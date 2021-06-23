today's leftovers
A few of our tech-savvy readers (thanks @Cooe, @Locuza_, and others!) have written in to let us know about a big detail we missed when first talked about the AMD dGPU Chromebook in the works: the Vega 12 being tested for it does exist. In fact, it has already been shipped in the older MacBook Pros from 2018 as the AMD Radeon Pro Vega 16 and 20.
Zorin OS 16 releases SOON, and it's bringing a new PRO version that includes technical support and a lot more!
Roboticists often look to nature for inspiration. That makes sense, because animals are very efficient machines, thanks to millions of years of evolution. Even our most sophisticated technology doesn’t come close to matching a common housefly. But we can get closer to mimicking nature at larger scales, as with this robot created by researchers at EPFL that does a great job of swimming like a lamprey.
MiTAC has unveiled three industrial thin mini-ITX motherboards based on Elkhart Lake and Comet Lake processors with respectively MiTAC PD10EHI with a choice of low-power Intel Atom, Celeron and Pentium Elkhart Lake processors, and two more powerful motherboards with MiTAC PH11CMI & PH12CMI based on up to an Intel Core i9 Comet Lake processor, and which are virtually identical except for a different chipset allowing vPro features and RAID support.
Like most Office alternatives, OnlyOffice hews to the Microsoft ribbon interface. The tabbed toolbars are uniform across all three editors. Home is where you’ll find editing and formatting tools; Insert allows you to add images, shapes, and other elements to your document/spreadsheet/presentation; Layout tools controls page margins, orientation, and size; and so on. Each editor also includes tool tabs specific to its document type—the document editor’s References toolbar includes options for adding a table of contents, footnotes, hyperlinks, and image captions, while the spreadsheet editor has tabs dedicated to formulas, data, and pivot tables.
Most authors—especially indie authors—don’t do their writing with a large group of co-workers. They may still collaborate with others, though, but on a much smaller scale. That could be worked out without having to pay for upgraded levels of Microsoft 365.
Read on to see why I believe LibreOffice is a viable alternative for Microsoft 365 for most indie authors.
Istio 1.11 and Upbound in CNCF
When you upgrade from Istio 1.10.0 to Istio 1.11.0, you need to consider the changes on this page. These notes detail the changes which purposefully break backwards compatibility with Istio 1.10.0. The notes also mention changes which preserve backwards compatibility while introducing new behavior. Changes are only included if the new behavior would be unexpected to a user of Istio 1.10.0.
That’s what Upbound, the company behind the open source Crossplane project (now donated to the Cloud Native Computing Foundation (CNCF) in full) thinks.
C is a high-level language with close-to-the-metal features that make it seem, at times, more like a portable assembly language than a sibling of Java or Python. Among these features is memory management, which covers an executing program's safe and efficient use of memory. This article goes into the details of memory safety and efficiency through code examples in C and a code segment from the assembly language that a modern C compiler generates.
Although the code examples are in C, the guidelines for safe and efficient memory management are the same for C++. The two languages differ in various details (e.g., C++ has object-oriented features and generics that C lacks), but these languages share the very same challenges with respect to memory management.
gRoulette is a simplified Roulette game online. Win enough and you’ll get the flag. The source code is provided, and the entire thing is run over a WebSocket connection to the server.
0x0G is Google’s annual “Hacker Summer Camp” event. Normally this would be in Las Vegas during the week of DEF CON and Black Hat, but well, pandemic rules apply. I’m one of the organizers for the CTF we run during the event, and I thought I’d write up solutions to some of my challenges here.
The first such challenge is authme, a web/crypto challenge. The description just wants to know if you can auth as admin and directs you to a website. On the website, we find a link to the source code, to an RSA public key, and a login form.
I thought that using a context menu like this to present a list of sessions to switch to would be fun and teach me more about the display-menu command. Basically I just wanted to have the menu display the sessions I had, and when I’d selected one, switch me to it. So, this is what I did.
When you enter a command into your terminal, whether it's to launch a GUI app or just a terminal app, there are often options (sometimes called switches or flags) you can use to modify how the application runs. This is a standard set by the POSIX specification, so it's useful for a Java programmer to know how to detect and parse options.
Whatever the case, during the 1980s and 1990s, it was very common for many online networks to rely on the unpaid services of their users to help onboard or support others within their communities, a role that would later be taken on instead by paid individuals.
Barracuda, a cloud-enabled security solutions provider, in its latest Threat Spotlight, analysed 121 ransomware incidents between August 2020 and July 2021.
They found many attacks are being led by a handful of high-profile ransomware gangs.
More than 3 years ago now, Scott Helme and I launched a little project called Why No HTTPS? It listed the world's largest websites that didn't properly redirect insecure requests to secure ones. We updated it December before last and pleasingly, noted that more websites than ever were doing the right thing and forcing browsers down the secure path. That's the good news, the bad news is that there are still some really wacky, unexplainable anti-HTTPS views out there, but those voices are increasingly less relevant as the browsers march forward: [...]
Until February this year, Amazon Route53's DNS service offered largely unappreciated network eavesdropping capabilities. And this undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider.
After a year off due to a certain virus, the Black Hat and DEF CON security conferences returned to Las Vegas last week, just in time for the US government's attempts to foster more collaboration across the infosec industry.
The newly appointed Security Director of the Cybersecurity and Infrastructure Agency Jen Easterly took to the virtual Black Hat stage last week (although there was a limited and well-spaced physical conference this year) and announced the Joint Cyber Defense Collaborative (JCDC), which she claimed would be a true public/private partnership to try to lock down security incidents by sharing data and skills.
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks.
Command injection vulnerabilities are probably one of the most dangerous vulnerabilities that can happen in an application.
