I T S S
Skip to content
  • Welcome
  • Hardware
  • Internet
  • Networking
  • Security
  • Data Recovery
  • Duplication
  • Support
  • Contact
  • Webmail

pfSense / Wireguard / Bad Code / Close Call

By itss | 26/03/2021
0 Comment

A nice write-up of how a whole bunch of bad code very nearly ended up in FreeBSD 13 due to several bad calls on the part of pfSense. https://arstechnica.com/gadgets/2021/03/buffer-overruns-license-violations-and-bad-code-freebsd-13s-close-call/

Category: Technology
Post navigation
← Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur) A Nice Little Cryptography Primer →

Recent Posts

  • Why Quake3 was so fast : Fast Inverse Square Root
  • A Nice Little Cryptography Primer
  • pfSense / Wireguard / Bad Code / Close Call
  • Apple Continues Its Trip To The Dark Side With The Release of MacOS 17 (Big Sur)
  • Instant Messengers and Info Leaks

Slashdot

News for nerds

  • Mitsubishi Develops Technology for 3D Printing in Outer Space
    by EditorDavid on 21/05/2022 at 8:40 pm

    "Made In Space, Redwire, and Bigelow, move over," writes long-time Slashdot reader Dr. Crash. "There's yet another 3D printing in space group — and it's not a startup." Mitsubishi Electric just went public with a UV-sensitive resin specially made to print in zero-G and in a hard vacuum — as in outside the airlock. The polymer is tuned to harden with solar ultraviolet light, so no UV lasers needed (saving power and launch weight). Their first goal? Printing cubesat parabolic dishes in orbit, so a 300mm cubesat could have what looks like a one-meter dish antenna — or anything else that can be freeform-printed. This "photopolymerization" technology "specifically addresses the challenge of equipping small, inexpensive spacecraft buses with large structures, such as high-gain antenna reflectors," according to Mitsubishi's announcement — arguing that it also ultimately "enables on-orbit fabrication of structures that greatly exceed the dimensions of launch vehicle fairings." Read more of this story at Slashdot.

  • Why Gov.UK Stopped Using jQuery
    by EditorDavid on 21/05/2022 at 7:40 pm

    The head of the UK government's digital transformation unit recently announced a change to the nation's government services site gov.uk: they've "removed jQuery as a dependency for all frontend apps, meaning 32 KB of minified and compressed JavaScript was removed" for everything from selecting elements to attaching event listeners.... Nearly 84% of mobile pages used jQuery in 2021, points out a new essay at Gov.UK — before explaining why they decided not to: jQuery was an instrumental tool in a time when we really needed a way to script interactivity in a way that smoothed over the differing implementations of stuff like event handling, selecting elements, animating elements, and so on. The web is better because of jQuery — not just because it has such incredible utility, but because its ubiquity led to making what it provided part of the web platform itself. Nowadays, we can do just about anything jQuery can do in vanilla JavaScript... It really begs the question: Do we really need jQuery today? That's a question that GOV.UK has answered with a resounding "no".... This is a big deal when it comes to the user experience, because GOV.UK provides services and information online for The United Kingdom at scale. Not everyone is tapping away on their 2022 MacBook Pro on a rip-roarin' broadband connection. GOV.UK has to be accessible to everyone, and that means keepin' it lean.... dependencies matter when it comes to performance. Don't shortchange your users if the web platform can easily do the job a framework can. This level of commitment to the user experience from a institution that works at the scale GOV.UK does is commendable. I can only hope others follow in their footsteps. Read more of this story at Slashdot.

  • How to Write Your Own Games - for the Amiga
    by EditorDavid on 21/05/2022 at 6:40 pm

    Mike Bouma (Slashdot reader #85,252) writes: With the release of the A500 mini (which also supports A1200 games) and its side loading feature you may be interested to get started with Amiga Retro games development. This is why I collected some recent Amiga games development tutorials and added some additional information. A popular game programming language on the Amiga is Blitz BASIC or AmiBlitz as the freely available and open source version is called now. The latest version (v 3.9.2) was recently released. The best known game developed with Blitz Basic is Team 17's original Worms game for the Amiga 500 in 1995. Meanwhile the Worms franchise has sold over 75 million game units across many different platforms. Daedalus2097 has just started an AmiBlitz video tutorial series on Twitch.tv: Part 1, Part 2 and Part 3. An example AmiBlitz game currently under development is Super Metal Hero (A1200) and here's a shooter level in the game. REDPILL is a 2D game creation tool written in AmiBlitz by Carlos Peris and is designed to empower people to create many games for Amiga without programming knowledge. It's still early days but the first games are already being designed using this tool. An example game designed with this tool is Guardian — The legend of flaming sword. The "Scorpion Engine" developed by Erik 'Earok' Hogan is a closed source game engine with all software developed for it open source. It offers a modern Windows IDE for development. In this video, Erik Hogan guides Micheal Parent from Bitbeam Cannon step by step as they create a legit retro video game from scratch. Various new games have and are being developed using this engine. An already released game is Amigo the Fox and an example game under development is Rick Dangerous (A1200 version). If you want to dig deeper into Amiga coding then here's a series of Assembly game development tutorials by Phaze101. An example game currently being written in assembler is RESHOOT PROXIMA 3 (A1200). If you are unexperienced with coding but would like to then here are some Amos (BASIC) tutorials for you: Rob Smith's How to program Wordle in AMOS on the AMIGA and Lets Code Santa's Present Drop Game. Read more of this story at Slashdot.

  • Sid & Marty Krofft to Release NFTs Starting with 'Land of the Lost'
    by EditorDavid on 21/05/2022 at 5:40 pm

    Long-time Slashdot reader destinyland writes: Today sees an event celebrating the 50th anniversary of 1970s children's programming giants Sid & Marty Krofft. (Born in 1929, Sid Krofft will turn 93 in July). And reportedly Marty Krofft has now partnered with NFT producer Orange Comet "in a multiyear contract to release NFTs based on the often enigmatic and much-beloved television shows they have brought to us since 1969." The first one commemorates Land of the Lost — dropping sometime after September. Today I learned their big break in America came from making puppets for Dean Martin's show, followed by designing and directing the Banana Splits and a string of successful children's shows on Saturday mornings. ( Land of the Lost, H.R. Pufunstuf, Lidsville, Sigmund and the Sea Monsters...) Looking back, Krofft muses that even today somewhere in New York City, "some guy 50 years old, remembers the damn theme songs. Because there were only three networks, so basically every kid in America saw our shows." In the article Marty Krofft describes their style as "a nightmare and bizarre" — or, more pragmatically, as "Disney without a budget" (while crediting future Disney CEO Michael Eisner for being their mentor). Yet the article adds that "They were nearly unstoppable with styrofoam, paint and cloth. In a digital universe of truly endless possibilities, there is no telling where they could take their stories." Read more of this story at Slashdot.

  • How a Rust Supply-Chain Attack Infected Cloud CI Pipelines with Go Malware
    by EditorDavid on 21/05/2022 at 4:34 pm

    Sentinel Labs provides malware/threat intelligence analysis for the enterprise cybersecurity platform SentinelOne. Thursday they reported on "a supply-chain attack against the Rust development community that we refer to as 'CrateDepression'." On May 10th, 2022, the Rust Security Response Working Group released an advisory announcing the discovery of a malicious crate hosted on the Rust dependency community repository. The malicious dependency checks for environment variables that suggest a singular interest in GitLab Continuous Integration (CI) pipelines. Infected CI pipelines are served a second-stage payload. We have identified these payloads as Go binaries built on the red-teaming framework, Mythic. Given the nature of the victims targeted, this attack would serve as an enabler for subsequent supply-chain attacks at a larger-scale relative to the development pipelines infected. We suspect that the campaign includes the impersonation of a known Rust developer to poison the well with source code that relies on the typosquatted malicious dependency and sets off the infection chain.... In an attempt to fool rust developers, the malicious crate typosquats against the well known rust_decimal package used for fractional financial calculations.... The malicious package was initially spotted by an avid observer and reported to the legitimate rust_decimal github account.... Both [Linux and macOs] variants serve as an all-purpose backdoor, rife with functionality for an attacker to hijack an infected host, persist, log keystrokes, inject further stages, screencapture, or simply remotely administer in a variety of ways.... Software supply-chain attacks have gone from a rare occurrence to a highly desirable approach for attackers to 'fish with dynamite' in an attempt to infect entire user populations at once. In the case of CrateDepression, the targeting interest in cloud software build environments suggests that the attackers could attempt to leverage these infections for larger scale supply-chain attacks. Read more of this story at Slashdot.

  • Boeing's Starliner Docks with International Space Station. Hatch Opening Now
    by EditorDavid on 21/05/2022 at 3:34 pm

    Boeing's Starliner successfully docked to the International Space Station Friday night for the first time. And right now, Boeing is beginning the official hatch-opening ceremon, in which the space station astronauts already on the ISS "open the hatch to the vehicle and retrieve some cargo that's packed inside," explains the Verge: NASA tasked Boeing with conducting an uncrewed flight demonstration of Starliner to show that the capsule can hit all of the major milestones it'll need to hit when it is carrying passengers... This mission is called OFT-2 since it's technically a do-over of a mission that Boeing attempted back in 2019, called OFT. During that flight, Starliner launched to space as planned, but a software glitch prevented the capsule from getting in the right orbit it needed to reach to rendezvous with the ISS. Boeing had to bring the vehicle home early, and the company never demonstrated Starliner's ability to dock with the ISS.... Using a series of sensors, the capsule autonomously guided itself onto an open docking port on the space station.... Docking occurred a little over an hour behind schedule, due to some issues with Starliner's graphics and docking ring, which were resolved ahead of the docking.... [Thursday] At 6:54PM ET, Starliner successfully launched to space on top of an Atlas V rocket, built and operated by the United Launch Alliance. Once Starliner separated from the Atlas V, it had to fire its own thrusters to insert itself into the proper orbit for reaching the space station. However, after that maneuver took place, Boeing and NASA revealed that two of the 12 thrusters Starliner uses for the procedure failed and cut off too early. The capsule's flight control system was able to kick in and rerouted to a working thruster, which helped get Starliner into a stable orbit.... Today, Boeing revealed that a drop in chamber pressure had caused the early cutoff of the thruster, but that system behaved normally during follow-up burns of the thrusters. And with redundancies on the spacecraft, the issue "does not pose a risk to the rest of the flight test," according to Boeing. Boeing also noted today that the Starliner team is investigating some weird behavior of a "thermal cooling loop" but said that temperatures are stable on the spacecraft. From the space station, NASA astronaut Bob Hines said the achievement "marks a great milestone towards providing additional commercial access to low Earth orbit, sustaining the ISS and enabling NASA's goal of returning humans to the Moon and eventually to Mars. "Great accomplishments in human spaceflight are long remembered by history. Today will be no different." Long-time Slashdot reader mmell shares this schedule (EST): 5/20, 3:30 pm — Starliner docking with ISS. 5/21, 11:30 am — Safety checks completed. Hatches opened. 5/24, 12:00 pm — Starliner loading completed. Hatched closed. 5/25, 2:00 pm — Starliner undocking from ISS. 5/25, 5:45 pm — Coverage of Starliner landing begins. Again, the streams will be broadcast at NASA Television. I don't know about any of you, but I know what I'm doing this weekend. Read more of this story at Slashdot.

Archives

  • November 2021
  • June 2021
  • March 2021
  • November 2020
  • October 2020
  • September 2020
  • February 2020
  • January 2020
  • October 2019
  • August 2018
  • July 2018
  • April 2018
  • February 2018
  • January 2018
  • December 2017
  • October 2017
  • September 2017
  • August 2016
  • July 2016
  • March 2016
  • February 2016
  • August 2015
  • May 2015

Categories

  • Innovation
  • Security
  • Software
  • Technology

Tags

backdoor cisco coding json laziness patterns public information announcement security vulnerability
© 2017 IT Sales & Services Ltd
Quality IT solutions in Tanzania since 2010
Iconic One Theme | Powered by Wordpress
Posting....