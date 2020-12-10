Language Selection

Security Leftovers

Submitted by Roy Schestowitz on Saturday 12th of December 2020 04:04:06 AM
Security
  PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

    “The attack starts with a password brute-force on the MySQL service. Once successful, the attacker runs a sequence of queries in the database, gathering data on existing tables and users,” said Ophir Harpaz and Omri Marom, researchers with Guardicore Labs, in a Thursday post. “By the end of execution, the victim’s data is gone – it’s archived in a zipped file which is sent to the attackers’ servers and then deleted from the database.”

  Introducing software fuzzing – part of AI and ML in DevOps

    This isn’t just about having to reboot your phone when an app freezes. While that’s certainly a software quality issue that causes you a minor annoyance, it doesn’t impact your safety (unless you happen to be driving and if so – shame on you!) or access to services. As our technology inevitably fades into the background, the software reacting to us will be our literal backdrop, the infrastructure that moves us around, helps us communicate, and lets us work and collaborate.

    If we are living in a software world, and we want to live in a high-quality world, then we need high-quality software testing. We need that testing to stand up to the future, and that means greatly increasing the velocity of our testing frameworks. Although we can get far with human-driven testing, and augment that with things like static code analysis, at scale it becomes more and more difficult to eliminate tester bias from the pool of test cases.

    Thinking about the true purpose of software testing, what are we trying to achieve? At the most granular level, we are trying to take the software down as many code execution paths as possible, and we are monitoring the behavior of the application to see how it behaves along those paths. Do we get the output we are expecting? Does the application crash? Can we manipulate the application to show us data that we shouldn’t be able to see?

  Episode 237 – Door 12: Video game hacking – Open Source Security

    Josh and Kurt talk about video game hacking. The speedrunners are doing the best security research today

  Reproducible Builds (diffoscope): diffoscope 163 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 163.

Compositing Scheduling in KWin: Past, Present, and Future

Currently, compositing infrastructure in KWin is heavily influenced by the X11 requirements, e.g. there is only one compositing clock, compositing is throttled to the lowest refresh rate, etc. Besides that, incorrect assumptions were made about the behavior of glXSwapBuffers() and eglSwapBuffers(), unfortunately, which result in frame drops and other related issues. With the ongoing Wayland improvements, we hope to fix the aforementioned issues.

KDevelop 5.6.1 released

About three months after the release of KDevelop 5.6.0, we provide a first bugfix and stabilisation release for the 5.6 series today: KDevelop 5.6.1

Puppy Linux: EasyOS 2.5.3 and More

  EasyOS version 2.5.3 released
  Easy Buster version 2.5.3

    EasyOS versions 1.x are the "Pyro" series, the latest is 1.3. Easy Pyro is built with packages compiled from source using 'oe-qky-src', a fork of OpenEmbedded. Consequently, the builds are small and streamlined and integrated. The Pyro series may have future releases, but it is considered to be in maintenance status. The "Buster" series start from version 2.0, and are intended to be where most of the action is, ongoing. Version 2.0 was really a beta-quality build, to allow the testers to report back. The first official release was 2.1. The main feature of Easy Buster is that it is built from Debian 10 Buster DEBs, using WoofQ (a fork of Woof2: Woof-CE is another fork, used to build Puppy Linux). The advantage of Buster over Pyro is access to the large Debian package repositories. That is a big plus.

  EasyPup is deprecated

    I am seriously considering discontinuing development of EasyPup. I know, I have said that before, but then gone and done some more work on it.

  Put disabled HDD into deep-sleep mode

    For EasyOS "Copy session to RAM & disable drives" mode, forum member 'MochiMoppel' has suggested that "hdparm -Y " be applied to the "disabled" drives.

  Tweaks for "save" icon in lockdown modes

    EasyOS has two lockdown modes. There is "Copy session to RAM" and "Copy session to RAM & disable drives". Both have a "save" icon on the desktop, so the user can at any time choose to save the session to the boot media. One problem was that when boot in lockdown mode, the 'init' script in the initrd edits /root/Choices/ROX-Filer/PuppyPin, replacing the "update" icon with a "save" icon.

Wine 6.0-rc2 Announcement

The Wine development release 6.0-rc2 is now available.

What's new in this release (see below for details):
  - Bug fixes only, we are in code freeze.

The source is available from the following locations:

  https://dl.winehq.org/wine/source/6.0/wine-6.0-rc2.tar.xz
  http://mirrors.ibiblio.org/wine/source/6.0/wine-6.0-rc2.tar.xz

Binary packages for various distributions will be available from:

  https://www.winehq.org/download

You will find documentation on https://www.winehq.org/documentation

You can also get the current source directly from the git
repository. Check https://www.winehq.org/git for details.

Wine is available thanks to the work of many people. See the file
AUTHORS in the distribution for the complete list.
Wine 6.0-RC2 Released With 40 More Bugs Fixed

