Language Selection

English French German Italian Portuguese Spanish

Security: Updates, WordPress 5.1.1 in Debian, Threats in Devices and Facebook Downtime

Filed under
Security
  • Security updates for Thursday
  • WordPress 5.1.1

    The Debian packages for WordPress version 5.1.1 are being updated as I write this. This is a security fix for WordPress that stops comments causing a cross-site scripting bug. It’s an important one to update.

  • 25 Most Common IoT Security Threats in an Increasingly Connected World

    The Internet of Things (IoT) is growing rapidly. IoT is the connectivity of devices over the internet. It’s like a social network or an email service, but instead of connecting people, IoT actually connects smart devices which include, but not limited to your computers, smartphones, smart home appliances, automation tools, and more.

    However, similar to all types of technologies out there, IoT is a double-edged sword as well. It has its upsides, but there are serious threats that accompany this technology. As manufacturers are racing against each other to bring the latest device in the market, not many of them are thinking about the security issues associated with their IoT devices.

  • Facebook Suffers Global Outage, Claims DDoS Not the Cause

    Facebook users around the world had a singular question for much of March 13: Is Facebook down?

    As it turns out, the global social media giant and its related Instagram and WhatsApp services were in fact unavailable and down for much of the day. Some service was restored by March 14, though full global availability across all Facebook services is still intermittent. With Facebook down, the company ironically had to resort to using rival social media service Twitter to keep many of its users informed.

    "We’re aware that some people are currently having trouble accessing the Facebook family of apps," Facebook wrote in a Twitter message. "We’re working to resolve the issue as soon as possible."

    Facebook also provided minimal updates via its platform status dashboard for developers, with the first indication of trouble reported at 10:32 a.m. PT on March 13.

    "We are currently experiencing issues that may cause some API requests to take longer or fail unexpectedly," the status page reports. "We are investigating the issue and working on a resolution."

More in Tux Machines

Debian: CUPS, LTS and Archival

  • Praise Be CUPS Driverless Printing

    Last Tuesday, I finally got to start updating $work's many desktop computers to Debian Buster. I use Puppet to manage them remotely, so major upgrades basically mean reinstalling machines from scratch and running Puppet. Over the years, the main upgrade hurdle has always been making our very large and very complicated printers work on Debian. Unsurprisingly, the blog posts I have written on that topic are very popular and get me a few 'thank you' emails per month. I'm very happy to say, thanks to CUPS Driverless Printing (CUPS 2.2.2+), all those trials and tribulations are finally over. Printing on Buster just works. Yes yes, even color booklets printed on 11x17 paper folded in 3 stapled in the middle.

  • Freexian’s report about Debian Long Term Support, August 2019

    Like each month, here comes a report about the work of paid contributors to Debian LTS.

  • Louis-Philippe Véronneau: Archiving 20 years of online content

    mailman2 is pretty great. You can get a dump of an email list pretty easily and mailman3's web frontend, the lovely hyperkitty, is well, lovely. Importing a legacy mailman2 mbox went without a hitch thanks to the awesome hyperkitty_import importer. Kudos to the Debian Mailman Team for packaging this in Debian for us. But what about cramming a Yahoo! Group mailing list in hyperkitty? I wouldn't recommend it. After way too many hours spent battling character encoding errors I just decided people that wanted to read obscure emails from 2003 would have to deal with broken accents and shit. But hey, it kinda works! Oh, and yes, archiving a Yahoo! Group with an old borken Perl script wasn't an easy task. Hell, I kept getting blacklisted by Yahoo! for scraping too much data to their liking. I ended up patching together the results of multiple runs over a few weeks to get the full mbox and attachments. By the way, if anyone knows how to tell hyperkitty to stop at a certain year (i.e. not display links for 2019 when the list stopped in 2006), please ping me.

Running The AMD "ABBA" Ryzen 3000 Boost Fix Under Linux With 140 Tests

Last week AMD's AGESA "ABBA" update began shipping with a fix to how the boost clock frequencies are handled in hopes of better achieving the rated boost frequencies for Ryzen 3000 series processors. I've been running some tests of an updated ASUS BIOS with this adjusted boost clock behavior to see how it performs under Linux with a Ryzen 9 3900X processor. The AGESA 1.0.0.3 ABBA update has an improved boost clock frequency algorithm along with changes to the idle state handling. This AGESA update should better position AMD Ryzen 3000 processors with the boost clock behavior expected by users with better hitting the maximum boost frequency and doing so more aggressively. Read more

Stable kernels 5.2.16, 4.19.74, and 4.14.145

  • Linux 5.2.16
    I'm announcing the release of the 5.2.16 kernel. All users of the 5.2 kernel series must upgrade. The updated 5.2.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.2.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-s...
  • Linux 4.19.74
  • Linux 4.14.145

Linux Container Technology Explained (Contributed)

State and local governments’ IT departments increasingly rely on DevOps practices and agile development methodologies to improve service delivery and to help maintain a culture of constant collaboration, iteration, and flexibility among all stakeholders and teams. However, when an IT department adopts agile and DevOps practices and methodologies, traditional IT problems still need to be solved. One long-standing problem is “environmental drift,” when the code and configurations for applications and their underlying infrastructure can vary between different environments. State and local IT teams often lack the tools necessary to mitigate the effects of environmental drift, which can hamper collaboration and agility efforts. Read more