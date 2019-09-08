Language Selection

Security Leftovers

Security
  • Critical Exim Flaw Opens Millions of Servers to Takeover [Ed: This repeats the FUD headline from ZDNet's Bleeping Computer hire; no server is known to have been compromised by this yet. They dramatise this.]

    A critical vulnerability found in Exim servers could enable a remote, unauthenticated attacker to execute arbitrary code with root privileges.

  • Google Fortifies Kubernetes Nodes Against Boot Attacks

    Google released a beta version of its Shielded GKE Nodes that prevents an attacker from exploiting vulnerable Kubernetes nodes.

  • Spoofing commits to repositories on GitHub

    The situation that worries me relates to distribution packaging. Debian has a policy that deltas to packages in the stable repository should be as small as possible, targetting fixes by backporting patches from newer releases.

    If you get a bug report on your Debian package with a link to a commit on GitHub, you had better double check that this commit really did come from the upstream author and hasn’t been spoofed in this way. Even if it shows it was authored by the upstream’s GitHub account or email address, this still isn’t proof because this is easily spoofed in git too.

    The best defence against being caught out by this is probably signed commits, but if the upstream is not doing that, you can clone the repository from GitHub and check to see that the commit is on a branch that exists in the upstream repository. If the commit is in another fork, the upstream repo won’t have a ref for a branch that contains that commit.

  • For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020 [Ed: When Microsoft Tim says "according to Redmonk" he means mostly according to Microsoft (because Redmonk relies on proprietary GitHub for data)]

    Python 2 will sunset on January 1st 2020 – however, many applications have not yet upgraded to version 3, causing the coding lingo's team to mount a communications campaign to persuade devs to port their code.

    Python is the third most popular programming language after JavaScript and Java, according to Redmonk. Its use has been boosted by the strong interest in machine learning, for which Python is well suited, thanks in part to its various AI-related libraries and frameworks.

    Python 2.0 was released in 2000, and Python 3.0, which is not fully backwards compatible, in 2008. The last version of Python 2.x, 2.7, was released in July 2014.

Games: CAT Interstellar, Geekbench and Sin Slayers

  • The short and sweet sci-fi story CAT Interstellar is now permanently free to grab

    CAT Interstellar, a rather short sci-fi "walking sim" that I quite enjoyed after playing it back in 2017 has now gone 100% free to grab. Speaking about it going free on Steam, the developer noted that they never actually expected it to make any profit. However, they did manage to ship around 100k units across Steam, Humble Bundle and the Playstation Store although most were from sales and bundles. What they did with that money is quite sweet though. Grossing around $8k a year across four years, the majority of it went to fostering animals and donating to their "local humane society". They never really promoted that until now when it's free, as they thought it would have been a "sleazy sales tactic".

  • Need a new stresstest for your Linux PC? Geekbench 5 is out adding Vulkan support

    You all love benchmarks right? Hearing the fans on your PC spin up to keep everything inside nice and cool while you start to sweat. Geekbench 5 has been officially released this month. One of the big additions is Vulkan support in the GPU Compute Benchmark, along with some new tests included there to run too including "computer vision tasks such as Stereo Matching, and augmented reality tasks such as Feature Matching". They also added some additional CPU benchmark tests too including "machine learning, augmented reality, and computational photography". Primate Labs also said they increased the "memory footprint of existing workloads" to account for the effect of that on CPU performance. Also added is a bunch of new multi-threaded benchmark modes and so on.

  • Sin Slayers, the dark fantasy roguelike RPG has released with Linux support

    Lead a team of heroes through a dark fantasy world in Sin Slayers, out officially now with Linux support. Note: Key from their PR team. Borrowing some ideas from the seven deadly sins, in Sin Slayers you're tasked with taking down the seven in a place known as the Valley of Fallen Sinners. It's a mix of turn-based RPG styled combat with elements of roguelikes and dungeon crawlers to create a curious mix.

today's howtos and programming

CompuLab's Airtop 3 Is The Most Powerful Fan-Less Computer We've Tested Yet

The past month and a half we have been putting CompuLab's Airtop 3 computer through some demanding benchmarks and a variety of endurance workloads. With the Airtop 3 under test loaded with an 8-core / 16-thread Xeon processor, NVIDIA Quadro RTX 4000 graphics, and 64GB of RAM with NVMe SSD storage there were some concerns over thermal throttling and if this fan-less industrial PC design could really deal with the generated heat. But after all of this testing, the Airtop 3 continues running strong and another shining example of CompuLab's engineering strength. Read more

Android Leftovers

