Chapter Three: Tackling Complicated Drupal 7 Migrations

Posted on by Michael G
As of April 5, Drupal 7 will have nine months before it’s entirely unsupported and becomes a liability. Migrating out of Drupal 7 can be complicated, and this is one reason many organizations have put it off for so long. While it’s true that Drupal 8 and beyond represent a radical change from Drupal 7, in everything from architecture (the introduction of Symfony components) to theming (Twig versus PHP), the path from Drupal 7 to now Drupal 10 is well trodden, and we’re very familiar with it at Chapter Three.

Because Drupal 7 has been around for well over a decade, many websites built on it have accumulated vast amounts of content, resulting in complex data structures with custom content types, fields, taxonomies, and entity relationships. Inconsistencies or irregularities in legacy data complicate the migration process.

Parabola GNU/Linux-libre: [arch-announce] The xz package has been backdoored

Posted on by Michael G

From: “Arch Linux: Recent news updates: David Runge” arch-announce@lists.archlinux.org

TL;DR: Upgrade your systems and container images now!

As many of you may have already read 1, the upstream release tarballs for xz in version 5.6.0 and 5.6.1 contain malicious code which adds a backdoor.

This vulnerability is tracked in the Arch Linux security tracker 2.

The xz packages prior to version 5.6.1-2 (specifically 5.6.0-1 and 5.6.1-1) contain this backdoor.

We strongly advise against using affected release artifacts and instead downloading what is currently available as latest version!

Upgrading the system

It is strongly advised to do a full system upgrade right away if your system currently has xz version 5.6.0-1 or 5.6.1-1 installed:

pacman -Syu

Regarding sshd authentication bypass/code execution

From the upstream report 1:

> openssh does not directly use liblzma. However debian and several other
distributions patch openssh to support systemd notification, and libsystemd
does depend on lzma.

Arch does not directly link openssh to liblzma, and thus this attack vector is not possible. You can confirm this by issuing the following command:

ldd "$(command -v sshd)"

However, out of an abundance of caution, we advise users to remove the malicious code from their system by upgrading either way. This is because other yet-to-be discovered methods to exploit the backdoor could exist.

URL: https://archlinux.org/news/the-xz-package-has-been-backdoored/

Backdoor in upstream xz/liblzma leading to SSH server compromise

Posted on by Michael G
After observing a few odd symptoms around liblzma (part of the xz package) on Debian sid installations over the last weeks (logins with ssh taking a lot of CPU, valgrind errors) I figured out the answer: The upstream xz repository and the xz tarballs have been backdoored. At first I thought this was a compromise of debian’s package, but it turns out to be upstream. ↫ Andres Freund I don’t normally report on security issues, but this is a big one not just because of the severity of the issue itself, but also because of its origins: it was created by and added to upstream xz/liblzma by a regular contributor of said project, and makes it possibly to bypass SSH encryption. It was discovered more or less by accident by Andres Freund. I have not yet analyzed precisely what is being checked for in the injected code, to allow unauthorized access. Since this is running in a pre-authentication context, it seems likely to allow some form of access or other form of remote code execution. ↫ Andres Freund The exploit was only added to the release tarballs, and not present when taking the code off GitHub manually. Luckily for all of us, the exploit has only made it way to the most bloodiest of bleeding edge distributions, such as Fedora Rawhide 41 and Debian testing, unstable and experimental, and as such has not been widely spread just yet. Nobody seems to know quite yet what the ultimate intent of the exploit seems to be. Of note: the person who added the compromising code was recently added as a Linux kernel maintainer.

How Does DDOS works kinda funny?

Posted on by Michael G

Video by via Dailymotion Source How Does DDOS works kinda funny? Stop posting about Amongus. #noelquezon #amongus #ddosgaming Follow us on NOEL Twitter:https://www.twitter.com/NOELQUEZON Watch your NOEL Youtube:https://www.youtube.com/NOELQUEZON Watch Livestream NOEL on Twitch:https://www.twitch.tv/NOELQUEZON_XBOX Show My Artwork on NOEL Behance:https://www.behance.net/NOELQUEZON Go to Source

Presidente da CNI defende acordo entre Mercosul e UE

Posted on by Michael G

Video by via Dailymotion Source O presidente da CNI (Confederação Nacional da Indústria), Ricardo Alban, defendeu nesta quinta-feira (28) que o acordo comercial atual entre o Mercosul e a União Europeia seja firmado. Assista ao Jornal da Manhã completo: https://youtube.com/live/ngJbGE05DuI Baixe o app Panflix: https://www.panflix.com.br/ Inscreva-se no nosso canal:https://www.youtube.com/c/jovempannews Siga o canal “Jovem Pan News”…

24 Oras Express: March 29, 2024 [HD]

Posted on by Michael G

Video by via Dailymotion Source 24 Oras is GMA Network’s flagship newscast, anchored by Mel Tiangco, Vicky Morales and Emil Sumangil. It airs on GMA-7 Mondays to Fridays at 6:30 PM (PHL Time) and on weekends at 5:30 PM. For more videos from 24 Oras, visit http://www.gmanews.tv/24oras. #GMAIntegratedNews #KapusoStream Breaking news and stories from the…

Pakistan: China Halts Dam Projects After Shocking Attack; Demands New Security Strategy| Oneindia

Posted on by Michael G

Video by via Dailymotion Source Construction on two major dam projects in Pakistan halts after a suicide bombing kills five Chinese engineers and a Pakistani driver. Chinese firms demand enhanced security before resuming work, with 1,250 Chinese nationals affected. Both countries prioritise safety amid frequent militant threats targeting Chinese workers. The incident underscores persistent security…

Tall Man Run Gameplay Levels 1 to 15

Posted on by Michael G
In this exciting YouTube video, we delve into the thrilling world of the Tall Man Run 3D game. Join us as we explore the immersive gameplay and stunning graphics of this adrenaline-pumping running game. Watch as the tall man dashes through challenging obstacles, collects power-ups, and races against the clock. With its intuitive controls and captivating levels, this game is sure to keep you on the edge of your seat. Don’t miss out on the action-packed adventure of Tall Man Run 3D!
Discover the exhilarating Tall Man Run 3D game in this captivating YouTube video. Immerse yourself in the fast-paced world of this endless running game as the tall man sprints through a variety of dynamic environments. Witness the tall man’s agility as he jumps, slides, and maneuvers past obstacles, all while collecting rewards and power-ups along the way. With its visually stunning graphics and addictive gameplay, Tall Man Run 3D is a must-play for all running game enthusiasts. Join us as we delve into the heart-pounding excitement of this thrilling game!