Programming Leftovers

• Perl question?

  A few days ago, I received an email from someone who appears to be Perl hacker and asked me a question.

• How to host git repos

  In honor of World Give Up GitHub day, here’s a quick guide to how to serve up your own git repos.

• Toolchains adventures - Q2 2022

  For each of these changes, we need to dig into version control history to find why they were needed in the first place, verify if they are still needed, and if so potentially rework them to meet upstream coding standards. This requires an understanding of the problem domain to be able to explain the rationale behind the changes while submitting patches and writing relevant commit messages.

  While some of those patches are NetBSD specific, we still need to ensure we are not breaking other operating systems. Ultimately, vanilla binutils should be able to produce working binaries on NetBSD without requiring any local patches. Once this goal is reached, we need to ensure it keeps building, investigate test suite failures, and setup buildbots for continuous builds on key architectures.

• Flexible I/O: Worked examples

  Discussion: This configuration provides a decent all-around compromise between complexity and performance. Torque control is available and velocity control is good outside of ultra-slow regimes. The position is absolutely known to within one rotation of the rotor, across power cycles.

Proprietary Software Leftovers

• The SessionManager IIS backdoor

  In early 2022, we investigated one such IIS backdoor: SessionManager. In late April 2022, most of the samples we identified were still not flagged as malicious in a popular online file scanning service, and SessionManager was still deployed in over 20 organizations.

  SessionManager has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East, starting from at least March 2021. Because of the similar victims, and use of a common OwlProxy variant, we believe the malicious IIS module may have been leveraged by the GELSEMIUM threat actor, as part of espionage operations.

• This copilot is stupid and wants to kill me

  This week, Microsoft released an AI-based tool for writing soft­ware called Git­Hub Copilot. As a lawyer and 20+ year partic­i­pant in the world of open-source soft­ware, I agree with those who consider Copilot to be primarily an engine for violating open-source licenses.

• A New, Remarkably Sophisticated Malware Is Attacking Routers

  The campaign comprises at least four pieces of malware, three of them written from scratch by the threat actor. The first piece is the MIPS-based ZuoRAT, which closely resembles the Mirai internet-of-things malware that achieved record-breaking distributed denial-of-service attacks that crippled some Internet services for days. ZuoRAT often gets installed by exploiting unpatched vulnerabilities in SOHO devices.

  Once installed, ZuoRAT enumerates the devices connected to the infected router. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware. Two of those malware pieces—dubbed CBeacon and GoBeacon—are custom-made, with the first written for Windows in C++ and the latter written in Go for cross-compiling on Linux and macOS devices. For flexibility, ZuoRAT can also infect connected devices with the widely used Cobalt Strike [cracking] tool.

The Linux Mint Blog Monthly News - June 2022

Last month we got negative feedback about systemd-oom. After investigating some of the issues we decided not to add it to Linux Mint 21. Home directory encryption continues to be available in the installer. The decision was made to keep os-prober enabled by default to guarantee proper dual-boot detection out of the box. Webp support was added to xviewer and thumbnailers. Blueman 2.3 is in and replaces Blueberry. In rsync mode, Timeshift now calculates the required space for the next snapshot and skips it if performing that snapshot lead to less than 1GB free space on the disk. Also: Linux Mint 21 Is Going To Avoid systemd-oomd

today's howtos

• How to add Windows to the Limine boot menu

• How to Install Snap & Snap-Store on AlmaLinux 9 - LinuxCapable

  By default, AlmaLinux does not come with Snap or Snap Store installed as this is a feature that was built by developed by Canonical as a faster and easier way to get the latest versions of software installed on Ubuntu systems, and Snap packages are installed from a central SNAP server operated by Canonical. Snap can be installed and, for the most part, work with most packages on AlmaLinux-based systems that are currently actively supported. There are a few conflicts with specific packages. The issue with Snaps VS DNF package manager is that Snaps are self-contained, which results in an increased .snap due to having all its dependencies included along with various degrees of slight performance degradation compared to a natively installed application. In contrast, DNF is much lighter than its snap counterpart because it does not need to bundle dependencies. In the following tutorial, you will learn how to install Snapd on AlmaLinux 9 with the terminal and GUI methods with basic tips on how to launch or install/remove packages with Snapcraft.

• How to Install CMake on AlmaLinux 9 - LinuxCapable

  CMake is a well-known compiler that has gained much popularity in recent years. The main reason for its popularity is that it is open-source and cross-platform, so developers can use it on any operating system they want and don’t have to worry about licensing fees. Additionally, CMake can generate wrappers and executables in any combination, making it very versatile. While some compilers are designed for specific tasks, CMake can be used for various projects, making it a popular choice for many developers. In the following tutorial, you will learn how to install CMake on AlmaLinux 9 workstation or server using the command line terminal.

• Install Terraform and the Gaia Web UI on Ubuntu Server 22.04 – The New Stack

  Terraform is an open source Infrastructure as Code (IaC) tool, created by HashiCorp, that allows users to define and provide data center infrastructure with either HashiCorp’s declarative configuration language (known as HashiCorp Configuration Langauge) or JSON. With Terraform you can define both cloud and on-premises resources, using human-readable configuration files that can be versioned, reused, and shared, to create a consistent workflow for provisioning and managing all of your infrastructure. Terraform can be used to manage compute, storage, networking resources, DNS entries, and SaaS features.

• How to Use Rclone on Linux to Backup Files to Google Drive - ByteXD

  Rclone is a command-line utility for managing files in cloud storage in Linux. Using Rclone, users can sync files from a local storage to a cloud storage like Google Drive, Dropbox, OneDrive, etc. Rclone allows users to backup, download, and synchronize files to over 40 different cloud solutions.

• How to integrate ONLYOFFICE Docs with WordPress

  ONLYOFFICE Docs is an open-source office suite which comprises collaborative editors for text documents, spreadsheets, presentations, and forms along with PDF viewer. In this tutorial, we’ll learn how to connect the ONLYOFFICE Docs and WordPress instances using an integration plugin (connector).