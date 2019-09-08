Language Selection

Security Leftovers

Wednesday 27th of October 2021
Security
  • Security updates for Wednesday

    Security updates have been issued by Debian (mosquitto and php7.0), Fedora (python-django-filter and qt), Mageia (fossil, opencryptoki, and qtbase5), openSUSE (apache2, busybox, dnsmasq, ffmpeg, pcre, and wireguard-tools), Red Hat (kpatch-patch), SUSE (apache2, busybox, dnsmasq, ffmpeg, java-11-openjdk, libvirt, open-lldp, pcre, python, qemu, util-linux, and wireguard-tools), and Ubuntu (apport and libslirp).

  • Linux Foundation: confidential computing market to reach $54 billion in 2026 [Ed: ZDNet writing more Linux Foundation 'spam' today. They're paid to do this. They paint surveillance as "security" and "confidential".]
  • Kali Linux Wordlist: What you need to know

    wordlist can be referred to as a password dictionary since it is a collection of passwords stored as plain text. Kali Linux is the most advanced penetration testing distribution. It is primarily designed for penetration testing and digital forensics hence funded and maintained by Offensive Security.

    Most Kali Linux wordlists can be downloaded online, including those provided in this article. In addition, there are a collection of common and uncommon passwords that are still or were once used by real people. Remember, you can also create your wordlist if you prefer to or stick to the ones already compiled. Wordlists are derived from data breaches such as circumstances where the company gets hacked. Data stolen from the hacked companies are leaked on websites such as Pastebin or sold on the dark web.

  • FBI Releases Indicators of Compromise Associated with Ranzy Locker Ransomware

    The Federal Bureau of Investigation (FBI) has released a Flash report detailing indicators of compromise (IOCs) associated with attacks using Ranzy Locker, a ransomware variant first identified targeting victims in the United States in late 2020.

  • Warehouse belonging to Chinese payment terminal manufacturer raided by FBI

    US feds were spotted raiding a warehouse belonging to Chinese payment terminal manufacturer PAX Technology in Jacksonville, Florida, on Tuesday, with speculation abounding that the machines contained preinstalled malware.

    PAX Technology is headquartered in Shenzhen, China, and is one of the largest electronic payment providers in the world. It operates around 60 million point-of-sale (PoS) payment terminals in more than 120 countries.

  • Tired of spam? A burner email account could be the answer.

    Have you ever been in that situation where you need to give your email address over, but you don’t want to? There could be a security reason. Can you trust who you’re sharing with not to spam your inbox? Are you certain they won’t expose you to data breaches due to lax security on their part? Can you protect your email from being sold in lists, used for ad tracking and targeting or even be uploaded to platforms like Facebook to track and target you there? Or it could be a case of inbox fatigue. Or maybe you just don’t want your email associated with some entities and in their database? Enter the burner email account.

Kernel: Bootlin/Yocto and Linux 5.16 Additions

  • Maintaining Yocto Project Documentation - Bootlin's blog

    For many years, Bootlin has been a strong user and a contributor to the Yocto Project, delivering numerous customized embedded Linux distributions and Board Support Packages based on Yocto Project and OpenEmbedded to its customers, for a wide range of hardware platforms and architectures. In 2021, we have been able to bring this engagement further, as Bootlin engineer Michael Opdenacker has been given the opportunity to work as a maintainer for Yocto Project’s documentation, thanks to funding from the Linux Foundation. Since the mourning of Scott Rifenbark, the former maintainer, in early 2020, the project was in need for someone to fill this role.

  • Qualcomm MSM DRM Driver Improvements Submitted Ahead Of Linux 5.16 - Phoronix

    The MSM DRM driver for supporting the open-source display/graphics support with Qualcomm Snapdragon SoCs has submitted their main feature pull request to DRM-Next ahead of the upcoming Linux 5.16 merge window. The MSM DRM driver changes for Linux 5.16 aren't too exciting but do include a few items worth mentioning. First up, Embedded DisplayPort (eDP) support has been added to MSM's DisplayPort sub-driver for newer SoCs having native eDP output.

  • Apple Silicon GPIO Driver Queued Ahead Of Linux 5.16 - Phoronix

    Along with the Apple Silicon PCIe driver, another new driver for supporting Apple Silicon (primarily with a focus on the Apple M1 for now) with the upcoming Linux 5.16 cycle is a new pinctrl/GPIO driver. Queued overnight into the linux-pinctrl.git's "for-next" branch is the 500+ lines of code driver developed by Arm's Joey Gouly and Corellium's Stan Skowronek for bringing up the pinctrl/GPIO support for Apple SoCs.

  • Nintendo Switch Controller Driver Finally Set For Linux 5.16 - Phoronix

    After stalling last year when it was queued up in HID's "for-5.10/nintendo" branch only to not make it into HID-next at the time, that threshold has now been crossed with the latest Nintendo Switch controller driver now ready for introduction in Linux 5.16. This open-source driver enables the Nintendo Switch Joy-Con and Pro controllers to work under Linux with a mainline kernel driver.

Best Linux desktop for 2021: Which one should you buy?

Linux on the desktop is a thing to behold. It's not only incredibly powerful and secure, but it's also flexible enough to become exactly what the user needs. And although you can successfully run Linux on just about any type of desktop machine (running lightweight Linux distributions on older hardware), to really get the most out of modern-day variants, it's best to have hardware up to the task. Linux doesn't require nearly the hardware needed to run Windows 11 or macOS, but why not give the open-source operating system extra power, so you can run more applications and services. So, why not send your money to companies that support open source in return? Which desktops are best suited for the task? Let's take a look at the five best options you have for 2021. Read more

ESP32 and Arduino for Weather

  • ESP32 Clock Takes Time to Give Weather Info, Too

    It’s fall in the northern hemisphere, so [Mike Rankin]’s kids are back in school and have returned to consulting him every morning about the weather and what they should wear. Since he’s no meteorologist, [Mike] built a beautifully dim and diminutive clock that does all the work for him, plus much more. It glows a lovely dark orange that’s perfect for the nightstand and those early morning interrogations. In default mode, this clock displays the time, CO2 level, room temperature, and humidity in that eye-friendly orange. But wave your hand in front of the time of flight sensor, and it goes external, displaying the low and high temperatures for the day, plus the weather conditions forecast. After a few seconds of that, it goes back to default mode. The ESP fetches the time from an NTP server, then gets the weather from the OpenWeather API. The indoor weather comes from a combination sensor on the board.

  • 3D Printed IoT Weather Station Dashboard

    This is my dashboard for my 3D Printed IoT Weather Station project, you can build your own by following my build guide.

  • I Upgraded My 3D Printed Weather Station Using Your Suggestions

    Today we’re going to be making some upgrades to my previously built IoT weather station using suggestions that you guys made in the comments section. We’ll see how well the weather station performs after the upgrades and I’ve included a link to the public Thingspeak channel, so you can have a look at the most recently recorded data.

Tiny SBC runs Linux on new RAM-equipped Allwinner RISC-V SoC

MangoPi is prepping a tiny “MangoPi-MQ1” SBC with the new Allwinner F133-A (D1s), a spin-down of Allwinner’s D1 that adds 64MB RAM. Both SoCs use the XuanTie C906, one of several RISC-V cores that Alibaba T-Head is now open sourcing. A MangoPi project from Beijing Wadora Technology Co. has announced a Linux-driven MangoPi-MQ1 SBC equipped with a new Allwinner F133-A (D1s) SoC. Allwinner’s F133-A is a slightly scaled down version of the Allwinner D1 SoC, which powers Sipeed’s Nezha SBC. Both SoCs are equipped with a RISC-V architecture XuanTie C906 core, which last week Alibaba’s T-Head subsidiary announced is being open sourced along with several other cores (see farther below). Read more

