TLDR: if you use Win7/WinXP/Server 2008R2/2003 - turn RDP off and install updates. NOW.
___________
Windows Remote Desktop is surprisingly secure, given its complexity, up to the point that most "RDP vulnerabilities" were in alternative clients, not servers. For almost 20 years.
Until now.
Given that MS is backporting these patches even for Windows XP, which is unsupported for many years already, it's serious.
https://twitter.com/GossiTheDog/status/1128348383704485895
___________
Windows Remote Desktop is surprisingly secure, given its complexity, up to the point that most "RDP vulnerabilities" were in alternative clients, not servers. For almost 20 years.
Until now.
Given that MS is backporting these patches even for Windows XP, which is unsupported for many years already, it's serious.
https://twitter.com/GossiTheDog/status/1128348383704485895
Twitter
Kevin Beaumont
🚨 Very important security update for Windows 🚨 CVE-2018-0708 allows remote, unauthenticated code execution is RDP (Remote Desktop). A very bad thing you should patch against. Around 3 million RDP endpoints are directly exposed to internet. portal.msrc.microsoft.com/en…
Information Dropout: Learning Optimal
Representations Through Noisy Computation
> ... this establishes
a connection between information theoretic and Bayesian representations, where the former explains the use of a multiplier used in practice but unexplained by Bayesian theory
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8253482
Representations Through Noisy Computation
> ... this establishes
a connection between information theoretic and Bayesian representations, where the former explains the use of a multiplier used in practice but unexplained by Bayesian theory
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8253482
ASPLOS'19 // Boosted race trees for low energy classification
Innovation requires constraints, as they say. Here we go, a different machine learning hardware architecture, as performance of von Neumann CPUs isn't improving for years already. Things are getting interesting.
https://sites.cs.ucsb.edu/~sherwood/pubs/ASPLOS-19-racetree.pdf
Innovation requires constraints, as they say. Here we go, a different machine learning hardware architecture, as performance of von Neumann CPUs isn't improving for years already. Things are getting interesting.
https://sites.cs.ucsb.edu/~sherwood/pubs/ASPLOS-19-racetree.pdf
Genie: A new, fast, and outlier-resistant hierarchical clustering algorithm ('16)
I certainly have a special feeling for non-parametric algorithms. They're kinda fire-and-forget, you plug them in and they work, maybe not as good as with carefully tuned parameters, but you don't need to tune them again and again, which is a big deal.
https://www.gagolewski.com/publications/2016genie.pdf
I certainly have a special feeling for non-parametric algorithms. They're kinda fire-and-forget, you plug them in and they work, maybe not as good as with carefully tuned parameters, but you don't need to tune them again and again, which is a big deal.
https://www.gagolewski.com/publications/2016genie.pdf
The time for Linux Desktop has arrived! Kinda :D Now you can open a text file and get pwned on Linux and Mac too:
> Arbitrary Code Execution in Vim via text file modelines (CVE-2019-12735)
https://twitter.com/unix_root/status/1138372837486596096
https://nvd.nist.gov/vuln/detail/CVE-2019-12735
> Arbitrary Code Execution in Vim via text file modelines (CVE-2019-12735)
https://twitter.com/unix_root/status/1138372837486596096
https://nvd.nist.gov/vuln/detail/CVE-2019-12735
Twitter
Mohit Kumar
Don't you dare try opening any file, even text, on your #Linux using Vim or Neovim. https://t.co/fYonFjKHZG A high-severity flaw (CVE-2019-12735) has been found in the both widely-used editors that could allow a specially crafted file to execute commands…
what phenomena neural net optimizers can and can't generalize?
> Understanding Generalization through Visualizations
https://arxiv.org/pdf/1906.03291v2.pdf
> Understanding Generalization through Visualizations
https://arxiv.org/pdf/1906.03291v2.pdf
really, we claim to be an innovative industry, and still stubbornly cling to archaic crap like POSIX, why?
https://medium.com/@benlaurie_18378/how-to-ruin-a-perfectly-good-container-d33250fca595
https://medium.com/@benlaurie_18378/how-to-ruin-a-perfectly-good-container-d33250fca595
Medium
How To Ruin A Perfectly Good Container
I am not aiming at a general audience. I assume you have some notion of what security is and how it is provided (to the extent it is), in…
TIL there are mining operations as deep as 3.9 km underground. Also, elevators going 58 kmh!
https://en.wikipedia.org/wiki/TauTona_Mine
https://en.wikipedia.org/wiki/TauTona_Mine
Wikipedia
TauTona Mine
mine in Gauteng, South Africa
not a tech link this time... or is it?
https://inhabitat.com/how-one-family-thrives-in-the-arctic-with-a-cob-house-inside-a-solar-geodesic-dome/
https://inhabitat.com/how-one-family-thrives-in-the-arctic-with-a-cob-house-inside-a-solar-geodesic-dome/
OS X <=10.14.5 0day Gatekeeper bypass
TLDR: you can create a ZIP archive with "CoolPicture.JPG.аpp" inside, it will look like JPG and launch without warnings; PoC available too (90day disclosure timeline expired)
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
TLDR: you can create a ZIP archive with "CoolPicture.JPG.аpp" inside, it will look like JPG and launch without warnings; PoC available too (90day disclosure timeline expired)
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
(yes, it's not about the paper, it's about the noscript)
https://www.ncbi.nlm.nih.gov/pubmed/31181385
https://www.ncbi.nlm.nih.gov/pubmed/31181385
PubMed
Fantastic yeasts and where to find them: the hidden diversity of dimorphic fungal pathogens - PubMed
Dimorphic fungal pathogens are a significant cause of human disease worldwide. Notably, the dimorphic fungal pathogens within the order Onygenales are considered primary pathogens, causing disease in healthy hosts. Current changes in taxonomy are underway…
Universal Scalability Law: a really nice illustration on how adding more resources (cores, machines, people etc) to the system eventually makes it slower.
https://www.michaelnygard.com/blog/2018/01/coherence-penalty-for-humans/
https://www.michaelnygard.com/blog/2018/01/coherence-penalty-for-humans/
Michaelnygard
Coherence Penalty for Humans - Wide Awake Developers
This is a brief aside from my ongoing series about avoiding entity services. An interesting dinner conversation led to thoughts that I needed to write down. Amdahl's Law In 1967, Gene Amdahl presented a case against multiprocessing computers. He argued that…
https://tabnine.com/blog/deep -> junior/middle level programmers' salaries down in 3..2..1..
Forwarded from χаотичні нотатки
either you make things happen, or things happen to you https://oleksandr.works/2019/07/25/news-and-ideas/
oleksandr.works
News and Ideas | Understand the World
Got into a rather nasty car accident. Was waiting in the traffic jam, ended up with a broken shoulder and a totaled car. Right now…