The Linux Terminal Service Manager (LTSM) project has prepared a set of programs for organizing access to the desktop based on terminal sessions (currently using the VNC protocol). The project's developments are distributed under the GPLv3 license. It includes: LTSM_connector (VNC and RDP handler), LTSM_service (receives commands from LTSM_connector, starts login and user sessions based on Xvfb), LTSM_helper (graphical interface […]
After two months of development, Linus Torvalds presented the release of the Linux kernel 5.13. Among the most notable changes: the EROFS file system, initial support for Apple M1 chips, the "misc" cgroup controller, the end of support for /dev/kmem, support for new Intel and AMD GPUs, the ability to directly call kernel functions from BPF programs, randomization of the kernel stack for each system call, the ability to build in Clang with CFI protection […]
Veracode published the results of a study into the security problems caused by embedding open libraries in applications (instead of dynamic linking, many companies simply copy the necessary libraries into their projects). As a result of scanning 86 repositories and a survey of about two thousand developers, it was determined that 79% of third-party libraries transferred to the code of projects of third-party libraries are never updated in the future. Wherein […]
The release of the decentralized file system IPFS 0.9 (InterPlanetary File System) is presented, which forms a global versioned file storage deployed in the form of a P2P network formed from participant systems. IPFS combines ideas previously implemented in systems such as Git, BitTorrent, Kademlia, SFS, and the Web and resembles a single BitTorrent "swarm" (peers participating in the distribution) exchanging Git objects. IPFS differs in content-based addressing, while […]
After several months of work, a new version of the Cine Encoder 3.3 video converter is available for working with HDR video. The program can be used to change HDR metadata such as Master Display, maxLum, minLum, and other parameters. The following encoding formats are available: H265, H264, VP9, MPEG-2, XDCAM, DNxHR, ProRes. Cine Encoder is written in C++, uses the utilities FFmpeg, MkvToolNix […]
Enthusiasts have launched the DUR (Debian User Repository) repository, which is positioned as an analogue of the AUR (Arch User Repository) repository for Debian, allowing third-party developers to distribute their packages without being included in the main distribution repositories. As in the AUR, the metadata and assembly instructions for packages in the DUR are defined using the PKGBUILD format. To build deb packages from PKGBUILD files, […]
Qu Wenruo of SUSE, who maintains the Btrfs file system, has drawn attention to abuses associated with sending useless cosmetic patches to the Linux kernel, the changes in which are limited to fixing typos in the text or removing debug messages from internal tests. Usually, such small patches are sent by novice developers who are just learning how to interact in the community. This time […]
Valve has published the release of the Proton 6.3-5 project, which is based on the developments of the Wine project and is aimed at enabling gaming applications created for Windows and presented in the Steam catalog to run on Linux. The developments of the project are distributed under the BSD license. Proton allows you to directly run Windows-only game applications on the Steam Linux client. The package includes a DirectX implementation […]
A vulnerability has been identified in app directories built on the Pling framework that could allow an XSS attack to execute JavaScript code in the context of other users. Sites such as store.kde.org, appimagehub.com, gnome-look.org, xfce-look.org and pling.com are affected by the problem. The crux of the problem is that the Pling platform allows you to add multimedia blocks in HTML format, for example, to insert a YouTube video or image. Added via […]
Western Digital has advised users to urgently disconnect their WD My Book Live and My Book Live Duo storage devices from the Internet due to widespread complaints about the removal of all contents of the drives. At the moment, it is only known that as a result of the activity of unknown malware, a remote initiation of a device reset to its original state is performed, […]
Vulnerabilities have been identified in the implementation of remote OS recovery and firmware update technologies promoted by Dell (BIOSConnect and HTTPS Boot) that allow replacing installed BIOS / UEFI firmware updates and remotely executing code at the firmware level. Running code can change the initial state of the operating system and be used to bypass applicable security mechanisms. Vulnerabilities affect 129 models of various laptops, tablets and […]
A vulnerability (CVE-2021-3600) has been identified in the eBPF subsystem, which allows running handlers inside the Linux kernel in a special virtual machine with JIT, that allows a local unprivileged user to execute their code at the Linux kernel level. The problem is caused by incorrect truncation of 32-bit registers when performing "div" and "mod" operations, which can lead to reading and writing data outside the allocated memory area. […]
