Source

Source

A graphical installer that allows you to install MyBB on top of a Bitnami LAMP Stack

 

Source

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.

Malicious websites can exploit browser extension APIs to execute code inside the browser and steal sensitive information such as bookmarks, browsing history, and even user cookies.

The latter, an attacker can use to hijack a user’s active login sessions and access sensitive accounts, such as email inboxes, social media profiles, or work-related accounts.

Furthermore, the same extension APIs can also be abused to trigger the download of malicious files and store them on the user device, and store and retrieve data in an extension’s permanent storage, data that can later be used to track users across the web.

These types of attacks are not theoretical but have been proven in an academic paper published this month by Dolière Francis Somé, a researcher with the Université Côte d’Azur and with INRIA, a French researcher institute.

Somé created a tool and tested over 78,000 Chrome, Firefox, and Opera extensions. Through his efforts, he was able to identify 197 extensions that exposed internal extension API communication interfaces to web applications, allowing malicious websites a direct avenue to the data stored inside a user’s browser, data that under normal circumstances only the extension’s own code could have reached (when the proper permissions were obtained).

 

The French researcher says he was surprised by the results, as only 15 (7.61%) of the 197 extensions were developer tools, a category of extensions that usually have full control of what happens in a browser, and would have been the ones that he expected were easier to exploit.

Around 55 percent of all the vulnerable extensions had fewer than 1,000 installs, but over 15 percent had over 10,000.

 

Somé said he notified the browser vendors about his findings before going public with his work in early January.

“All vendors acknowledged the issues,” Somé said. “Firefox has removed all the reported extensions. Opera has also removed all the extensions but 2 which can be exploited to trigger downloads.”

“Chrome also acknowledged the problem in the reported extensions. We are still discussing with them on potential actions to take: either remove or fix the extensions,” he said.

The researcher also created a tool that lets users test if their extensions also contain vulnerable APIs that can be exploited by malicious websites. The tool is web-based and hosted on this page. To use it, users would have to copy-paste the content of an extension’s manifest.json file.

A page listing various demo videos is available here. More details about Somé’s work are available in a research paper entitled “EmPoWeb: Empowering Web Applications with Browser Extensions,” available for download in a PDF format from here or here.

It would be highly impractical to list all the vulnerable extensions in this article. Readers can find the list of vulnerable extensions in tables at the end of the above-linked research papers.

Source

An Alpha version is now available for public testing

After being in development for the last 15 years, the Inkscape open-source and free vector graphics editor is finally reaching the 1.0 milestone, proving its maturity with new and exciting features and improvements.

Inkscape is quality SVG editor that runs on Linux, Mac, and Windows systems and can be used to create or edit vector graphics like logos, diagrams, illustrations, charts, and anything else in between. InkScape 1.0 is a major release that all fans of the open source software have expected for so long, and it finally brings long-anticipated features and improvements.

Highlights of Inkscape 1.0 include an updated user interface that offers better support for 4K/HiDPI screens and theming support, the ability to rotate and mirror canvases, new options for exporting to the PNG image format, variable fonts (requires pango 1.41.1 or higher), as well as much faster path operations and deselection of a large amounts of paths.

“The user interface has been changed to using a more recent version of GTK+, the widget toolkit that Inkscape uses to draw the user interface on the screen. This new version brings a lot of improvements, especially for users of HiDPI screens. Updating Inkscape for using it has been a large effort that has been anticipated eagerly for a long time, and was a focus of the Boston Hackfest,” said the devs.

First alpha version of Inkscape 1.0 is out now

Among other changes coming to the Inkscape 1.0 release, which should be available later this year, we can mention the ability to control the width of the PowerStroke tool with pressure sensitive touch gestures on graphics tablets, support for fillet/chamfer LPE and lossless boolean operation LPE, and optional placement of Origin in the top left corner of the window.

A first alpha pre-release version of Inkscape 1.0 is now available for download as an AppImage for Linux-based operating systems. A source package is available as well if you want to compile the software on Mac or Windows OSes. More details about the changes coming to Inkscape 1.0 will be revealed in time, but you can check the draft release notes here.

Meanwhile, if you’re using Inkscape, you should know that version 0.92.4 was also released today as a maintenance update that adds support for aligning multiple objects as a group relative to a single object, printing improvemnts, support for writing image data to standard output and read from it, better performance of the measure tool when working with visible grids, and other bug fixes.

Source

Easily Set CPU Governor (Performance / Powersave) And Monitor CPU Frequency In Gnome Shell With CPUFREQ Extension

CPUFREQ Power Manager (or just CPUFREQ) is a Gnome Shell extension that makes it easy change the CPU governor (powersave / performance) and monitor the CPU frequency.

The extension can also set the minimum and maximum CPU frequency, enable or disable turbo boost, and display some system status messages which can inform the user when CPU throttling is occurring, or when there are some CPU load issues.

Another nice feature is custom profiles. This allows the creation of custom power profiles to quickly switch between various application settings.

From the CPUFREQ Power Manager settings you can set it to remember the settings, automatically restoring them on the next start (with this set to off being the default), or change what the panel label/icon monitors – the CPU frequency (showing the current CPU frequency value), the CPU governor (showing an icon representing the in-use governor), or both.

The extension works with both the CPU frequency driver (CPUFreq), as well as the Intel P-State driver. 

CPUFreq supports multiple governors (performance, powersave, ondemand, conservative, schedutil and userspace), while the intel_pstate driver only supports the performance and powersave guvernors, but they both provide dynamic scaling. According to Phoronix, the intel_pstate performance governor should give better power saving than the old ondemand governor.

Since intel_pstate is used automatically for Intel Sandy Bridge and newer CPUs, it’s best to use this. But CPUFREQ Power Manager does support the old CPUFreq driver, which can be used by disabling Intel Pstate as explained on the extension FAQ, and by installing (see the dependencies section from the linked page) an optional package.

CPUFREQ Power Manager is only available as a Gnome Shell extension right now, but the plan is to create a dedicated Gtk+ 3 application that supports multiple desktop environments. Unfortunately that’s not a lot of information about this.

To understand what each item in the CPUFREQ Power Manager extension user interface does, I recommend visiting its frontend overview page. The extension FAQ page also has some important information.

Install CPUFREQ extension

To install the extension simply switch the slider from the extension page to ON. To be able to install extensions from extensions.gnome.org you’ll need a browser add-on and install a package on your system. See this page for instructions.

You can also install the extension using the Software application on some systems, by searching for and installing cpufreq, as seen in the screenshot above.

Source

An easy-to-install, ready-to-run binary distribution of Apache, PosgreSQL, PHP, and Python/mod_python

Source

The speed and agility of open source projects benefit from lightweight and flexible governance. Their ability to run with such efficient governance is supported by the potential for project forking. That potential provides a discipline that encourages participants to find ways forward in the face of unanticipated problems, changed agendas, or other sources of disagreement among participants. The potential for forking is a benefit that is available in open source projects because all open source licenses provide needed permissions.

In contrast, standards development is typically constrained to remain in a particular forum. In other words, the ability to move the development of the standard elsewhere is not generally available as a disciplining governance force. Thus, forums for standards development typically require governance rules and procedures to maintain fairness among conflicting interests.

What do I mean by “forking a project”?

With the flourishing of distributed source control tools such as Git, forking is done routinely as a part of the development process. What I am referring to as project forking is more than that: If someone takes a copy of a project’s source code and creates a new center of development that is not expected to feed its work back into the original center of development, that is what I mean by forking the project.

Forking an open source project is possible because all open source licenses permit making a copy of the source code and permit those receiving copies to make and distribute their modifications.

It is the potential that matters

Participants in an open source project seek to avoid forking a project because forking divides resources: the people who were once all collaborating are now split into two groups.

However, the potential for forking is good. That potential presents a discipline that drives people to find a way forward that works for everyone. The possibility of forking—others going off and creating their own separate project—can be such a powerful force that informal governance can be remarkably effective. Rather than specific rules designed to foster decisions that consider all the interests, the possibility that others will take their efforts/resources elsewhere motivates participants to find common ground.

To be clear, the actual forking of a project is undesirable (and such forking of projects is not common). It is not the creation of the fork that is important. Rather, the potential for such a fork can have a disciplining effect on the behavior of participants—this force can be the underpinning of an open source project’s governance that is successful with less formality than might otherwise be expected.

The benefits of the potential for forking of an open source project can be appreciated by exploring the contrast with the development of industry standards.

Governance of standards development has different constraints

Forking is typically not possible in the development of industry standards. Adoption of industry standards can depend in part on the credibility of the organization that published the standard; while a standards organization that does not maintain its credibility over a long time may fail, that effect operates over too long of a time to help an individual standards-development activity. In most cases, it is not practical to move a standards-development activity to a different forum and achieve the desired industry impact. Also, the work products of standards activities are often licensed in ways that inhibit such a move.

Governance of development of an industry standard is important. For example, the development process for an industry standard should provide for consideration of relevant interests (both for the credibility of the resulting standard and for antitrust justification for what is typically collaboration among competitors). Thus, process is an important part of what a standards organization offers, and detailed governance rules are common. While those rules may appear as a drag on speed, they are there for a purpose.

Benefits of lightweight governance

Open source software development is faster and more agile than standards development. Lightweight, adaptable governance contributes to that speed. Without a need to set up complex governance rules, open source development can get going quickly, and more detailed governance can be developed later, as needed. If the initial shared interests fail to keep the project going satisfactorily, like-minded participants can copy the project and continue their work elsewhere.

On the other hand, development of a standard is generally a slower, more considered process. While people complain about the slowness of standards development, that slow speed flows from the need to follow protective process rules. If development of a standard cannot be moved to a different forum, you need to be careful that the required forum is adequately open and balanced in its operation.

Consider governance by a dictator. It can be very efficient. However, this benefit is accompanied by a high risk of abuse. There are a number of significant open source projects that have been led successfully by dictators. How does that work? The possibility of forking limits the potential for abuse by a dictator.

This important governance feature is not written down. Open source project governance documents do not list a right to fork the project. This potentiality exists because a project’s non-governance attributes allow the work to move and continue elsewhere: in particular, all open source licenses provide the rights to copy, modify, and distribute the code.

The role of forking in open source project governance is an example of a more general observation: Open source development can proceed productively and resiliently with very lightweight legal documents, generally just the open source licenses that apply to the code.

Source

MySQL is a Relational Database Management System, widely used as a database system for Linux systems. This article will help you to calculate the size of tables and database in MySQL or MariaDB servers though SQL queries. MySQL stored all the information related to tables in a database in the information_schema database. We will use the information_schema table to find tables and databases size.

How to find each data base size ? Check ALL Databases Size in MySQL using mysql query:

SELECT table_schema AS “Database”, SUM(data_length + index_length) / 1024 / 1024 AS “Size (MB)” FROM information_schema.TABLES GROUP BY table_schema;

Sample output:

mysql> SELECT table_schema AS “Database”, SUM(data_length + index_length) / 1024 / 1024 AS “Size (MB)” FROM

information_schema.TABLES GROUP BY table_schema

-> ;

+——————–+————+

| Database | Size (MB) |

+——————–+————+

| information_schema | 0.00878906 |

| mylabdb | 0.00111008 |

| mysql | 0.68704987 |

| performance_schema | 0.00000000 |

+——————–+————+

mysql> SELECT

-> table_schema ‘Database Name’,

-> SUM(data_length + index_length) ‘Size in Bytes’,

-> ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) ‘Size in MiB’

-> FROM information_schema.tables

-> GROUP BY table_schema;

Check Single Table Size in MySQL Database

To find out the size of a single MySQL database called mylabdb (which displays the size of all tables in it) use the following mysql query:

mysql> SELECT table_name AS “Table Name”,ROUND(((data_length + index_length) / 1024 / 1024),

2) AS “Size in (MB)” FROM information_schema.TABLES WHERE table_schema = “mylabdb” ORDER BY (data_length + index_length) DESC;

Finally, to find out the actual size of all MySQL database files on the disk (filesystem), run the

du command below.

sudo du -h /var/lib/mysql

Source

Posted On: Jan 18, 2019

AWS Migration Hub, which provides a single location to discover and track the progress of application migrations across multiple AWS and partner solutions, launched the import feature. This new feature allows you to import information about your on-premises servers into AWS Migration Hub, including server specifications, utilization data, and the applications the servers are part of, giving you the opportunity to track the status of your application migrations as you migrate them to AWS.

With the release of the import feature, you can now upload your on-premises server details from data sources such as a Configuration Management Database (CMDB), IT Asset Management System (ITAM), or an AWS Migration Partner discovery tool. Once successfully imported, you can then track the migrations of those servers and applications in the AWS Migration Hub.

To learn more about AWS Migration Hub, click here or refer to the documentation.

Source