Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (git and python-apt), Oracle (openslp), Red Hat (chromium-browser and ghostscript), SUSE (samba, slurm, and tomcat), and Ubuntu (clamav, gnutls28, and python-apt).

  • Why Networking Monitoring Tools are Important and How to Pick One?

    In today’s world, a business has to have a strong online presence to build a brand and to stay connected with the target demographic. To achieve that, it’s critical that your online network is protected against common cyber-attacks and hacking attempts so that there is minimal downtime. Network monitoring allows you to bolster your business network and also to make the most of your resources.

  • There are no root causes

    At the if statement, the CPU uses past measurements to make a prediction about which branch might be taken, and it then begins to execute that path, even though ‘x > y’ has not been executed or completed yet! At this point x or y may not have even finished being computed yet!

    Let’s assume for now our branch predictor thinks that ‘x > y’ is false, so we’ll start to execute the “return false” or any other content in that branch.

    Now the instructions ahead catch up, and we resolve “did we really predict correctly?”. If we did, great! We have been able to advance the program state asynchronously even without knowing the answer until we get there.

    If not, ohh nooo. We have to unwind what we were doing, clear some of the pipeline and try to do the correct branch.

    Of course this has an impact on timing of the program. Some people found you could write a program to manipulate this predictor and using specific addresses and content, they could use these timing variations to “access memory” they are not allowed to by letting the specualative executor contribute to code they are not allowed to access before the unroll occurs. They could time this, and retrieve the memory contents from areas they are not allowed to access, breaking isolation.

    [...]

    Our computers are still asynchronous, and contain many out-of-order parts. It’s hard to believe we have “found” every method of exploiting this. Indeed in the last year many more ways to bypass hardware isolation due to our systems async nature have been found.

More in Tux Machines

today's howtos

Programming: Golang, Perl, Python and the GCC Story

  • 9 Reasons You Should Use Golang Language

    Golang is the open-source programming language developed by Google in the year 2007. Several programming languages are present in the market with advantages and disadvantages. We cannot predict which language is better, it would take months to discuss. However, the most sensible thing that helps choose a better language is the one that suits a specific purpose more reliably than the others. Thus, Golang development will be most suitable for those who are willing to combine simplicity, concurrency, and safety of the code. Different programming languages are less memory efficient and are unable to communicate with the hardware. Therefore, Golang is one of the most preferred languages for developers that help build software. It is also the open-source and procedural language that is advantageous to deploy simple, effective, and reliable software. Go language aids the environment to adopt different patterns that are similar to dynamic languages. Go language has several advantages that are responsible to quicken the development process. Moreover, Golang is the language that makes the process of software development easy and simple for programmers. These days, Golang is gaining popularity amongst the developers as it has a plethora of advantages than the other programming languages. So, the use of Golang has been adopted by mobile app development companies.

  • Demonstrating PERL with Tic-Tac-Toe, Part 1

    PERL is a procedural programming language. A program written in PERL consists of a series of commands that are executed sequentially. With few exceptions, most commands alter the state of the computer’s memory in some way. Line 00 in the Tic-Tac-Toe program isn’t technically part of the PERL program and it can be omitted. It is called a shebang (the letter e is pronounced soft as it is in the word shell). The purpose of the shebang line is to tell the operating system what interpreter the remaining text should be processed with if one isn’t specified on the command line. Line 02 isn’t strictly necessary for this program either. It makes available an advanced command named state. The state command creates a variable that can retain its value after it has gone out of scope. I’m using it here as a way to avoid declaring a global variable. It is considered good practice in computer programming to avoid using global variables where possible because they allow for action at a distance. If you didn’t follow all of that, don’t worry about it. It’s not important at this point.

  • Perl Weekly Challenge 048: Survivor and Palindrome Dates

    I tried two different approaches to the problem. The first one uses an array of living people and a variable $sword that stores the index of the person holding the sword. In each iteration of the loop, the next person is removed from the array, and the sword is passed to the next person. The “next person” has a special cyclic meaning: at the end of the array, the sword must return to the beginning. This is achieved by using the modulo operator %. Note that we use it twice, once to find the person to kill, and once to find the person to pass the sword to—and each case uses a different array size in the modulo operation, as killing a person changes the size of the array.

  • My Unexpected Dive into Open-Source Python

    I'm very happy to announce that I have joined Quansight as a front-end developer and designer! It was a happy coincidence how I joined- the intersection of my skills and the open source community's expanded vision. I met Ralf Gommers, the director of Quansight Labs, at the PyData Conference in New York City last year after giving a Lightning Talk. However, as cool and confident as this may sound, I sure didn't start off that way. At that point, it's been a few months since I graduated from a coding bootcamp. I was feeling down in the job-search funk. I hadn't even done much in Python, since my focus was in Javascript.

  • Reposurgeon defeats all monsters!

    On January 12th 2020, reposurgeon performed a successful conversion of its biggest repository ever – the entire history of the GNU Compiler Collection, 280K commits with a history stretching back through 1987. Not only were some parts CVS, the earliest portions predated CVS and had been stored in RCS. I waited this long to talk about it to give the dust time to settle on the conversion. But it’s been 5 weeks now and I’ve heard nary a peep from the GCC developers about any problems, so I think we can score this as reposurgeon’s biggest victory yet. The Go port really proved itself. Those 280K commits can be handled on the 128GB Great Beast with a load time of about two hours. I have to tell the Go garbage collector to be really aggressive – set GOGC=30 – but that’s exactly what GOGC is for.

Kdenlive: From Beginner to Advanced Video Editing

This is a different kind of video because it has a bit of Time Travel in it. In June 2019, I presented a talk at the SouthEast LinuxFest entitled “Kdenlive: From Beginner to Advanced Video Editing”. This was an interesting experience and the editing process took an excessive amount of time which I suppose is fitting for a video about video editing. In this video, you will learn some tips and tricks that I use for working in Kdenlive as well as some cool transitions like Matte Transitions. There was also a very useful Questions & Answers section at the end of the talk. I actually learned some more things during the process of editing this video so there is always plenty to learn about this kind of software. If you would like more Kdenlive videos from me then please leave a comment below. I would be happy to make some specific tutorial videos, this is more of an overview and I think there’s plenty to show in tutorial form. Read more

Videos/Audiocasts/Shows: GNU/Linux and Python, Fresh Look at LMDE 4 Beta

  • Hopeful for HAMR | TechSNAP 423

    We explore the potential of heat-assisted magnetic recording and get excited about a possibly persistent L2ARC. Plus Jim's journeys with Clear Linux, and why Ubuntu 18.04.4 is a maintenance release worth talking about.

  • 2020-02-21 | Linux Headlines

    Red Hat OpenStack Platform reaches version 16, Google announces the mentors for this year’s Summer of Code, DigitalOcean secures new funding, the Raspberry Pi 4’s USB-C power problems get a fix, and the GTK Project unveils its new website.

  • Talk Python to Me: #252 What scientific computing can learn from CS

    Did you come into Python from a computational science side of things? Were you just looking for something better than Excel or Matlab and got pulled in by all the Python has to offer?  That's great! But following that path often means some of the more formal practices from software development weren't part of the journey.  On this episode, you'll meet Martin Héroux, who does data science in the context of academic research. He's here to share his best practices and lessons for data scientists of all sorts.

  • Matt Layman: Templates and Logic - Building SaaS #45

    In this episode, we added content to a template and talked about the N+1 query bug. I also worked tricky logic involving date handling. The first change was to update a course page to include a new icon for any course task that should be graded. After adding this, we hit an N+1 query bug, which is a performance bug that happens when code queries a database in a loop. We talked about why this happens and how to fix it. After finishing that issue, we switched gears and worked on a tricky logic bug. I need a daily view to fetch data and factor in the relative time shift between the selected day and today. We wrote an involved test to simulate the right conditions and then fixed the code to handle the date shift properly.

  • LMDE 4 Beta Debbie Run Through

    In this video, we are looking at LMDE (Linux Mint Debian Edition) 4 Debbie.