nurdsoft

Concerned about securing your Go applications? We've put together a brief guide with 5 essential commands to help you strengthen security and identify potential vulnerabilities in your Go apps! #golang #programming #developers

Jetpack Security Patch, Terraform 2.0 Beta, Internet Archive Breach & .NET 9 RC – Key Tech Updates from Last Week! 📑 Critical Security Update Released for Jetpack WordPress Plugin A critical security flaw affecting WordPress plugin Jetpack, used on around 27 million sites, was patched last week. The vulnerability, present in the Contact Form feature since version 3.9.9 (2016), could allow logged-in users with low-level roles to view site visitors' form submissions. Jetpack reports no known exploitation but warns that attempts may arise now that the issue is public. Automatic updates have been rolled out, but administrators with auto-updates disabled should manually update their sites to avoid potential risks. 🟦 HashiCorp Unveils Terraform 2.0 Amid Impending IBM Acquisition At HashiConf 2024, HashiCorp announced major updates like Terraform 2.0 (Stacks) entering public beta and the general availability of HCP Waypoint, while quietly avoiding the topic of its upcoming $6.4 billion acquisition by IBM. Terraform Stacks aims to improve infrastructure management and scalability, allowing up to 500 resources for free during beta. Other updates include GPU scheduling in Nomad for AI and advancements in HCP Vault for security. Despite IBM's looming presence, HashiCorp reassured attendees that its core offerings remain strong amidst the transition. 🥷🏼 Internet Archive Breached Again via Stolen Access Tokens The Internet Archive suffered another data breach, this time through its Zendesk email support platform, after failing to rotate stolen GitLab authentication tokens exposed for nearly two years. The breach allowed threat actors to access over 800,000 support tickets, some containing personal identification documents. This follows an earlier breach where 33 million user records were stolen. 🟥 Microsoft Previews Unified .NET API for AI and Releases .NET 9 RC with Go-Live License Microsoft has introduced the Microsoft. Extensions. AI library, aiming to create a unified API for AI programming in C#. This abstraction layer would allow developers to interact with AI services, offering a standard API across different providers, while still enabling the use of proprietary APIs when necessary. Reference implementations are available for OpenAI, Azure AI, and Ollama. Additionally, Microsoft released a .NET 9 release candidate with a go-live license, ahead of its official launch in November. .NET 9 focuses on cloud-native applications and performance, with enhancements across C# 13 and improvements in frameworks like MAUI and Blazor. This version is not long-term support (LTS) and will be supported for 18 months. #dotnet #hashicorp #wordpress #devops

This week's tech news features new releases in Python and Git, along with AI's impact on power generation! 🐍 Python 3.13: New Features and Highlights Python 3.13, released on October 7, 2024, introduces significant updates to the language and standard library. Major features include a new interactive interpreter, experimental support for free-threaded mode (PEP 703), and a Just-In-Time compiler (PEP 744). Tracebacks are now highlighted in color by default, improving error message clarity. The locals() builtin has refined behavior, and type parameters can now have default values. Deprecated APIs and modules from earlier versions have been removed, enhancing user experience and correctness. The release balances new functionality with improved performance, making Python 3.13 a notable upgrade. 🥷🏼 Internet Archive Restores Services in Read-Only Mode After Cyberattack and Data Breach Affecting 31 Million Accounts The Internet Archive is now back online in a read-only state after a cyberattack and data breach brought it offline on October 9th. The attack led to the theft of 31 million records, including email addresses, screen names, and Bcrypt-hashed passwords. While services like the Wayback Machine are accessible to browse archived content, features like capturing new pages are currently disabled. The team is gradually restoring services while enhancing security. 🔋 US Utility Companies Face Urgent Need to Expand Power for AI Data Centers A Bain & Company report warns that U.S. utility companies must rapidly increase power generation by up to 26% by 2028 to meet soaring demand from AI-driven data centers. The report projects that by 2028, data centers could consume 44% of U.S. energy, surpassing residential, manufacturing, and commercial sectors. Without swift modernization, companies may face energy shortages, with some data centers potentially forced to generate their own power. The report highlights the strain AI's growth places on energy infrastructure, raising concerns about reliance on dirtier energy sources to meet the increased demand. 🍴 Git 2.47 Highlights A new Git 2.47 introduces significant updates, including incremental multi-pack indexes (MIDXs), which improve performance by allowing faster object lookups. This experimental feature enables adding new objects via an incremental MIDX layer, speeding up updates without a full MIDX rebuild. Another addition is a tool for identifying base branches using the new %(is-base:) atom in for-each-ref, simplifying branch origin detection. Git also formalized its Platform Support Policy, outlining system requirements. Additionally, reftable, Git's reference backend, saw unit test improvements, and new VSCode merge tool support allows easier 3-way merge configuration via git mergetool. Other enhancements include better memory leak detection and more comprehensive testing. #python #git #cybersecurity #ai

This week's tech news features new releases in Python and Git, along with AI's impact on power generation! 🐍 Python 3.13: New Features and Highlights Python 3.13, released on October 7, 2024, introduces significant updates to the language and standard library. Major features include a new interactive interpreter, experimental support for free-threaded mode (PEP 703), and a Just-In-Time compiler (PEP 744). Tracebacks are now highlighted in color by default, improving error message clarity. The locals() builtin has refined behavior, and type parameters can now have default values. Deprecated APIs and modules from earlier versions have been removed, enhancing user experience and correctness. The release balances new functionality with improved performance, making Python 3.13 a notable upgrade. 🥷🏼 Internet Archive Restores Services in Read-Only Mode After Cyberattack and Data Breach Affecting 31 Million Accounts The Internet Archive is now back online in a read-only state after a cyberattack and data breach brought it offline on October 9th. The attack led to the theft of 31 million records, including email addresses, screen names, and Bcrypt-hashed passwords. While services like the Wayback Machine are accessible to browse archived content, features like capturing new pages are currently disabled. The team is gradually restoring services while enhancing security. 🔋 US Utility Companies Face Urgent Need to Expand Power for AI Data Centers A Bain & Company report warns that U.S. utility companies must rapidly increase power generation by up to 26% by 2028 to meet soaring demand from AI-driven data centers. The report projects that by 2028, data centers could consume 44% of U.S. energy, surpassing residential, manufacturing, and commercial sectors. Without swift modernization, companies may face energy shortages, with some data centers potentially forced to generate their own power. The report highlights the strain AI's growth places on energy infrastructure, raising concerns about reliance on dirtier energy sources to meet the increased demand. 🍴 Git 2.47 Highlights A new Git 2.47 introduces significant updates, including incremental multi-pack indexes (MIDXs), which improve performance by allowing faster object lookups. This experimental feature enables adding new objects via an incremental MIDX layer, speeding up updates without a full MIDX rebuild. Another addition is a tool for identifying base branches using the new %(is-base:) atom in for-each-ref, simplifying branch origin detection. Git also formalized its Platform Support Policy, outlining system requirements. Additionally, reftable, Git's reference backend, saw unit test improvements, and new VSCode merge tool support allows easier 3-way merge configuration via git mergetool. Other enhancements include better memory leak detection and more comprehensive testing. #python #git #cybersecurity #ai

How big is your Monday checklist? What if … instead of procrastinating about it, you read some tech news about WASM, Linux, Security, and more! 🐧 Golang Adopts Faster getrandom() with vDSO Support on Linux Golang has integrated support for the faster getrandom() function using vDSO on Linux systems, leveraging the capabilities introduced in the Linux 6.11 kernel for more efficient random number generation. Benchmark tests show significant improvements, including a reduction in operation time by 87% and a nearly 720% increase in read throughput. This update marks another early adoption of vDSO getrandom() by programming languages like Golang, alongside Glibc. 🗳️ Wasmer 4.4 Enhances WebAssembly Runtime with New Features Wasmer 4.4, the latest version of the WebAssembly runtime, continues to bolster its capabilities for running universal apps across various environments, from edge devices to the cloud. Key improvements in this release include object size estimation, better proxy handling, enhanced executable spawning, and various bug fixes. Although not a major overhaul, this update builds on the already solid Wasmer 4.x foundation, maintaining its position as one of the most robust WebAssembly runtimes for desktop environments. 🤖 AI-Generated Images Enhance Robot Training in New Research Researchers from Stephen James’s Robot Learning Lab in London have developed Genima, a system that fine-tunes Stable Diffusion, an image-generating AI model, to produce training data for robots. Genima helps guide robots in simulations and real-world tasks by overlaying sensor data onto images, which directs robots' movements through visual feedback. This approach makes robot training more interpretable and efficient, with the potential to improve a range of machines, from robotic arms to driverless cars. While initial success rates in tests were moderate, the system shows promise for future applications, particularly in domestic robot tasks and AI web agents. 🪶 Apache HTTP Server Vulnerabilities Enable Serious Cyber Threats Two critical vulnerabilities in the Apache HTTP Server—CVE-2024-40725 and CVE-2024-40898—have been discovered, posing serious risks to organizations worldwide. These vulnerabilities, affecting versions 2.4.0 through 2.4.61, allow attackers to exploit HTTP request smuggling and bypass SSL authentication, potentially leading to unauthorized access to sensitive data. With over 7.6 million instances exposed, attackers are actively discussing exploits on Dark Web forums. Organizations must promptly apply patches, update to version 2.4.62 or later, and review server configurations to mitigate these threats. Web Application Firewalls and regular security assessments are also recommended. #ai #golang #security #apache

We are back to bother y'all with the latest tech updates featuring news from the world of Linux and open-source this week! 🐧 Major Linux Vulnerability Exposes Systems to Remote Code Execution – Here’s What You Need to Know A critical vulnerability in the Common UNIX Printing System (CUPS) has raised alarms, potentially exposing up to 300,000 Linux endpoints to remote code execution (RCE). While most of the exposed systems are likely desktops rather than servers, the flaw enables attackers to exploit the cups-browsed daemon if it is manually enabled. The vulnerability affects several versions of Linux, including Red Hat Enterprise Linux (RHEL), but it’s not active by default in most cases. Mitigation is simple, involving disabling the cups-browsed service or updating the CUPS package. 🐘 PostgreSQL 17 Released: Enhanced Performance and New Features PostgreSQL 17 has officially launched, introducing significant performance enhancements and new functionalities. The latest version revamps the internal memory structure for vacuum processes, reducing memory usage by up to 20 times, while improvements to the I/O layer can deliver double the write throughput for high-concurrency workloads. Additional features include support for JSON_TABLE, enhanced MERGE functionalities, a new collation provider, and incremental backup capabilities with pg_basebackup. 🗃️ Valkey 8.0 Released: A High-Performance Fork of Redis Achieving One Million RPS Valkey 8.0 has been launched as a powerful fork of Redis, designed to handle up to one million requests per second (RPS). This release focuses on significant performance enhancements, tripling the speed of its predecessor and introducing numerous optimizations for better memory efficiency. Key improvements include optimized handling of temporary set objects, experimental RDMA user keep-alive support, and enhancements to multi-threaded performance through memory prefetching. The release also features dual-channel efficient full-sync replication and various command changes, ensuring full compatibility with Redis OSS 7.2.4. With these advancements, Valkey is poised to become a leading open-source alternative to Redis, attracting more industry attention. 💰 Compensation Correlates with Security: Survey Highlights Need for Better Support for Open-Source Maintainers A Tidelift survey of 400 open-source software maintainers reveals that paid maintainers are 55% more likely to implement critical security and maintenance practices than their unpaid counterparts, such as two-factor authentication and static code analysis. Despite the benefits of compensation, 60% of maintainers remain unpaid, leading many to feel underappreciated and stressed, with 60% considering quitting. As threats like malware increase, maintainers now spend about 11% of their time on security tasks, yet skepticism about AI tools persists, with 64% fearing they could negatively impact their work. #linux #postgres #opensource #security

We are back to bother y'all with the latest tech updates featuring news from the world of Linux and open-source this week! 🐧 Major Linux Vulnerability Exposes Systems to Remote Code Execution – Here’s What You Need to Know A critical vulnerability in the Common UNIX Printing System (CUPS) has raised alarms, potentially exposing up to 300,000 Linux endpoints to remote code execution (RCE). While most of the exposed systems are likely desktops rather than servers, the flaw enables attackers to exploit the cups-browsed daemon if it is manually enabled. The vulnerability affects several versions of Linux, including Red Hat Enterprise Linux (RHEL), but it’s not active by default in most cases. Mitigation is simple, involving disabling the cups-browsed service or updating the CUPS package. 🐘 PostgreSQL 17 Released: Enhanced Performance and New Features PostgreSQL 17 has officially launched, introducing significant performance enhancements and new functionalities. The latest version revamps the internal memory structure for vacuum processes, reducing memory usage by up to 20 times, while improvements to the I/O layer can deliver double the write throughput for high-concurrency workloads. Additional features include support for JSON_TABLE, enhanced MERGE functionalities, a new collation provider, and incremental backup capabilities with pg_basebackup. 🗃️ Valkey 8.0 Released: A High-Performance Fork of Redis Achieving One Million RPS Valkey 8.0 has been launched as a powerful fork of Redis, designed to handle up to one million requests per second (RPS). This release focuses on significant performance enhancements, tripling the speed of its predecessor and introducing numerous optimizations for better memory efficiency. Key improvements include optimized handling of temporary set objects, experimental RDMA user keep-alive support, and enhancements to multi-threaded performance through memory prefetching. The release also features dual-channel efficient full-sync replication and various command changes, ensuring full compatibility with Redis OSS 7.2.4. With these advancements, Valkey is poised to become a leading open-source alternative to Redis, attracting more industry attention. 💰 Compensation Correlates with Security: Survey Highlights Need for Better Support for Open-Source Maintainers A Tidelift survey of 400 open-source software maintainers reveals that paid maintainers are 55% more likely to implement critical security and maintenance practices than their unpaid counterparts, such as two-factor authentication and static code analysis. Despite the benefits of compensation, 60% of maintainers remain unpaid, leading many to feel underappreciated and stressed, with 60% considering quitting. As threats like malware increase, maintainers now spend about 11% of their time on security tasks, yet skepticism about AI tools persists, with 64% fearing they could negatively impact their work. #linux #postgres #opensource #security

🌟 We’re Growing! Be Part of Something Big! 🌟 NurdSoft is on the lookout for talented engineers to join our innovative and fast-paced team. 🚀 Are you passionate about tech, driven by solving tough challenges, and ready to work where innovation meets real impact? If so, your next adventure starts here. 💥 Open Roles- 🚀 Lead DevOps Engineer- https://lnkd.in/dWXQuw7k 💻 Senior Backend Engineer-https://lnkd.in/dXbfHX5E 🛠️ Senior QA Engineer-https://lnkd.in/dEj5d5Mn Why NurdSoft? 💻 Flexible Work, Your Way: We’re a remote-first company because we know work-life balance matters. Work where you thrive! 📚 Grow with Us: From training to career advancement, we’ve got the tools to help you level up. Your professional growth is our priority. 🌈 Diversity & Inclusion: At NurdSoft, we’re not just about building great tech—we’re building a culture where all voices are heard and every idea counts. Ready to make waves and create something amazing? 🌊 Apply now and let’s shape the future together. 💡 #Hiring #TechJobs #RemoteWork #CareerGrowth #IndiaJobs ##JoinTheTeam #ITJobs #DevOps #QA #BackendEngineer #TesterJobs

If you weren't able to catch Oracle Cloud world catch our reflections here and let us know what you think. #oracle #cloud #database https://lnkd.in/gkm-pMHy

Your weekly news tech update covering Payment Breaches, Malware Attacks, AI Glitches, and Crypto Scams 📰 💰 Payment gateway data breach affects 1.7 million credit card owners A data breach at payment gateway provider Slim CD exposed the personal and credit card information of nearly 1.7 million individuals. Hackers had access to the company’s network for almost a year, from August 2023 to June 2024, although credit card data was accessed specifically between June 14 and 15, 2024. Compromised information includes names, addresses, card numbers, and expiration dates. While CVV numbers were not exposed, there remains a risk of credit card fraud. Slim CD has enhanced its security measures and advises affected individuals to stay alert for suspicious activity. 🐍 North Korean Lazarus hackers target Python developers with malware-laced coding tests The North Korean hacker group Lazarus targets Python developers by posing as recruiters and offering coding tests for password management products that secretly contain malware. The 'VMConnect' campaign has been active since August 2023, with hackers using fake Python packages on PyPI. Lazarus impersonates large U.S. banks like Capital One, luring developers through platforms like LinkedIn. Victims are asked to fix bugs in a password manager project, but running the provided files executes a hidden malware downloader. The attackers pressure victims to complete the task quickly to avoid detection. Developers are advised to verify recruiters and check code in safe environments. 📱 iPhone 16's AI-powered Apple Intelligence shows early signs of unreliability Apple unveiled the iPhone 16, highlighting its A18 chip designed for the new Apple Intelligence AI software, set to assist in tasks like summarizing messages, writing emails, and photo editing. However, in tests of its prerelease software, Apple's AI has been found to generate inaccurate or fabricated information frequently. These errors range from funny to concerning, with the AI sometimes misinterpreting basic facts, misclassifying emails, or even editing selfies awkwardly. Though promising, the software's current shortcomings suggest that potential buyers might want to wait for improvements before investing in the iPhone 16. 🔐 Crypto Scam Losses Surge 45% in 2023, FBI Reports Losses from cryptocurrency scams grew by 45% in 2023 compared to the previous year, exceeding $5.6 billion, according to an FBI report. The increase is linked to the speed and irreversibility of digital asset transactions. Investment scams accounted for 71% of the losses, with call center and government impersonation scams following. Older adults, especially those over 60, were disproportionately affected, losing over $1.6 billion. The FBI emphasized that while blockchain transactions are traceable, international money transfers pose challenges for law enforcement. #cybersecurity #crypto #tech #python