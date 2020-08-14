Security and FUD (Fear, Uncertainty, Doubt) Leftovers
Security updates have been issued by Debian (bind9 and squid), Fedora (libX11 and wireshark), Gentoo (libX11 and redis), Mageia (firefox, libx11, qt4 and qt5base, and x11-server), openSUSE (gettext-runtime, inn, and webkit2gtk3), Oracle (firefox), SUSE (libqt5-qtbase, openvpn, openvpn-openssl1, postgresql10, and targetcli-fb), and Ubuntu (chrony, nss, and squid).
The diffoscope maintainers are pleased to announce the release of diffoscope version 158. This version includes the following changes:
* Improve PGP support:
- Support extracting of files within PGP signed data.
(Closes: reproducible-builds/diffoscope#214)
- pgpdump(1) can successfully parse some unrelated, non-PGP binary files,
so check that the parsed output contains something remotely sensible
before identifying it as a PGP file.
* Don't use Python's repr(...)-style output in "Calling external command"
logging output.
* Correct a typo of "output" in an internal comment.
Case in point to all the work going on in this area were talks by Google, Oracle, and DigitalOcean this week at Linux Plumbers Conference. DigitalOcean has been pursuing Core Scheduling to make Hyper Threading safer by ensuring only trusted applications share a core. Oracle meanwhile presented on their Address Space Isolation work for Linux. Google also had a talk on Linux Address Space Isolation at this week's virtual event. ASI aims to deal with Hyper Threading data leakage by isolating the address space between the different areas of the kernel with a particular emphasis on KVM/virtualization to avoid the possibility of data leakage between guest VMs or the host.
Vulnerability Volume Poised to Overwhelm Infosec Teams [Ed: That's not even counting the deliberate back doors, as the goal seems to be remote access for spies rather than real security (and they've become shameless about this)]
'Lemon Duck' Cryptominer Aims for Linux Systems [Ed: "Aims for" means looking for compromised machines and that has nothing to do with "Linux", which they merely try to stigmatise while ignoring back doors in proprietary counterparts]
The operators behind the "Lemon Duck" cryptominer have developed new techniques to better target enterprise-grade Linux systems, according to the security firm Sophos.
-
Containerised applications bring elastic scalability, isolation and portability, especially when comparing them to monolithic solutions. Docker provides an open standard to package and distribute containerised applications and is sufficient to address simple use cases.
Businesses that have complex application architectures are moving to Kubernetes to handle their cross-infrastructure scalability and resilience needs. Kubernetes leverages a large tooling ecosystem along with continuous integration/continuous deployment (CI/CD) and other DevOps practices to orchestrate large sets of containers, from development to production environments.
Mozilla: VR, SpiderMonkey and RustConf 2020
Amidst the pandemic, our research team from Mozilla and The Extended Mind performed user testing research entirely in a remote 3D virtual space where participants had to BYOD (Bring Your Own Device). This research aimed to test security concepts that could help users feel safe traversing links in the immersive web, the results of which are forthcoming in 2021. By utilizing a virtual space, we were able to get more intimate knowledge of how users would interact with these security concepts because they were immersed in a 3D environment.
The purpose of this article is to persuade you that Hubs, and other VR platforms offer unique affordances for qualitative research. In this blog post, I’ll discuss the three key benefits of using VR platforms for research, namely the ability to perform immersive and embodied research across distances, with global participants, and the ability to test out concepts prior to implementation. Additionally, I will discuss the unique accessibility of Hubs as a VR platform and the benefits it provided us in our research.
SpiderMonkey is the JavaScript engine used in Mozilla Firefox. This newsletter gives an overview of the JavaScript and WebAssembly work we’ve done as part of the Firefox 80 and 81 Nightly release cycles. If you like these newsletters, you may also enjoy Yulia’s Compiler Compiler live stream.
With the recent changes at Mozilla, some may be worried about what this means for SpiderMonkey. The team continues to remain strong, supported and is excited to show off a lot of cool things this year and into the future.
Last year, I went to RustConf 2019 in Portland. It was a lovely conference. Everyone I saw was so exuberantly happy to be there--it was just remarkable. It was my first RustConf. Plus while I've been sort-of learning Rust for a while and cursorily related to Rust things (I work on crash ingestion and debug symbols things), I haven't really done any Rust work. Still, it was a remarkable and very exciting conference.
RustConf 2020 was entirely online. I'm in UTC-4, so it occurred during my afternoon and evening. I spent the entire time watching the RustConf 2020 stream and skimming the channels on Discord. Everyone I saw on the channels were so exuberantly happy to be there and supportive of one another--it was just remarkable. Again! Even virtually!
I missed the in-person aspect of a conference a bit. I've still got this thing about conferences that I'm getting over, so I liked that it was virtual because of that and also it meant I didn't have to travel to go.
Python Programming
That looks great! We've got our post counts broken down by month, and if we check the original data set, we can quickly see the counts are correct.
Note that months with no posts have been correctly counted as 0 rather than simply skipped. That's one of the reasons why using resample(), which is designed to work with time series, is better for this kind of task than using something like groupby(), where it's easy to skip months with no data if we're not careful.
PyCharm is a comprehensive IDE that also comes with comprehensive help. What’s available and what is it like working on the help? PyCharm’s Alla Redko joins us to discuss how the help gets made. As a bonus, we show 3 help topics — one for beginners, intermediate, and advanced — then demonstrate all the ways to that feature in PyCharm.
Pandas is an open-source Python library for data analysis. It is designed for efficient and intuitive handling and processing of structured data.
The two main data structures in Pandas are Series and DataFrame. Series are essentially one-dimensional labeled arrays of any type of data, while DataFrames are two-dimensional, with potentially heterogenous data types, labeled arrays of any type of data. Heterogenous means that not all "rows" need to be of equal size.
In this article we will go through the most common ways of creating a DataFrame and methods to change their structure.
We'll be using the Jupyter Notebook since it offers a nice visual representation of DataFrames. Though, any IDE will also do the job, just by calling a print() statement on the DataFrame object.
Software tests should be order independent. That means you should be able to run them in any order or run them in isolation and get the same result.
However, system state often gets in the way and order dependence can creep into a test suite.
One way to fight against order dependence is to randomize test order, and with pytest, we recommend the plugin pytest-randomly to do that for you.
The developer that started pytest-randomly and continues to support it is Adam Johnson, who joins us today to discuss pytest-randomly and another plugin he also wrote, called pytest-reverse.
Despite widespread pandemic cancellations, BornHack still happened this year and they even managed to once again bring an electronic badge to all attendees. If you missed it, I’ve already published an overview of the hacker camp itself. Today let’s dig into the 2020 BornHack badge!
Designed by Thomas Flummer and manufactured in Denmark, it takes the form of a PCB in the shape of a roughly 60 degree circular arc with most of its top side taken up by a 9 by 32 array of SMD LEDs. There is the usual 4-way button array and space for an SAO connector on the rest of the front face, while on the rear are a set of GPIO pads and a pair of AA battery holders for power. Connectivity is via USB-C and infra-red, and usefully there is also a power on/off switch.
This post is part of a series on Python's syntactic sugar. The latest source code can be found as part of the desugar project.
