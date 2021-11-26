Language Selection

today's leftovers

Misc
  • Alpha 20 goes live for survival game 7 Days to Die | GamingOnLinux

    The Fun Pimps have promoted Alpha 20 of 7 Days to Die to the stable release builds making in the new official update and it's a big one again. Players are clearly enjoying it, with it still remaining at a higher player count than it had been seeing months prior to the experimental version.

  • IO_uring Network Zero-Copy Transmit Continues Looking Great For Linux - Phoronix

    Sent out last month were an early set of patches working on IO_uring zero-copy send support for the networking subsystem. This work to boost the throughput potential has evolved now into a second revision of the patches and continues looking very promising.

    This work by Pavel Begunkov is for wiring up zero-copy send support with IO_uring, initially for IPv4/UDP while TCP support is also in the works. The v2 patches out today are still being treated as "request for comments", but the performance numbers and overall direction appear to be in good standing.

  • Raku Advent Calendar: Day 22 – Santa Claus is Rakuing Along
  Coding

    This post is part of a series, starting at Reflections on a decade of coding.

    This is going to be much more vague than the other parts of the series because this is the actual work. Good judgement is learned from experience, not from blog posts. So I think the most useful thing I can convey is what kinds of things I think about when coding, rather than what answers I come up with.

    I'm also trying to focus on things that were non-obvious to me or that run counter to what I was taught.

  • A challenger to the throne of vector graphics. SVG is dead, long live TinyVG!

    What we really need is a format like PNG for vector graphics. Compact, versatile and simple to implement. What most of us don't need are vector graphic animations or vector graphic applications. What we definitly don't need is a vector graphic format that can do raw sockets.

    After the reasearch I did to implement SVG in Zig, I was disappointed and angry that stuff like vector graphics is so complex and in my stubbornness I decided: [...]

  • The QOI File Format Specification

    QOI will not compress images as well as an optimized PNG encoder and that's OK. We already have image formats that out-compress PNG anyway. QOI's virtue is in its simplicity.

  • The 2021 Tuxies | LINUX Unplugged 437

    It's the second annual Unplugged Tuxies; our community votes on the best projects, distros, desktops, and services of 2021.

Security Leftovers

  • Authentication and Authorisation Using Single Sign-On

    In the first blog of this series, we explored multi-factor authentication and a move away from credentials that can be stolen, as motivated by recent attacks. This blog will dive into authorisation and single sign-on to aid in technology selection and deployment considerations. It provides a foundation for the following blog post that introduces emerging standards that have taken into account learnings from the challenges of past protocols, reducing points of vulnerability where possible.

  • Attackers have found a way to bypass a crucial Microsoft Office patch | TechRadar

    Attackers have managed to create a novel exploit capable of bypassing a critical remote code execution vulnerability in Microsoft Office which was patched earlier this year. According to new research from the cybersecurity firm Sophos, the attackers were able to take a publicly available proof-of-concept Office exploit and weaponize it to deliver the Formbook malware. Back in September, Microsoft released a patch to prevent attackers from executing malicious code embedded in a Word document that downloads a Microsoft Cabinet (CAB) archive containing a malicious executable. By reworking the original exploit and placing the malicious Word document inside a special crafted RAR archive, the attackers created a “CAB-less” form of the exploit capable of successfully evading the original patch. Surprisingly though, this novel exploit was distributed using spam emails for approximately 36 hours before it disappeared completely. Sophos' researchers believe that the exploit's limited lifespan could mean that it was a “dry run” experiment that could be used in future attacks.

  • Attackers find new way to exploit Office hole patched by Microsoft

    The original exploit affected the Office file format. To take advantage of this flaw, attackers could execute malicious code embedded in a Word document that downloads a Microsoft Cabinet archive, which, in turn, contained a malicious executable.

    A statement from Sophos said: "Attackers have reworked the original exploit by placing the malicious Word document inside a specially crafted RAR archive. The newer, 'CAB-less' form of the exploit successfully evades the original patch.

Android Leftovers

Best Free and Open Source Alternatives to Autodesk ShotGrid

Autodesk, Inc. is an American multinational software company that makes software products and services for the architecture, engineering, construction, product design, manufacturing, media, education, and entertainment industries. It bills itself as a “… leader in 3D design, engineering and entertainment software”. The company was founded in 1982 by John Walker, who was a joint developer of the first versions of AutoCAD, the company’s best known software application. Autodesk is listed on the Nasdaq stock exchange, it has over 11,000 employees, and is headquartered in the San Francisco Bay Area. While Autodesk develops many high quality applications they are proprietary software. And the vast majority of their products are not available for Linux. This series looks at the best free and open source alternatives. Read more

Android Leftovers

