-- Leo's gemini proxy
-- Connecting to gemini.tuxmachines.org:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini;lang=en-GB
Tux Machines
Posted by Roy Schestowitz on Aug 24, 2022
> Between 2022-08-17 and 2022-08-24 there were 24 New Steam games released with Native Linux clients. For reference, during the same time, there were 256 games released for Windows on Steam, so the Linux versions represent about 9.4 % of total released titles.
> The Test Center team is happy to deliver the next major release of Test Center, version 3.0, offering support for Squish Coco coverage reports. You can now browse and analyze your code coverage reports right next to your test reports stored in Test Center.
> If you are a developer, or even just a person generally interested in technology, you already know that cloud computing is what keeps the wheels turning today. It emerged as a way to run things more efficiently and reduce the burden of infrastructure management. There are many tools you can use to develop, test, deploy and integrate systems in the cloud, be it private or public, and there is no right or wrong way to go about learning this. In the “Open source for beginners” blog series, we go over some of the valuable open-source tools or infrastructure options that can help get you started on your cloud journey.
> LXD is one such versatile tool. It’s great for both people that are just starting and organisations that are looking for a resource-efficient way to develop and deploy their systems. Are you looking for a way to practice your Linux commands without jeopardizing your underlying system? Want to practice running complex infrastructure use cases? Perhaps you’d like to understand how the application you develop on your laptop would behave on a cloud instance. LXD is likely the right choice.
> In the previous article we discussed extension privileges. And as we know from another article, extension pages are the extension context with full access to these privileges. So if someone were to attack a browser extension, attempting Remote Code Execution (RCE) in an extension page would be the obvious thing to do.
> In this article we’ll make some changes to the example extension to make such an attack against it feasible. But don’t be mistaken: rendering our extension vulnerable requires actual work, thanks to the security measures implemented by the browsers.
> This doesn’t mean that such attacks are never feasible against real-world extensions. Sometimes even these highly efficient mechanisms fail to prevent a catastrophic vulnerability. And then there are of course extensions explicitly disabling security mechanisms, with similarly catastrophic results. Ironically, both of these examples are supposed security products created by big antivirus vendors.
> Note: This article is part of a series on the basics of browser extension security. It’s meant to provide you with some understanding of the field and serve as a reference for my more specific articles. You can browse the extension-security-basics category to see other published articles in this series.
> [...]
> I’ll discuss all the changes to the example extension one by one. But you can download the ZIP file with the complete extension source code here.
> Before an extension page can run malicious code, this code has to come from somewhere. Websites, malicious or not, cannot usually access extension pages directly however. So they have to rely on extension content scripts to pass malicious data along. This separation of concerns reduces the attack surface considerably.
> But let’s say that our extension wanted to display the price of the item currently viewed. The issue: the content script cannot download the JSON file with the price. That’s because the content script itself runs on www.example.com whereas JSON files are stored on data.example.com, so same-origin policy kicks in.
> Peiter Zatko, aka Mudge, has filed a whistleblower complaint with the SEC against Twitter, claiming that they violated an eleven-year-old FTC settlement by having lousy security. And he should know; he was Twitter’s chief security officer until he was fired in January.
> Recently I was asked about where someone could learn how linux authentication works as a “big picture” and how all the parts communicate. There aren’t too many great resources on this sadly, so I’ve decided to write this up.
> Whether for music, communication, or notifications, audio is an important feature of many personal computer systems. In a new FreeBSD system, an audio card will need to be configured to process audio files and send them to the connected speakers.
-- Response ended
-- Page fetched on Sat Jun 1 09:57:58 2024