As well as widening the preview of Microsoft Threat Protection, a system aimed at a more automated response to threats, the gang has also extended the cross-platform support for Microsoft Defender Advanced Threat Protection (ATP) to include a whole bunch of Linux distributions.

  • Microsoft plans to add Linux support for Chromium-based Edge

    Microsoft fought long and hard to maintain and push its own proprietary browser, even launching Edge, hoping to get away from the stigma against Internet Explorer. However, the dominating market share of Chromium-based browsers finally got to Microsoft, and the company announced it would rebuild Edge with the Chromium source code. Last month, we reported that Microsoft’s Chromium-based Edge was out of development and ready for public deployment.