Other Sites

LinuxGizmos.com

LILYGO to Launch ESP32-Based Gizmo with E-Paper Display, LoRa, and MagSafe Charging

The T5 E-Paper S3 Pro is a compact development board featuring the ESP32-S3-WROOM-1 microcontroller alongside advanced capabilities. Designed for low-power applications, it integrates wireless connectivity, e-paper technology, and peripheral support

Waveshare Development Boards Feature RP2350 with 100 Mbps Ethernet or 1.14-Inch LCD

Waveshare has introduced a series of microcontroller development boards based on the RP2350 chipset designed by Raspberry Pi. These boards cater to diverse development needs, offering features such as GPIO expandability, 100 Mbps Ethernet, and compact LCD displays.

TANGO-7010 Series Featuring Intel 12th Gen i3 to i9 Cores and Triple 2.5GbE Ports

ICP Deutschland recently introduced the TANGO-7010 series, a compact mini PC powered by Intel 12th-generation Core processors. Designed for demanding applications, the series features efficient thermal management with a system fan and supports various storage interfaces.

news

Security Leftovers and Windows TCO

posted by Roy Schestowitz on Mar 13, 2024

Remote Code Execution in Ansible dynamic inventory plugins

I had reported this to Ansible a year ago (2023-02-23), but it seems this is considered expected behavior, so I am posting it here now.

[...]

Inventory plugins allow Ansible to pull inventory data from a variety of sources. The most common ones are probably the ones fetching instances from clouds like Amazon EC2 and Hetzner Cloud or the ones talking to tools like Foreman.

For Ansible to function, an inventory needs to tell Ansible how to connect to a host (so e.g. a network address) and which groups the host belongs to (if any). But it can also set any arbitrary variable for that host, which is often used to provide additional information about it. These can be tags in EC2, parameters in Foreman, and other arbitrary data someone thought would be good to attach to that object.

And this is where things are getting interesting. Somebody could add a comment to a host and that comment would be visible to you when you use the inventory with that host. And if that comment contains a Jinja expression, it might get executed. And if that Jinja expression is using the pipe lookup, it might get executed in your shell.

Let that sink in for a moment, and then we'll look at an example.
Windows TCO
- India Times ☛ white house unitedhealth ceo: White House meets with UnitedHealth CEO over hack
  
  The meeting was the first to bring together providers such as hospitals and payers such as health insurers, said a spokesperson from the Department of Health and Human Services (HHS), adding that daily individual meetings have been held with all involved parties since the hack.
- Security Week ☛ EquiLend Ransomware Attack Leads to Data Breach
  
  Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.
  
  On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.
- France24 ☛ French state services hit by cyberattacks of 'unprecedented intensity'
  
  A DDoS attack involves using a computer or network of computers to make a massive number of requests of a target system, overwhelming its ability to respond to legitimate users.
  
  According to US cybersecurity firm Cloudflare, Anonymous Sudan is one of many groups employing DDoS attacks and organisations can protect themselves against its methods.

Other Recent Tux Machines' Posts

Today in Techrights: Some of the latest articles
today's leftovers: Misc. picks
today's leftovers: GNU/Linux and FOSS picks
Programming and Development Tools: Programming leftovers mostly
Security Leftovers: only 3 for now
Linux Devices and Open Hardware Leftovers: misc. picks
EasyOS Development Updates: EasyOS's latest
KDE: Criticism, KUserFeedback (KUF), and Microsoft Outsources: two KDE picks
Applications: Makulu Tools, Hugin, amd Email Client: 4 picks regarding software
today's howtos: first big batch
10 Reasons To Choose Ubuntu Server Over the Competition: When you think of a server's operating system (OS), what comes to mind?
Mozilla Firefox 133 Is Now Available for Download, Here’s What’s New: Mozilla Firefox 133 open-source web browser is now available for download with the ability to show tabs from other devices in the Tab Overview menu and other changes.
Fwupd 2.0.2 Firmware Updater Adds Support for ASUS ROG Ally, Raspberry Pi Pico: Fwupd 2.0.2 Linux firmware update utiltiy is now available for download with support for checking AMD hardware configuration MSR and other changes.
Android Leftovers: Why the Pixel Tablet's cancellation makes sense in light of a possible Android and Chrome OS merge
today's leftovers: security and more
Canonical wants Ubuntu 20.04 LTS users to upgrade as End of Life approaches: Canonical has issued a warning to users of Ubuntu 20.04 LTS
Audiocasts/Shows: Linux Out Loud, GNU World Order, Open Source Security Podcast, This Week in Linux: 4 new episodes
Open Hardware/Modding/Retro: GNU-like Mobile Linux, Old Amigas, and More: gadgets and hacking
Guix/Hurd on a Thinkpad X60: A lot has happened with respect to the Hurd since our Childhurds and GNU/Hurd Substitutes post
Free and Open Source Software: Magpie is used by the Budgie Desktop as its window manager
Review: Linux Lite 7.2: Linux Lite 7.2 is an update from the 7.0 release in June, and it's based on Ubuntu 24.04.1 LTS and will receive five years of support
KDE: UX Insights (that we cannot get right now): After the criticism in the last post about the limitations of KUserFeedback (KUF) for doing data-driven UX work
9to5Linux Weekly Roundup: November 24th, 2024: The 215th installment of the 9to5Linux Weekly Roundup is here for the week ending on November 24th, 2024.
Today in Techrights: Some of the latest articles
TuxCare and Cloudimg Partner to Bring Patches to Dead Linux Cloud Images: TuxCare has partnered with UK-based Cloudimg, to bring its customers TuxCare Endless Lifecycle Support for keeping end-of-life Linux distributions supported
Android Leftovers: Here's what I'll miss about Chrome OS once it turns into Android
Just Starting in the Linux Terminal? Here Are Some Setup Tips: The Linux terminal is useful, but it sometimes gets a bad rap for being boring
Free and Open Source Software: This is free and open source software
today's leftovers: GNU/Linux and FOSS links
dpb (Distributed Ports Builder), Warp and Wireshark: Applications in focus
Games: Humble Bundle, Social Media Card Game, and Snake: With Linux twist
Programming Leftovers: coding related links
Open Hardware Leftovers: ESP32 and more
Audiocasts and Videos: Collection From Invidious and TLLTS: from the past week
today's howtos: many howots for today and some older ones
FreeBSD 14.2-RC1 Now Available: The first Release Candidate build of the 14.2-RELEASE release cycle is now available
Wine 9.22 Released with Display Mode Virtualization Support: Wine 9.22 is now available with Wayland driver enabled by default, DirectPlay network boosts, Unicode CLDR 46 updates, and display virtualization
10 Best Linux FTP Clients for Every User in 2024: Looking for reliable FTP clients on Linux
Moksha – modern iteration of the Enlightenment window manager: This is free and open source software
RELIANOID Load Balancer Community Edition v7.5 Release Notes: We are thrilled to announce the release of RELIANOID 7.5.0 (Community Edition)
AlmaLinux OS 9.5 Is Here as a Free Alternative to Red Hat Enterprise Linux 9.5: The AlmaLinux OS Foundation announced today the release and general availability of AlmaLinux OS 9.5 (codename Teal Serval), as the latest stable version of this free Red Hat Enterprise Linux (RHEL) fork.
GhostBSD 24.10.1 Is Now Available: We’re excited to announce the release of GhostBSD 24.10.1
KaOS 2024.11: More application are now ready to use Qt6 and Frameworks 6 including Freecad, Sqlitebrowser, Cantor, Kalzium, Webacmoid and Liquidshell
Fedora / IBM / Oracle Linux / IBM Leftovers: the Red Hat universe in blogs and news sites
Today in Techrights: Some of the latest articles

Tux Machines

Other Sites

LinuxGizmos.com

LILYGO to Launch ESP32-Based Gizmo with E-Paper Display, LoRa, and MagSafe Charging

Waveshare Development Boards Feature RP2350 with 100 Mbps Ethernet or 1.14-Inch LCD

TANGO-7010 Series Featuring Intel 12th Gen i3 to i9 Cores and Triple 2.5GbE Ports

news

Security Leftovers and Windows TCO

Remote Code Execution in Ansible dynamic inventory plugins

Windows TCO

India Times ☛ white house unitedhealth ceo: White House meets with UnitedHealth CEO over hack

Security Week ☛ EquiLend Ransomware Attack Leads to Data Breach

France24 ☛ French state services hit by cyberattacks of 'unprecedented intensity'

Other Recent Tux Machines' Posts