EndeavourOS has announced a new ISO release for its regular desktop distro, EndeavourOS 2020.09.19 with updated Linux kernel 5.8.10-arch1-1, improved installation process, and i3-WM window manager.

While the much-expected EndeavourOS ARM is a new Arch Linux-based operating system for ARM processors, that comes with eight desktop environments including GNOME, Xfce, LXqt, MATE, Cinnamon, Budgie, KDE Plasma, and i3-WM.

The EndeavourOS ARM version is currently being tested on ARM-based Single Board Computers (SBCs) like Odroid N2, Raspberry Pi 4b, N2+, and XU4, and it's also installable on any platform supported by upstream Arch Linux ARM.

What's the system requirements for EndeavourOS ARM?

EndeavourOS ARM is for ARM-based SBCs such as Odroid N2, Odroid N2+, Raspberry Pi 4b, and XU4. Albeit, EndeavourOS ARM can run on any ARM device but the ARM devices have to meet certain specifications for smooth performance.

Before installing EndeavourOS ARM, you should make sure that your device meets the following hardware specifications:

  • Quad CPU with 1.5GHz+
  • Archlinux ARM supported device
  • 2 USB 3.0 ports (external drives) and additional USB 2.0 ports for peripherals
  • Minimum of 2GB of RAM

  • Additionally, you'll need a 1Gbit Ethernet connector, with two stages of installation to complete: firstly, installing Archlinux ARM base, and secondly, for running a script that guides you through the installation process to install EndeavourOS as a headless server or as a Desktop machine.

    How to Get Started with EndeavourOS ARM version

    For the first step, there is an automated script for tested devices and for the untested devices, you can refer to the manual instructions from Archlinux ARM to the install image for Arch, or in the case of the Pinebook Pro, that provided by Pine64.

    The full manual installation guides for EndeavourOS ARM on supported devices can be found here, and it also includes a special guide for Pinebook Pro, PINE64, and Rock64 hardware.

EndeavourOS 2020.09.19 Release arrives alongside new ARM version

Fuzz testing implies a method of detecting bugs in software by feeding unexpected inputs to target program, which could be very effective at finding memory corruption issues which are often the cause of serious security problems.

While Project OneFuzz is the testing framework used in-house by Microsoft for Edge browser and Windows debugging, and now made available as an open-source tool via GitHub for all developers to use.

According to Microsoft, fuzz testing is effective for improving code quality, which is a perfect standard for finding and removing exploitable security vulnerabilities, and increasing the security and reliability of native code.

What the release of Project OneFuzz as open-source means to developers?

Microsoft’s aim of releasing of Project OneFuzz as open-source is to enable developers to easily and continuously fuzz test their code before its final release, and the global release of Project OneFuzz is intended to help secure the platforms and tools that we all depends to carry out our daily digital tasks.

Already, Project OneFuzz has enabled continuous developer-driven fuzzing of Windows which allowed Microsoft to proactively secure the platform prior to shipment of the latest OS builds. It will allow developers to create unit test binaries with modern fuzzing lab which is compiled in a highly reliable test invocation, and detect errors with a single executable.

And developers can be able to launch fuzz jobs ranging in size from a few virtual machines to thousands of cores, with such enablements as: on-demand live-debugging of found crashes, programmatic triage and result deduplication, with crash reporting notification callbacks.

How to get Started with Project OneFuzz

Project OneFuzz is now available on GitHub under an MIT license for developers to try out! And it will be updated by contributions from both Microsoft Research and Security Groups, with input from other partner teams to expand fuzzing coverage and continuously improve the security of all platforms and products.

And Microsoft will continue to maintain Project OneFuzz by releasing updates to the open-source community as they occur.

Project OpenFuzz: Microsoft Azure fuzz testing framework now open-source

GitHub has released the first stable version of CLI 1.0, which is a new command-line tool for developers to interact with GitHub directly from local terminal.

After a 6-month beta that started in February, GitHub CLI 1.0 stable version has been released to help developers to reduce the frequent switching between the terminal and the GitHub portal, and allow them to focus more in building their workflows.

The beta program saw users creating over 250,000 pull requests, with 350,000 merges, and over 20,000 issues covered with GitHub CLI.

GitHub CLI 1.0 functionalities available for workflow

GitHub CLI 1.0 is now available for download on Windows, macOS, and Linux, which avails developers the use of GitHub CLI for their entire workflow.

The available functionalities for GitHub CLI 1.0 are as follows:

  • Easily Connect to GitHub Enterprise Server.
  • Ability to Run the entire GitHub workflow from terminal.
  • Call up the GitHub API to script any action and set a custom alias for commands.

Additionally, GitHub CLI 1.0 allows you to create aliases for any command using gh alias and you have the powerful gh api to access the GitHub API directly, with no limit to what you can do with gh. For more command details, you can check the official GitHub CLI manual.

How to install GitHub CLI 1.0?

As mentioned above, GitHub CLI 1.0 is available for Windows, macOS, and Linux. If you want to install the GitHub CLI, you'll simply need to run the following commands for the respective platform:

For Windows, the command is as follows:

scoop bucket add github-gh https://github.com/cli/scoop-gh.git scoop install gh

For macOS, the command is as follows:

brew install github/gh/gh

And the installation command for various Linux distributions is available here.

GitHub CLI 1.0 avails Developers full Repo functionalities on Terminal

Technology can be a huge help to any business and it can make work get done quickly, accurately and to a high professional standard, but with all the advantages there are also a lot of risks.

Whilst technology can help your business run smoothly if something goes wrong with that equipment, it could cause huge problems. It could even result in your whole business grounding to a halt, wasting your time, your colleagues time and even your customers time.

Below are three of the biggest online and technological threats to your business that you should prepare for now.

3 Biggest Technological and Online threats

1. System Failure

Just like a car, the technology system on which your business runs need maintenance. As the more you use it, and the older it gets, the more likely it is to break down and prevent you from completing the tasks you need to accomplish. So, you can reduce the risk of your system breaking down by giving it a regular service by a team of experts.

You mustn’t wait until your system breaks to try and find someone to repair the problem. By hiring an external IT service, you can rely on their expertise to reduce the risk of problems occurring. You’ll also have somebody on standby to fix any big problems when they occur.

2. Cyberattacks

Another big problem to consider is the risk of cyber-attacks to your business. You might think that your business is too small to be the victim of a cyber-attack. What would any criminal want your data for? The sad reality is that even the smallest amount of personal or financial data is very attractive to a cybercriminal, and they’ll often go to long lengths to acquire it illegally from your system.

There are some very simple ways you can improve the security of your network to try and prevent these tasks. Make sure every system you use has a strong password. You could even make it, so a system needs two forms of verification, for example, a password and a code which is sent to a registered users phone, to gain access. Also, make sure you have a good firewall set up and anti-virus software available on every device.

3. Data loss

A cyber-attack isn’t the only risk to your company’s most valuable documents and information. If a hard drive breaks or a piece of equipment is lost or stolen, you could simply lose hundreds if not thousands of vital pieces of information. This is why it’s important to back up any data regularly.

Whether that’s saving copies to an external hard drive and keeping that drive in a secure location or setting up a system that automatically backs up your entire system, make sure you have copies of every document you need.

3 Biggest Technological and Online threats to any business

Java Development Kit (JDK) 15 is the next version of Java SE (Standard Edition), which is now available as a production release.

While the highlight features of JDK 15 include the Z Garbage Collector, text blocks, hidden classes, and previews of sealed classes, pattern matching, and records, among others.

And as JDK 15 is a short-term release, it will only be supported with Oracle Premier Support for six months; with the next release (JDK 16) scheduled to arrive next March. Meanwhile, JDK 17 will be the next Long-Term Support release to be supported by Oracle for eight years, and it's slated to arrive a year from now, given Oracle’s six-month release cycle for Java SE versions.

What's New in JDK 15?

JDK 15 features a foreign-memory access API, which enable Java programs to safely and efficiently access foreign memory outside of the Java heap. And the API operates on various kinds of foreign memory, such as persistent, native, and managed heap, with many Java programs accessing foreign memory, such as Ignite and MapDB.

The API would also help avoid the cost associated with garbage collection, sharing memory across processes, and serialize and deserialize memory content by mapping files on memory. Other new features and changes in JDK 15, includes:

  • A preview of sealed classes.
  • Records, which are classes that act as carriers for immutable data.
  • Cryptographic signatures based on the Edwards-Curve Digital Signature Algorithm (EdDSA).
  • Disabling biased locking by default and deprecating all related command-line options
  • The Z Garbage Collector (ZGC) graduates from an experimental feature to a product under this proposal.
  • Deprecation of the RMI Activation mechanism.

Additionally, there is the reimplementation of the legacy DatagramSocket API by replacing the underlying java.net.datagram.Socket and java.net.MulticastSocket APIs with more modern implementations that are easy to debug and maintain, with virtual threads currently being explored in Project Loom.

How to get Started with JDK 15

Oracle has mapped out the upgrades for Java, including the open-source reference implementation of version 15 of the Java SE Platform as part of a new, six-month release schedule for standard Java. Therefore, developers can take a look at JDK 15 in order to get an idea of what is expected in JDK 16.

You can also join the early adopter program by downloading the beta versions of JDK 16 to give it a spin.

JDK 15: What's New in the next version of Java Development Kit?

Oracle has open-sourced its Tribuo Java machine learning library, and makes it available free under an Apache 2.0 license; which tool is developed by Oracle Labs, and now accessible on GitHub and Maven Central.

While Oracle is looking to make it easier for developers to build and deploy machine learning models in Java, as it has already happened with Python, and meeting enterprise needs in the machine learning space.

Tribuo offers standard machine learning functionality which includes algorithms for building and deploying classification, clustering, and regression models in Java, with interfaces for TensorFlow, XGBoost, and ONNX.

How Tribuo can be useful in Natural language processing?

As Tribuo includes pipelines for transformation of data and provides a suite of evaluations for supported prediction tasks, and also collects statistics on inputs, it can describe the range of every input, with features like, managing IDs and outputs to avoid ID conflicts and confusion for chaining models.

Tribuo model identifies a feature when seen for the first time, which is particularly useful in working with natural language processing, and the models knows exactly what outputs are, with the outputs being strongly typed, therefore Developers don't have to wonder whether a float is a probability, regressed value, or a cluster ID.

The provenance system in Tribuo can also generate a configuration that rebuilds the training pipeline to reproduce the model, with a tweaked model that can be built on new data or hyperparameters, allowing users to always know what a model is, where it came from, and how to create it.

Tribuo filling a gap for machine learning in Enterprise applications

Oracle believes that Tribuo can fill a gap in the marketplace for machine learning for enterprise apps, whereas the Google-built TensorFlow library already provides core algorithms for deep learning, Tribuo can offer several machine learning algorithms, which are in not available in TensorFlow.

And also providing an interface to TensorFlow, with the Apache Spark analytics engine for large, distributed systems, Tribuo will be ideal for smaller computations on a single machine.

Additionally, Tribuo provides interfaces to XGBoost and the ONNX runtime, along with to TensorFlow, allowing models trained in TensorFlow and XGBoost or stored in the ONNX format to be deployed alongside native Tribuo models, which support allows deployment in Java of models using popular Python libraries such as PyTorch.

Oracle open sources Tribuo Java machine learning library

The Cross-Transport Key Derivation (CTKD) component in Bluetooth is responsible for the authentication when pairing two devices together; now a group of academic researchers have disclosed a flaw in the CTKD supporting both Bluetooth BR/EDR and LE in Bluetooth Specifications 4.2 to 5.0.

While Bluetooth SIG, the organization that is saddled with the development of the Bluetooth standards have issued a statement confirming the flaw, which potentially is affecting hundreds of millions of devices worldwide.

The flaw is dubbed 'BLURtooth' and tracked as CVE-2020-15802, as it exposes devices powered with Bluetooth 4.0 or 5.0 technology, allowing hackers to gain unauthorized access to a targeted nearby device by overwriting the authenticated key, and thus reducing the encryption key strength.

The researchers from École Polytechnique Fédérale de Lausanne (EPFL) and Purdue University also identified that the CTKD may permit a remote access to some LE services when BR/EDR access is achieved and BR/EDR profiles when LE access is achieved. Albeit, given that this is the intended function of CTKD, these processes are not considered as vulnerabilities by the SIG.

How the BLURtooth Flaw affects Dual-mode devices using CTKD

Dual-mode devices that use CTKD to generate Long Term Keys (LTK) or Link Key (LK) are normally capable of overwriting the original LTK or LK in such cases where the transport was enforcing a higher level of security, and vulnerable devices must permit a pairing to proceed transparently without authentication, for any of the BR/EDR or LE transports to be susceptible to the attack.

The flaw leverages on the ability under specific implementations of the pairing process which could allow devices to overwrite authorization keys if the transport enforces a higher level of security.

And if a device becomes paired or bonded on a transport which is spoofing another device's identity and CTKD is used to derive a key which overwrites a pre-existing key of greater strength or that uses authentication, then access can be gained to the authenticated services.

How to Mitigate against the BLURtooth Attack

Bluetooth SIG has warned that the flaw may permit a Man In The Middle (MITM) attack between devices previously paired using authenticated pairing if those devices are both vulnerable. And they recommend the introduction of restrictions on CTKD mandated in Bluetooth Core Specification versions 5.1 and later as primary mitigation.

The company has also started to coordinate with affected vendors to help in releasing necessary patches, and they further recommends that devices should restrict when pairable on either transport to when a user interaction places the device into a pairable mode or when the device has no existing connections to a paired device.

Unpatched Bluetooth Flaw could allow Hackers target Nearby Devices

Microsoft Hypervisor (Hyper-V) is a virtualization technology developed by Microsoft which specifically serves as hardware virtualization, allowing users to run multiple operating systems virtually on Windows platform.

Now, Microsoft is looking to make Linux run as a root partition on its Hyper-V technology, with the company's engineer Wei Liu pushing out a series of patches to Linux’s Hyper-V code. While the RFC (request for comment) patches are aimed at making Linux run as a root partition (like Xen’s Dom0) on Hyper-V.

Hyper-V not only lets you run multiple virtual operating systems on the Windows platform, but also, it allows users to create virtual hard drives and network switches.

How Linux root partition support for Microsoft Hypervisor will work?

Microsoft is looking to create a complete virtualization stack with Linux and Microsoft Hypervisor, which will be a subsequent patch series to provide a device node (/dev/mshv) such that userspace programs can create and run virtual machines.

It also involves the porting of Virtual Machine Monitor (VMM) Cloud Hypervisor, and been able to boot a Linux guest with Virtio devices, which capabilities were added since late July. And as an RFC series, this implements only the absolutely necessary components that are required to get things running.

With a large portion of the series consisting of patches that augment hyperv-tlfs.h, which should be rather uncontroversial and can be applied right away.

The architecture documentation of Hyper-V implies that the root partition has direct access to physical I/O devices, so the virtualization stack in the root partition can provide a memory manager for virtualized I/O devices and management APIs. And the root partition for Microsoft Hypervisor is inspired by type-1 hypervisor (Xen), and Domain 0 (Dom0) of open source, which toolstack and drivers are for hardware that control virtual machines.

Microsoft looks to make Linux run as a root partition on its Hyper-V technology

Manjaro Linux team has announced a new point version, Manjaro 20.1 “Mikah” which is the latest release that supersedes the previous Manjaro 20.0 “Lysia” with more improvements, and refreshed user interfaces.

While Manjaro is designed to work "straight out of the box" with focus on user friendliness and accessibility, and Manjaro 20.1 “Mikah” has continued with the user-friendly-focus bringing its flagship Xfce, GNOME and KDE editions for the popular desktop Linux distribution.

And along with the support for the ZFS file system, Manjaro 20.1 has now enabled ZFS installation by providing the needed kernel modules.

What's new in Manjaro 20.1 “Mikah” Release?

Manjaro 20.1 has its default package manager, Pamac, updated from v9.4 to v9.5 and subsequently, results to an enhanced alpm error handling, optimized internal check dep algorithm, improved database performance, and better internal search algorithm.

Also, Manjaro has added AUR (Arch User Repository) package building to version 20.1, to build packages from the Arch User Repository and install as many packages as possible. And on the desktop environment, Manjaro 20.1 continues the offer of three distinct ISO images for Xfce, KDE, and GNOME desktops.

Additionally, Manjaro 20.1 has packed KDE-based apps from KDE 20.08 application bundle, with KDE edition switched from its Plasma desktop from version 5.18 to the latest 5.19.

How to Upgrade to Manjaro 20.1 “Mikah” Release

Manjaro being a rolling release Linux distro, means that you only need to update your package database and all the packages on the system to switch to the new version, by simply running the following command in your terminal:

sudo pacman -Syu

But, you can also use the below command to force a full refresh of the package database and update the packages on the system.

sudo pacman -Syyu

And the three different ISO images with Xfce, KDE, and GNOME desktop can be downloaded from the official site.

Manjaro 20.1 “Mikah” Release: Build Packages from Arch Linux’s AUR (Arch User Repository)

C++20 is the moniker for the revision of the ISO/IEC standard, which follows C++17, for the C++ programming language.

While the standard have received final technical approval by WG21 at the meeting in Prague in February 2020 and now undergoing final editorial work, following the approval of the draft on 4th September 2020.

C++ remains a very important language, and it is voted the fastest-growing language in the Tiobe Index of September 2020, where it ranks fourth behind C, Java, and Python. And Tiobe cites the C++ 20 specification as the major factor that gave the programming language a boost.

What's New in C++ 20?

C++20 brings new major features which were formerly not available in C++14 or C++17, with some changes that have been accepted into and those that have been discussed for inclusion into C++20. The new major capabilities in C++ 20 include:

  • Synchronization library, for better support of fine-grained hardware control.
  • Concepts to specify template requirements and support generic programming, which promises to improve code quality.
  • Coroutines helps to generalize subroutines for use in nonpreemptive multi-tasking. Though the standardized support for coroutines is still lacking, as the full support is expected in C++ 23.
  • Expansion statements for compile-time repetition of a statement for each element of a tuple, array, class, parameter pack, or range.
  • Improvements in the context-sensitive recognition of import and module to aid non-compiler tools to determine build dependencies.
  • Modules that enables programmers to use modular components.

Additionally, the new rangified algorithms which is a pure library extension of the Standard, with the paper complements P0896 adding rangified overloads for some of the non-parallel additions to since C++14, from whence the Ranges TS took its algorithms.

Also, the contracts capability which was expected in C++ 20 that specify pre-conditions, post-conditions, and assertions, have been removed. Therefore, Contracts has been marked as a C++ 23 item, albeit it may not make it to the final release.

C++ 20 Gets Technical Approval with features such as Modules and Coroutines