News

Chapter Three: Tackling Complicated Drupal 7 Migrations

by
As of April 5, Drupal 7 will have nine months before it’s entirely unsupported and becomes a liability. Migrating out of Drupal 7 can be complicated, and this is one reason many organizations have put it off for so long. While it’s true that Drupal 8 and beyond represent a radical change from Drupal 7, in everything from architecture (the introduction of Symfony components) to theming (Twig versus PHP), the path from Drupal 7 to now Drupal 10 is well trodden, and we’re very familiar with it at Chapter Three.

Because Drupal 7 has been around for well over a decade, many websites built on it have accumulated vast amounts of content, resulting in complex data structures with custom content types, fields, taxonomies, and entity relationships. Inconsistencies or irregularities in legacy data complicate the migration process.

Parabola GNU/Linux-libre: [arch-announce] The xz package has been backdoored

by

From: “Arch Linux: Recent news updates: David Runge” arch-announce@lists.archlinux.org

TL;DR: Upgrade your systems and container images now!

As many of you may have already read 1, the upstream release tarballs for xz in version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

This vulnerability is tracked in the Arch Linux security tracker 2.

The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

We strongly advise against using affected release artifacts and instead downloading what is currently available as latest version!

Upgrading the system

It is strongly advised to do a full system upgrade right away if your system currently has xz version 5.6.0-1 or 5.6.1-1 installed:

pacman -Syu

Regarding sshd authentication bypass/code execution

From the upstream report 1:

> openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Backdoor in upstream xz/liblzma leading to SSH server compromise

by
After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored. At first I thought this was a compromise of debian’s package, but it turns out to be upstream. ↫ Andres Freund I don’t normally report on security issues, but this is a big one not just because of the severity of the issue itself, but also because of its origins: it was created by and added to upstream xz/liblzma by a regular contributor of said project, and makes it possibly to bypass SSH encryption. It was discovered more or less by accident by Andres Freund. I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution. ↫ Andres Freund The exploit was only added to the release tarballs, and not present when taking the code off GitHub manually. Luckily for all of us, the exploit has only made it way to the most bloodiest of bleeding edge distributions, such as Fedora Rawhide 41 and Debian testing, unstable and experimental, and as such has not been widely spread just yet. Nobody seems to know quite yet what the ultimate intent of the exploit seems to be. Of note: the person who added the compromising code was recently added as a Linux kernel maintainer.

Tall Man Run Gameplay Levels 1 to 15

by
In this exciting YouTube video, we delve into the thrilling world of the Tall Man Run 3D game. Join us as we explore the immersive gameplay and stunning graphics of this adrenaline-pumping running game. Watch as the tall man dashes through challenging obstacles, collects power-ups, and races against the clock. With its intuitive controls and captivating levels, this game is sure to keep you on the edge of your seat. Don’t miss out on the action-packed adventure of Tall Man Run 3D!
Discover the exhilarating Tall Man Run 3D game in this captivating YouTube video. Immerse yourself in the fast-paced world of this endless running game as the tall man sprints through a variety of dynamic environments. Witness the tall man’s agility as he jumps, slides, and maneuvers past obstacles, all while collecting rewards and power-ups along the way. With its visually stunning graphics and addictive gameplay, Tall Man Run 3D is a must-play for all running game enthusiasts. Join us as we delve into the heart-pounding excitement of this thrilling game!

Exploring the Top PHP CMS Platforms #PHP #CMS #PHPCMSPlatforms

by
Are you looking to build a dynamic website with PHP but unsure which Content Management System (CMS) to choose? Look no further! In this video, we dive into the top PHP CMS platforms that can power your website efficiently and effectively.

From popular choices like WordPress, Joomla, and Drupal to lesser-known gems like October CMS and PyroCMS, we’ll explore each platform’s features, flexibility, and suitability for various website needs. Whether you’re a beginner or an experienced developer, there’s a PHP CMS out there that’s just right for you.

Join us as we compare user interfaces, customization options, community support, security features, and more to help you make an informed decision about which PHP CMS fits your project best. Don’t miss out on finding the perfect platform to bring your website vision to life!

Follow us on social media platforms:-

Facebook: https://www.facebook.com/HiddenBrains
LinkedIn: https://www.linkedin.com/company/hiddenbrains-infotech-pvt-ltd
Twitter: https://twitter.com/HiddenBrains
YouTube: https://www.youtube.com/@HiddenBrainsInfotech
Instagram: https://www.instagram.com/hiddenbrains_infotech

#PHP #CMS #ContentManagement #WebDevelopment #OpenSource #WordPress #Drupal #Magento #PHPCMS #HiddenBrains #WebsiteDevelopment

Functionality with Moodle : the 2024 Integrations’ Survey results are out!

by
by Carles Aguiló.  

Dear moodlers,

Our 2024 Integrations’ Survey results are out and we’re happy to share them with you! 🥳 We heard from users all across the globe and all across Moodle functions, and we’re already devising a plan to hear from even more of you next year. Thanks to everyone that participated or spread the word!

The main goal of our research is to understand which types of tools and functionality our users want to see better integrated with Moodle, and as it begins to be tradition, when asking about  integrations, we get great feedback about them, and also about Moodle in general, as you can see in the quotes section on slide 20 and forward.

As a sneak peak of its contents, I will share that the 2 most popular areas of interest continue to be:

  1. Content creation, and
  2. Video conference, or Virtual classroom for the savvy.

But Learning Analytics has taken 3rd place, the new Generative AI takes 4th place, and Plagiarism & Proctoring surges to the 6th.

Happy reading everyone! And happy break if you get one.

Best,

       Carles🤓