Hírolvasó

A keresőóriás 2023-ban 2,1 milliárd dollárt költött a leépítésekre.

Az igazságügyi bizottság meghallgatásán egymás után záporoztak a kellemetlen kérdések.

The LWN.net Weekly Edition for February 1, 2024 is available.

Version 2.39 of the GNU C Library has been released. Changes include integration with the x86 shadow-stack mechanism, a couple of new posix_spawn() variants for working with control groups, pidfd_spawn() and pidfd_spawnp(), the C2X stdbit.h header, the removal of the libcrypt library, and more. See the release notes for details.

Version 24.2 of the LibreOffice office suite is available. Changes include AutoRecovery enabled by default, styling of comments, better floating-table support, improved accessibility, and more. See the release notes for details.

Return-oriented programming (ROP) attacks are hard to defend against. Partial mitigations such as address-space layout randomization, stack canaries, and other techniques are commonly deployed to try and frustrate ROP attacks. Now, OpenBSD is experimenting with a new mitigation that makes it harder for attackers to make system calls, although some security researchers have expressed doubt that it will prove effective at stopping real-world attacks. In his announcement message, Theo de Raadt said that this work "makes some specific low-level attack methods unfeasable on OpenBSD, which will force the use of other methods."

Qualys has disclosed a vulnerability in the GNU C Library that can be exploited by a local attacker for root access. It was introduced in the 2.37 release, and also backported to 2.36.

For example, we confirmed that Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39 are vulnerable to this buffer overflow. Furthermore, we successfully exploited an up-to-date, default installation of Fedora 38 (on amd64): a Local Privilege Escalation, from any unprivileged user to full root. Other distributions are probably also exploitable.

Vulnerable systems with untrusted users should probably be updated in a timely manner.

Security updates have been issued by Debian (bind9 and glibc), Fedora (ncurses), Gentoo (containerd, libaom, and xorg-server, xwayland), Mageia (python-pillow and zlib), Oracle (grub2 and tomcat), Red Hat (avahi, c-ares, container-tools:3.0, curl, firefox, frr, kernel, kernel-rt, kpatch-patch, libfastjson, libmicrohttpd, linux-firmware, oniguruma, openssh, perl-HTTP-Tiny, python-pip, python-urllib3, python3, rpm, samba, sqlite, tcpdump, thunderbird, tigervnc, and virt:rhel and virt-devel:rhel modules), SUSE (python-Pillow, slurm, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, and xen), and Ubuntu (libde265, linux-nvidia, mysql-8.0, openldap, pillow, postfix, and xorg-server, xwayland).

Pontosabban: baktériumokon jelenik meg.

A Bytedance és a Universal Music közötti csörte mi másról szólna, mint a jogdíjakról.

A felvásárlást követően közel 50 százalékot ugrott a gaming üzletág bevétele.

Megérkezett a Code Llama 70B.

De idén már fellendülést vár a fogyasztói piacon a gyártó.

Legalábbis egyes elemzői előrejelzések szerint.

Úgy tűnik, sok cég még mindig nem veszi komolyan az általános adatvédelmi rendeletben foglaltakat.

EmacsConf 2023 was, like its recent predecessors, an online conference with lots of talks about various aspects of the Emacs editor—though, of course, it is way more than just an editor. Last year's edition was held in early December. One of the talks that looked interesting was on Emacs development, which was given live by John Wiegley. In it, he briefly described some of the biggest features coming in Emacs 30, which is the next major version coming for the tool.

The eBPF Foundation has published a glossy document called The State of eBPF; it seems mostly concerned with how a small number of large companies are using and developing this technology.

No doubt, eBPF will become the new layer in the new cloud native infrastructure stack, impacting the observability, performance, reliability, networking, and security of all applications, supporters say. Platform engineers will cobble together eBPF-powered infrastructure building blocks to create platforms that developers then deploy software on, adding business logic to the mix, and replacing aging Linux kernel internals that cannot keep up with today’s digital and, increasingly, cloud native world.

Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml).

Erős ultimátumot kaptak a home office-hoz szokott kollégák.

A páciens jól van.