Security: Updates, Mirai and Singapore's Massive Breach

• Security updates for Friday

• Mirai botnet hackers [sic] avoid jail time by helping FBI

  The three men, Josiah White, 21, Dalton Norman, 22, and Paras Jha, 22, all from the US, managed to avoid the clink by providing "substantial assistance in other complex cybercrime investigations", according to the US Department of Justice. Who'd have thought young hacker [sic] types would roll over and show their bellies when faced with prison time....

• A healthcare IT foundation built on gooey clay

  Today, there was a report from the Solicitor General of Singapore about the data breach of the SingHealth systems that happened in July. These systems have been in place for many years. They are almost exclusively running Microsoft Windows along with a mix of other proprietary software including Citrix and Allscript. The article referred to above failed to highlight that the compromised “end-user workstation” was a Windows machine. That is the very crucial information that always gets left out in all of these reports of breaches. I have had the privilege of being part of an IT advisory committee for a local hospital since about 2004 (that committee has disbanded a couple of years ago, btw). [...] Part of the reason is because decision makers (then and now) only have experience in dealing with proprietary vendor solutions. Some of it might be the only ones available and the open source world has not created equivalent or better offerings. But where there are possibly good enough or even superior open source offerings, they would never be considered – “Rather go with the devil I know, than the devil I don’t know. After all, this is only a job. When I leave, it is someone else’s problem.” (Yeah, I am paraphrasing many conversations and not only from the healthcare sector). I recall a project that I was involved with – before being a Red Hatter – to create a solution to create a “computer on wheels” solution to help with blood collection. As part of that solution, there was a need to check the particulars of the patient who the nurse was taking samples from. That patient info was stored on some admission system that did not provide a means for remote, API-based query. The vendor of that system wanted tens of thousands of dollars to just allow the query to happen. Daylight robbery. I worked around it – did screen scrapping to extract the relevant information. Healthcare IT providers look at healthcare systems as a cashcow and want to milk it to the fullest extent possible (the end consumer bears the cost in the end). Add that to the dearth of technical IT skills supporting the healthcare providers, you quickly fall into that vendor lock-in scenario where the healthcare systems are at the total mercy of the proprietary vendors.

Recoll – A Full-Text GUI Search Tool for Linux Systems

We wrote on various search tools recently like in 9 Productivity Tools for Linux That Are Worth Your Attention and FSearch, and readers suggested awesome alternatives. Today, we bring you an app that can find text anywhere in your computer in grand style – Recoll. Recoll is an open-source GUI search utility app with an outstanding full-text search capability. You can use it to search for keywords and file names on Linux distros and Windows. It supports most of the document formats and plugins for text extraction.

today's howtos

• Distributed tracing in a microservices world

• Tracking and Controlling Microservice Dependencies

  In search of a cappuccino, cheese bread, and a place to check her email, Silvia walked into a coffee shop. Upon connecting to the Wi-Fi hotspot, a captive portal prompted her to log in and offered a few third-party authentication options. When she clicked on one of the access token providers, her browser showed a "No Internet Connection" error. Since she didn't have access to the network, she couldn't get an OAuth token—and she couldn't access the network without one. This short story illustrates a critical detail of system design that can easily go unnoticed until an outage takes place: cyclic dependencies. Dependency cycles will be familiar to you if you have ever locked your keys inside your house or car. You can't open the lock without the key, but you can't get the key without opening the lock. Some cycles are obvious, but more complex dependency cycles can be challenging to find before they lead to outages. Strategies for tracking and controlling dependencies are necessary for maintaining reliable systems.

• How to set up LDAP authentication for the Red Hat AMQ 7 management console

• How to Create a Swap File in Linux

• calcurse – free calendar and scheduling application for the command line

• What is Istio?

• How to install Paperwork on Ubuntu 18.04 Bionic Beaver

• How to Create an HTTP Proxy Using Squid on CentOS 7

• How to Install the Latest VLC Player in Ubuntu 18.04 LTS

• Install Lightning Calendar Addon in Icedove Mail Client

• loop files with SPACES on their names

• Linux pkill Command Tutorial for Beginners (5 Examples)

Linux Foundation for Sale

• Open Source Summit EU Registration Deadline, Sept. 22, Register Now to Save $150 [Ed: Microsoft is the "DIAMOND" sponsor of this event, the highest sponsorship level! Linux Foundation, or the Zemlin PAC, seems to be more about Microsoft than about Linux.]

• Building a Secure Ecosystem for Node.js [Ed: Earlier today the Zemlin PAC did this puff piece for Microsoft (a sponsor)]

• The Human Side of Digital Transformation: 7 Recommendations and 3 Pitfalls [Ed: New Zemlin PAC-sponsored and self-serving puff piece]

  Not so long ago, business leaders repeatedly asked: “What exactly is digital transformation and what will it do for my business?” Today we’re more likely to hear, “How do we chart a course?” Our answer: the path to digital involves more than selecting a cloud application platform. Instead, digital, at its heart, is a human journey. It’s about cultivating a mindset, processes, organization and culture that encourages constant innovation to meet ever-changing customer expectations and business goals. In this two-part blog series we’ll share seven guidelines for getting digital right. Read on for the first three.