Michael G

clang -fret-clean: cleaning return addresses off stack (by deraadt@)

by
Future versions of OpenBSD may include core system libraries and binaries built with logic to remove return addresses off the stack. With this in place, whole classes of bugs would be harder to exploit.

In a message to the tech@ mailing list titled clang -fret-clean: cleaning return addresses off stack, Theo de Raadt (deraadt@) explains how this would work and includes code to implement the feature for the X86 architecture only: 

List:       openbsd-tech
Subject:    clang -fret-clean: cleaning return addresses off stack
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2024-05-25 6:18:59

There are many address space mitigations in play now which make standard
control-flow methods and ROP-style methods more difficult than ever before.
None of them are a silver bullet; added up they are a big deal, but noone
is saying they are a comprehensive solution,

One thing I've worried about for a while is that program bugs being
exercised tend to happen in the main program, or in some large library.
But many types of attack methodology require reaching system calls via
libc, in as direct and simple fashion as possible.  ASLR location of
libc has made that a bit harder, boot-time random relinking of libc
makes it even more difficult.  But there's a few things which do hint at
where libc is mapped.

Read more…

Relatively good news

by

TWIF generated on Thursday, 23 May 2024, Week 21

F-Droid core

F-Droid and F-Droid Basic version 1.20 have been live for the last 10 days. While we appreciate the praise for the new repository management improvements, we like to have more and more users willing to test the edge cases. So if you did not update already feel free to expand Version and update manually or in the top right corner touch the three dot menu and select “Allow Beta Updates”.

Community News

@linsui remotely reads some bookmarks:

aFreeRDP was updated to 3.5.1 after a 9 months hiatus, a smaller package, more features and optimisations are included.

Last week we announced the downgrade of wallabag, and this week Frigoligo, the new client for wallabag servers, is live, so you can try it!

LibreOffice & OpenOffice document reader & ODF was updated to 3.26 after more than 2 years. While F-Droid has its share of text editors, there’s no true “Office Suite” built from source yet. Viewing files is fast, but as with LibreOffice Viewer editing is experimental, enough to correct a typo at best, maybe print them.

Principia, Physics-based sandbox building game, was added too, and the developers wrote a blog post to announce it.

Back in April we talked about Tailscale fixed updates, in the meantime Tailscale was updated to 1.66.3-teae73f821-g63a2bbc8e71 but now it’s a new app rebuilt from the ground up. You can read more about the improvements in the developer blog and you can peruse the changelog.

@Licaon_Kter un-mutes a call:

Conversations and Quicksy were updated to 2.16.0+free and besides the usual message bubbles roundness tweaks it reworked backups, adding a long desired recurring option. Unfortunately after release, two issues came to light, first, the new backup flow might get killed by the Android system if the account has many messages (eg. millions) and, given the device speed, takes more than 10 minutes, resulting in a backup loop. And second, muted calls get un-muted when switching between apps. Both issues are fixed and will come with 2.16.2 in the next cycle.

ente Photos was updated to 0.8.95 finally bringing hosted server support in-app, so you can now touch the opening screen 7 times and enter your own self-hosted server URL. Its sister app auth was already capable since March. Note that, F-Droid still flags the app as NonFreeNet as the app downloads assets (like ML models, release info and FAQs) from Ente’s CDN.

Green: Bitcoin Wallet was also updated to 4.0.28 after a 6 months pause while the devs fixed building issues. Note that some devices might fail to start this new version, upstream is aware and a fix is in testing.

Newly Added Apps

13 more apps were newly added

Updated Apps

187 more apps were updated

Thank you for reading this week’s TWIF 🙂

Please subscribe to the RSS feed in your favourite RSS application to be updated of new TWIFs when they come up.

You are welcome to join the TWIF forum thread. If you have any news from the community, post it there, maybe it will be featured next week 😉

Google just updated its algorithm, and the Internet will never be the same

by
But Google results are a zero-sum game. If the search engine sends traffic to one site, it has to take it from another, and the effects on the losers in this Reddit equation are just as dramatic. “Google’s just committing war on publisher websites,” Ray says. “It’s almost as if Google designed an algorithm update to specifically go after small bloggers. I’ve talked to so many people who’ve just had everything wiped out,” she says. A number of website owners and search experts who spoke to the BBC said there’s been a general shift in Google results towards websites with big established brands, and away from small and independent sites, that seems totally disconnected from the quality of the content. ↫ Thomas Germain at the BBC These stories are coming out left, right, and centre now – and the stories are heartbreaking. Websites that publish truly quality content with honest, valuable, real reviews are now not only having to combat the monster of Google’s own creation – SEO spam websites – but also Google itself, who has started downranking them in favour of fucksmith on Reddit. Add to that the various “AI” boxes and answers Google is adding to its site, and the assault on quality content is coming from all angles. I don’t look at our numbers or traffic sources, since I don’t want to be influenced by any of that stuff. I don’t think OSNews really lives or dies by a constant flow of Google results, but if we do, there’s really not much I can do about it anyway. Google Search once gaveth, and ever since that fateful day it’s mostly been Google Search taketh. I can’t control it, so I’m not going to worry about it. All I can do is keep the site updated, point out we really do need your support on Patreon and Ko-Fi – to keep OSNews running, and perhaps maybe ever going ad-free entirely – and hope for the best. I do feel for the people who still make quality content on the web, though – especially people like the ones mentioned in the linked BBC article, who set up an entire business around honest, quality reviews of something as mundane as air purifiers. It must be devastating to see all you’ve worked for destroyed by SEO spam, fucksmith on Reddit, and answers from an “AI” high on crack.

Highlight # 12 arma 3

by

Video by via Dailymotion Source ╔══╦═╗─╔╦═══╦═══╦═══╦══╦╗──╔╦═══╗──╔═══╦══╗╚╣╠╣║╚╗║║╔═╗║╔═╗║╔═╗║╔═╣╚╗╔╝║╔═╗║──║╔═╗║╔═╝─║║║╔╗╚╝║╚══╣║─╚╣╚═╝║╚═╬╗║║╔╣║─║║──║╚══╣╚═╗─║║║║╚╗║╠══╗║║─╔╣╔╗╔╣╔═╝║╚╝║║╚═╝╠══╬══╗║╔═╝╔╣╠╣║─║║║╚═╝║╚═╝║║║╚╣╚═╗╚╗╔╝║╔═╗╠══╣╚═╝║╚═╗╚══╩╝─╚═╩═══╩═══╩╝╚═╩══╝─╚╝─╚╝─╚╝──╚═══╩══╝ Inscreva-se : https://youtube.com/@digaodigorot?si=yXkwMr6RGVOc6Rrr ️ Servidor de DAYZ ► Dayz Dark Shadow Discord do Server ► https://discord.gg/jrgsUHav Canal:Dayz Dark Shadow ► https://www.youtube.com/channel/UCOuEDIpbB0HR34elbRN6JtQ Discord da Galera ► https://discord.gg/chHpEVZS FACEBOOK ► https://www.facebook.com/DigaoDigorot FACEBOOK JG ► https://www.facebook.com/JogatinaGames INSTAGRAM ► https://www.instagram.com/digaodigorot/ Confira nossa Playlists do canal do Arma 3 ► https://www.youtube.com/watch?v=X_E_6IOlaVg&list=PLCTzbATQdWV8QY-fERo-JOVX-g_fZefGL&ab_channel=DigaoDigorot Confira nossa Playlists … Read more

Operação no Rio Grande do Sul usa nova tecnologia em estradas

by

Video by via Dailymotion Source Uma nova tecnologia está sendo implementada nas estradas do Rio Grande do Sul após algumas terem sido totalmente destruídas pelo volume da água. O Jornal da Manhã deste sábado (25) mostra detalhes da implementação da tecnologia chamada de asfalto frio. Confira na íntegra em: https://youtube.com/live/hBbT3lG1ANM Baixe o app Panflix: https://www.panflix.com.br/ … Read more

Finals Game 2 ng NCAA Season 99 Voleyball Tournament, mapapanood bukas sa GTV | 24 Oras Weekend

by

Video by via Dailymotion Source Bukas na ang Finals Game 2 ng NCAA Season 99 Voleyball Tournament! 24 Oras Weekend is GMA Network’s flagship newscast, anchored by Ivan Mayrina and Pia Arcangel. It airs on GMA-7, Saturdays and Sundays at 5:30 PM (PHL Time). For more videos from 24 Oras Weekend, visit http://www.gmanews.tv/24orasweekend. #GMAIntegratedNews #KapusoStream … Read more

Quick Tutorial on Google Ads Competitor Analysis

by

Video by via Dailymotion Source In this video, titled Quick Tutorial on Google Ads Competitor Analysis, we guide local business owners on how to effectively spy on their competitors using these simple steps and the beauty of it is that you don’t need any Analysis Tool or Software. Steps are; 1. Search for Your Service: … Read more

Pinay gymnast Emma Lauren Malabuyo, pasok na sa Paris Olympics matapos magwagi ng bronze medal sa…

by

Video by via Dailymotion Source Pasok na rin sa Paris Olympics ang Pinay gymnast na si Emma Lauren Malabuyo. 24 Oras Weekend is GMA Network’s flagship newscast, anchored by Ivan Mayrina and Pia Arcangel. It airs on GMA-7, Saturdays and Sundays at 5:30 PM (PHL Time). For more videos from 24 Oras Weekend, visit http://www.gmanews.tv/24orasweekend. … Read more