Language Selection

English French German Italian Portuguese Spanish

Security and Proprietary Software Leftovers

Filed under
Security
  • SSID Stripping flaw lets hackers mimic real wireless access points

    Simply put: Unsuspecting users can be tricked users into connecting to WiFi spots setup by hackers. This would not only exposed users to data theft but access their personal information on their device – That’s why the vulnerability has been dubbed SSID stripping.

  • Adobe Releases Security Updates for Multiple Products | CISA

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Lenovo ships scareware to “correct” Windows problems for $30 a year and sells expensive antivirus. Many issues could be solved by running cleanmgr and a free antivirus. – BaronHK's Rants

    Lenovo has been caught doing some shady things before, from installing the Superfish malware, to the infamous BIOS that took a Windows “security feature” and used it to keep reinstalling crapware no matter how many times the user deleted it, to blocking the installation of GNU/Linux operating systems in 2016, forcing me to take my case to the Attorney General of Illinois. Lisa Madigan, at the time.

    To my surprise, her office opened an antitrust investigation and as soon as Lenovo and Microsoft heard the gears turning, they threw the transmission into full reverse and backtracked with a BIOS repair. But Microsoft and Lenovo are like the Shadows and their Dark Servants in Babylon 5. Every time they were defeated, they’d scatter their remaining forces, sleep for a while, and come up with a new strategy to slowly lick their wounds and then try to start problems all over again.

    For Lenovo’s part, even though they’ve been smacked down by court proceedings and bad publicity, they have no idea when to stop trying to chase down a user for a quick buck after they’ve already bought an expensive computer. And Microsoft is obviously happy with what any decent company would consider slander, because Lenovo is selling “snake oil” subscriptions that essentially cost $30 a year to empty your recycle bin.

  • Secure JSONification?

    There was an interesting discussion on IRC today. In brief, it was about exposing one’s database structures over API and security implications of this approach. I’d recommend reading the whole thing because Altreus delivers a good (and somewhat emotional) point on why such practice is most definitely bad design decision. Despite having minor objections, I generally agree to him.

    But I’m not wearing out my keyboard on this post just to share that discussion. There was something in it what made me feel as if I miss something. And it came to me a bit later, when I was done with my payjob and got a bit more spare resources for the brain to utilize.

    First of all, a bell rang when a hash was mentioned as the mediator between a database and API return value. I’m somewhat wary about using hashes as return values primarily for a reason of performance price and concurrency unsafety.

More in Tux Machines

LibreOffice 2021 Schedule Mobile App

The LibreOffice 2021 Schedule Mobile App is immediately available on Google Play and F-Droid. From the F-Droid page is also possible to download the APK, although by installing that way you will not receive update notifications. The mobile app, for Android smartphones and tablets, shows the conference schedule: by swiping right and left, the user can switch between the three rooms, while a drop down menu allows to chose one of the three days. By tapping on each of the talks, it is possible to star it to create a personal conference schedule, and to set an alarm to avoid losing the important presentations. Changes to the schedule will be immediately reflected on the mobile app, although it is always possible to force a refresh, and to show the latest changes. Read more

DXVK 1.9.2 Improves Pathfinder: Wrath of the Righteous, Need For Speed Heat, and Other Games

DXVK 1.9.2 is here almost two months after the DXVK 1.9.1 release and introduces more bug fixes to reduce overall CPU overhead in Direct3D 9 and address several issues, as well as to improve support for several Windows games that some of you might want to play on your favorite GNU/Linux distributions. Among these, there’s a fix for reflection rendering in Call of Cthulhu, a workaround for poor performance in the Crysis 3 and Homefront: The Revolution, improved gamma curve in GODS, a fix for incorrect rendering Fantasy Grounds, and a fix for blank screen in Paranormal Files. Read more

today's leftovers

  • Please Stop Closing Forums And Moving People To Discord

    A few days ago Eurogamer closed their forums, bringing to an end over 20 years of community discussion. The site explained the move like sites and companies always do (only a few are still using them), and it made sense the way it always does (that’s a lot of money for not much gain), but that doesn’t mean the process itself isn’t something that sucks.

  • Nokia has recommenced participation in the O-RAN Alliance

    The O-RAN Alliance said it became aware of concerns regarding some participants that may be subject to U.S. export regulations, and has been working with O-RAN participants to address these concerns. The O-RAN Board has approved changes to O-RAN participation documents and procedures. While it is up to each O-RAN participant to make their own evaluation of these changes, O-RAN is optimistic that the changes will address the concerns and facilitate O-RAN’s mission, the Alliance said.

  • Nokia and O-RAN: an unwavering commitment

    Nokia has long been a believer in – and champion of – open and interoperable technologies. We believe that Open RAN technology has the potential to enrich the mobile ecosystem with new solutions and business models, and an expanded multi-vendor ecosystem. This is what customers and consumers want – and it is something we are committed to seeing through.

  • Oil Has Multi-line Commands and String Literals

    In June's post Recent Progress on the Oil Language, I wrote that Oil has Python-like multi-line string literals, but enhanced like the Julia language.

    Here are examples from the Oil Language Tour.

Red Hat/Fedora Leftovers

  • 5 DevSecOps myths, explained

    New ways of doing things tend to beget new myths and misunderstandings about those emerging methods. A common example: As newer work processes and cultures get popularized, people commonly begin to tout a single correct way to implement them. In all likelihood, though, there’s more than one “right” way to do it – and that’s true for DevSecOps, as it was with DevOps before it. Demystifying DevSecOps, then, is actually a meaningful (if not wholly necessary in some organizations) step toward a successful implementation. That’s because DevSecOps, like DevOps, is as much a matter of people and culture as anything else. As Red Hat associate principal solutions architect Mike Calizo wrote over at opensource.com, “DevSecOps encourages security practitioners to adapt and change their old existing security processes and procedures. This may sound easy, but changing processes, behavior, and culture is always difficult, especially in large environments.”

  • Red Hat's Upstream Contributions Are Making For A Great Fedora Workstation 35 - Phoronix

    Fedora Workstation 35 will hopefully be out at the end of October (currently the beta is running behind schedule) and when it does ship it's once again at the bleeding-edge of Linux features. Fedora Workstation 35 is shaping up to be another great release for those interested in a feature-rich desktop experience. Fedora Workstation 35 test builds have been working out great on the few systems I've tried so far in the lab. More Fedora Workstation 35 testing and benchmarks will be coming up in the weeks ahead. In anticipation of the upcoming Fedora 35 Beta, Red Hat's Christian Schaller once again published a new blog post outlining some of the big changes on the Fedora Workstation side for this six-month update.

  • Rajeesh K Nambiar: A new set of OpenType shaping rules for Malayalam script

    TLDR; research and development of a completely new OpenType layout rules for Malayalam traditional orthography. Writing OpenType shaping rules is hard. Writing OpenType shaping rules for advanced (complex) scripts is harder. Writing OpenType shaping rules without causing any undesired ligature formations is even harder.

  • The NeuroFedora Blog: Next Open NeuroFedora meeting: 13 September 1300 UTC
  • Next Open NeuroFedora meeting: 27 September 1300 UTC