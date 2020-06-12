Nordic Semi nRF52 are popular wireless Cortex-M4 SoCs with Bluetooth 5.0 and 802.15.4 radios. APProtect (Access Port Protection) is a new security feature of nRF52 MCUs designed to enable readback protection and disable the debug interface. This is supposed to prevent an attacker to obtain a copy of the firmware that would allow him/her to start the reverse engineering process or access some sensitive data such as keys and passwords. It’s all good, except “LimitedResults” managed to bypass APProtect and permanently resurrect the debug interface on nRF52840-DK and a Bluetooth mouse. This requires physical access to the hardware and relies on a fault injection technique.

This weekend we reported on how injecting ACPI tables could lead to bypassing Linux's lockdown / UEFI Secure Boot protections and let attackers load unsigned kernel modules. That earlier issue was found on a patched version of the Ubuntu 18.04 LTS kernel while now a similar attack vector has been discovered on the mainline Linux kernel. WireGuard lead developer Jason Donenfeld discovered both of these vulnerabilities in recent days. This newest discovery is more pressing in that it works on a current mainline Linux kernel rather than just Ubuntu's heavily patched older kernel code-base. Fortunately, Donenfeld has already sent off a patch to the mailing list for addressing this issue.

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday. The issues appear connected to KB4557957 and KB4560960 for Windows 10 2004 and 1903/1909 respectively. "KB4560960" was "stopping users from printing to [the] locally attached Brother printer," according one Reg reader. The resolution was to remove the offending cumulative patch. Those connected to a network printer, he reported, continued rocking along as normal.

Red Hat/Fedora Leftovers Build a recommendation engine using Apache Spark and Elasticsearch Recommendation engines are among the most well-known, widely used, and highest-value use cases for applying machine learning. Despite this, while there are many resources available for the basics of training a recommendation model, there are relatively few that explain how to actually deploy these models to create a large-scale recommender system. The IBM Developer code pattern Build a recommender with Apache Spark and Elasticsearch illustrates how to build and deploy just such a recommender system.

Supersonic, Subatomic Java Hackathon: June 15 – July 22 2020 The Quarkus community is excited to announce the Supersonic, Subatomic Java Hackathon for developers to create Kubernetes-native applications for a chance to win $30,000 in prizes. This hackathon is a great opportunity to learn about the future of cloud-native Java development and showcase your coding skills.

Jakarta EE: Multitenancy with JPA on WildFly, Part 1 In this two-part series, I demonstrate two approaches to multitenancy with the Jakarta Persistence API (JPA) running on WildFly. In the first half of this series, you will learn how to implement multitenancy using a database. In the second half, I will introduce you to multitenancy using a schema. I based both examples on JPA and Hibernate. Because I have focused on implementation examples, I won’t go deeply into the details of multitenancy, though I will start with a brief overview. Note, too, that I assume you are familiar with Java persistence using JPA and Hibernate.

Cockpit 221 Cockpit is the modern Linux admin interface. We release regularly. Here are the release notes from version 221. [...] This pre-compiled stylesheet will be dropped in the future in favor of projects shipping their own CSS. This API is not maintainable, as Cockpit cannot offer a PatternFly 3 API forever, and PatternFly 4 also changes quickly enough that one style sheet for all projects is not robust enough. The Cockpit plugins that are using only PatternFly 4 should follow the example from starter-kit on how to import PatternFly 4 stylesheets. g The Cockpit plugins which are still relying on PatternFly 3 should follow the migration from the deprecated API to the new PatternFly stylesheet import approach as implemented in this cockpit-podman commit.

Tracking COVID-19 using Quarkus, AMQ Streams, and Camel K on OpenShift In just a matter of weeks, the world that we knew changed forever. The COVID-19 pandemic came swiftly and caused massive disruption to our healthcare systems and local businesses, throwing the world’s economies into chaos. The coronavirus quickly became a crisis that affected everyone. As researchers and scientists rushed to make sense of it, and find ways to eliminate or slow the rate of infection, countries started gathering statistics such as the number of confirmed cases, reported deaths, and so on. Johns Hopkins University researchers have since aggregated the statistics from many countries and made them available. In this article, we demonstrate how to build a website that shows a series of COVID-19 graphs. These graphs reflect the accumulated number of cases and deaths over a given time period for each country. We use the Red Hat build of Quarkus, Apache Camel K, and Red Hat AMQ Streams to get the Johns Hopkins University data and populate a MongoDB database with it. The deployment is built on the Red Hat OpenShift Container Platform (OCP).

