Language Selection

English French German Italian Portuguese Spanish

Security

Security: Updates, Reproducible Builds, and More

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by CentOS (firefox and thunderbird), Fedora (haproxy, wordpress, and xen), openSUSE (apache2-mod_auth_openidc, fail2ban, ghostscript, haserl, libcroco, nextcloud, and wireshark), Oracle (kernel and kernel-container), Slackware (httpd), SUSE (crmsh, gtk-vnc, libcroco, Mesa, postgresql12, postgresql13, and transfig), and Ubuntu (libgcrypt20, linux-gcp, linux-gcp-4.15, linux-hwe-5.4, linux-oem-5.13, python3.4, python3.5, and qtbase-opensource-src).

  • Reproducible Builds (diffoscope): diffoscope 184 released

    The diffoscope maintainers are pleased to announce the release of diffoscope version 184. This version includes the following changes:

    [ Chris Lamb ]
    * Fix the semantic comparison of R's .rdb files after a refactoring of
      temporary directory handling in a previous version.
    * Support a newer format version of R's .rds files.
    * Update tests for OCaml 4.12. (Closes: reproducible-builds/diffoscope#274)
    * Move diffoscope.versions to diffoscope.tests.utils.versions.
    * Use assert_diff in tests/comparators/test_rdata.py.
    * Reformat various modules with Black.
    
    [ Zbigniew Jędrzejewski-Szmek ]
    * Stop using the deprecated distutils module by adding a version
      comparison class based on the RPM version rules.
    * Update invocations of llvm-objdump for the latest version of LLVM.
    * Adjust a test with one-byte text file for file(1) version 5.40.
    * Improve the parsing of the version of OpenSSH.
    
    [ Benjamin Peterson ]
    * Add a --diff-context option to control the unified diff context size.
      (reproducible-builds/diffoscope!88)
      

  • This Week In Security: Office 0-day, ForcedEntry, ProtonMail, And OMIGOD | Hackaday

    A particularly nasty 0-day was discovered in the wild, CVE-2021-40444, a flaw in how Microsoft’s MSHTML engine handled Office documents. Not all of the details are clear yet, but the result is that opening a office document can trigger a remote code execution. It gets worse, though, because the exploit can work when simply previewing a file in Explorer, making this a potential 0-click exploit. So far the attack has been used against specific targets, but a POC has been published.

    It appears that there are multiple tricks that should be discrete CVEs behind the exploit. First, a simple invocation of mshtml:http in an Office document triggers the download and processing of that URL via the Trident engine, AKA our old friend IE. The real juicy problem is that in Trident, an iframe can be constructed with a .cpl URI pointing at an inf or dll file, and that gets executed without any prompt. This is demonstrated here by [Will Dormann]. A patch was included with this month’s roundup of fixes for Patch Tuesday, so make sure to update.

Security and FUD Leftovers

Filed under
Security
  • Security updates for Thursday [LWN.net]

    Security updates have been issued by Debian (sssd), Fedora (libtpms and vim), openSUSE (kernel and php7-pear), Oracle (kernel), Slackware (curl), and Ubuntu (libgcrypt20 and squashfs-tools).

  • Travis CI flaw exposed secrets of thousands of open source projects [Ed: Hidden cost of bloat, but Microsoft-funded Ars 'Tech'nica spins this as an "Open Source" problem]

    A security flaw in Travis CI potentially exposed the secrets of thousands of open source projects that rely on the hosted continuous integration service. Travis CI is a software-testing solution used by over 900,000 open source projects and 600,000 users. A vulnerability in the tool made it possible for secure environment variables—signing keys, access credentials, and API tokens of all public open source projects—to be exfiltrated.

  • Travis CI flaw exposed secrets of thousands of open source projects (ars technica) [LWN.net]

    Any project storing secrets in this service would be well advised to replace them.

  • The long-term consequences of maintainers’ actions – Ariadne's Space

    OpenSSL 3 has entered Alpine, and we have been switching software to use it over the past week. While OpenSSL 1.1 is not going anywhere any time soon, it will eventually leave the distribution, once it no longer has any dependents. I mostly bring this up because it highlights a few examples of maintainers not thinking about the big picture, let me explain.

    First, the good news: in distribution-wide rebuilds, we already know that the overwhelming majority of packages in Alpine build just fine with OpenSSL 3, when individually built against it. Roughly 85% of main builds just fine with OpenSSL 3, and 89% of community builds with it. The rebuild effort is off to a good start.

    Major upgrades to OpenSSL are not without their fallout, however. In many cases, we cannot upgrade packages to use OpenSSL 3 because they have dependencies which themselves cannot yet be built with OpenSSL 3. So, that 15% of main ultimately translates to 30-40% of main once you take into account dependencies like curl, which builds just fine with OpenSSL 3, but has hundreds of dependents, some of which don’t.

    A major example of this is mariadb. It has been known that OpenSSL 3 was on the horizon for over 4 years now, and that the OpenSSL 3 release would remove support for the classical OpenSSL programming approach of touching random internals. However, they are just now beginning to update their OpenSSL support to use the modern APIs. Because of this, we wound up having to downgrade dozens of packages which would otherwise have supported OpenSSL 3 just fine, because the maintainers of those packages did their part and followed the OpenSSL deprecation warnings as they showed up in OpenSSL releases. MariaDB is a highly profitable company, who do business with the overwhelming majority of the Fortune 500 companies. But yet, when OpenSSL 3 releases started to be cut, they weren’t ready, and despite having years of warning they’re still not, which accordingly limits what packages can get the OpenSSL 3 upgrade as a result.

  • Level up your digital security hygiene! Cybersec Charcha #5

    By popular demand from our staff and community members, this edition of cybersec charcha will explore the basic digital security hygiene practices everyone should follow and how they protect your information from falling into the wrong hands.

    As attacks like Pegasus gain more limelight and become part of public knowledge, many of us feel that there is nothing we can do to protect ourselves. And currently, this stands true for sophisticated attacks like Pegasus. However, it’s important to remain cognizant that every time someone’s data is compromised, it’s not because they were targeted with a military grade spyware. It’s crucial for us to be aware of our personal threat levels. This threat level can be determined through a process called Threat Modelling.

  • Microsoft Releases Security Update for Azure Linux Open Management Infrastructure [Ed: This is how CISA covers Microsoft 'bug doors' inside Linux]

    Microsoft has released an update to address a remote code execution vulnerability in Azure Linux Open Management Infrastructure (OMI). An attacker could use this vulnerability to take control of an affected system.

  • Drupal Releases Multiple Security Updates

    Drupal has released security updates to address multiple vulnerabilities affecting Drupal 8.9, 9.1, and 9.2. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • New Go malware Capoae targets WordPress installs, Linux systems [Ed: Charlatans and frauds at ZDNet now try to blame some malware that targets WordPress on "Linux" and on the programming language the malware is written in (Go); this isn't journalism and it's even lower than tabloid level. Part of a trend. Imagine ZDNet blaming Photoshop holes on Windows and on C++ (if some malware is coded in that language).]
  • Democracy Now: NSO Group Spies Secretly Seized Control of Apple Devices by Exploiting Flaw in Code - The Citizen Lab

    Ron Deibert joined Democracy Now to discuss how Citizen Lab research of a zero-click zero-day exploit—used by NSO Group—led Apple to issue a patch to over 1.65 billion products.

  • Theory confirmed: Lumen Black Lotus Labs discovers Linux executable files have been deployed as stealth Windows loaders [Ed: WSL was always a security joke; it's compromised, totally controlled by Microsoft, and only a fool would call that "Linux"]
  • Theory confirmed: Lumen Black Lotus Labs discovers Linux executable files have been deployed as stealth Windows loaders [Ed: They've paid to spread this misleading thing which conflates WSL with "Linux"]
  • ACSC Releases Annual Cyber Threat Report

    The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber security threats and trends for the 2020–21 financial year.

    The report lists the exploitation of the pandemic environment, the disruption of essential services and critical infrastructure, ransomware, the rapid exploitation of security vulnerabilities, and the compromise of business email as last year’s most significant threats.

Proprietary Software and Security Leftovers

Filed under
Security
  • Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs [Ed: Microsoft installing back doors in GNU/Linux]

    Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.

    The list of flaws, collectively called OMIGOD by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services...

  • Malicious Linux version of Cobalt Strike hacking tool found [Ed: It is more about Windows than "Linux"]
  • “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution

    Supply chain cyberattacks have disrupted everyday life and dominated headlines this year. One of the biggest challenges in preventing them is that our digital supply chain is not transparent. If you don’t know what’s hidden in the services and products you use every day, how can you manage the risk?

    Wiz’s research team recently discovered a series of alarming vulnerabilities that highlight the supply chain risk of open source code, particularly for customers of cloud computing services.

    The source of the problem is a ubiquitous but little-known software agent called Open Management Infrastructure (OMI) that’s embedded in many popular Azure services.

  • Customer Care Giant TTEC Hit By Ransomware

    TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

  • Forced Entry: NSO Group Spies Secretly Seized Control of Apple Devices by Exploiting Flaw in Code

    Apple has released an emergency software update to fix a security flaw in its iPhones and other products researchers found was being exploited by the Israeli-based NSO Group to infect the devices with its Pegasus spyware. The security exploit exposes “widespread abuse that we have associated with NSO Group and other companies like it,” says Ronald Deibert, director of the University of Toronto’s Citizen Lab, which discovered the security flaw. “This is … the most important crisis around global civil society right now.” Over 1.65 billion Apple products in use around the globe have been vulnerable to the spyware since at least March.

  • General promises 'surge' to fight ransomware attacks [iophk: Windows TCO]

    Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the mounting ransomware attacks on critical U.S. organizations.

  • General promises US ‘surge’ against foreign cyberattacks [iophk: Windows TCO]

    In an interview Tuesday with The Associated Press, Gen. Paul Nakasone broadly described “an intense focus” by government specialists to better find and share information about cyberattacks and “impose costs when necessary.” Those costs include publicly linking adversarial countries to high-profile attacks and exposing the means by which those attacks were carried out, he said.

Security Leftovers

Filed under
Security
  • Security updates for Wednesday

    Security updates have been issued by Arch Linux (chromium, element-desktop, element-web, firefox, ghostscript, and hedgedoc), Fedora (kernel and openssl), openSUSE (ghostscript, htmldoc, and openssl-1_0_0), Oracle (libtirpc), Red Hat (cyrus-imapd, kernel, and kernel-rt), SUSE (ghostscript), and Ubuntu (apport, curl, and squashfs-tools).

  • Cybercriminals recreate Cobalt Strike in Linux [Ed: The media hardly talked about it until the likes of ZDNet could say "Linux"]
  • The SSID Stripping Vulnerability: When You Don’t See What You Get

    AirEye’s research team in collaboration with the Computer Science faculty at the Technion – Israel Institute of Technology have found a vulnerability, dubbed SSID Stripping, which causes a network name – aka SSID – to appear differently in the device’s “List of Networks” than its actual network name.

  • PureBoot Security Flaw for Librem 14 Patched – Purism

    PureBoot is our high-security boot firmware we offer on our Librem computers. In combination with a Librem Key, PureBoot allows you to detect tampering in the boot firmware itself, and in your OS’s kernel and other boot files.

    It detects tampering first by sending measurements of the boot firmware as it boots (containing among other things a trusted GPG keyring corresponding to keys on your Librem Key) at boot time to the computer’s TPM, and if the measurements match, the TPM releases a shared secret that PureBoot converts to a 6-digit HOTP code and sends to the Librem Key. If the code matches what the Librem Key itself generated, the Librem Key blinks green, letting you know the firmware can be trusted. If it doesn’t match, the Librem Key will blink a steady red LED indefinitely, warning you the firmware might be tampered with.

Proprietary Software Security

Filed under
Microsoft
Mac
Security
  • OMIGOD: Azure users running Linux VMs need to update now [Ed: They need to abandon Microsoft Azure and get reprimanded by the employer for ever choosing this NSA company as a host in the first place]
  • Microsoft September 2021 Patch Tuesday: Remote code execution flaws in MSHTML, OMI fixed
  • Microsoft Patch Tuesday, September 2021 Edition

    Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.

  • Apple Patches Up Devices In Response To The Exposure Of Yet Another NSO Group Exploit

    Israeli digital arms merchant NSO Group continues to sell its malware to a wide variety of governments. The governments it sells to, which includes a bunch of notorious human rights abusers, continue to use these exploits to target dissidents, activists, journalists, religious leaders, and political opponents. And the manufacturers of the devices exploited by governments to harm people these governments don't like (NSO says "criminals and terrorists," long-term customers say "eh, whoever") continue to patch things up so these exploits no longer work.

  • It's not just you: Emergency software patches are on the rise

    Researchers raised the alarm Monday about a big one: The Israeli spyware company NSO Group, which sells programs for governments to remotely take over people’s smartphones and computers, had figured out a new way into practically any Apple device by sending a fake GIF through iMessage. The only way to guard against it is to install Apple’s emergency software update.

  • Apple Rushes Out Emergency Update to Stop ‘No Click’ Spyware

    The flaw, disclosed Monday by Citizen Lab, allowed a hacker using NSO’s Pegasus malware to gain access to a device owned by an unnamed Saudi activist, according to security researchers. Apple said the flaw could be exploited if a user on a vulnerable device received a “maliciously crafted” PDF file.

Security and Proprietary Software Leftovers

Filed under
Security
  • SSID Stripping flaw lets hackers mimic real wireless access points

    Simply put: Unsuspecting users can be tricked users into connecting to WiFi spots setup by hackers. This would not only exposed users to data theft but access their personal information on their device – That’s why the vulnerability has been dubbed SSID stripping.

  • Adobe Releases Security Updates for Multiple Products | CISA

    Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Lenovo ships scareware to “correct” Windows problems for $30 a year and sells expensive antivirus. Many issues could be solved by running cleanmgr and a free antivirus. – BaronHK's Rants

    Lenovo has been caught doing some shady things before, from installing the Superfish malware, to the infamous BIOS that took a Windows “security feature” and used it to keep reinstalling crapware no matter how many times the user deleted it, to blocking the installation of GNU/Linux operating systems in 2016, forcing me to take my case to the Attorney General of Illinois. Lisa Madigan, at the time.

    To my surprise, her office opened an antitrust investigation and as soon as Lenovo and Microsoft heard the gears turning, they threw the transmission into full reverse and backtracked with a BIOS repair. But Microsoft and Lenovo are like the Shadows and their Dark Servants in Babylon 5. Every time they were defeated, they’d scatter their remaining forces, sleep for a while, and come up with a new strategy to slowly lick their wounds and then try to start problems all over again.

    For Lenovo’s part, even though they’ve been smacked down by court proceedings and bad publicity, they have no idea when to stop trying to chase down a user for a quick buck after they’ve already bought an expensive computer. And Microsoft is obviously happy with what any decent company would consider slander, because Lenovo is selling “snake oil” subscriptions that essentially cost $30 a year to empty your recycle bin.

  • Secure JSONification?

    There was an interesting discussion on IRC today. In brief, it was about exposing one’s database structures over API and security implications of this approach. I’d recommend reading the whole thing because Altreus delivers a good (and somewhat emotional) point on why such practice is most definitely bad design decision. Despite having minor objections, I generally agree to him.

    But I’m not wearing out my keyboard on this post just to share that discussion. There was something in it what made me feel as if I miss something. And it came to me a bit later, when I was done with my payjob and got a bit more spare resources for the brain to utilize.

    First of all, a bell rang when a hash was mentioned as the mediator between a database and API return value. I’m somewhat wary about using hashes as return values primarily for a reason of performance price and concurrency unsafety.

Security Leftovers

Filed under
Security
  • What I learned from Russian students: logging is important | Random thoughts of Peter 'CzP' Czanik

    I checked the logfiles of the servers I managed occasionally, but mostly only to check if the hard drives were showing any signs of failure. While browsing the logs for hard drive errors, I came across some suspicious login messages. Logins from previously not seen unknown IP addresses. I knew that the addresses were from campus, so I asked around. It turned out, that they belonged to the Russian students laboratory. And talking to the user it turned out, that he was unaware that his account was used also by someone else.

    The exact order of events is a kind of blurry, it was a quarter of a century ago. I started to check log messages not just for hard drive problems but also for security related events. I could see more and more logins from the Russian students laboratory. It was a kind of cat and mouse game, I was trying to keep unauthorized users out of the system.

  • Security updates for Tuesday

    Security updates have been issued by openSUSE (libaom and nextcloud), Oracle (cyrus-imapd, firefox, and thunderbird), Red Hat (kernel and kpatch-patch), Scientific Linux (firefox and thunderbird), and Ubuntu (apport).

  • Ubuntu Livepatch on-prem reduces downtime and unplanned work on enterprise environments!

    Canonical announces Ubuntu Livepatch on-prem, an enhancement to its Ubuntu Livepatch service enabling organisations to take control of their kernel livepatching policy. Designed for complex enterprise environments that follow their own patch rollout policy, Ubuntu Livepatch on-prem provides the basis for an efficient but fine-tuned continuous vulnerability management on private, hybrid, or public clouds. It provides a functional and productive experience to system administrators, or IT operations teams. The announcement represents the next phase in the Ubuntu Livepatch service targeting enterprise environments as organisations around the world adopt cybersecurity frameworks and requirements to tackle a constantly changing threat landscape.

  • Hackers develop Linux port of Cobalt Strike for new attacks | IT PRO

    The tool has been developed from scratch to avoid detection from malware scanners.

    According to a report published by cloud security firm Intezer Labs, researchers last month discovered a fully undetected ELF implementation of Cobalt Strike’s beacon. The malware used Cobalt Strike’s Command and Control (C2) protocol when communicating to its C2 server and has remote access capabilities such as uploading files, running shell commands, and writing to files.

    Cobalt Strike is a legitimate penetration testing tool used by security teams to discover vulnerabilities within their organization.

    Researchers warned that the malware is completely undetected in VirusTotal and was uploaded from Malaysia. Intezer researchers Avigayil Mechtinger, Ryan Robinson and Joakim Kennedy said that this Linux threat has been active in the wild since August, predominantly targeting telecom companies, government agencies, IT companies, financial institutions, and advisory companies around the world.

Security Leftovers

Filed under
Security
  • Time is running out for CentOS 8

    It came as a shock when RedHat announced that CentOS 8 support would end this year. Organisations who thought they had eight years to plan for its replacement now have less than four months.

  • Hacker-made Linux Cobalt Strike beacon used in ongoing attacks

    An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide.

    [...]

    However, Cobalt Strike has always had a weakness — it only supports Windows devices and does not include Linux beacons.

  • Hackers port Cobalt Strike attack tool to Linux [Ed: Do malicious tools only become "news" when you can badmouth "Linux" somehow? And that says nothing about how such tools get there in the first place? Windows has back doors.]

    Security experts say the Cobalt Strike Beacon tool has been adapted by hackers to work against Linux machines.

    Designed for use by penetration testers and other security professionals, Beacon is the automated attack component of the $3,500 per-year Cobalt Strike security testing suite that enables attacks like keylogging and file theft. Because it is so effective at automatically compromising machines, the software has also become effective with cybercriminals looking to remotely break into a network.

  • NSO Group iMessage Zero-Click Exploit Captured in the Wild

    In March 2021, we examined the phone of a Saudi activist who has chosen to remain anonymous, and determined that they had been hacked with NSO Group’s Pegasus spyware. During the course of the analysis we obtained an iTunes backup of the device.

  • Apple Releases Security Updates, iOS 14.8 and iPadOS 14.8

    Apple has released security updates to address vulnerabilities—CVE-2021-30860, CVE-2021-30858—in iOS and iPadOS. An attacker could exploit these vulnerabilities to take control of an affected device. CISA is aware of public reporting that these vulnerabilities may have been exploited in the wild.

Security Leftovers

Filed under
Security

You Can Still Get Ubuntu 16.04 Security Updates, Here’s How

Filed under
Security
Ubuntu

I didn’t, not until today when a reader mailed in to tell me that Canonical offers free Ubuntu Advantage for Infrastructure accounts for personal use on up-to 3 machines (active Ubuntu members can use it on up to 50 machines).

A gratis Ubuntu Advantage for Infrastructure account includes a couple of things but the most notable is …Extended Security Maintenance (ESM) for EOL releases.

Read more

Syndicate content

More in Tux Machines

Programming Leftovers

  • Announcement : An AArch64 (Arm64) Darwin port is planned for GCC12

    As many of you know, Apple has now released an AArch64-based version of macOS and desktop/laptop platforms using the ‘M1’ chip to support it. This is in addition to the existing iOS mobile platforms (but shares some of their constraints). There is considerable interest in the user-base for a GCC port (starting with https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96168) - and, of great kudos to the gfortran team, one of the main drivers is folks using Fortran. Fortunately, I was able to obtain access to one of the DTKs, courtesy of the OSS folks, and using that managed to draft an initial attempt at the port last year (however, nowhere near ready for presentation in GCC11). Nevertheless (as an aside) despite being a prototype, the port is in use with many via hombrew, macports or self-builds - which has shaken out some of the fixable bugs. The work done in the prototype identified three issues that could not be coded around without work on generic parts of the compiler. I am very happy to say that two of our colleagues, Andrew Burgess and Maxim Blinov (both from embecosm) have joined me in drafting a postable version of the port and we are seeking sponsorship to finish this in the GCC12 timeframe. Maxim has a lightning talk on the GNU tools track at LPC (right after the steering committee session) that will focus on the two generic issues that we’re tackling (1 and 2 below). Here is a short summary of the issues and proposed solutions (detailed discussion of any of the parts below would better be in new threads).

  • Apple Silicon / M1 Port Planned For GCC 12 - Phoronix

    Developers are hoping for next year's GCC 12 release they will have Apple AArch64 support on Darwin in place for being able to support Apple Silicon -- initially the M1 SoC -- on macOS with GCC. LLVM/Clang has long been supporting AArch64 on macOS given that Apple leverages LLVM/Clang as part of their official Xcode toolchain as the basis for their compiler across macOS to iOS and other products. While the GNU Compiler Collection (GCC) supports AArch64 and macOS/Darwin, it hasn't supported the two of them together but there is a port in progress to change it.

  • Dirk Eddelbuettel: tidyCpp 0.0.5 on CRAN: More Protect’ion

    Another small release of the tidyCpp package arrived on CRAN overnight. The packages offers a clean C++ layer (as well as one small C++ helper class) on top of the C API for R which aims to make use of this robust (if awkward) C API a little easier and more consistent. See the vignette for motivating examples. The Protect class now uses the default methods for copy and move constructors and assignment allowing for wide use of the class. The small NumVec class now uses it for its data member.

  • QML Modules in Qt 6.2

    With Qt 6.2 there is, for the first time, a comprehensive build system API that allows you to specify a QML module as a complete, encapsulated unit. This is a significant improvement, but as the concept of QML modules was rather under-developed in Qt 5, even seasoned QML developers might now ask "What exactly is a QML module". In our previous post we have scratched the surface by introducing the CMake API used to define them. We'll take a closer look in this post.

  • Santiago Zarate: So you want to recover and old git branch because it has been overwritten?
  • Start using YAML now | Opensource.com

    YAML (YAML Ain't Markup Language) is a human-readable data serialization language. Its syntax is simple and human-readable. It does not contain quotation marks, opening and closing tags, or braces. It does not contain anything which might make it harder for humans to parse nesting rules. You can scan your YAML document and immediately know what's going on. [...] At this point, you know enough YAML to get started. You can play around with the online YAML parser to test yourself. If you work with YAML daily, then this handy cheatsheet will be helpful.

  • 40 C programming examples

    C programming language is one of the popular programming languages for novice programmers. It is a structured programming language that was mainly developed for UNIX operating system. It supports different types of operating systems, and it is very easy to learn. 40 useful C programming examples have been shown in this tutorial for the users who want to learn C programming from the beginning.

Devices/Embedded: Asus Tinker Board 2 and More

  • Asus Tinker Board 2 single-board computer now available for $94 and up - Liliputing

    The Asus Tinker Board 2 is a Raspberry Pi-shaped single-board computer powered by a Rockchip RK3399 hexa-core processor and featuring 2GB to 4GB of RAM. First announced almost a year ago, the Tinker Board 2 is finally available for $99 and up. Asus also offers a Tinker Board 2S model that’s pretty similar except that it has 16GB of eMMC storage. Prices for that model start at about $120.

  • Raspberry Pi Weekly Issue #371 - Sir Clive Sinclair, 1940 – 2021

    This week ended with the incredibly sad news of the passing of Sir Clive Sinclair. He was one of the founding fathers of home computing and got many of us at Raspberry Pi hooked on programming as kids. Join us in sharing your Sinclair computing memories with us on Twitter and our blog, and we’ll see you next week.

  • cuplTag battery-powered NFC tag logs temperature and humidity (Crowdfunding) - CNX Software

    Temperature and humidity sensors would normally connect to a gateway sending data to the cloud, the coin-cell battery-powered cuplTag NFC tag instead sends data to your smartphone after a tap. CulpTag is controlled by an MSP430 16-bit microcontroller from Texas Instruments which reads and stores sensor data regularly into an EEPROM, and the data can then be read over NFC with the tag returning an URL with the data from the sensor and battery, then display everything on the phone’s web browser (no app needed).

  • A first look at Microchip PolarFire SoC FPGA Icicle RISC-V development board - CNX Software

    Formally launched on Crowd Supply a little over a year ago, Microchip PolarFire SoC FPGA Icicle (codenamed MPFS-ICICLE-KIT-ES) was one of the first Linux & FreeBSD capable RISC-V development boards. The system is equipped with PolarFire SoC FPGA comprised a RISC-V CPU subsystem with four 64-bit RISC-V (RV64GC) application cores, one 64-bit RISC-V real-time core (RV64IMAC), as well as FPGA fabric. Backers of the board have been able to play with it for several months ago, but Microchip is now sending the board to more people for evaluation/review, and I got one of my own to experiment with. That’s good to have a higher-end development board instead of the usual hobbyist-grade board. Today, I’ll just have a look at the kit content and main components on the board before playing with Linux and FPGA development tools in an upcoming or two posts.

  • What is IoT device management?

    Smart devices are everywhere around us. We carry one in our pocket, watch movies on another while a third cooks us dinner. Every day there are thousands of new devices connecting to the Internet. Research shows that by 2025, more than 150,000 IoT devices will come online every minute. With such vast numbers it is impossible to keep everything in working order just on your own. This brings the need for IoT device management. But what is IoT device management? To answer this question we first need to understand what the Internet of Things (IoT) is.

  • Beelink U59 mini PC with Intel Celeron N5095 Jasper Lake coming soon - Liliputing

    Beelink says the system ships with Windows 10, but it should also supports Linux.

  • Beelink U59 Celeron N5095 Jasper Lake mini PC to ship with 16GB RAM, 512GB SSD - CNX Software

    Beelink U59 is an upcoming Jasper Lake mini PC based on the Intel Celeron N5095 15W quad-core processor that will ship with up to 16GB RAM, and 512 GB M.2 SSD storage. The mini PC will also offer two 4K HDMI 2.0 ports, a Gigabit Ethernet port, WiFi 5, as well as four USB 3.0 ports, and support for 2.5-inch SATA drives up to 7mm thick.

Graphics: Mesa, KWinFT, and RADV

  • Experimenting Is Underway For Rust Code Within Mesa - Phoronix

    Longtime Mesa developer Karol Herbst who has worked extensively on the open-source NVIDIA "Nouveau" driver as well as the OpenCL/compute stack while being employed by Red Hat is now toying with the idea of Rust code inside Mesa.  Karol Herbst has begun investigating how Rust code, which is known for its memory safety and concurrency benefits, could be used within Mesa. Ultimately he's evaluating how Rust could be used inside Mesa as an API implementation as well as for leveraging existing Mesa code by Rust. 

  •     
  • KWinFT Continues Working On WLROOTS Render, Library Split

    KWinFT as a fork of KDE's KWin X11/Wayland compositor code continues making progress on driving fundamental display improvements and ironing out the Wayland support.  KWinFT has been transitioning to use WLROOTS for its Wayland heavy-lifting and that process remains ongoing. KWinFT has also been working on splitting up its library code to make it more manageable and robust.  Among the features still desired by KWinFT and to be worked on include input methods, graphical tablet support, and PipeWire video stream integration. Currently there are two full-time developers working on the project but they hope to scale up to four to five full-time developers. 

  • Raytracing Starting to Come Together – Bas Nieuwenhuizen – Open Source GPU Drivers

    I am back with another status update on raytracing in RADV. And the good news is that things are finally starting to come together. After ~9 months of on and off work we’re now having games working with raytracing.

  • Multiple Games Are Now Working With RADV's Ray-Tracing Code - Phoronix

    Not only is Intel progressing with its open-source ray-tracing driver support but the Mesa Radeon Vulkan driver "RADV" has been rounding out its RT code too and now has multiple games correctly rendering. Bas Nieuwenhuizen has been spearheading the RADV work on Vulkan ray-tracing support and after more than a half-year tackling it things are starting to fall into place nicely.Games such as Quake II RTX with native Vulkan ray-tracing are working along with the game control via VKD3D-Proton for going from Direct3D 12 DXR to Vulkan RT. Metro Exodus is also working while Ghostrunner and Doom Eternal are two games tested that are not yet working.

Audiocasts/Shows: Full Circle Weekly News, Juno Computers, Kali Linux 2021.3