With XDC 2020 (X.Org Developers Conference) in full swing, we've been going over the various presentations to gather some interesting bits for you. Here's more on the ACO shader compiler and Vulkan Ray Tracing. You can find more info on XDC 2020 in the previous article, and be sure not to miss our round-up of Valve developer Pierre-Loup Griffais talk about Gamescope. More talks were done across yesterday, with the first one we're mentioning here being from Timur Kristóf who is currently a contractor for Valve who talked about ACO (the newer Mesa shader compiler for AMD graphics). The idea behind ACO which Valve announced back in 2019, for those not aware, is to give a smoother Linux gaming experience with less (or no) stuttering with Vulkan with faster compile times for shaders. Kristóf goes over lots of intricate details from being in the experimental stages to eventually the default in Mesa with it now having support across 5 different generations of AMD GPUs.

Once again, I ended up not blogging for most of the week. When this happens, there’s one of two possibilities: I’m either taking a break or I’m so deep into some code that I’ve forgotten about everything else in my life including sleep. This time was the latter. I delved into the deepest parts of zink and discovered that the driver is, in fact, functioning only through a combination of sheer luck and a truly unbelievable amount of driver stalls that provide enough forced synchronization and slow things down enough that we don’t explode into a flaming mess every other frame. Oops. I’ve fixed all of the crazy things I found, and, in the process, made some sizable performance gains that I’m planning to spend a while blogging about in considerable depth next week. And when I say sizable, I’m talking in the range of 50-100% fps gains.

You may recall from earlier this year that the X.Org/FreeDesktop.org cloud costs were growing out of control primarily due to their continuous integration setup. They were seeking sponsorships to help out with these costs but ultimately they've attracted new sponsors while also better configuring/optimizing their CI configuration in order to get those costs back at more manageable levels.

The project that started off as Libre-RISC-V with aims to be a Vulkan accelerator but then decided on the OpenPOWER ISA rather than RISC-V is still moving ahead under the "Libre-SOC" branding. Libre-SOC continues to be led by Luke Kenneth Casson Leighton and this week he presented both at the OpenPOWER Summit and X.Org Developers' Conference (XDC2020) on his Libre-SOC dreams of having a 100% fully open SoC on both the software and hardware sides while being a hybrid CPU/GPU. Similar to the original plans when targeting RISC-V that it would effectively be a SoC but with new vector instructions optimized for graphics workloads, that's still the plan albeit now using OpenPOWER as a base.

Building off the V3DV driver talk at XDC2020 about this open-source Vulkan driver for the Raspberry Pi 4 driver, the Igalia developers responsible for this creation have laid out their plans on getting this driver upstream within Mesa. In a mailing list post today they note they are down to just 18 test cases failing for the Vulkan CTS while 106,776 tests are passing for this Vulkan Conformance Test Suite. Vulkan games like the respun versions of Quake 1-3 and OpenArena are working along with various game emulators. Various Vulkan demos also run well too.

Back in May the Taiwins Wayland compositor was announced as a compact compositor based on Libweston while Thursday marked its second release. With Taiwins 0.2 the switch was made from using libweston as a basis for the compositor to now using Sway's WLROOTS library. Libweston was dropped over open bugs and other issues and in part the ability to get patches easily merged back into upstream libweston. So with the shortcomings of the Weston library, Taiwins 0.2 is now running on WLROOTS. However, by the next release they hope to have their thin layer over WLROOTS removed so that library isn't needed either.

I’ve long maintained that persistence is one of the main qualities you need in order to succeed with your (software) project. In order to manage to ship a product that truly conquers the world. By continuously and never-ending keeping at it: polishing away flaws and adding good features. On and on and on.

The ability to access, connect, and manage multiple devices remotely through a single account is important. Going a step further, being able to completely update devices remotely is another way for sysadmins to reduce effort and minimize headaches. UpdateHub is an open source solution that allows you to do complete device updates, including firmware and bootloaders, remotely. Its goal is to make it easier to do device updates and reduce rework and risk, whether you're updating thousands of devices or managing small deployments. UpdateHub handles all aspects of over-the-air (OTA) updates, including package integrity and authenticity, while you take care of your other work.

Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-OS syslog messages are standards-compliant. However, if you want to act on your messages (filtering, alerting), you still need to parse the message part. The panos-parser() helps you create name-value pairs from the message part of the logs. From this blog you can learn why it is useful to parse PAN-OS log messages and how to use the panos-parser().

The Free Software Foundation (FSF) needs your help! We are looking for several reliable volunteers to keep our Free Software Webmail Systems page up to date, and respond to community questions about webmail programs as they come in. Between 1,000 and 2,000 visitors check out this resource every month, and we want to make sure our recommendations are accurate! If you're interested, please contact us at campaigns@fsf.org. Our Free Software Webmail Systems page is used to share resources for people interested in using their email over the Web without compromising their freedom. Many webmail systems meet at least some of our standards for respecting users, including compliance with GNU LibreJS standards, but they're constantly changing, and new services are popping up every day. When sites listed on this page change their services for the better or the worse, they don't tend to notify us, which means that some vigilance is required to make sure that this resource stays useful.

It is at most important to keep multiple backups of your WordPress site. In case the website is compromised or any plugin update breaks your site, WordPress backups can help you restore it quickly. Mainly, a WordPress site consists of three important parts, the database, user-created files such as plugins, themes, and uploaded files, and finally the WordPress core files. If anyone of these three parts is missing or corrupted, the website will not function properly or will not function at all. When we create a backup, we create a backup of the site database and the user-created files. WordPress core files can be downloaded and installed separately.

In this tutorial, we will be showing you how using Odoo can benefit a small or medium-sized business. As times have progressed, businesses big and small have become more complex in their operations. With several departments having to function and share information to one another, the need for an integrated system has grown by leaps and bounds. More and more small business are implementing ERP systems. In fact, once an ERP system is implemented, it often becomes the backbone of many corporate-scale businesses. Such systems can seamlessly integrate business lifecycles, such as production, inventory management, order processes, and more. An example of this system would be Odoo, one of the most popular ERP systems currently available.

Security Leftovers Zerologon – hacking Windows servers with a bunch of zeros The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everyone else talks about logging in, but on Windows you’ve always very definitely logged on – and it is an authentication bypass, because it lets you get away with using a zero-length password. You’ll also see it referred to as CVE-2020-1472, and the good news is that it was patched in Microsoft’s August 2020 update.

Rethinking Security on Linux: evaluating Antivirus & Password Manager solutions Recently I had an experience that let me re-evaluate my approach to Security on Linux. I had updated my Desktop computer to the latest openSUSE Leap (15.2) version. I also installed the proprietary Nvidia drivers. At random points during the day I experienced a freeze of my KDE desktop. I cannot move my mouse or type on my keyboard. It probably involves Firefox, because I always have Firefox open during these moments. So for a couple of days, I try to see in my logs what is going on. In /var/log/messages (there is a very nice YaST module for that) you can see the latest messages. Suddenly I see messages that I cannot explain. Below, I have copied some sample log lines that give you an impression of what was happening. I have excluded the lines with personal information. But to give you an impression: I could read line for line the names, surnames, addresses and e-mail addresses of all my family members in the /var/log/messsages file. [...] I needed to find out what was happening. I needed to know if a trojan / mallware was trying to steal my personal information. So I tried searching for the ZIP archive which was referenced. This might still be stored somewhere on my PC. I used KFind to lookup all files which were created in the last 8 hours. And then I found a lot of thumbnail files which were created by… Gwenview. Stored in a temp folder. I started to realize that it might not be a hack, but something that was rendering previews, just like in Gwenview. I checked Dolphin and detected that I had the preview function enabled. I checked the log files again. Indeed, whenever I had opened a folder with Dolphin, all Word and Excel files in that folder were ‘processed’. I browsed several folders after deleting Calligra and there were no more log lines added. I re-installed the Calligra suite and noticed the calligra-extras-dolphin package. I browsed the same folders and indeed, the log lines started appearing all over again. I had found the culprit. It wasn’t a hack.

New vulnerabilities allow hackers to bypass MFA for Microsoft 365 Critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365 which use the protocol according to new research from Proofpoint. As a result of the way Microsoft 365 session login is designed, an attacker could gain full access to a target's account including their mail, files, contacts, data and more. At the same time though, these vulnerabilities could also be leveraged to gain access to other cloud services from Microsoft including production and development environments such as Azure and Visual Studio. Proofpoint first disclosed the these vulnerabilities publicly at its virtual user conference Proofpoint Protect but they have like existed for years. The firm's researchers tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues.

NIST Password Guidelines The National Institute of Standards and Technology (NIST) defines security parameters for Government Institutions. NIST assists organizations for consistent administrative necessities. In recent years, NIST has revised the password guidelines. Account Takeover (ATO) attacks have become a rewarding business for cybercriminals. One of the members of the top management of NIST expressed his views about traditional guidelines, in an interview “producing passwords that are easy to guess for bad guys are hard to guess for legitimate users.” (https://spycloud.com/new-nist-guidelines). This implies that the art of picking the most secure passwords involves a number of human and psychological factors. NIST has developed the Cybersecurity Framework (CSF) to manage and overcome security risks more effectively.

Steps of the cyber kill chain The cyber kill chain (CKC) is a traditional security model that describes an old-school scenario, an external attacker taking steps to penetrate a network and steal its data-breaking down the attack steps to help organizations prepare. CKC is developed by a team known as the computer security response team. The cyber kill chain describes an attack by an external attacker trying to get access to data within the perimeter of the security Each stage of the cyber kill chain shows a specific goal along with that of the attacker Way. Design your Cyber Model killing chain surveillance and response plan is an effective method, as it focuses on how the attacks happen. Stages include,

Security updates for Friday Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv).

The new BLESA Bluetooth security flaw can keep billions of devices vulnerable Billions of smartphones, tablets, laptops, and Linux-based IoT devices are now using Bluetooth software stacks that are potentially susceptible a new security flaw. Titled as BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.

Are you backing up ransomware with your data?

German Hospital Hacked, Patient Taken to Another City Dies German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

Woman dies during a ransomware attack on a German hospital [iophk: Windows kills] The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital.

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs). The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsoft’s August 2020 security updates. However, this week at least four public PoC exploits for the flaw were released on Github, and on Friday, researchers with Secura (who discovered the flaw) published technical details of the vulnerability.