Support for shadow stacks on the x86 architecture has been long in coming; LWN first covered this work in 2018. After five years and numerous versions, though, it would appear that user-space shadow stacks on x86 might just be supported in the 6.4 kernel release. Getting there has required a few changes since we last caught up with this work in early 2022.
Shadow stacks are a defense against return-oriented programming (ROP) attacks, as well as others that target a process's call stack. The shadow stack itself is a hardware-maintained copy of the return addresses pushed onto the call stack with each function call. Any attack that corrupts the call stack will be unable to change the shadow stack to match; as a result, the corruption will be detected at function-return time and the process terminated before the attacker can take control. The above-linked 2022 article has more details on how x86 shadow stacks, in particular, work.
The open() system call offers a number of flags that modify its behavior; not all combinations of those flags make sense in a single call. It turns out, though, that the kernel has responded in a surprising way to the combination of O_CREAT and O_DIRECTORY for a long time. After a 2020 change made that response even more surprising, it seems likely that this behavior will soon be fixed, resulting in a rare user-visible semantic change to a core system call.
The O_CREAT flag requests that open() create a regular file if the named path doesn't exist (adding O_EXCL will cause the call to fail if the path does exist). O_DIRECTORY, instead, indicates that the call should only succeed if the path exists and is a directory. It is not possible to create a directory with open(); that is what mkdir() is for. So the combination of O_CREAT and O_DIRECTORY requests the kernel to create a directory (which is supposed to already exist) as a regular file — which clearly does not make sense.
Flatpaks are amazing and all that. But application sandboxing, so an application cannot do anything it wants, is a challenge – even more so when you have two applications that need to talk to each other. Perhaps it shouldn’t come as a surprise that native-messaging sandboxing support for Flatpak has been in development for over a year. To celebrate its anniversary I thought I’d write down how to drill a native-messaging sized hole into the sandbox. This enables the use of native messaging even without portal integration, albeit also without sane degrees of sandboxing.
First off, please understand that this undermines the sandbox on a fairly fundamental level. So, don’t do this if you don’t keep your Firefox updated or visit particularly dodgy websites.
Coming fourth months after OpenShot 3.0, the OpenShot 3.1 update is mostly a bugfix and stability release. It improves the profiles by adding more than 400 export profiles and a new Profile UI, improves the Undo / Redo system, including grouping actions, and improves the Preview & Split Clip dialog to correct aspect ratio and sample rate.
OpenShot 3.1 also comes with a huge Time Re-mapping update that includes improvements to audio resampling, bezier curve audio support, as well as better support for backwards audio, an improved Caption effect that now offers better VTT support and smaller text by default, and improved keyboard bindings, especially for the arrow keys.
Want to access and play GOG games on Linux? Here's how to do that.
Ping is a simple, widely used, cross-platform networking utility for testing if a host is reachable on an Internet Protocol (IP) network. It works by sending a series of Internet Control Message Protocol (ICMP)
As Linux users, we often work with long-running background Linux processes, which are called daemons or services. Some of the common examples of the services are Secure Shell (sshd), Network Manager (networkd), Volume Manager
Linux administrators should be familiar with the command-line environment. Since GUI (Graphical User Interface) mode in Linux servers is not common to be installed. SSH may be the most popular protocol to enable Linux
The Linux "tar" stands for tape archive, which is used by a large number of Linux/Unix system administrators to deal with tape drive backup in Linux. The tar command in Linux is used to
RAR is the most popular tool for creating and extracting compressed archive (.rar) files. When we download an archive file from the web, we required a rar tool to extract them.
Learn how to show a custom message upon login Ubuntu 22.04 / 20.04 server or desktop to users on the command terminal using the MOTD file.
MOTD is a simple text file in a Linux system that is used to display some custom text message on login using the command line locally or SSH. MOTD’s full form is “Message of the Day”. The necessity of this simple MOTD is to display some alert, important information such as system maintenance, security updates, or any other relevant message to Linux users by the Admin.
Suppose you have a couple of Linux systems in your office and want to display important info to all users upon their login in such a case MOTD can be a quite useful tool.
The file used by the MOTD is generally located under the /etc directory of the Linux which can be edited manually to display custom messages. If you have scripting knowledge then can display dynamically generate messages.
It is extremely frustrating when you want to edit a video but OpenShot keeps crashing. Unfortunately, many Ubuntu users encounter this issue with OpenShot because of things like corrupt video files or misconfigured preferences.
You might be wondering how you can prevent OpenShot from crashing on Ubuntu. Luckily, these issues with OpenShot are easy to fix once you know the right troubleshooting methods.
Linux Mint is a well-known Linux distribution that offers users the chance to try it before they install it. In this guide, we will explain how to try Linux Mint and, if you like it, how to replace Windows with it.
Linux Mint is a free and open-source operating system that is designed to be user-friendly and easy to use. It is based on Ubuntu, and it comes in three desktop environments: Cinnamon, MATE, and Xfce. It offers a number of features and applications that make it a great choice for both new and experienced users.
These features include the ability to customize the desktop, a software manager that makes it easy to find and install new software, and a wide range of applications for everything from browsing the web to editing documents. Linux Mint is also known for its stability, security, and reliability.
The beta of Kubuntu Lunar Lobster (to become 23.04 in April) has now been released, and is available for download.
This milestone features images for Kubuntu and other Ubuntu flavours.
Pre-releases of Kubuntu Lunar Lobster are not recommended for...
After KDE Frameworks branched in January and Plasma followed in February to enter the final phase of the transition to Qt 6, KDE PIM is following now. The approach taken here might also be applicable for other KDE Gear modules.
KDE PIM Sprint
Coordination and planning for this happened at the KDE PIM sprint in Toulouse last weekend, see also Kévin’s report about this.
Update on what happened across the GNOME project in the week from March 31 to April 07.
Arch Linux is suitable for advanced users looking for a challenge to use Linux on their system.
However, many Arch-based distributions have made it possible for new users to get into the distribution family by making things easier. Options like Garuda Linux, Manjaro Linux, and others make it convenient for new users.
And one of the exciting options among them is CachyOS.
Well, you might already know about blendOS (which is also an Arch-based distro, still in the works). It is not remotely similar, but if you are exploring Arch-based distros, you can check it out.
Immutable Linux distributions are on the rise recently, with multiple popular distributions creating their own immutable versions; it could be one of the trends of 2023, as predicted. While many of these immutable distributions are focused on server use, there are also some that offer a desktop experience. OpenSUSE MicroOS Desktop is one of them, with a minimal openSUSE Tumbleweed as the base operating system and applications running as Flatpaks or in containers. In its daily use, it feels a lot like a normal openSUSE desktop. Its biggest benefit is availability of the newest software releases without sacrificing system stability.
Linux users who want to keep up with the latest software generally choose a rolling-release distribution, such as Tumbleweed, Arch Linux, or Gentoo Linux. However, this approach might introduce the risk of incompatibility between software versions or result in an unstable system. On the other hand, stable or Long-Term Support (LTS) distributions cater to the needs of users who prioritize stability over cutting-edge software.
Of course, many users want the best of both worlds: the latest software versions on a stable base operating system. There are solutions that generally bypass the distribution's native package-management system. Flatpak, Snap, and AppImage are the leading technologies for this purpose. Applications are packaged together with their dependencies, thus preventing interference with each other or the underlying distribution. With this approach, users are able to run updated software without encountering dependency woes or compromising system stability.
- The Fedora Council is considering a proposal to remove the full/auxiliary member distinction.
I have created an installer for Flatpaks, based on the same GUI as used in the AppImage Installer.
I gave the AppImage Installer the rather flippant name of "Appi", and now equally flippant name of "Flapi" for the Flatpak Installer.I have just got it going, tested by installing OpenShot. Lots more work to do, but here are some snapshots.
Canonical recently announced that it will no longer ship Flatpak as part of its default installation for the various official Ubuntu flavors, which is in keeping with the practices of the core Ubuntu distribution. The Flatpak package format has gained popularity among Linux users for its convenience and ease of use. Canonical will focus exclusively on its own package-management system, Snap. The decision has caused disgruntlement among some community members, who felt like the distribution was making this decision without regard for its users.
Dear community GNU Health 4.2.1 patchset has been released ! Priority: High
Table of Contents
- About GNU Health Patchsets
- Updating your system with the GNUHealth control Center
- Installation notes
- List of other issues related to this patchset
About GNU Health Patchsets
We provide "patchsets" to stable releases. Patchsets allow applying bug fixes and updates on production systems. Always try to keep your production system up-to-date with the latest patches. Patches and Patchsets maximize uptime for production systems, and keep your system updated, without the need to do a whole installation. NOTE: Patchsets are applied on previously installed systems only. For new, fresh installations, download and install the whole tarball (ie, gnuhealth-4.2.1.tar.gz)
Updating your system with the GNU Health control Center
Starting GNU Health 3.x series, you can do automatic updates on the GNU Health HMIS kernel and modules using the GNU Health control center program. Please refer to the administration manual section ( https://en.wikibooks.org/wiki/GNU_Health/Control_Center ) The GNU Health control center works on standard installations (those done following the installation manual on wikibooks). Don't use it if you use an alternative method or if your distribution does not follow the GNU Health packaging guidelines.
Installation Notes
You must apply previous patchsets before installing this patchset. If your patchset level is 4.2.1, then just follow the general instructions. You can find the patchsets at GNU Health main download site at GNU.org (https://ftp.gnu.org/gnu/health/) In most cases, GNU Health Control center (gnuhealth-control) takes care of applying the patches for you.€ Pre-requisites for upgrade to 4.2.1: None Now follow the general instructions at € https://en.wikibooks.org/wiki/GNU_Health/Control_Center € After applying the patches, make a full update of your GNU Health database as explained in the documentation. When running "gnuhealth-control" for the first time, you will see the following message: "Please restart now the update with the new control center" Please do so. Restart the process and the update will continue.
- Restart the GNU Health server
List of other issues and tasks related to this patchset
Update gender identity in patient evaluations and reports For detailed information about each issue, you can visit : € https://savannah.gnu.org/bugs/?group=health About each task, you can visit: € https://savannah.gnu.org/task/?group=health For detailed information you can read about Patches and Patchsets
- bug€ #64014: Update gender identity in patient evaluations and reports
- bug€ #64009: Include signing health professional and avoid scrolling in patient evaluation
- bug€ #64007: Summary report is not using FreeFonts family
- bug€ #63993: Python-sql error on patient evaluation report
Buck2, Meta’s open source large-scale build system, is now publicly available via the Buck2 website and the Buck2 GitHub repository. While it shares some commonalities with other build systems (like Buck1 and Bazel), Buck2 is a from-scratch rewrite. Buck2 features a complete separation of the core and language-specific rules, with increased parallelism, integration with remote execution and virtual file systems, and a redesigned console output. All of these changes are aimed at helping engineers and developers spend less time waiting, and more time iterating on their code.
When Secure Boot is enabled, the "akmods-nvidia" package will build and install kmod-nvidia that is not usable right away. Previously I followed some documents to run a cli script to "sign the modules" but it stopped working recently.
Michael Pratt was on the FBI’s ten most wanted list. He entered the United States from New Zealand, started a porn company, and ended up facing rape, kidnapping, sex crimes involving minors, and bankruptcy fraud.
A writer and designer on three previous Halo games and Destiny, Staten joined the Infinite team after the game was delayed from its original 2020 release date.
Joseph Staten had a huge roll at Microsoft following his departure from Bungie nearly a decade ago. He voluntarily took on a creative lead role in 2020 at 343 Industries. Following the subpar gameplay shown for Halo Infinite during the Xbox Games Showcase that year. While he did course correct Halo Infinite and ensured it launched in 2021. The game was still lacking in iconic features that became mainstays in the Halo franchise.
Security updates have been issued by Mageia (ldb/samba, libapreq2, opencontainers-runc, peazip, python-cairosvg, stellarium, and zstd), Oracle (httpd and mod_http2, kernel, and nss), SUSE (conmon, go1.19, go1.20, libgit2, openssl-1_1, and openvswitch), and Ubuntu (emacs24).
Culbertson Memorial Hospital officials reported Friday the hospital had been the victim of a cyber-attack last week.
Officials stated they discovered a network disruption at 3 a.m. March 30 that required information systems to be taken offline.
“This action disabled access to most functions while we investigated the activity,” Culbertson CEO Gregg Snyder said in a statement released Friday afternoon. “We immediately retained third-party specialists to assist us with our investigation.”
A hacker who claimed to have obtained the personal data of 55 million Thais is an army officer who appears to have acted alone, authorities said yesterday.
Chaiwut Thanakamanusorn, minister of Digital Economy and Society, and Pol Lt Gen Worawat Watnakhonbancha, chief of the Cyber Crime Investigation Bureau (CCIB), held a press conference yesterday amid reports that the suspect and his wife had been detained.
Gaming hardware manufacturer MSI confirmed today that it was the victim of a cyberattack. In a brief statement on its website, the company said that the attack hit "part of its information systems," which have since returned to regular operations.
The company advises its customers only to get BIOS and firmware updates from the MSI website and no other sources. It's light on details, saying that after "detecting network anomalies," MSI implemented "defense mechanisms and carried out recovery measures," and then informed the the government and law enforcement.
A data breach at Proskauer Rose exposed client data, including sensitive legal and financial information, the law firm confirmed Friday.
“Our tech security team recently learned that an outside vendor that we retained to create an information portal on a third-party cloud-based storage platform had not properly secured it,” Joanne Southern, a Proskauer spokeswoman, said via email.
The breach, which the firm called the result of a cyber attack, was first reported by TechCrunch. Data containing financial and legal documents, contracts, non-disclosure agreements and financial deals were released in the leak, according to the report.
Aspire Public Schools in California submitted notifications to at least two state attorneys general. According to its notification, Aspire learned that an unauthorized party gained access to one Aspire email account...
First an admission by me, I’m not a hardware nerd. I know my way around PCs, can swap out parts as needed and can tell a MacBook from a Chrome Book but if you are expecting an exacting breakdown of the computers or tech we’re going to be looking at here you may be disappointed.
Now that that’s out of the way, I’m fascinated by seeing the behind the scenes of big cybercrime operations, and especially interested in seeing the work spaces of the people involved and the equipment they are working with. Most of these people raided seem to be working from home, and sometimes sharing a living space with other gang member suspects.
A leak site called “Abyss” recently added 7Ãâ7 Dental Implant & Oral Surgery Specialists of San Francisco (7Ãâ7) to their site and claimed to have 114 GB of the dental practice’s files. A file tree showing 2,891 directories and 63,557 files was posted as proof of claim.
Some of the filenames suggest business-related internal documents, while others are likely employee-related files. The bulk of the files appears to be patient-related. Most of these are image files in .jpg or .dcm format. Some .pdf files appear to be referral letters or reports.
Lending protocol Sentiment has managed to recover the stolen funds from the recent hack by offering the hacker a bounty worth $95,000.
In an on-chain transaction on the Arbitrum blockchain, Sentiment sent a message to the hacker offering $95,000 if the hacker returned the funds by April 6, urging the hacker to “do the right thing.“ If the hacker did not return the funds, the protocol also offered the money to anyone who could help find and prosecute the culprit.
The fourth and final keynote for Everything Open 2023 was given by Professor Rebecca Giblin of the Melbourne Law School, University of Melbourne. It revolved around her recent book, Chokepoint Capitalism, which she wrote with Cory Doctorow; it is ""a book about why creative labor markets are rigged — and how to unrig them"". Giblin had planned to be in Melbourne to give her talk in person, but "the universe had other plans"; she got delayed in Austin, Texas by an unexpected speaking slot at the South by Southwest (SXSW) conference, so she gave her talk via videoconference from there—at nearly midnight in Austin.
She began by playing the animated teaser video for the book. It describes how the tech and content firms are choking out competition so that they can take the lion's share of any revenue generated before it ever reaches the artists and others who actually did the creative work. The book also has lots of ideas for "how we can recapture creative labor markets to make them fairer and more sustainable", Giblin said in the video.
40 years ago today, at 14:02 on 1983/04/07 (7th April), Björn Eriksen received the first ever email in Sweden. It was from Jim McKie of European Unix Network (EUnet) in Amsterdam. Björn had a VAX 780 running BSD. The following is the actual email:
The Noguchi Filing System is for keeping track of physical paper. I keep paper in envelopes on a shelf and new envelope go on the right (or on the left if you live in Japan) and if I use an envelope, it goes on the right as if it were new. Linux nerds can think of this as sorting the envelopes by atime. Envelopes always must have a date along the spine and a word or sentence describing what’s in ‘em. Optionally they can have a color, using markers or stickers. Noguchi even cut them off one inch so that the a4 documents in there stick up a bit.
There are a ton of these that appears pretty much everywhere in the movie. An average 10 year old who watches the movie in guidance of their parents may not understand many of them, but for someone who invests their time into this one franchise, you can see a lot of them just appearing and alpearing and appearing to you, and it's a fan service, but a good one.
During the second quarter of the year, I am going to make a more concerted effort to learn how to write long, fictional pieces. I have a number of ideas that I want to develop into full stories, but I find it very difficult to do so.
There are a number of obstacles that hinder my ability to write, but over the next couple of months I am going to methodically try different techniques to overcome them. I'm only a few days into this new endeavour and I've already found a few things that have helped.
I am currently redoing one of my neocities websites. It was initially kept as some carrd-esque site, but I decided I want to do more with it and transfer some stuff from my other neocities there as well to make it a proper hub of my projects.
Writing on a smartphone is a pain, and yet I keep trying to do it. I finally dug my old MyTouch Q out of storage to try using it instead, since it has a very handy slide-out keyboard, only to find that the battery was so dead it wouldn't even charge.
After running around to a few different battery stores and cell phone repair shops, I resigned myself to ordering a replacement battery off eBay (which is, weirdly, a more reputable storefront than Amazon these days). And now it works again! The SIM card holder is too big for my current one, so it can't be a proper phone, but that’s fine by me. I just want to use it for writing and maybe listening to music while I do so.
A lot of essayists wanting to push the square peg of open source software into the round peg of quid-pro-quo market capitalism.
Mailbox is the traditional storage format for emails on unix; a Mail Transport Agent (MTA) such as Sendmail would chat up a Mail Delivery Agent (MDA) such as mail.local or procmail, and eventually if everything went well the message would be appended to a file, /var/mail/spongebob perhaps. That's the conventional BSD directory.
A major disadvantage is the problem of locking--how does the MDA append a message given that at the same time another program, perhaps the user's mail client, is editing the file? Locking! This assumes both sides use the same locking, and may become terribly complicated should the mailbox files be located on a NFS server.
i often find myself switching platforms because i don't feel like any of them are a perfect fit. i've even attempted to bring all of the work onto myself, building personal social platforms but to no avail. i've realized the solution is extremely simple yet almost no platform can provide that. hopefully the pub can do that for me. :)
User waffle over at midnight pub asked about making a 90's website[1]. I was there, waffle... making crappy websites for money!
Here are my tips:
1. Think in terms of tables. Kind of like css grid layouts, except not at all. Mentally chop your content up into rows and columns, and make liberal use of colspan and rowspan. Don't be afraid of borders, they're pretty. OR, drop the borders and use background images in the cells, which you can chop up with old software. It's called "slicing" and it was all the rage in the 90s.
* Gemini (Primer) links can be opened using Gemini software. It's like the World Wide Web but a lot lighter.