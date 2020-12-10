Security Leftovers
PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers
“The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users,” said Ophir Harpaz and Omri Marom, researchers with Guardicore Labs, in a Thursday post. “By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database.”
Introducing software fuzzing – part of AI and ML in DevOps - JAXenter
This isn’t just about having to reboot your phone when an app freezes. While that’s certainly a software quality issue that causes you a minor annoyance, it doesn’t impact your safety (unless you happen to be driving and if so – shame on you!) or access to services. As our technology inevitably fades into the background, the software reacting to us will be our literal backdrop, the infrastructure that moves us around, helps us communicate, and lets us work and collaborate.
If we are living in a software world, and we want to live in a high-quality world, then we need high-quality software testing. We need that testing to stand up to the future, and that means greatly increasing the velocity of our testing frameworks. Although we can get far with human-driven testing, and augment that with things like static code analysis, at scale it becomes more and more difficult to eliminate tester bias from the pool of test cases.
Thinking about the true purpose of software testing, what are we trying to achieve? At the most granular level, we are trying to take the software down as many code execution paths as possible, and we are monitoring the behavior of the application to see how it behaves along those paths. Do we get the output we are expecting? Does the application crash? Can we manipulate the application to show us data that we shouldn’t be able to see?
Episode 237 – Door 12: Video game hacking – Open Source Security
Josh and Kurt talk about video game hacking. The speedrunners are doing the best security research today
Reproducible Builds (diffoscope): diffoscope 163 released
The diffoscope maintainers are pleased to announce the release of diffoscope version 163.
Compositing Scheduling in KWin: Past, Present, and Future
Currently, compositing infrastructure in KWin is heavily influenced by the X11 requirements, e.g. there is only one compositing clock, compositing is throttled to the lowest refresh rate, etc. Besides that, incorrect assumptions were made about the behavior of glXSwapBuffers() and eglSwapBuffers(), unfortunately, which result in frame drops and other related issues. With the ongoing Wayland improvements, we hope to fix the aforementioned issues. Also: KDE Plasma's KWin Working On Per-Screen Refresh Rates, Compositing From Multiple Threads - Phoronix
KDevelop 5.6.1 released
About three months after the release of KDevelop 5.6.0, we provide a first bugfix and stabilisation release for the 5.6 series today: KDevelop 5.6.1
Puppy Linux: EasyOS 2.5.3 and More
Wine 6.0-rc2 Announcement
The Wine development release 6.0-rc2 is now available. What's new in this release (see below for details): - Bug fixes only, we are in code freeze. The source is available from the following locations: https://dl.winehq.org/wine/source/6.0/wine-6.0-rc2.tar.xz http://mirrors.ibiblio.org/wine/source/6.0/wine-6.0-rc2.tar.xz Binary packages for various distributions will be available from: https://www.winehq.org/download You will find documentation on https://www.winehq.org/documentation You can also get the current source directly from the git repository. Check https://www.winehq.org/git for details. Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.Also: Wine 6.0-RC2 Released With 40 More Bugs Fixed - Phoronix
