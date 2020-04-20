Security Leftovers
-
Security updates have been issued by Arch Linux (openssl), openSUSE (freeradius-server, kernel, thunderbird, and vlc), Oracle (git, java-1.7.0-openjdk, java-1.8.0-openjdk, and java-11-openjdk), SUSE (ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper, cups, kernel, ovmf, and pacemaker), and Ubuntu (openjdk-8, openjdk-lts and re2c).
-
On April 22nd 2019, we announced our current, this, incarnation of the curl bug bounty. In association with Hackerone we now run the program ourselves, primarily funded by gracious sponsors. Time to take a closer look at how the first year of bug bounty has been!
-
Firefox has one of the oldest security bug bounties on the internet, dating back to 2004. From 2017-2019, we paid out $965,750 to researchers across 348 bugs, making the average payout $2,775 – but as you can see in the graph below, our most common payout was actually $4,000!
-
Unfortunately, despite strict compliance regulations, there are still many exploited vulnerabilities misconfigurations that occur in healthcare systems. These issues can result in serious breaches of security and patient privacy and must be corrected.
Some of these issues are outside of your control. For example, if vendors unknowingly leave bugs in software or have not yet provided a patch for known vulnerabilities. Others occur due to poor management or lack of best practices. For example, not properly restricting access privileges or not encrypting data.
[...]
The consequences of a regular data breach range from monetary fines to loss of brand authority, and sometimes even bankruptcy. However, the consequences of a breached healthcare environment can be a matter of life and death.
To ensure the security of healthcare data, providers should implement a number of strategies. Security strategies for healthcare providers include enforcing granular access controls, as well as staying updated on vulnerabilities and prioritizing mitigation on a continual basis.
For improved visibility and better control, you can also centralize your overall security. However, what could help most is establishing a security culture that educates personnel and reduces the scope of insider threats. This can help enlist connected users to the overall protection of healthcare networks, systems, and data.
-
Microsoft has released an out-of-band security update for Microsoft Office, Office 365 ProPlus and Paint 3D. The applications are affected by multiple Autodesk vulnerabilities that, if exploited, could enable remote code execution.
Locking Down Linux For The Enterprise
Security has always been important for datacenter operators, but the days of putting a ring of protection around the datacenter and then walking away satisfied in the knowledge that the data and applications therein were protected from outside forces are long over. Cloud computing, the Internet of Things (IoT), the edge, containers and the rapid growth in the number of mobile devices have all contributed to the expansion of IT outside of core datacenters, creating a highly distributed environment where the bulk of data is created and applications are access beyond the firewall. Add in the growing numbers and increasing sophistication of cyber-threats and security becomes a much more complex calculation.
Because of this, the growing expectation for years now has been that hardware, component and software makers would embed security into their products to ensure security regardless of whether they were running in the datacenter or somewhere out in the wild. Enterprises will gravitate toward vendors with reputations for strong security and privacy features in their offerings, which can drive growth for those that make the investment. It’s something that Canonical is emphasizing as it looks to extend its open-source Ubuntu Linux operating system deeper into the enterprise and cloud datacenters.
today's howtos
From Bifrost to Panfrost - deep dive into the first render
-
In Panfrost’s infancy, community members Connor Abbott and Lyude Paul largely reverse-engineered Bifrost and built a proof-of-concept shader dis/assembler. Meanwhile, I focused on the Midgard architecture (Mali T600+), building an OpenGL driver alongside developers like Collaboran Tomeu Vizoso.
As Midgard support has grown – including initial GLES3 support – we have now turned our attention to building a Bifrost driver. We at Collabora got to work in late February, with Tomeu porting the Panfrost command stream, while I built up a new Bifrost compiler.
This week, we've reached our first major milestone: the first 3D renders on Bifrost, including basic texture support!
-
The interface to a modern GPU has two components, the fixed-function command stream and the programmable instruction set architecture. The command stream controls the hardware, dispatching shaders and containing the state required by OpenGL or Vulkan. By contrast, the instruction set encodes the shaders themselves, as with any programmable architecture. Thus the GPU driver contains two major components, generating the command stream and compiling programs respectively.
From Midgard to Bifrost, there have been few changes to the command stream. After all, both architectures feature approximately the same OpenGL and Vulkan capabilities, and the fixed-function hardware has not required much driver-visible optimization. The largest changes involve the interfaces between the shaders and the command stream, including the titular shader descriptors. Indeed, squinting command stream traces from Midgard and Bifrost look similar – but the long tail of minor updates implies a nontrivial Panfrost port.
-
Alyssa Rosenzweig has posted a detailed look at progress on the Panfrost driver (a reverse-engineered driver for Arm Mali GPUs) on the Collabora blog.
-
With the open-source Panfrost Gallium3D driver having its Arm Midgard graphics support in order, the developers involved have begun working more on the newer Bifrost architecture.
Mali Bifrost GPUs have been around for two years now and already succeeded by Valhall as the latest Mali architecture. Bifrost is found in the likes of the Samsung Exynos 7885/8895, Rockchip RK3326, AmLogic S922X, Kirin 970/980/990, and numerous other SoCs.
-
Some interesting open source GPU driver news to share today, as Collabora continue working on their open source Panfrost driver to cover newer generations of Mali ARM GPUs.
Writing on the Collabora blog, Alyssa Rosenzweig, Software Engineer at Collabora, did a bit of a deeper dive into what's been happening. Now, they're in a position to get the first 3D renders on Bifrost, including basic texture support. This is following after getting the Panfrost driver to support OpenGL ES (GLES) 3.0 on the earlier Midgard series.
Recent comments
26 min 49 sec ago
30 min 57 sec ago
45 min 31 sec ago
1 hour 1 min ago
1 hour 15 min ago
5 hours 47 min ago
5 hours 58 min ago
6 hours 15 min ago
6 hours 17 min ago
6 hours 19 min ago