ir

possible false positive for 'INDICATOR-SHELLCODE x86 setgid 0' can someone confirm

Posted by John via Snort-sigs on Oct 29

When I attempt to download the following xz file, my IPS blocks it with the below populating the snort log. I suspect
this is a false positive unless there is some code in the xz file that is truly malicious. Can someone with more
knowledge about the rule please comment?

Link to file that triggers the match:
http://fl.us.mirror.archlinuxarm.org/armv7h/extra/qt5-base-5.15.15%2Bkde%2Br136-1-armv7h.pkg.tar.xz

Entry from snort log:...




ir

New Study Shows Homeowner ‘Repair Or Replace?’ Tipping Point

People are still pinching pennies and choosing repairs, but there are ways for contractors to sell new equipment, even when it’s more expensive.




ir

A2L Refrigerant Storage Requirements

In the seventh installment of this series, we ask if there are any special storage requirements for A2L refrigerants.




ir

Preparing for the Annual HFC Audit Requirement

Annual HFC inventory reports are required to be audited by a CPA to ensure compliance, and regulated entities should understand what to anticipate for the 2024 compliance period. 




ir

When Consumers Opt to Repair v. Replace

Homeowners likely won’t choose to replace unless it’s cheaper than the repair.




ir

Q&A: Does Building Automation Make a Difference in Air Quality?

Today’s commercial structures are full of sophisticated controls that have been changing building automation systems exponentially.




ir

Digital Twinning Makes Mark on Commercial Built Environment

There is a new term making its way into the commercial controls arena: digital twin.




ir

Johnson Controls Acquires Tempered Networks

Johnson Controls acquired zero trust cybersecurity provider, Tempered Networks, based in Seattle, Washington.




ir

Scott Cochrane Named to the CABA Board of Directors

Cochrane Supply & Engineering offers products for commercial and industrial building comfort, safety, and security as well as world-class technical support, development and training.




ir

M.C. Dean Acquires International Energy Conservation Systems

IEC Systems is a provider of turnkey proprietary and nonproprietary building automation systems (BASs) and a Distech Controls authorized system integrator.




ir

BAS and Environmental, Social, and Governance Principles

Since more companies are putting a focus on ESG principles, the HVAC industry is positioned to turn those goals, into a reality.




ir

For 55 Years, ZoneFirst Has Provided the HVAC Industry With ‘Energy Saving Comfort’

Dick Foster has been preaching the positives of zoning for years. As the owner of ZoneFirst, he has dedicated his life and career to this technology, and it has been a bit of an uphill battle.




ir

ZoneFirst Keeps Spreading the News

Contractors need to equip themselves to be ambassadors when it comes to zoning.




ir

ZoneFirst Introduces Thermostat-Light Switch Combo

For years, ZoneFirst President Dick Foster has used the light-switches-in-the-home comparison while promoting the benefits of zoning. At their AHR Expo booth, they introduced a product that brought new meaning to that comparison.




ir

Zonefirst, Zonex Join Forces in Acquisition

“The acquisition of California Economizer and its Zonex Systems brings together the two oldest manufacturers of zoning dampers and zone-control systems,” said Dick Foster, the president of Zonefirst and its parent company, Trolex Corp.




ir

Nmap 26th Birthday Announcement: Version 7.94

Posted by Gordon Fyodor Lyon on Sep 01

Dear Nmap community,

Today is Nmap’s 26th birthday, which reminded me that I hadn’t yet
announced our Nmap 7.94 release from May. And it’s a great one! The biggest
improvement was the Zenmap and Ndiff upgrades from the obsolete Python 2
language to Python 3 on all platforms. Big thanks to Daniel Miller, Jakub
Kulík, Brian Quigley, Sam James, Eli Schwartz, Romain Leonard, Varunram
Ganesh, Pavel Zhukov, Carey Balboa, and Hasan Aliyev for...




ir

Air-to-Water Heat Pump Innovations Driving Efficiency, Safety, and Performance in Residential Heating and Cooling

To meet the ambitious environmental goals being proposed at all levels of government, residential air-to-water heat pumps are emerging as a transformative solution to lower carbon emissions, enhance energy efficiency, and reduce utility bills.




ir

The Time is Now for HVAC Contractors to Install and Repair All-Electric Heat Pumps

All-electric options have come a long way since their inception, and there’s never been a better time to get on board.




ir

HVAC Industry Fired Up Over Fossil Fuels

HVAC industry representatives are pushing back on a bid by more than two dozen public interest groups for an eventual ban on new fossil-fuel-burning heating appliances.




ir

Hydronic Furnaces are Changing the Forced Air Heating Game

Using water to transfer heat energy into the home can minimize or even eliminate the issues of dry air and loud operation.




ir

First blog

Our new blog has been launched today. Stay focused on it and we will try to keep you informed. You can read new posts on this blog via the RSS feed.




ir

Developing Clairvoyance

Posted by Dave Aitel via Dailydave on Sep 30

As you know, humans like to invent comfort words. One of my favorites is
"luck". The theory being that yes, the universe has dice, but they are
loaded in your favor. Properly used, these words are a spell - they allow
us to have courage when a sober mind would quail. But when you become a
professional, you have to give up these crutches. Only poor poker players
believe in "luck".

In computer science, and especially in machine...




ir

Grace Hopper and the Rebirth of US Conferences

Posted by Dave Aitel via Dailydave on Oct 10

I spent some time watching all the Grace Hopper videos on the youtubes, as
I prepared for what up North is a horrible storm, but here in Miami is, so
far, a breezy and clear day. You can hear her talk about how subroutines
used to be literal handwritten pages of instructions in notebooks. When you
wanted SIN or COS you would go over to whoever had the notebook with the
working version, and copy it out into your code.

It was this experience that...




ir

Episode 79: Small Memory Software with Weir and Noble

In this Episode we're discussing patterns for small memory software with the authors of the like-named book Charles Weir and James Noble. We look at various aspects of the small memory problem: How can you manage memory use across a whole system? What can you do when you have run out of primary storage? How can you fit a quart of data into a pint pot of memory? How can you reduce the memory needed for your data? How do you allocate memory to store your data structures? Answers to all those questions are provided in this Episode, and of course in their book.




ir

Episode 93: Lessons Learned From Architecture Reviews with Rebecca Wirfs-Brock

In this episode, Markus talks to Rebecca Wirfs-Brock on what she has learned from architecture reviews. This is a very complement to the earlier episode on architecture evaluation.




ir

Episode 94: Open Source Business Models with Dirk Riehle

In this episode we're talking to Dirk Riehle about open source business models. We started looking at the way OS projects work and defined different kinds of open source projects. In the main part of the discussion we looked at various ways of how to make money with open source: consulting, support contracts, commercial variant of an open source project, etc. We then looked at the chances and risks of each of these approaches. The next part focused on different open source licenses and how they are suitable for open source business. We concluded the episode by discussing a couple of specific questions and loose ends. After the show, Dirk informed me about the following three corrections: Black Duck Software's main product is called protexIP not IP Central, there are presently 70 licenses approved by the Open Source Initiative, and EnterpriseDB has so far acquired $37M in venture capital




ir

Episode 114: Christof Ebert on Requirements Engineering

In this episode we talk to Christof Ebert about requirements engineering. As the name "engineering" suggests, we need to be systematic when working and managing requirements. Christof will structure RE into several activities, namely elicitation (identifying the relevant requirements), specification (clearly describing requirements), analysis (synthesizing a solution), verification and validation (achieving good requirements quality), comittment (allocating requirements to a project, product release or iteration), and management (keeping track of the implementation status of requirements). In this episode we discuss these activities and highlight lots of practical guidance.




ir

Episode 144: The Maxine Research Virtual Machine with Doug Simon

In this episode we talk with Doug Simon from Sun Microsystems Laboratories about the Maxine Research VM, a so-called meta-circular virtual machine. Maxine is a JVM that is written itself in Java, but aims at taking JVM development to the next level while using highly integrated Java IDEs as development environments and running and debugging the VM itself directly from the Inspector, an IDE-like tool specialized for the Maxine VM. During the episode we talk about the basic ideas behind Maxine, what exactly "meta-circular" means and what makes it interesting and promising to build a Java VM in Java. We talk about the relationship to Sun's current production JVM (HotSpot) and about ideas and directions for the future of Maxine.




ir

Episode 188: Requirements in Agile Projects

Recording Venue: Paddington, London Guests: Suzanne Robertson and James Robertson, Atlantic Systems Guild Neil Maiden, Editor of the Requirements column in IEEE Software, talks with Suzanne and James Robertson of the Atlantic Systems Guild about the emergence and impact of agile practices on requirements work. The interview begins with an exploration of how agile practices have […]




ir

Episode 204: Anil Madhavapeddy on the Mirage Cloud Operating System and the OCaml Language

Robert talks to Dr. Anil Madhavapeddy of the Cambridge University (UK) Systems research group about the OCaml language and the Mirage cloud operating system, a microkernel written entirely in OCaml. The outline includes: history of the evolution from dedicated servers running a monolithic operating system to virutalized servers based on the Xen hypervisor to micro-kernels; […]




ir

Episode 208: Randy Shoup on Hiring in the Software Industry

With this episode, Software Engineering Radio begins a series of interviews on social/nontechnical aspects of working as a software engineer as Tobias Kaatz talks to Randy Shoup, former CTO at KIXEYE, about hiring in the software industry. Prior to KIXEYE, Randy worked as director of engineering at Google for the Google App Engine and as […]




ir

Episode 229: Flavio Junqueira on Distributed Coordination with Apache ZooKeeper

 




ir

SE-Radio Episode 299: Edson Tirelli on Rules Engines

Robert Blumen talks to Edson Tirelli about business rules, rules engines, and the JBoss Drools engine.




ir

SE-Radio Episode 310: Kirk Pepperdine on Performance Optimization

Kirk Pepperdine talks with Diomidis Spinellis about performance optimization. Topics include development practices, tools, as well as the role of software architecture, programming languages, algorithms, and hardware advances.




ir

SE-Radio Episode 313: Conor Delanbanque on Hiring and Retaining DevOps

Kishore Bhatia talks with Conor Delanbanque about DevOps Hiring, building and retaining top talent in the DevOps space. Topics include DevOps as a special Engineering skill, building DevOps mindset and culture, challenges in hiring and retaining top talent and building teams and best practices for DevOps engineers and employers hiring for these skills.




ir

SE-Radio Episode 327: Glynn Bird on Developer Productivity with Open Source

Nate Black interviews Glynn Bird on using open source to develop your career or get a job, and how maximize productivity and learning. We discuss how to get your pull request accepted, how to make your own project successful, and how to survive updates.




ir

SE-Radio 336: Sasa Juric on Elixir

Saša Jurić, author of Elixir in Action, explains the Elixir programming language and how it unlocks the benefits of the Erlang ecosystem, revealing the “sweet spot” for Elixir programs: highly scalability and fault tolerant systems with a simple arc




ir

Episode 379: Claire Le Goues on Automated Program Repair

Felienne interviews Claire Le Goues about automatic program repair. Can programs repair themselves and what techniques are involved in that?




ir

Episode 456: Tomer Shiran on Data Lakes

Tomer Shiran, co-founder of Dremio, talks about managing data inside a data lake, historical changes and motivations for managing data as a data lake, and the common tools and methods for ingestion, storage, and analytics on top of the underlying data.




ir

Episode 464: Rowland Savage on Getting Acquired

Rowland Savage, author of How to Stick the Landing: The M&A Handbook for Startups, discusses how company acquisitions work, the three types, and why it is so important for software engineering startups to know the details to make an acquisition happen.




ir

Episode 472: Liran Haimovitch on Handling Customer Issues

Liram Haimovitch talks about how a business handles customer issues with a software product. How issues start out with a dedicated customer-facing team and when they may be escalated to engineering.




ir

Episode 506: Rob Hirschfeld on Bare Metal Infrastructure

Rob Hirschfeld CEO of RackN discusses Bare Metal as a Service. Host Brijesh Ammanath spoke with Hirschfeld about all things bare metal. Hirschfeld starts with the basics before doing a deep dive into bare metal configuring, provisioning, common failures..




ir

Episode 510: Deepthi Sigireddi on How Vitess Scales MySQL

In this episode, Deepthi Sigireddi of the Cloud Native Computing Foundation (CNCF) spoke with SE Radio host Nikhil Krishna about how Vitess scales MySQL. They discuss the design and architecture of the product; how Vitess impacts modern data problems;...




ir

Episode 537: Adam Warski on Scala and Tapir

Adam Warski, the co-founder and CTO of SoftwareMill, discusses Scala programming and the Tapir library. Scala is a general-purpose JVM language, and Tapir is a back-end library used to describe HTTP API endpoints as immutable Scala values. Host Philip Winston speaks with Warski about the implications of Scala being a JVM language, the Scala type system, the Scala community's view of functional vs. object-oriented programming, and the transition of the ecosystem from Scala 2 to Scala 3. The Tapir discussion explores why Tapir is a library and not a framework, how server interpreters work in Tapir, how interceptors work, and what observability features are included with Tapir.




ir

Episode 551: Vidal Graupera on Manager 1-1 with Direct Reports

Vidal Graupera, an Engineering Manager at LinkedIn, speaks with SE Radio’s Brijesh Ammanath about the importance of managers' one-on-one meetings with direct reports. They start by considering how a 1:1 meeting differs from other meetings...




ir

SE Radio 575: Nir Valtman on Pipelineless Security

Nir Valtman, co-Founder and CEO at Arnica, discusses pipelineless security with SE Radio host Priyanka Raghavan. They start by defining pipelines and then consider how to add security. Nir lays out the key challenges in getting good code coverage with the pipeline-based approach, and then describes how to implement a pipelineless approach and the advantages it offers. Priyanka quizzes him on the concept of "zero new hardcoded secrets," as well as some ways to protect GitHub repositories, and Nir shares examples of how a pipelineless approach could help in these scenarios. They then discuss false positives and handling developer fatigue in dealing with alerts. The show ends with some discussion around the product that Arnica offers and how it implements the pipelineless methodology.




ir

SE Radio 584: Charles Weir on Ruthless Security for Busy Developers

Charles Weir—developer, security researcher, and Research Fellow at Security Lancaster—joins host Giovanni Asproni to discuss an approach that development teams can use to create secure systems without wasting effort on unnecessary security work. The episode starts with a broad description of the approach, which is based on Weir's research and on a free Developer Security Essentials workshop he created. Charles presents some examples from real-world projects, his view on AI's impact on security, and information about the workshop and where to find the materials. During the conversation, they consider several related topics including the concept of "good enough" security; security as a product decision; risk assessment, classification, and prioritization; and how to approach security in startups, greenfield, and legacy systems.




ir

SE Radio 586: Nikhil Shetty on Virtual Private Cloud

Nikhil Shetty, an expert in networking and distributed systems, speaks with SE radio's Kanchan Shringi about virtual private cloud (VPC) and related technologies. They explore how VPC relates to public cloud, private cloud, and virtual private networks (VPNs). The discussion delves into why VPC is fundamental to building on the cloud, as well as configuring a VPC, subnets, and the address space that can be assigned to the VPC. During this episode they look into route tables, network address translation, as well as security groups, network access control lists, and DNS. Finally, Nikhil helps compare VPC offerings from Amazon Web Services (AWS) and Oracle Cloud Infrastructure (OCI).




ir

SE Radio 588: José Valim on Elixir, Machine Learning, and Livebook

José Valim, creator of the Elixir programming language, Chief Adoption Officer at Dashbit, and author of three programming books, speaks with SE Radio host Gavin Henry about what Elixir is today, what Livebook is, the five spearheads of the new machine learning ecosystem for Elixir, and how they all fit together. Valim describes why he created Elixir, what “the beam” is, and how he pitches it to new users. This episode examines things you can do with Livebook and how it is well-aligned with machine learning, as well as why immutability is important and how it works. They take a detailed look at a range of topics, including tensors with Nx, traditional machine learning with Scholar, data munging with Explorer, deep learning and neural networks with Axon, Bumblebee and Huggingface, and model creation basics. Brought to you by IEEE Computer Society and IEEE Software magazine.




ir

SE Radio 594: Sean Moriarity on Deep Learning with Elixir and Axon

Sean Moriarity, creator of the Axon deep learning framework, co-creator of the Nx library, and author of Machine Learning in Elixir and Genetic Algorithms in Elixir, published by the Pragmatic Bookshelf, speaks with SE Radio host Gavin Henry about what deep learning (neural networks) means today. Using a practical example with deep learning for fraud detection, they explore what Axon is and why it was created. Moriarity describes why the Beam is ideal for machine learning, and why he dislikes the term “neural network.” They discuss the need for deep learning, its history, how it offers a good fit for many of today’s complex problems, where it shines and when not to use it. Moriarity goes into depth on a range of topics, including how to get datasets in shape, supervised and unsupervised learning, feed-forward neural networks, Nx.serving, decision trees, gradient descent, linear regression, logistic regression, support vector machines, and random forests. The episode considers what a model looks like, what training is, labeling, classification, regression tasks, hardware resources needed, EXGBoost, Jax, PyIgnite, and Explorer. Finally, they look at what’s involved in the ongoing lifecycle or operational side of Axon once a workflow is put into production, so you can safely back it all up and feed in new data. Brought to you by IEEE Computer Society and IEEE Software magazine. This episode sponsored by Miro.