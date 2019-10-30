Programming Leftovers
-
Despite advances in tools, platforms, and languages, software programming challenges dog developers.
-
A new release 0.2.2 of pkgKitten is now on CRAN, and will be uploaded to Debian. pkgKitten makes it simple to create new R packages via a simple function invocation. A wrapper kitten.r exists in the littler package to make it even easier.
-
Oracle has published a new version of GraalVM, its open-source Java JVM/JDK implemented in Java that also supports other programming languages and execution modes. GraalVM continues to be quite an interesting effort given its various languages supported and interesting technical experiments/features in the name of greater Java performance and other innovative features.
GraalVM 21.2 is another interesting release both for the pure community open-source project and also some new extras only within GraalVM Enterprise too. Among the changes catching my eye with GraalVM 21.2 include:
Proprietary Games and Proprietary Software
-
Another big Steam event is coming up with the Steam Next Fest due to be live once again on October 1.
This is the event where for a limited time, developers put up fresh demos of their upcoming games. Not only that, you're able to watch various livestreams of talks directly from developers and watch them play their games directly on Steam pages.
For developers, they have until August 15 to submit their game for review, along with a demo.
-
A big new expansion and a big free update for everyone, RimWorld has expanded once again and so it might be time to dive back in to build just one more colony.
Calling Ideology a DLC probably isn't doing it justice. It's a pretty deep expansion, opening up tons of new ways on how you build your colony and manage your people. With a full customizable belief system based on "memes" which are the core ideas the belief is based upon including the likes of giving animals the same rights as humans, nudism that speak for itself, cannibalism, transhumanism and many more than can be combined together. These memes can have different rules, people can be converted to different beliefs and more. Sounds awesome.
-
A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.
-
According to Gartner’s research on operational technology, security incidents in OT and other cyber-physical systems (CPS) have three main motivations - actual harm, commercial vandalism (reduced output) and reputational vandalism (making a manufacturer untrusted or unreliable).
Gartner predicts that the financial impact of CPS attacks resulting in fatal casualties will reach over $50 billion by 2023, and even without taking the value of human life into account, the costs for organisations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant.
Databases: Firebird 4.0 and PostgreSQL
-
Firebird 4.0 Docker has been released with images for AMD64, ARM64 and ARM/V7.
-
pgSCV is a Prometheus-compatible monitoring agent and metrics exporter for PostgreSQL environment. The goal of the project is to provide a single tool (exporter) for collecting metrics from PostgreSQL and related services.
Security Leftovers
-
In this article, we explained what authorization is and how it differs from authentication. We gave examples for authorization processes and explained the two different access control models: capability-based access control and access control lists.
The Linux/UNIX file permissions were used to show an example of how ACLs could be used. Note that, although Linux/UNIX file permissions are a type of ACL, they are not to be confused with the POSIX ACL, which are also available on Linux platforms. S acl(5) in the man pages for more information.
We learned that authorization is used to determine what actions a subject is allowed to perform on an object. Besides the examples from this article, other methods can be used to implement access control, including Discretionary Access Control (DAC), Mandatory Access Control (MAC) or Role-Based Access Control (RBAC), to name the most common ones.
-
Security updates have been issued by Arch Linux (ant, code, dino, firefox-ublock-origin, go, libuv, nextcloud-app-mail, nodejs-lts-erbium, nodejs-lts-fermium, openvswitch, putty, racket, telegram-desktop, and wireshark-cli), Debian (kernel, linux-4.19, and systemd), Fedora (kernel, kernel-headers, kernel-tools, and krb5), Gentoo (systemd), Mageia (perl-Convert-ASN1 and wireshark), openSUSE (caribou, containerd, crmsh, fossil, icinga2, kernel, nextcloud, and systemd), Red Hat (389-ds:1.4, glibc, java-1.8.0-openjdk, java-11-openjdk, kernel, kernel-rt, kpatch-patch, libldb, perl, RHV-H, rpm, shim and fwupd, and systemd), Slackware (kernel), SUSE (caribou, containerd, crmsh, curl, dbus-1, kernel, qemu, and systemd), and Ubuntu (binutils, linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.3, linux-hwe, linux-lts-xenial, linux-kvm, linux-oracle, linux-raspi, linux-raspi2-5.3, linux-oem-5.10, nvidia-graphics-drivers-390, nvidia-graphics-drivers-418-server, nvidia-graphics-drivers-450-server, nvidia-graphics-drivers-460, nvidia-graphics-drivers-460-server, nvidia-graphics-drivers-470, and systemd).
-
Here we are again. NVIDIA has today sent out a security bulletin to inform users on Linux and Windows to ensure your GPU drivers are up to date to do freshly revealed security problems.
The issues can result in information disclosure, data tampering, and denial of service. As always, even if you think you're not vulnerable for whatever reason, upgrading is highly recommended now.
-
This has been a busy week for security news, but perhaps the most significant security and privacy story to break this week (if not this year), is about how NSO Group’s Pegasus spyware has been used by a number of governments to infect and spy on journalists and activists and even heads of state by sending an invisible, silent attack to their iPhone that requires no user interaction. This attack works even on new, fully-patched phones, and once the phone is compromised, the attacker has full remote control over the phone including access to the file system, location, and microphone and cameras.
What’s particularly scary about spyware in general, and is true for Pegasus as well, is that victims have no indication they’ve been compromised. Due to how locked down the iPhone is from the end user, detecting Pegasus in particular requires expert forensics techniques. This has left many at-risk iPhone users wondering whether they too are compromised and if so, what do they do?
Recent comments
1 hour 9 min ago
1 hour 11 min ago
1 hour 20 min ago
1 hour 32 min ago
5 hours 20 min ago
16 hours 19 min ago
17 hours 14 min ago
18 hours 32 min ago
18 hours 42 min ago
19 hours 42 min ago