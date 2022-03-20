Programming Leftovers Managing Rust crates in private Git repositories Rust is all hot these days, and it is indeed a nice language to work with. In this blog post, I take a look at a small challenge: how to host private crates in the form of Git repositories, making them easily available both to developers and CI/CD systems.

Our limited use of Python's cgi module Some of our CGIs are purely informational; they present some dynamic information on a web page, and don't take any parameters or otherwise particularly interact with people. These CGIs tend to use cgitb so that if they have bugs, we have some hope of catching things. When these CGIs were written, cgitb was the easy way to do something, but these days I would log tracebacks to syslog using my good way to format them.

curl is now 24 | daniel.haxx.se On March 20, 2022 curl turns 24 years old.

Developer Velocity Developer velocity isn't the whole of developer productivity. I think of developer velocity as post-commit workflow. Once a feature or change set is ready, how much "red tape" is there to get those changes out to customers? But "red tape" isn't just bureaucratic with software.

Proprietary Software Leftovers Microsoft Edge vulnerable to attacks: MeitY's CERT-In issues warning for browser users, advisory to stay safe The advisory further reveals that “these vulnerabilities exist in Microsoft Edge due to Heap buffer overflow in ANGLE, use-after-free in Cast UI, use after free in Omnibox, out of bounds read in ANGLE, use after free in Views, use-after-free in WebShare, type confusion in Blink Layout, use-after-free in Media, out of bounds memory access in Mojo, use-after-free in MediaStream, insufficient policy enforcement in Installer, heap buffer overflow in Cast UI, inappropriate implementation in HTML parser, inappropriate implementation in full screen mode, inappropriate implementation in Permissions, use-after-free in Browser Switcher, data leak in Canvas, inappropriate implementation in Autofill, use-after-free in Chrome OS Shell and out of bounds memory access in WebXR.”

Most Hood Plants Up After Cyber 'Event,' Schools Concerned [iophk: Windows TCO] Hood is a main dairy supplier in New England. In Peterborough, New Hampshire, the superintendent at the ConVal School District said it will be affected by anticipated milk shortages caused by the cyberattck. Superintendent Kimberly Rizzo Saunders said in a statement Wednesday it has been made aware by its foodservice vendor that “Hood anticipates significant impacts in its ordering and delivery processes throughout the next week.”

Why You Haven’t Heard About the Secret Cyberwar in Ukraine [iophk: Windows TCO] First, some cyberattacks are meant to be visible and, in effect, distract from the stealthier and more dangerous sabotage. On Feb. 15 and 16, Ukrainian banks suffered major denial-of-service attacks, meaning their websites were rendered inaccessible. Western authorities swiftly attributed the attacks to Russia’s intelligence service, and Google is now helping protect 150 websites in Ukraine from such attacks. The Anonymous collective declared cyberwar against the Russian government soon after the attack and obtained a trove of data from a German subsidiary of Rosneft, a major Russian state-owned oil firm. Ukraine’s besieged government has embraced the idea of a crowdsourced I.T. army. But these attacks and the decentralized volunteerism are simply a distraction. In fact, often the most damaging cyberoperations are covert and deniable by design. In the heat of war, it’s harder to keep track of who is conducting what attack on whom, especially when it is advantageous to both victim and perpetrator to keep the details concealed.

Kanye West banned from posting on Instagram for 24 hours Instagram said Thursday it had blocked rapper Kanye West, who now goes by Ye, from using his account for 24 hours for violating the social network's harassment policy amid his acrimonious divorce from reality star Kim Kardashian. The 44-year-old megastar has been in the spotlight for several weeks over his attacks on comedian Pete Davidson, who is dating Kardashian.

Inside the plan to fix America’s never-ending cybersecurity failures [iophk: Windows TCO] The 2021 hack of Colonial Pipeline, the biggest fuel pipeline in the United States, ended with thousands of panicked Americans hoarding gas and a fuel shortage across the eastern seaboard. Basic cybersecurity failures let the hackers in, and then the company made the unilateral decision to pay a $5 million ransom and shut down much of the east coast’s fuel supply without consulting the US government until it was time to clean up the mess.

Leaked ransomware documents show Conti helping Putin from the shadows [iophk: Windows TCO] A cache of 60,000 leaked chat messages and files from the notorious Conti ransomware group provides glimpses of how the criminal gang is well connected within Russia. The documents, reviewed by WIRED and first published online at the end of February by an anonymous Ukrainian cybersecurity researcher who infiltrated the group, show how Conti operates on a daily basis and its crypto ambitions. They likely further reveal how Conti members have connections to the Federal Security Service (FSB) and an acute awareness of the operations of Russia’s government-backed military hackers.

NRA confirms last year’s ransomware attack The National Rifle Association (NRA) has confirmed it was the subject of a ransomware attack that took place last October, according to a report from Gizmodo. In a filing to the Federal Election Commission (FEC), the organization’s political action committee (PAC), explains the NRA experienced a ransomware attack on October 20th, 2021 that brought its “network offline for two weeks.” Since the NRA wasn’t “able to access email or network files until the second week of November,” the NRA failed to report nearly $2,500 worth of donations, which was the reason for the filing.