[syndicated profile] mobileread_feed

Posted by WT Sharpe

MobileRead Book Club
November 2017 Nominations


Help us select the next book that the MobileRead Book Club will read for November, 2017.

The nominations will run through midnight EST October 26 or until 10 books have made the list. The poll will then be posted and will remain open for five days.

The book selection category for November is History.

In order for a book to be included in the poll it needs THREE NOMINATIONS (original nomination, a second and a third).

How Does This Work?
The Mobile Read Book Club (MRBC) is an informal club that requires nothing of you. Each month a book is selected by polling. On the last week of that month a discussion thread is started for the book. If you want to participate feel free. There is no need to "join" or sign up. All are welcome.

How Does a Book Get Selected?
Each book that is nominated will be listed in a poll at the end of the nomination period. The book that polls the most votes will be the official selection.

How Many Nominations Can I Make?
Each participant has 3 nominations. You can nominate a new book for consideration or nominate (second, third) one that has already been nominated by another person.

How Do I Nominate a Book?
Please just post a message with your nomination. If you are the FIRST to nominate a book, please try to provide an abstract to the book so others may consider their level of interest.

How Do I Know What Has Been Nominated?
Just follow the thread. This message will be updated with the status of the nominations as often as I can. If one is missed, please just post a message with a multi-quote of the 3 nominations and it will be added to the list ASAP.

When is the Poll?
The poll thread will open at the end of the nomination period, or once there have been 10 books with 3 nominations each. At that time a link to the initial poll thread will be posted here and this thread will be closed.

The floor is open to nominations. Please comment if you discover a nomination is not available as an ebook in your area.


Official choices with three nominations each:

- None -

Cisco Releases Security Updates

Oct. 18th, 2017 20:07
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 18, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 18, 2017

Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Bulletin

Oct. 18th, 2017 00:40
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 17, 2017

Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Oracle October 2017 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on DDoS Attacks

Oct. 18th, 2017 00:39
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT's Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.


This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on IoT Devices

Oct. 17th, 2017 22:56
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 17, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart cities, connected devices, digitized records, as well as smart cars and homes, have become a new reality. While there are tremendous benefits to this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways. The National Cyber Security Alliance has released Online Cybersecurity Advice to help users access digital innovations safely and efficiently.

US-CERT encourages users and administrators to review the following resources:


This product is provided subject to this Notification and this Privacy & Use policy.


Bundle haul

Oct. 16th, 2017 22:38
[syndicated profile] eaglespath_feed

Confession time: I started making these posts (eons ago) because a close friend did as well, and I enjoyed reading them. But the main reason why I continue is because the primary way I have to keep track of the books I've bought and avoid duplicates is, well, grep on these posts.

I should come up with a non-bullshit way of doing this, but time to do more elegant things is in short supply, and, well, it's my blog. So I'm boring all of you who read this in various places with my internal bookkeeping. I do try to at least add a bit of commentary.

This one will be more tedious than most since it includes five separate Humble Bundles, which increases the volume a lot. (I just realized I'd forgotten to record those purchases from the past several months.)

First, the individual books I bought directly:

Ilona Andrews — Sweep in Peace (sff)
Ilona Andrews — One Fell Sweep (sff)
Steven Brust — Vallista (sff)
Nicky Drayden — The Prey of Gods (sff)
Meg Elison — The Book of the Unnamed Midwife (sff)
Pat Green — Night Moves (nonfiction)
Ann Leckie — Provenance (sff)
Seanan McGuire — Once Broken Faith (sff)
Seanan McGuire — The Brightest Fell (sff)
K. Arsenault Rivera — The Tiger's Daughter (sff)
Matthew Walker — Why We Sleep (nonfiction)

Some new books by favorite authors, a few new releases I heard good things about, and two (Night Moves and Why We Sleep) from references in on-line articles that impressed me.

The books from security bundles (this is mostly work reading, assuming I'll get to any of it), including a blockchain bundle:

Wil Allsop — Unauthorised Access (nonfiction)
Ross Anderson — Security Engineering (nonfiction)
Chris Anley, et al. — The Shellcoder's Handbook (nonfiction)
Conrad Barsky & Chris Wilmer — Bitcoin for the Befuddled (nonfiction)
Imran Bashir — Mastering Blockchain (nonfiction)
Richard Bejtlich — The Practice of Network Security (nonfiction)
Kariappa Bheemaiah — The Blockchain Alternative (nonfiction)
Violet Blue — Smart Girl's Guide to Privacy (nonfiction)
Richard Caetano — Learning Bitcoin (nonfiction)
Nick Cano — Game Hacking (nonfiction)
Bruce Dang, et al. — Practical Reverse Engineering (nonfiction)
Chris Dannen — Introducing Ethereum and Solidity (nonfiction)
Daniel Drescher — Blockchain Basics (nonfiction)
Chris Eagle — The IDA Pro Book, 2nd Edition (nonfiction)
Nikolay Elenkov — Android Security Internals (nonfiction)
Jon Erickson — Hacking, 2nd Edition (nonfiction)
Pedro Franco — Understanding Bitcoin (nonfiction)
Christopher Hadnagy — Social Engineering (nonfiction)
Peter N.M. Hansteen — The Book of PF (nonfiction)
Brian Kelly — The Bitcoin Big Bang (nonfiction)
David Kennedy, et al. — Metasploit (nonfiction)
Manul Laphroaig (ed.) — PoC || GTFO (nonfiction)
Michael Hale Ligh, et al. — The Art of Memory Forensics (nonfiction)
Michael Hale Ligh, et al. — Malware Analyst's Cookbook (nonfiction)
Michael W. Lucas — Absolute OpenBSD, 2nd Edition (nonfiction)
Bruce Nikkel — Practical Forensic Imaging (nonfiction)
Sean-Philip Oriyano — CEHv9 (nonfiction)
Kevin D. Mitnick — The Art of Deception (nonfiction)
Narayan Prusty — Building Blockchain Projects (nonfiction)
Prypto — Bitcoin for Dummies (nonfiction)
Chris Sanders — Practical Packet Analysis, 3rd Edition (nonfiction)
Bruce Schneier — Applied Cryptography (nonfiction)
Adam Shostack — Threat Modeling (nonfiction)
Craig Smith — The Car Hacker's Handbook (nonfiction)
Dafydd Stuttard & Marcus Pinto — The Web Application Hacker's Handbook (nonfiction)
Albert Szmigielski — Bitcoin Essentials (nonfiction)
David Thiel — iOS Application Security (nonfiction)
Georgia Weidman — Penetration Testing (nonfiction)

Finally, the two SF bundles:

Buzz Aldrin & John Barnes — Encounter with Tiber (sff)
Poul Anderson — Orion Shall Rise (sff)
Greg Bear — The Forge of God (sff)
Octavia E. Butler — Dawn (sff)
William C. Dietz — Steelheart (sff)
J.L. Doty — A Choice of Treasons (sff)
Harlan Ellison — The City on the Edge of Forever (sff)
Toh Enjoe — Self-Reference ENGINE (sff)
David Feintuch — Midshipman's Hope (sff)
Alan Dean Foster — Icerigger (sff)
Alan Dean Foster — Mission to Moulokin (sff)
Alan Dean Foster — The Deluge Drivers (sff)
Taiyo Fujii — Orbital Cloud (sff)
Hideo Furukawa — Belka, Why Don't You Bark? (sff)
Haikasoru (ed.) — Saiensu Fikushon 2016 (sff anthology)
Joe Haldeman — All My Sins Remembered (sff)
Jyouji Hayashi — The Ouroboros Wave (sff)
Sergei Lukyanenko — The Genome (sff)
Chohei Kambayashi — Good Luck, Yukikaze (sff)
Chohei Kambayashi — Yukikaze (sff)
Sakyo Komatsu — Virus (sff)
Miyuki Miyabe — The Book of Heroes (sff)
Kazuki Sakuraba — Red Girls (sff)
Robert Silverberg — Across a Billion Years (sff)
Allen Steele — Orbital Decay (sff)
Bruce Sterling — Schismatrix Plus (sff)
Michael Swanwick — Vacuum Flowers (sff)
Yoshiki Tanaka — Legend of the Galactic Heroes, Volume 1: Dawn (sff)
Yoshiki Tanaka — Legend of the Galactic Heroes, Volume 2: Ambition (sff)
Yoshiki Tanaka — Legend of the Galactic Heroes, Volume 3: Endurance (sff)
Tow Ubukata — Mardock Scramble (sff)
Sayuri Ueda — The Cage of Zeus (sff)
Sean Williams & Shane Dix — Echoes of Earth (sff)
Hiroshi Yamamoto — MM9 (sff)
Timothy Zahn — Blackcollar (sff)

Phew. Okay, all caught up, and hopefully won't have to dump something like this again in the near future. Also, more books than I have any actual time to read, but what else is new.

Adobe Releases Security Updates

Oct. 16th, 2017 19:33
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 16, 2017

Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] eaglespath_feed

I said that I was going to start writing these regularly, so I'm going to stick to it, even when the results are rather underwhelming. One of the goals is to make the time for more free software work, and I do better at doing things that I record.

The only piece of free software work for September was that I made rra-c-util compile cleanly with the Clang static analyzer. This was fairly tedious work that mostly involved unconfusing the compiler or converting (semi-intentional) crashes into explicit asserts, but it unblocks using the Clang static analyzer as part of the automated test suite of my other projects that are downstream of rra-c-util.

One of the semantic changes I made was that the vector utilities in rra-c-util (which maintain a resizable array of strings) now always allocate room for at least one string pointer. This wastes a small amount of memory for empty vectors that are never used, but ensures that the strings struct member is always valid. This isn't, strictly speaking, a correctness fix, since all the checks were correct, but after some thought, I decided that humans might have the same problem that the static analyzer had. It's a lot easier to reason about a field that's never NULL. Similarly, the replacement function for a missing reallocarray now does an allocation of size 1 if given a size of 0, just to avoid edge case behavior. (I'm sure the behavior of a realloc with size 0 is defined somewhere in the C standard, but if I have to look it up, I'd rather not make a human reason about it.)

I started on, but didn't finish, making rra-c-util compile without Clang warnings (at least for a chosen set of warnings). By far the hardest problem here are the Clang warnings for comparisons between unsigned and signed integers. In theory, I like this warning, since it's the cause of a lot of very obscure bugs. In practice, gah does C ever do this all over the place, and it's incredibly painful to avoid. (One of the biggest offenders is write, which returns a ssize_t that you almost always want to compare against a size_t.) I did a bunch of mechanical work, but I now have a lot of bits of code like:

     if (status < 0)
         return;
    written = (size_t) status;
    if (written < avail)
        buffer->left += written;

which is ugly and unsatisfying. And I also have a ton of casts, such as with:

    buffer_resize(buffer, (size_t) st.st_size + used);

since st.st_size is an off_t, which may be signed. This is all deeply unsatisfying and ugly, and I think it makes the code moderately harder to read, but I do think the warning will potentially catch bugs and even security issues.

I'm still torn. Maybe I can find some nice macros or programming styles to avoid the worst of this problem. It definitely requires more thought, rather than just committing this huge mechanical change with lots of ugly code.

Mostly, this kind of nonsense makes me want to stop working on C code and go finish learning Rust....

Anyway, apart from work, the biggest thing I managed to do last month that was vaguely related to free software was upgrading my personal servers to stretch (finally). That mostly went okay; only a few things made it unnecessarily exciting.

The first was that one of my systems had a very tiny / partition that was too small to hold the downloaded debs for the upgrade, so I had to resize it (VM disk, partition, and file system), and that was a bit exciting because it has an old-style DOS partition table that isn't aligned (hmmm, which is probably why disk I/O is so slow on those VMs), so I had to use the obsolete fdisk -c=dos mode because I wasn't up for replacing the partition right then.

The second was that my first try at an upgrade died with a segfault during the libc6 postinst and then every executable segfaulted. A mild panic and a rescue disk later (and thirty minutes and a lot of swearing), I tracked the problem down to libc6-xen. Nothing in the dependency structure between jessie and stretch forces libc6-xen to be upgraded in lockstep or removed, but it's earlier in the search path. So ld.so gets upgraded, and then finds the old libc6 from the libc6-xen package, and the mismatch causes immediate segfaults. A chroot dpkg --purge from the rescue disk solved the problem as soon as I knew what was going on, but that was a stressful half-hour.

The third problem was something I should have known was going to be an issue: an old Perl program that does some internal stuff for one of the services I ran had a defined @array test that has been warning for eons and that I never fixed. That became a full syntax error with the most recent Perl, and then I fixed it incorrectly the first time and had a bunch of trouble tracking down what I'd broken. All sorted out now, and everything is happily running stretch. (ejabberd, which other folks had mentioned was a problem, went completely smoothly, although I suspect I now have too many of the plugin packages installed and should do a purging.)

[syndicated profile] mobileread_feed

Posted by Alexander Turcic

Is it really Sunday again? Hoorah! Time to dig in to another digest of MobileRead delectables ;)

E-Book General - Reading RecommendationsE-Book Readers - Amazon Kindle

My American cousins...

Oct. 13th, 2017 19:26
[syndicated profile] dubious_prospects_feed

Posted by Graydon

Somewhere in the machinery of your government, there's someone who was carefully chosen for being not especially empathetic, never having made any mistakes at anything their whole life, and for not considering themselves especially important.  (You can't reliably put duty and country ahead of your own personal feelings if you've especially much got personal feelings.)

They're also not that old

Mozilla Releases Security Update

Oct. 11th, 2017 14:25
[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 11, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 10, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] us_cert_current_feed

Posted by US-CERT

Original release date: October 10, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience.

US-CERT encourages organizations and employees to review the following resources:


This product is provided subject to this Notification and this Privacy & Use policy.


[syndicated profile] mobileread_feed

Posted by sun surfer

'Anne Enright is a dazzling writer of international stature and one of Ireland’s most singular voices. Now she delivers The Gathering, a moving, evocative portrait of a large Irish family and a shot of fresh blood into the Irish literary tradition, combining the lyricism of the old with the shock of the new.

The nine surviving children of the Hegarty clan are gathering in Dublin for the wake of their wayward brother, Liam, drowned in the sea. His sister, Veronica, collects the body and keeps the dead man company, guarding the secret she shares with him—something that happened in their grandmother’s house in the winter of 1968. As Enright traces the line of betrayal and redemption through three generations her distinctive intelligence twists the world a fraction and gives it back to us in a new and unforgettable light. The Gathering is a daring, witty, and insightful family epic, clarified through Anne Enright’s unblinking eye. It is a novel about love and disappointment, about how memories warp and secrets fester, and how fate is written in the body, not in the stars.'

The Gathering is the winner of the 2007 Man Booker Prize and was chosen unanimously by the jury.


This is the MR Literary Club selection for October 2017. Whether you've already read it or would like to, feel free to start or join in the conversation at any time, and guests are always welcome! So, what are your thoughts on it?

Attachment 159362Attachment 159361Attachment 159360Attachment 159359

Attached Thumbnails
Click image for larger versionName:the_gathering.jpgViews:N/ASize:145.1 KBID:159359   Click image for larger versionName:410BWtRu8qL.jpgViews:N/ASize:27.3 KBID:159360   Click image for larger versionName:1200x630bb.jpgViews:N/ASize:45.6 KBID:159361   Click image for larger versionName:998133.jpgViews:N/ASize:28.1 KBID:159362  

Profile

piranha: red origami crane (Default)
renaissance poisson

July 2015

S M T W T F S
   123 4
567891011
12131415161718
19202122232425
262728293031 

Most Popular Tags

Expand Cut Tags

No cut tags