Saturday 7th of August 2021
HowTos
Tor, Programming, and Modding Leftovers

  • New Release: Tor Browser 11.0a3 (Android Only)

    Tor Browser 11.0a3 is now available from the Tor Browser download page and also from our distribution directory.

    Note: This is an alpha release, an experimental version for users who want to help us test new features. For everyone else, we recommend downloading the latest stable release instead.

  • How to install PyCharm 2021 on a Chromebook - Professional Edition

    Today we are looking at how to install PyCharm 2021 on a Chromebook - Professional Edition. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • They returned an empty package

    I don’t like to solve maths-puzzles. I do like to read other folks solutions thought. You never know where to spot a new idiom.

  • Unix Shell: History and Trivia

    This post is part of the Summer Blog Backlog: Understanding and Using Shell. It has links and #comments about the history of shell.

    The most important topic is Ken Thompson's paper on the first Unix shell. I quote it below and will refer to it in future posts.

    It motivates the Perlis-Thompson Principle, an important idea in #software-architecture. This principle relates to both the Kubernetes-Multics analogy and the design of the Oil language.

  • Code your own pinball game | Wireframe #53
  • Arduino powered 5-key keypad includes a rotary encoder - CNX Software

    There was a time when people were happy to interact with their computer with a standard keyboard and mouse. But in recent years, we’ve noticed more programmable, custom-designed keyboards with more ergonomy, a built-in touchscreen display, integrated into a multi-function USB dock/hub, as well as tiny keypads with a couple of mechanical keys to speed up specific functions. JC Pro Macro is another one of those compact USB keypads. Powered by an Arduino Pro Micro board, the keypad features five mechanical keyboard keys, and adds a rotary encoder, plus an optional I2C OLED display for debugging, and some I/Os to control external hardware like a fan.

Games: Jupiter Hell, Deck, and More

  • Jupiter Hell shows off how brutal and thrilling a roguelike can be and it's out now | GamingOnLinux

    It's done! Jupiter Hell, the roguelike from ChaosForge is officially out now and it's easily one of the best turn-based action games I've played in some time.

  • Valve to make avail EVERY WINDOWS GAME on Deck before December

    Its a very big move they have made and it will change the gaming industry for sure. what do you think? It is a highly missed video by steamworks a youtube channle. After the 1.54 mins he says they aim at getting every Api of As many windows games as possible. In order to make almost all windows games to work on Steam deck.

  • Chinese state media describes gaming as 'spiritual opium' that stunts education and destroys families

    China's government has again expressed its severe dislike of gaming, and one of the nation's major purveyors of such entertainment has reacted by limiting the time that can be spent on the pastime. Beijing has never been entirely comfortable with gaming. In 2013, China sought to define gaming addiction so it could be treated, after previously having regulated internet detox camps to ensure that they got results – but without brutalising those felt to need an intervention to curb their online activities. In 2019, industry analysts suggested China was a key backer of World Health Organisation attempts to define gaming-related disorders as comparable to drug or gambling addictions.

German health professionals will communicate with each other through the open source Matrix protocol

Gematik, the provider of digital solutions for the German health care system has chosen the open source Matrix protocol to underpin Germany’s new instant communication platform, which will be used by over 150.000 organisations, such as general practitioner offices, hospitals, and insurance organisations. The decision follows examples such as the German armed forces and France’s government adopting Matrix as the basis for their instant communication needs. Read more

Security Leftovers

  • Report Again Finds US Government IT Security Sucks, Three Years After Saying The Same Thing

    Three years ago a US Senate Committee report showcased that the U.S. government's cybersecurity defenses were the IT equivalent of damp cardboard. The study found numerous government agencies were using dated systems that were expensive to maintain but hard to properly secure. It also noted how from 2008 to 2018, the government repeatedly failed to adequately protect sensitive data at the Social Security Administration and Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education.

  • Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware

    Between July 13 and July 16, someone took over the Mailgun account owned by restaurant chain Chipotle Mexican Grill and placed an order for login credentials using misappropriated marketing messages. Phish-fighting firm INKY said on Thursday that it spotted 121 phishing emails during this period originating from Chipotle's Mailgun account. [...] But a sample Microsoft phishing message published by INKY suggests that inconsistency would not have been visible to recipients.

  • Apple Undermines Its Famous Security 'For The Children'

    Apple is somewhat famous for its approach to security on its iPhones. Most famously, Apple went to court to fight the FBI's demand that they effectively insert a backdoor into its on-phone encryption (by being able to force an update to the phone). Apple has tons of goodwill in the security community (and the public) because of that, though not in the law enforcement community. Unfortunately, it appears that Apple is throwing away much of that good will and has decided to undermine the security of its phone... "for the children" (of course).

  • SAML is insecure by design

    SAML uses signatures based on computed values. The practice is inherently insecure and thus SAML as a design is insecure.

  • Open Web Application Security Project (OWASP) online community web application security
  • HTTP/2: The Sequel is Always Worse

    HTTP/2 is easily mistaken for a transport-layer protocol that can be swapped in with zero security implications for the website behind it. In this paper, I'll introduce multiple new classes of HTTP/2-exclusive threats caused by both implementation flaws and RFC imperfections.

    I'll start by showing how these flaws enable HTTP/2-exclusive desync attacks, with case studies targeting high-profile websites powered by servers ranging from Amazon's Application Load Balancer to WAFs, CDNs, and bespoke stacks by big tech. These achieve critical impact by hijacking clients, poisoning caches, and stealing credentials to net multiple max-bounties.

    After that, I'll unveil novel techniques and tooling to crack open desync-powered request tunnelling - a widespread but overlooked request smuggling variant that is typically mistaken for a false positive. Finally, I'll share multiple new exploit-primitives introduced by HTTP/2, exposing fresh server-layer and application-layer attack surface.

