Language Selection

English French German Italian Portuguese Spanish

Security

Security Leftovers

Filed under
Security
  • Joker’s Stash Carding Market to Call it Quits

    Joker’s Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.

  • Security updates for Tuesday

    Security updates have been issued by Debian (gst-plugins-bad1.0), Fedora (flatpak), Red Hat (dnsmasq, kernel, kpatch-patch, libpq, linux-firmware, postgresql:10, postgresql:9.6, and thunderbird), SUSE (dnsmasq), and Ubuntu (dnsmasq, htmldoc, log4net, and pillow).

  • Flaws in widely used dnsmasq software leave millions of Linux-based devices exposed [Ed: They mention "Linux" but the issue is not Linux; that's like blaming "Windows" for Photoshop back doors]

    Security researchers have found several serious vulnerabilities in dnsmasq, a utility used in many Linux-based systems, especially routers and other IoT devices, to provide DNS services. Attackers can exploit the flaws to redirect users to rogue websites when trying to access legitimate ones or to execute malicious code on vulnerable devices.

Security Leftovers

Filed under
Security
  • Security updates for Monday

    Security updates have been issued by Arch Linux (atftp, coturn, gitlab, mdbook, mediawiki, nodejs, nodejs-lts-dubnium, nodejs-lts-erbium, nodejs-lts-fermium, nvidia-utils, opensmtpd, php, python-cairosvg, python-pillow, thunderbird, vivaldi, and wavpack), CentOS (firefox and thunderbird), Debian (chromium and snapd), Fedora (chromium, flatpak, glibc, kernel, kernel-headers, nodejs, php, and python-cairosvg), Mageia (bind, caribou, chromium-browser-stable, dom4j, edk2, opensc, p11-kit, policycoreutils, python-lxml, resteasy, sudo, synergy, and unzip), openSUSE (ceph, crmsh, dovecot23, hawk2, kernel, nodejs10, open-iscsi, openldap2, php7, python-jupyter_notebook, slurm_18_08, tcmu-runner, thunderbird, tomcat, viewvc, and vlc), Oracle (dotnet3.1 and thunderbird), Red Hat (postgresql:10, postgresql:12, postgresql:9.6, and xstream), SUSE (ImageMagick, openldap2, slurm, and tcmu-runner), and Ubuntu (icoutils).

  • About CVE-2020-27348

    Well this is a doozey. Made public a while back was a security vulnerability in many Snap Packages and the Snapcraft tool used to create them. Specifically, this is the vulnerability identified as CVE-2020-27348. It unfortunately affects many many snap packages…

    [...]

    The problem arises when the LD_LIBRARY_PATH includes an empty element in its list. When the Dynamic Linker sees an empty element it will look in the current working directory of the process. So if we construct our search paths with an accidental empty element the application inside our Snap Package could be caused to load a shared library from outside the Snap Package’s shipped files. This can lead to an arbitrary code execution.

    It has been common to put a definition of the LD_LIBRARY_PATH variable into a Snap Package’s snapcraft.yaml that references a predefined $LD_LIBRARY_PATH as if to extend it. Unfortunately, despite this being common, it was poorly understood that SnapD ensures that the $LD_LIBRARY_PATH is unset when starting a Snap Package’s applications. What that means is that where the author tried to extend the variable they have inadvertantly inserted the bad empty element. The empty element appears because $LD_LIBRARY_PATH is unset so the shell will expand it to an empty string.

  • Wait, What? Kids Found A Security Flaw in Linux Mint By Mashing Keys!

    Security flaws can be incredibly stupid and dangerous. Of course, I’m not judging anyone, we are humans after all. But this little incident is quite funny.

Security Leftovers

Filed under
Security
  • New coalition aims to combat growing wave of ransomware attacks [iophk: Windows TCO]

    The California-based nonprofit aims to produce recommendations that will help governments and the private sector tackle the scourge of ransomware attacks.

    [Attackers] have increasingly used these types of attacks -- which involve accessing and encrypting the victim’s network and demanding payment to allow access again -- to hit major targets, with city governments in Atlanta, Baltimore and New Orleans severely impaired by ransomware attacks over the past two years.

    More recently, hospitals have become a target during the COVID-19 pandemic, with cyber criminals seeing vulnerable hospitals as easy targets more likely to pay a quick ransom as health care systems struggle to keep up with coronavirus cases. In some instances, the cyberattacks have been blamed for deaths due to delayed care.

  • This tiny shortcut can completely crash your Windows 10 device

    A zero-day exploit has been discovered that can crash your Windows 10 device – and, even more worrying, can be delivered inside a seemingly harmless shortcut file. The vulnerability can corrupt any NTFS-formatted hard drive and even be exploited by standard and low privilege user accounts.

    Security researcher Jonas Lykkegaard referenced the vulnerability on Twitter last week and had previously drawn attention to the issue on two previous occasions last year. Despite this, the NTFS vulnerability remains unpatched.

    There are various ways to trigger the vulnerability that involve trying to access the $i30 NTFS attribute on a folder in a particular way. One such exploit involves the creation of a Windows shortcut file that has its icon location set to C:\:$i30:$bitmap. Bleeping Computer found that this triggered the vulnerability even if users did not attempt to click on the file in question. Windows Explorer’s attempts to access the icon path in the background would be enough to corrupt the NTFS hard drive.

  • This Easily-Exploitable Windows 10 NTFS Bug Can Instantly Corrupt Your Hard Drives

    Jonas says that this Windows 10 bug isn't new and has been around since the release of Windows 10 April 2018 Update, and remains exploitable on the latest versions, as well. BleepingComputer shared that the problematic command includes $i30 string, a Windows NTFS Index Attribute associated with directories.

    [...]

    After running the command, Windows 10 will start displaying prompts to restart the device and repair the corrupted drive. Apparently, the issue also impacts some Windows XP versions and similar NTFS bugs have been known for years but are yet to be addressed by the Windows maker.

  • Nidhi Razdan, Phishing, And Three Hard Lessons

    Nidhi Razdan, a career journalist, became a victim of an elaborate phishing attack that made her quit her 21-year-old job and part with many of her personal details.

  • Windows Finger command abused by phishing to download malware

    Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.

    The 'Finger' command is a utility that originated in Linux/Unix operating systems that allows a local user to retrieve a list of users on a remote machine or information about a particular remote user. In addition to Linux, Windows includes a finger.exe command that performs the same functionality.

Security Auditing Tools For Ubuntu

Filed under
Security

Malware, where aren’t thou found? Well, even our wonderful Ubuntu can be infected. So what can we do about it? Hope and pray we keep our system safe and better yet, audit our systems regularly for malwares and rootkits. There are 4 system auditors for Ubuntu that we will review - lynis, rkhunter, chkrootkit, and clamav.

[...]

Oddly enough, there aren’t many tools to scan for malware out there for Linux. Why? I’m not sure. However, these 4 tools are more than enough to detect malwares, rootkits, and viruses.

Read more

Also: Windows Finger command abused by phishing to download malware

Security Leftovers

Filed under
Security
  • Security updates for Friday

    Security updates have been issued by Debian (flatpak, ruby-redcarpet, and wavpack), Fedora (dia, mingw-openjpeg2, and openjpeg2), Mageia (awstats, bison, cairo, kernel, kernel-linus, krb5, nvidia-current, nvidia390, php, and thunderbird), openSUSE (cobbler, firefox, kernel, libzypp, zypper, nodejs10, nodejs12, and nodejs14), Scientific Linux (thunderbird), Slackware (wavpack), SUSE (kernel, nodejs8, open-iscsi, openldap2, php7, php72, php74, slurm_20_02, and thunderbird), and Ubuntu (ampache and linux, linux-hwe, linux-hwe-5.4, linux-hwe-5.8, linux-lts-xenial).

  • Project Zero: Introducing the In-the-Wild Series

    At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could provide invaluable insight into exploitation techniques and design decisions made by real-world attackers. In addition, we believe there to be a gap in the security community’s ability to detect 0-day exploits.

  • Google series on in-the-wild exploits

    The Google Project Zero blog is carrying a six-part series exploring, in great detail, a set of sophisticated exploits discovered in the wild.

KeePassXC 2.6.3 Released with Argon2id, XML2 Support [PPA]

Filed under
Software
Security

KeePassXC, cross-platform community fork of KeePass password manager, release version 2.6.3 a few days ago with new features and improvements.

KeePassXC 2.6.3 features Argon2id KDF and version 2 XML key files support.

Read more

Another Linux Kernel Vulnerability Was Patched in All Supported Ubuntu Releases

Filed under
Security

Affecting Ubuntu 20.10 (Groovy Gorilla), Ubuntu 20.04 LTS (Focal Fossa), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr), the new security vulnerability (CVE-2020-28374) was discovered in Linux kernel’s LIO SCSI target implementation.

Due to this security issue, the LIO SCSI target implementation failed to perform sufficient identifier checking in certain XCOPY requests, allowing an attacker with access to one or more LUNs in a multiple backstore environment to either expose sensitive information or modify data.

Read more

Security: Patching, Voting and More

Filed under
Security
  • Security updates for Thursday

    Security updates have been issued by Fedora (adplug, audacious-plugins, cpu-x, kernel, kernel-headers, ocp, php, and python-lxml), openSUSE (crmsh, firefox, and hawk2), Oracle (thunderbird), Red Hat (kernel-rt), SUSE (kernel and rubygem-archive-tar-minitar), and Ubuntu (openvswitch and tar).

  • Minimizing cyberattacks by managing the lifecycle of non-human workers

    The number of non-human workers is growing, particularly as global organizations increasingly prioritize cloud computing, DevOps, IoT devices, and other digital transformation initiatives. Yet, organizations frequently only apply access controls to humans (employees, contractors, etc.), despite the risks associated with cyberattacks and data breaches linked to non-human workers and their privileged access to sensitive information.

  • The Mozilla Blog: Why getting voting right is hard, Part IV: Absentee Voting and Vote By Mail

    As with in-person voting, the basic idea behind securing mail-in ballots is to tie each ballot to a specific registered voter and ensure that every voter votes once.

    If we didn’t care about the secrecy of the ballot, the easy solution would be to give every voter a unique identifier (Operationally, it’s somewhat easier to instead give each ballot a unique serial number and then keep a record of which serial numbers correspond to each voter, but these are largely equivalent). Then when the ballots come in, we check that (1) the voter exists and (2) the voter hasn’t voted already. When put together, these checks make it very difficult for an attacker to make their own ballots: if they use non-existent serial numbers, then the ballots will be rejected, and if they use serial numbers that correspond to some other voter’s ballot then they risk being caught if that voter voted. So, from a security perspective, this works reasonably well, but it’s a privacy disaster because it permanently associates a voter’s identity with the contents of their ballots: anyone who has access to the serial number database and the ballots can determine how individual voters voted.

    The solution turns out to be to authenticate the envelopes not the ballots. The way that this works is that each voter is sent a non-unique ballot (i.e., one without a serial number) and then an envelope with a unique serial number. The voter marks their ballot, puts it in the envelope and mails it back. Back at election headquarters, election officials perform the two checks described above. If they fail, then the envelope is sent aside for further processing. If they succeed, then the envelope is emptied — checking that it only contains one ballot — and put into the pile for counting.

    This procedure provides some level of privacy protection: there’s no single piece of paper that has both the voter’s identity and their vote, which is good, but at the time when election officials open the ballot they can see both the voter’s identity and the ballot, which is bad. With some procedural safeguards it’s hard to mount a large scale privacy violation: you’re going to be opening a lot of ballots very quickly and so keeping track of a lot of people is impractical, but an official could, for instance, notice a particular person’s name and see how they voted.1 Some jurisdictions address this with a two envelope system: the voter marks their ballot and puts it in an unmarked “secrecy envelope” which then goes into the marked envelope that has their identity on it. At election headquarters officials check the outer envelope, then open it and put the sealed secrecy envelope in the pile for counting. Later, all of the secrecy envelopes are opened and counted; this procedure breaks the connection between the user’s identity and their ballot.

Security: Microsoft, Mozilla, Tor and More

Filed under
Security
  • Microsoft source code access: assume the worst, says Israeli firm

    The lack of timing and detail in Microsoft's announcement about its source code being accessed by the attackers who used SolarWinds' Orion network management software in a supply chain attack can only mean that this is bad news, the Israel-based source code control, detection, and response solution start-up Cycode, claims.

  • Breaking The Browser – A tale of IPC, credentials and backdoors

    Web browsers are inherently trusted by users. They are trained to trust websites which “have a padlock in the address bar” and that “have the correct name”, This trust leads to users feeling comfortable entering their sensitive data into these websites. From an attackers stand point this trust is an amazing thing, as once you have compromised a users workstation there is a process (with close to zero protections) handling a relatively large amount of sensitive data while being used a great deal by a user. Throw in password managers with browser extensions and you have a natural target for red teams. So naturally when I found myself with some time to spend on a research project, I decided to spend it abusing this trust!

  • New Release: Tor Browser 10.0.8

           

             

    Tor Browser 10.0.8 is now available from the Tor Browser download page and also from our distribution directory.

             

    This release updates Firefox for desktops to 78.6.1esr and Firefox for Android to 84.1.4. This version resolves instability on Apple macOS devices with the new M1 processor.

  • Why getting voting right is hard, Part IV: Absentee Voting and Vote By Mail

    From a technical perspective, absentee ballots and vote-by-mail work the same way; it’s just a matter of which sets of voters vote in person and which don’t. These lines also blur some in that some jurisdictions require a reason to vote absentee whereas some just allow anyone to request an absentee ballot (“no-excuse absentee”). Of course, in a vote-by-mail only jurisdiction then voters don’t need to take any action to get mailed a ballot. For convenience, I’ll mostly be referring to all of these procedures as mail-in ballots.

    As mentioned above, counting mail-in ballots is the same as counting in-person ballots. In fact, in many cases jurisdictions will use the same ballots in each case, so they can just hand count them or run them through the same optical scanner as they would with in-person voted ballots, which simplifies logistics considerably. The major difference between in-person and mail-in voting is the need for different mechanisms to ensure that only authorized voters vote (and that they only vote once). In an in-person system, this is ensured by determining eligibility when voters enter the polling place and then giving each voter a single ballot, but this obviously doesn’t work in the case of mailed-in ballots — it’s way too easy for an attacker to make a pile of fake ballots and just mail them in — so something else is needed.

  • Critical zero-day RCE in Microsoft Office 365 awaits third security patch

    A remote code execution (RCE) vulnerability in Microsoft Exchange Online remains unresolved after security researchers bypassed two patches for successive exploits.
    Rated as critical, the zero-day flaw impacts multiple Software as a Service (SaaS) providers as well as on-premise installations of Exchange Server.
    The bug in Exchange Online, part of the Office 365 suite, could be exploited to gain “access to millions of corporate email accounts”, said Steven Seeley of the Qihoo 360 Vulcan Team in a blog post published yesterday (January 12).

Security: Bugfixes, Short-Sighted Outsourcing, and SolarWinds

Filed under
Security
  • Microsoft Delivers Fixes for 83 Vulnerabilities in January Security Patch Bundle

    Microsoft released its January security patch bundle on Tuesday, delivering fixes for 83 common vulnerabilities and exposures (CVEs).

    Of that number, 10 CVEs were described as "Critical" by security researchers, while 73 are deemed "Important." One vulnerability (CVE-2021-1647) is known to have been exploited (Microsoft's first "zero day" of the new year), while another (CVE-2021-1648) was described as being publicly known before Tuesday's patch release. A list describing all of the January patches can be found in this Trend Micro Zero Day Initiative post by Justin Childs.

  • Security updates for Wednesday

    Security updates have been issued by Debian (coturn, imagemagick, and spice-vdagent), Fedora (roundcubemail and sympa), Gentoo (asterisk and virtualbox), Oracle (kernel and kernel-container), Red Hat (dotnet3.1, dotnet5.0, and thunderbird), SUSE (crmsh, firefox, hawk2, ImageMagick, kernel, libzypp, zypper, nodejs10, nodejs14, openstack-dashboard, release-notes-suse-openstack-cloud, and tcmu-runner), and Ubuntu (coturn).

  • Alan Pope: null [Ed: Canonical has outsourced its control to Microsoft already. Outsourcing GNU/Linux to Microsoft is a big no-no but part of Microsoft's plan.]

    The Snap Store has a delightful open source web frontend, the source code for which is on GitHub.

  • David A. Wheeler: Preventing Supply Chain Attacks like SolarWinds

    In late 2020, it was revealed that the SolarWinds Orion software, which is in use by numerous US Government agencies and many private organizations, was severely compromised. This was an incredibly dangerous set of supply chain compromises that the information technology community (including the Open Source community) needs to learn from and take action on.

    The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert noting that the SolarWinds Orion software included malicious functionality in March 2020, but it was not detected until December 2020. CISA’s Emergency Directive 21-01 stated that it was being exploited, had a high potential of compromise, and a grave impact on entire organizations when compromised. Indeed, because Orion deployments typically control networks of whole organizations, this is a grave problem. The more people look, the worse it gets. As I write this, it appears that a second and third malware have been identified in Orion.

Syndicate content

More in Tux Machines

Red Hat/Fedora Leftovers

  • Fedora 34 Cleared For Btrfs Zstd Compression By Default, DNF/RPM Copy-On-Write - Phoronix

    The Fedora Engineering and Steering Committee has unanimously approved several high profile features for the upcoming Fedora 34. The latest batch of Fedora 34 features that received unanimous approval ahead of tomorrow's scheduled FESCo meeting include: - Deprecating XEMacs and related packages. This is due to XEmacs not seeing a major release in over seven years and the upstream development essentially at an end. There is still an occasional commit but no meaningful additions being made and thus XEMacs is being deprecated.

  • 5 tips for configuring virtualenvs with Ansible Tower | Enable Sysadmin

    Virtualenvs are a great way to create isolated scenarios where you can experiment with different Python/Ansible modules.

  • 11 considerations for effectively managing a Linux sysadmin team | Enable Sysadmin

    Having worked as a sysadmin with many colleagues and later on as a sysadmins manager, I thought it would be good to share some of my experience in this area with hopes that current managers and managers-to-be might find some useful hints. Managing sysadmins is, in many aspects, no different from working with any other group of people: Planning vacations, discussing salaries, setting targets, making certain skills and tools are up to spec. Your management style reflects who you are, and the crew is that fantastic blend of personalities and abilities. Together you can deliver projects and maintain complex technical environments. There are, however, some things you should be aware of that will improve your ability as a manager when you interact with the sysadmins.

  • Call for Projects and Mentors: GSoC 2021 – Fedora Community Blog

    Google Summer of Code (GSoC) is a global program focused on introducing students to open source software development. Students work on a 10 week programming project with an open source organization during their break from a post secondary academic program. Fedora has had great participation and we would like to continue to be a mentoring org this year too. We are currently looking for mentors and projects. Process of how to apply is described at the end of this blog after a brief info and new changes in GSoC program.

  • Storage and Distributed Compute Nodes: Bringing Cinder persistent volumes to the edge

    In part one of our series about Distributed Compute Nodes (DCN), we described how the storage backends are deployed at each site and how to manage images at the edge. What about the OpenStack service (i.e. Cinder) that actually manages persistent block storage? This post will dive into more details.

  • Sharing is caring: Building clearer contribution paths to your community

    One of the most important topics in the open source community is "how do we attract more people to our community?" This makes perfect sense because you can’t have a community without people. Given the importance of inviting people to a community—otherwise known as onboarding—you would expect a lot of discussion and debate applied to the topic. And yet, there are many open source community managers frustrated by a lack of new contributors. In this post, we’ll focus on 3 core principles of contributor onboarding.

today's leftovers

  • Parler Tricks: Making Software Disappear

    Much has been written and broadcast about the recent actions from Google and Apple to remove the Parler app from their app stores. Apps get removed from these app stores all the time, but more than almost any past move by these companies, this one has brought the power Big Tech companies wield over everyone’s lives to the minds of every day people. Journalists have done a good job overall in presenting the challenges and concerns with this move, as well as addressing the censorship and anti-trust issues at play. If you want a good summary of the issues, I found Cory Doctorow’s post on the subject a great primer. [...] This is part of the article where Android users feel smug. After all, while much more of their data gets captured and sold than on iOS, in exchange they still (sometimes) have the option of rooting their phones and (sometimes) “sideloading” applications (installing applications outside of Google’s App Store). If Google bans an app, all a user has to do is follow a list of complicated (and often sketchy) procedures, sometimes involving disabling protections or installing sketchy software on another computer, and they can wrench back a bit of control over their phones. Of course in doing so they are disabling security features that are the foundation for the rest of Android security, at which point many Android security experts will throw up their hands and say “you’re on your own.” [...] The Librem 5 phone runs the same PureOS operating system as Librem laptops, and it features the PureOS Store which provides a curated list of applications known to work well on the phone’s screen. Even so, you can use the search function to find the full list of all available software in PureOS. After all, you might want that software to be available when you dock your Librem 5 to a larger screen. We aim to provide software in the PureOS store that respects people’s freedom, security, and privacy and will audit software that’s included in the store with that in mind. That way people have a convenient way to discover software that not only works well on the phone but also respects them. Yet you are still free to install any third-party software outside of the PureOS Store that works on the phone, even if it’s proprietary software we don’t approve of.

  • Apple Mulls Podcast Subscription Push Amid Spotify's Land Grab

    The talks, first reported by The Information, have been ongoing since at least last fall, sources tell to The Hollywood Reporter, and ultimately could end up taking several different forms. Regardless, it’s clear that Tim Cook-led Apple — after spending the last two years watching rival-in-music-streaming Spotify invest hundreds of millions of dollars to align itself with some of the most prolific producers and most popular personalities in podcasting — is no longer content sitting on the sideline. “There’s a huge opportunity sitting under their nose with 1.4 million iOS devices globally,” says Wedbush Securities analyst Daniel Ives, “and they don’t want to lose out.” Apple declined to comment about its podcasting plans.

    Much of the growth of the podcasting industry over the last decade can be traced back to Apple and its former CEO Steve Jobs, who in 2005 declared that he was “bringing podcasting mainstream” by adding support for the medium to iTunes. A few years later, the company introduced a separate Podcasts app that quickly became the leading distribution platform for the medium. But Apple, which netted $275 billion in sales in fiscal 2020, has refrained from turning podcasting — still a relatively small industry that the Interactive Advertising Bureau estimated would bring in nearly $1 billion in U.S. advertising revenue last year — into a moneymaking venture.

  • Blacks In Technology and The Linux Foundation Partner to Offer up to $100,000 in Training & Certification to Deserving Individuals [Ed: Linux Foundation exploits blacks for PR, even though it does just about nothing for blacks [1, 2]]

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, and The Blacks In Technology Foundation, the largest community of Black technologists globally, today announced the launch of a new scholarship program to help more Black individuals get started with an IT career. Blacks in Technology will award 50 scholarships per quarter to promising individuals. The Linux Foundation will provide each of these recipients with a voucher to register for any Linux Foundation administered certification exam at no charge, such as the Linux Foundation Certified IT Associate, Certified Kubernetes Administrator, Linux Foundation Certified System Administrator and more. Associated online training courses will also be provided at no cost when available for the exam selected. Each recipient will additionally receive one-on-one coaching with a Blacks In Technology mentor each month to help them stay on track in preparing for their exam.

  • the tragedy of gemini

    While everything I have seen served via Gemini is friendly and sociable, the technical barriers of what-is-a-command-line and how-do-I-use-one are a fence put up that keep out the riffraff. Certainly, you can walk around the corner and go through the gate, but ultimately the geminiverse is lovely because it is underpopulated, slower-paced, and literate. It is difficult enough to access that those who can use it can be welcoming without worrying its smallness will be compromised.

    The tragedy is that I don’t think many of its denizens would claim that they only want to hear from technical, educated people, but in order to use a small [Internet], an August [Internet], they have let the fence keep out anyone else.

Devices: GigaIPC, Raspberry Pi, and Arduino Projects

  • Rugged systems provide IP67 waterproofing

    GigaIPC unveiled two compact, IP67-protected “QBix-WP” computers with Linux support and rugged M12 ports for 2x LAN, 3x COM, GPIO, and 9-36V input: one with 8th Gen Whiskey Lake and the other with Apollo Lake. Taiwan-based GigaIPC has announced a “QBiX-WP Series” of rugged embedded systems with IP67 protections: an 8th Gen Whiskey Lake based QBiX-WP-WHLA8265H-A1 and an Apollo Lake powered QBiX-WP-APLA3940H-A1. IP67 provides level 6 “dust-tight” protection against dust ingression and level 7 waterproofing against liquid ingress including immersion at up to 1 meter for 30 minutes.

  • Deter burglars with a Raspberry Pi chatbot
  • Arduino Blog » 3D-printed mobile robot platform based on the Arduino Due

    Although an Arduino can be a great way to provide computing power for a mobile robot platform, you’ll need a variety of other electronics and mechanical components to get it going. In his write-up, computer science student Niels Post outlines how he constructed a robot that travels via two stepper motors, along with casters to keep it upright. The round chassis is 3D-printed and runs on three rechargeable 18650 batteries.

  • Arduino Blog » Making your own Segway, the Arduino way

    After obtaining motors from a broken wheelchair, this father-son duo went to work turning them into a new “Segway.” The device is controlled by an Arduino Uno, along with a pair of motor drivers implemented handle the device’s high current needs. An MPU-6050 allows it to react as the rider leans forward and backwards, moving with the help of a PID loop. Steering is accomplished via a potentiometer, linked to a bent-pipe control stick using a bottle cap and glue.

Programming: PureScript, C++, Lua, and Raku

  • Excellent Free Tutorials to Learn PureScript - LinuxLinks

    PureScript is a small strongly, statically typed programming language with expressive types, written in and inspired by Haskell, and compiling to Javascript. It can be used to develop web applications, server side apps, and also desktop applications with use of Electron.

  • C++ Operator Overloading – Linux Hint

    This article provides a guide to operator overloading in C++. Operator overloading is a useful and powerful feature of the C++ programming language. C++ allows overloading of most built-in operators. In this tutorial, we will use several examples to demonstrate the operator overloading mechanism. [...] The C++ language allows programmers to give special meanings to operators. This means that you can redefine the operator for user-defined data types in C++. For example, “+” is used to add built-in data types, such as int, float, etc. To add two types of user-defined data, it is necessary to overload the “+” operator.

  • Lua, a misunderstood language

    Lua is one of my favourite programming languages. I’ve used it to build a CMS for my old educational website, for creating cool IoT hardware projects, for building little games, and experimenting with network decentralisation. Still, I don’t consider myself an expert on it at all, I am at most a somewhat competent user. This is to say that I have had exposure to it in various contexts and through many years but I am not deep into its implementation or ecosystem. Because of that, it kinda pains me when I read blog posts and articles about Lua that appear to completely miss the objective and context of the language. Usually these posts read like a rant or a list of demands. Most recently, I saw a post about Lua’s Lack of Batteries on LWN and a discussion about that post on Hacker News that made me want to write back. In this post I’ll address some of the comments I’ve seen on that original article and on Hacker News.

  • A Complete Course of the Raku programming language

    This course covers all the main aspects of the language that you need to use in your daily practice. The course consists of five parts that explain the theory and offer many practical assignments. It is assumed that you try solving the tasks yourself before looking to the solution.

    If you’re only starting to learn Raku, you are advised to go through all the parts in the order they are listed in the table of contents. If you have some practice and you want to have some specific training, you are welcome to start with the desired section.