Mitchel  Carter

Mitchel Carter

1602579600

Release Radar · October 2020 Edition

We’re here to bring you the latest and greatest releases for October 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech, to weekend hobbies. The best part about these releases, they’re all you. These are projects shipped by amazing developers from the open source community. Whilst there’s lots of projects released every month, we don’t have enough blog space for them all. So we selected a handful of awesome ones. Grab out your phone, settle in on the couch, and read up on our top ten picks.

OBS Studio 26.0

If you’re involved in live streaming, then you’ve probably come across Open Broadcast Software (OBS). Even at GitHub we’ve been using it for all our Open Source Friday Twitch streams. OBS released their latest version, v26.0 with a bunch of really cool changes. There’s an added virtual camera for Windows users, meaning you don’t need a third party plug in. Along with all the tweaks and improvements there’s additions such as media controls, source toolbar, log viewer, screenshots via hotkey, and more ways to control your live stream. If you’re into any kind of streaming, then read up on all the improvements and new features. Oh and for those non-Windows users, I hear the virtual camera is coming for you too. Time to up your Zoom game!

Profile README Generator 1.0

By now you’ve probably seen the GitHub Profile README we recently released. This gives you the chance to showcase your best shelf. Well, if you’re tired of editing your profile, you can now do it easily. The new GitHub Profile README Generator shipped their first release and is available to you now. You can simply fill in details such as name, tagline, blog, GitHub Stats, and more and your profile README will be automatically generated. Now there’s no excuse not to have your GitHub Profile looking all shiny and cool.

Open Drone Map 2.0

Are you into drone photography and video? Do you have loads of drone imagery to trawl through? Then this is the tool for you. Open Drone Map (ODM) is a command line toolkit for processing all your aerial drone images. You can easily turn 2D images into 3D models, point clouds, and more. It’s available on Windows, Mac, and Linux. The new 2.0 version added a bunch of bug fixes and speed improvements. The code base was upgraded from Python 2 to Python 3 and there’s support for Ubuntu 18.04. Plus “unicorns”. You totally want to know what unicorns are right? There’s now the option to override GPS location of your footage. In addition, image masking now allows you to choose what you want to include in your new render. Read more about these “shiny” new features on the ODM blog.

#community #open source #cli #gitmoji #javascript #laravel #obs studio #open drone map #open source #readme #release #resume #terasology #vue js

What is GEEK

Buddha Community

Release Radar · October 2020 Edition
Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Mitchel  Carter

Mitchel Carter

1602579600

Release Radar · October 2020 Edition

We’re here to bring you the latest and greatest releases for October 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech, to weekend hobbies. The best part about these releases, they’re all you. These are projects shipped by amazing developers from the open source community. Whilst there’s lots of projects released every month, we don’t have enough blog space for them all. So we selected a handful of awesome ones. Grab out your phone, settle in on the couch, and read up on our top ten picks.

OBS Studio 26.0

If you’re involved in live streaming, then you’ve probably come across Open Broadcast Software (OBS). Even at GitHub we’ve been using it for all our Open Source Friday Twitch streams. OBS released their latest version, v26.0 with a bunch of really cool changes. There’s an added virtual camera for Windows users, meaning you don’t need a third party plug in. Along with all the tweaks and improvements there’s additions such as media controls, source toolbar, log viewer, screenshots via hotkey, and more ways to control your live stream. If you’re into any kind of streaming, then read up on all the improvements and new features. Oh and for those non-Windows users, I hear the virtual camera is coming for you too. Time to up your Zoom game!

Profile README Generator 1.0

By now you’ve probably seen the GitHub Profile README we recently released. This gives you the chance to showcase your best shelf. Well, if you’re tired of editing your profile, you can now do it easily. The new GitHub Profile README Generator shipped their first release and is available to you now. You can simply fill in details such as name, tagline, blog, GitHub Stats, and more and your profile README will be automatically generated. Now there’s no excuse not to have your GitHub Profile looking all shiny and cool.

Open Drone Map 2.0

Are you into drone photography and video? Do you have loads of drone imagery to trawl through? Then this is the tool for you. Open Drone Map (ODM) is a command line toolkit for processing all your aerial drone images. You can easily turn 2D images into 3D models, point clouds, and more. It’s available on Windows, Mac, and Linux. The new 2.0 version added a bunch of bug fixes and speed improvements. The code base was upgraded from Python 2 to Python 3 and there’s support for Ubuntu 18.04. Plus “unicorns”. You totally want to know what unicorns are right? There’s now the option to override GPS location of your footage. In addition, image masking now allows you to choose what you want to include in your new render. Read more about these “shiny” new features on the ODM blog.

#community #open source #cli #gitmoji #javascript #laravel #obs studio #open drone map #open source #readme #release #resume #terasology #vue js

Lindsey  Koepp

Lindsey Koepp

1599358200

Release Radar · September 2020 Edition

It’s back! We’re here to bring you the latest and greatest releases for September 2020. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech, to weekend hobbies. The best part about these releases, is they are all you. These are projects shipped by amazing developers from the open source community. Whilst there’s lots of projects shipped every month, we don’t have enough blog space for them all. So we selected a handful of awesome ones. Grab a cuppa, maybe some popcorn, and read up on our top ten picks.

Rich 5.0

Get ready for the Python library for rich text. Rich provides beautiful formatting in the terminal and it looks really pretty. With version 5.0, there’s some cool changes made to the markup. Syntax now markups up correctly for strings and tags, and color numbers syntax are understood a lot better. There’s also new support for double brackets. Rich works with Linux, OSX, and Windows. It’s emoji and true color works with the new Windows Terminal. All you need to get Rich working is Python 3.6.1 or later. What are you waiting for? Make your code pretty today.

htop 3.0

The popular, cross-platform interactive process viewer now has a version 3. htop is a command line application and this new release includes some neat additions. There’s now pressure stall information for Linux. Version 3.0 also comes with ZFS ARC stats, lots of features and a few pesky bug fixes. The CI has some improvements and there’s new display options. If you’re keen to read up on every detail, check out the htop ChangeLog.

Animation showing htop usage

#open source #aerial #autocannon #gitleaks #htop #js13k #kontra #octoprint #open source #python #release radar #rich #security #typescript

Shawn  Durgan

Shawn Durgan

1597068204

Qualcomm Bugs Open 40 Percent of Android Handsets to Attack

Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.

Six serious bugs in Qualcomm’s Snapdragon mobile chipset impact up to 40 percent of Android phones in use, according research released at the DEF CON Safe Mode security conference Friday.

The flaws open up handsets made by Google, Samsung, LG, Xiaomi and OnePlus to DoS and escalation-of-privileges attacks – ultimately giving hackers control of targeted handsets. Slava Makkaveev, a security researcher with Check Point, outlined his discoveryand said while Qualcomm has provided patches for the bug, most OEM handset makers have not yet pushed out the patches.

Click to register!

The faulty Qualcomm component is the mobile chip giant’s Snapdragon SoC and the Hexagon architecture. Hexagon a brand name for Qualcomm’s digital signal processor (DSP), part of the SoC’s microarchitecture. DSP controls the processing of real-time request between the Android user environment and the Snapdragon processor’s firmware – in charge of turning voice, video and services such GPS location sensors into computationally actionable data.

Makkaveev said the DSP flaws can be used to harvest photos, videos, call recordings, real-time microphone data, and GPS and location data. A hacker could also cripple a targeted phone or implant malware that would go undetected.

The six flaws are CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209. Using a fuzzing technique against handsets with the vulnerable chipset, Check Point was able to identify 400 discrete attacks.

The prerequisite for exploiting the vulnerabilities is the target would need to be coaxed into downloading and running a rogue executable.

Qualcomm declined to answer specific questions regarding the bugs and instead issued a statement:

“Providing technologies that support robust security and privacy is a priority for Qualcomm. Regarding the Qualcomm Compute DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to OEMs. We have no evidence it is currently being exploited. We encourage end users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store.” – Qualcomm Spokesperson

The flaws were brought to Qualcomm’s attention between February and March. Patches developed by Qualcomm in July. A cursory review of vulnerabilities patched in the July and August Google Android Security Bulletins reveal patches haven’t been yet been pushed to handsets. For that reason, Check Point chose not to reveal technical specifics of the flaws.

What technical details that are available can be found in a DEF CON Safe Mode video posted to online. Here Makkaveev shares some technical specifics.

#hacks #mobile security #vulnerabilities #cve-2020-11201 #cve-2020-11202 #cve-2020-11206 #cve-2020-11207 #cve-2020-11208 #cve-2020-11209 #def con safe mode #digital signal processor #dos #dsp #escalation of privileges attack #google #hexagon architecture #lg #oneplus #qualcomm #samsung #snapdragon #soc #xiaomi

Release Radar · February 2021 Edition

The open source community is always hard at work. February’s projects were super hard to pick since there are so many amazing releases. These are exciting new releases from some of the coolest projects around. There’s everything from world-changing tech to weekend hobbies. Our recent  State of the Octoverse report talked about how many developers are spending time coding during this pandemic. So here they are. The hard work devs are putting in during lockdown and crazy times is here to show. There are so many releases, and unfortunately we can’t featured them all. Here’s our top ten staff picks from February 2021, in no particular order.

Homebrew 3.0

Whether you’re a macOS, Windows, or Linux user, there are often programs or features you want that aren’t supported by your operating system (OS).  Homebrew aims to solve some of these problems, at least on Apple or Linux. It installs the “stuff you need” so you can keep writing code. The  list of packages available through Homebrew is extensive. Version 3.0 comes with Apple Silicon support, new syntax format for brew bottle and bottle do blocks. Plus, Homebrew now accepts donations through GitHub Sponsors. If you use Homebrew, think about contributing today. There are heaps of other changes made to Homebrew. You can read up on them all on the  Homebrew website.

Cake 1.0

Everybody loves cake! This kind of cake is a cross-platform build automation system. It helps you compile code, copy files/folders, run unit tests, compress files, and helps build NuGet packages.  Cake actually stands for C## Make, since you can write your build scripts in pure C#. This February, Cake version 1.0 was launched, with support for .NET 5, C## 9, lots of bug fixes, and complete with frosting. If you want to read all the yummy details about Cake and its first release, head over to the  Cake website.

Puppeteer 8.0

Most things you would manually do while browsing the internet can be automated. That’s where  Puppeteer comes in. It can perform most tasks you would manually do; taking a screenshot, generating a PDF, automating form submissions, keyboard inputs, testing Chrome Extensions, capturing timeline traces, creating automated testing environments, or crawling SPAs and generating pre-rendered content. The latest release comes with the usual bug fixes, and allows you to specify the browser (either Chrome or Chromium). Check out the  release notes for all the changes, and start automating your online experience.

#community #node.js #release radar #vue.js