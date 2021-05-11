Language Selection

Security Leftovers

Wednesday 9th of June 2021
Security
  • Microsoft Patches Six Zero-Day Security Holes

    Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks.

  • Fedora 35 Looking To Use Yescrypt For Hashing User Passwords - Phoronix

    Adding to the list of planned improvements for Fedora 35 is switching to make use of Yescrypt for hashing of user passwords.

    Fedora developers are looking at using Yescrypt as the default hashing mode for new user passwords within /etc/shadow. While SHA256/SHA512 haven't yet been broken as common used today for Linux account password hashing, Yescrypt would beef up the security.

  • Vulnerability Detection and Patching: A Survey Of The Enterprise Environment | Linux Journal

    Detecting vulnerabilities and managing the associated patching is challenging even in a small-scale Linux environment. Scale things up and the challenge becomes almost unsurmountable. There are approaches that help, but these approaches are unevenly applied.

    In our survey, State of Enterprise Vulnerability Detection and Patch Management, we set out to investigate how large organizations handle the dual, linked security concerns of vulnerability detection and patch management.

    The results produced interesting insights into the tools that organizations depend on to effectively deal with vulnerability and patch management at scale, how these tools are used, and which restrictions organizations face in their battle against threat actors. Download the copy of the report here.

  • Mozilla Attack & Defense: Eliminating Data Races in Firefox – A Technical Report

    We successfully deployed ThreadSanitizer in the Firefox project to eliminate data races in our remaining C/C++ components. In the process, we found several impactful bugs and can safely say that data races are often underestimated in terms of their impact on program correctness. We recommend that all multithreaded C/C++ projects adopt the ThreadSanitizer tool to enhance code quality.

AMD Releases AOMP 13.0-3 For Their Latest Radeon OpenMP Offload Compiler

The latest work happening on AMD's Radeon Open eCosystem (ROCm) front is a new release of AOMP, their LLVM Clang downstream focused on carrying the latest patches around Radeon OpenMP offloading support. AOMP 13.0-3 is based on an early snapshot of the LLVM/Clang 13.0 Git state as of April while adding in a lot of AMD's own patches that haven't yet had the time to go through the processes to be upstreamed. Read more Also: OnLogic Introduces New AMD Ryzen Powered Industrial Grade Mini-ITX Thin Client

Makhber: An Open-source data visualization and analysis package

Makhber is a lightweight open-source multi-platform data analysis, visualization and plotting application. It works smoothly on Windows, Linux (Tested on Solus OS, Ubuntu and Zorin Linux) and macOS. It is created "Mehdi Chinoune" a developer from Algeria. Although the product is fairly new and in active development, Mehdi took time and effort to create a production-ready package for Linux, Windows and macOS. The app uses C++ and Python which explains the lighting speed performance and experience. Read more

Hardware Leftovers

  • IZIRUN open-hardware STM32 development boards expose GPIOs through M.2 connector (Crowdfunding)

    M.2 sockets are typically used to connect wireless or storage expansion boards to laptops, computers, and SBC’s. But nothing precludes them from being used for another purpose, and earlier this year we wrote about Sparkfun MicroMod MCU boards with an M.2 connector for GPIOs, I2C, SPI, etc…

  • Toradex extends Torizon to Development and Operation (DevOps) Platform for IoT Linux Devices (Sponsored)
  • Toradex extends Torizon as DevOps platform for IoT Linux devices

    Toradex is extending its Torizon operating system for use as a full IoT development and operations (DevOps) platform for Linux devices. The operating system will now include free remotely hosted updates, device monitoring features, and a fleet management solution. Torizon enables modern, iterative product development by seamlessly integrating hardware, a Linux OS, development tools, remote updates and fleet operations. The result is a scalable solution for devices requiring high reliability and security.

  • Intel Core i7-1165G7 barebone mini PC sells for $455
  • Senate approves billions for US semiconductor manufacturing

    The bill — titled the US Innovation and Competition Act or USICA — builds off a previous proposal from Senate Majority Leader Chuck Schumer (D-NY) called the Endless Frontier Act. Endless Frontier was lauded as one of the first big bipartisan bills to come from the Biden administration. But over the last few months, the bill, which was seen as a must-pass piece of legislation for both parties, was bloated with political mush and much of the original funding was watered down as it moved through the Senate process.

    In its current form, the bill provides $52 billion for domestic semiconductor manufacturing, as well as a 30 percent boost in funding for the National Science Foundation and $29 billion for a new science directorate to focus on applied sciences.

  • Stephen Michael Kellat: Remembering Planning

    The month has started off with some big surprises for me. For the low price equal to roughly 34 Beta Edition PinePhones or roughly 72 Raspberry Pi 400 units I wound up having to pay to get my home’s central heating and cooling system replaced. It has been a few days of disruption since the unit failed which combined with the rather hot weather has made my home not quite fit for habitation.

