Arch Linux put a security advisory on March 14 for multiple vulnerabilities found in jasper. The vulnerabilities have been patched. You can update your Arch machine by running;
pacman -Syu “jasper>=2.0.12-1”
Arch Linux: ASA-201703-9
Ubuntu announces end of life for Precise Pangolin which will be on April 28, 2017. But if you wanted to keep getting security and essential package updates for your Pangolin machines that just can’t be upgraded you can join the Ubuntu Advantage program.
Ubuntu:12.04 End of Life and Ubuntu Advantage
Some good stuff on using QEMU for Linux kernel development.
Linuxtoday.com:QEMU for Kernel Development
Python script for calculating multiple hashes.
Kaspersky Labs released a list of the top malicious mobile programs. Are you using one?
Kaspersky:Top 20 Mobile Malware
AP Reports on Anti-virus fix following Vault7 leak.
APNews:What the CIA thinks of your anti-virus
Apache bulletin on a fix for a remote code execution vulnerability.
Apache Software Foundation:Security Bulletin
At security.googleblog.com they went over the sha-1 collision from last week;
“Hash functions compress large amounts of data into a small message digest. As a cryptographic requirement for wide-spread use, finding two messages that lead to the same digest should be computationally infeasible. Over time however, this requirement can fail due to attacks on the mathematical underpinnings of hash functions or to increases in computational power.
Today, more than 20 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision.”
Cloudflare released a report on the memory leak incident from late last week.
In some circumstances, their edge servers were running past the edge of a buffer and returning memory that contained private information such as, HTTP cookies, authentication tokens and more. Cloudflare went on in the report about the fix and details about the issue. For more:
Cloudflare:Incident Report on Memory Leak Caused by Cloudflare Parser Bug
Multiple vulnerabilities have been found in the Ubuntu 16.04 LTS Linux 4.4 kernel. The recent update to 16.04.2 uses the 16.10 (Yakkety) Linux 4.8 kernel. So if you made the jump to 16.04.2 then check this out:
Ubuntu 16.10 Security issue
CVE-2016-9588 Discovered by Jim Mattson and Dmitry Vyukov, a flaw in the kernel’s implementation of KVM.
UbuntuFree:New Ubuntu Vulnerabilities
EFF Reports VA Supreme Court Should Protect Drivers from License Plate Surveillance
You can vote for Supertux Racer now at Steam Greenlight below.
Added a new page to the main site going over some of the basics of cryptography. I will periodically be updating the page with more advanced material in the near future.
You can check it out here.
Arch Linux’s February ISO is to be the last release with i686 support, and will only receive updates for the next nine months. According to Archlinux.org it is due to a decreasing lack of popularity among devs and the community. The people at Arch are encouraging anyone still interested to “keep it alive” with some guidance from the Arch team.
Arch:Phasing out i686
Over at Vusec they document a side-channel attack, which can detect which locations in the page table are accessed by the memory management unit. The attack takes advantage of the cache hierarchy of modern processors being shared by untrusted applications. More details in the link below.
OpenSSL 1.1.0 updates to 1.1.0e.
Ubuntu releases 16.04.2 LTS.
Just posted the first video of a series of videos on the basics of html.
check it out intro_to_html.
Just a quick update…
Main sites url has changed!
If you celebrate Christmas, merry late Christmas and happy early New Years, I hope you got everything you wanted 🙂 I picked up an Arduino and Raspberry pi and have been having a good time messing around with those in my spare time.
Maybe I’ll write something up on my adventures with them in the future.
In other news, I started up my computer tutorial youtube channel again, Fingers on the keyboard. Right now I am working on a “Bash to Basics” series going over some basic bash commands and their uses. You can check out the first one here
Hosting for this site is provided by
The SDF Public Access UNIX System