Language Selection

English French German Italian Portuguese Spanish

Linux.com

Syndicate content
News For Open Source Professionals
Updated: 2 hours 32 min ago

Linux Foundation Announces Free sigstore Signing Service to Confirm Origin and Authenticity of Software

Wednesday 10th of March 2021 01:00:40 AM

Red Hat, Google and Purdue University lead efforts to ensure software maintainers, distributors and consumers have full confidence in their code, artifacts and tooling

SAN FRANCISCO, Calif., March 9, 2021 –  The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the sigstore project. sigstore improves the security of the software supply chain by enabling the easy adoption of cryptographic software signing backed by transparency log technologies.

sigstore will empower software developers to securely sign software artifacts such as release files, container images and binaries. Signing materials are then stored in a tamper-proof public log. The service will be free to use for all developers and software providers, with the sigstore code and operation tooling developed by the sigstore community. Founding members include Red Hat, Google and Purdue University.

“sigstore enables all open source communities to sign their software and combines provenance, integrity and discoverability to create a transparent and auditable software supply chain,” said Luke Hinds, Security Engineering Lead, Red Hat office of the CTO. “By hosting this collaboration at the Linux Foundation, we can accelerate our work in sigstore and support the ongoing adoption and impact of open source software and development.”

Understanding and confirming the origin and authenticity of software relies on an often disparate set of approaches and data formats. The solutions that do exist, often rely on digests that are stored on insecure systems that are susceptible to tampering and can lead to various attacks such as swapping out of digests or users falling prey to targeted attacks.

“Securing a software deployment ought to start with making sure we’re running the software we think we are. Sigstore represents a great opportunity to bring more confidence and transparency to the open source software supply chain,” said Josh Aas, executive director, ISRG | Let’s Encrypt.

Very few open source projects cryptographically sign software release artifacts. This is largely due to the challenges software maintainers face on key management, key compromise / revocation and the distribution of public keys and artifact digests. In turn, users are left to seek out which keys to trust and learn steps needed to validate signing. Further problems exist in how digests and public keys are distributed, often stored on websites susceptible to hacks or a README file situated on a public git repository. sigstore seeks to solve these issues by utilization of short lived ephemeral keys with a trust root leveraged from an open and auditable public transparency logs.

“I am very excited about the prospects of a system like sigstore. The software ecosystem is in dire need of something like it to report the state of the supply chain. I envision that, with sigstore answering all the questions about software sources and ownership, we can start asking the questions regarding software destinations, consumers, compliance (legal and otherwise), to identify criminal networks and secure critical software infrastructure. This will set a new tone in the software supply chain security conversation,” said Santiago Torres-Arias, Assistant Professor of Electrical and Computer Engineering, University of Purdue / in-toto project founder.

“sigstore is poised to advance the state of the art in open source development,” said Mike Dolan, senior vice president and general manager of Projects at the Linux Foundation. “We are happy to host and contribute to work that enables software maintainers and consumers alike to more easily manage their open source software and security.”

“sigstore aims to make all releases of open source software verifiable, and easy for users to actually verify them. I’m hoping we can make this easy as exiting vim,” Dan Lorenc, Google Open Source Security Team. “Watching this take shape in the open has been fun. It’s great to see sigstore in a stable home.”

For more information and to contribute, please visit: https://sigstore.dev

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer

for Linux Foundation

503-867-2304

jennifer@storychangesculture.com

The post Linux Foundation Announces Free sigstore Signing Service to Confirm Origin and Authenticity of Software appeared first on Linux Foundation.

The post Linux Foundation Announces Free sigstore Signing Service to Confirm Origin and Authenticity of Software appeared first on Linux.com.

Overview of the Kubernetes Security Essentials Training Course

Monday 8th of March 2021 11:00:11 PM

We recently launched the LFS260 – Kubernetes Security Essentials eLearning course in partnership with the Cloud Native Computing Foundation (CNCF), the home of Kubernetes. This course provides the skills and knowledge on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime. It also gets you ready to sit for the Certified Kubernetes Security Specialist (CKS) exam.

In this new video, Linux Foundation Training & Certification instructor Tim Serewicz, who created the eLearning course and was instrumental in creating the CKS exam, provides an overview of what you can expect during this training, with topics including:

  • Cloud security overview
  • Preparing to install
  • Installing the cluster
  • Securing the kube-apiserver
  • Networking
  • Workload considerations
  • Issue detection
  • And more…

Watch Tim’s video to learn more about this exciting course and how it can help you improve the security of your cloud native applications!

The post Overview of the Kubernetes Security Essentials Training Course appeared first on Linux Foundation – Training.

The post Overview of the Kubernetes Security Essentials Training Course appeared first on Linux.com.

An Introduction to WebAssembly

Thursday 4th of March 2021 11:00:14 PM

By Marco Fioretti

What on Earth is WebAssembly?

WebAssembly, also called Wasm, is a Web-optimized code format and API (Application Programming Interface) that can greatly improve the performances and capabilities of websites. Version 1.0 of WebAssembly, was released in 2017, and became an official W3C standard in 2019.

The standard is actively supported by all major browser suppliers, for obvious reasons: the official list of “inside the browser” use cases mentions, among other things, video editing, 3D games, virtual and augmented reality, p2p services, and scientific simulations. Besides making browsers much more powerful than JavaScript could, this standard may even extend the lifespan of websites: for example, it is WebAssembly that powers the continued support of Flash animations and games at the Internet Archive.

WebAssembly isn’t just for browsers though; it is currently being used in mobile and edge based environments with such products as Cloudflare Workers.

How WebAssembly works

Files in .wasm format contain low level binary instructions (bytecode), executable at “near CPU-native speed” by a virtual machine that uses a common stack. The code is packaged in modules – that is objects that are directly executable by a browser – and each module can be instantiated multiple times by a web page. The functions defined inside modules are listed in one dedicated array, or Table, and the corresponding data are contained in another structure, called arraybuffer. Developers can explicitly allocate memory for .wasm code with the Javascript WebAssembly.memory() call.

A pure text version of the .wasm format – that can greatly simplify learning and debugging – is also available. WebAssembly, however, is not really intended for direct human use. Technically speaking, .wasm is just a browser-compatible compilation target: a format in which software compilers can automatically translate code written in high-level programming languages.

This choice is exactly what allows developers to program directly for the preferred user interface of billions of people, in languages they already know (C/C++, Python, Go, Rust and others) but could not be efficiently used by browsers before. Even better, programmers would get this – at least in theory – without ever looking directly at WebAssembly code or worrying (since the target is a virtual machine) about which physical CPUs will actually run their code.

But we already have JavaScript. Do we really need WebAssembly?

Yes, for several reasons. To begin with, being binary instructions, .wasm files can be much smaller – that is much faster to download – than JavaScript files of equivalent functionality. Above all, Javascript files must be fully parsed and verified before a browser can convert them to bytecode usable by its internal virtual machine.

.wasm files, instead, can be verified and compiled in a single pass, thus making “Streaming Compilation” possible: a browser can start to compile and execute them the moment it starts downloading them, just like happens with streaming movies.

This said, not all conceivable WebAssembly applications would surely be faster – or smaller – than equivalent JavaScript ones that are manually optimized by expert programmers. This may happen, for example, if some .wasm needed to include libraries that are not needed with JavaScript.

Does WebAssembly make JavaScript obsolete?

In a word: no. Certainly not for a while, at least inside browsers. WebAssembly modules still need JavaScript because by design they cannot access the Document Object Model (DOM), that is the main API made to modify web pages. Besides, .wasm code cannot make system calls or read the browser’s memory. WebAssembly only runs in a sandbox and, in general, can interact with the outside world even less than JavaScript can, and only through JavaScript interfaces.

Therefore – at least in the near future – .wasm modules will just provide, through JavaScript, the parts that would consume much more bandwidth, memory or CPU time if they were written in that language.

How web browsers run WebAssembly

In general, a browser needs at least two pieces to handle dynamic applications: a virtual machine (VM) that runs the app code and standard APIs that that code can use to modify both the behaviour of the browser, and the content of the web page that it displays.

The VMs inside modern browsers support both JavaScript and WebAssembly in the following way:

  1. The browser downloads a web page written in the HTML markup language, and renders it
  2. if that HTML calls JavaScript code, the browser’s VM executes it. But…
  3. if that JavaScript code contains an instance of a WebAssembly module, that one is fetched as explained above, and then used as needed by JavaScript, via the WebAssembly APIs
  4. and when the WebAssembly code produces something that would alter the DOM – that is the structure of the “host” web page – the JavaScript code receives it and proceeds to the actual alteration.
How can I create usable WebAssembly code?

There are more and more programming language communities that are supporting compiling to Wasm directly, we recommend looking at the introductory guides from webassembly.org as a starting point depending what language you work with. Note that not all programming languages have the same level of Wasm support, so your mileage may vary. 

We plan to release a series of articles in the coming months providing more information about WebAssembly. To get started using it yourself, you can enroll in The Linux Foundation’s free Introduction to WebAssembly online training course.

The post An Introduction to WebAssembly appeared first on Linux Foundation – Training.

The post An Introduction to WebAssembly appeared first on Linux.com.

The Linux Foundation Continues to Expand Japanese Language Training & Certification

Thursday 4th of March 2021 09:00:00 AM

Japan is one of the world’s biggest markets for open source software, which means there is a constant need for upskilling of existing talent and to bring new individuals into the community to meet hiring demand. The Linux Foundation is committed to expanding access to quality open source training and certification opportunities, which is why we have developed a number of Japanese language offerings. 

The newest is LFS272-JP Hyperledger Fabric Administration, which became available this week. Hyperledger Fabric – a distributed ledger (blockchain) technology – is intended as a foundation for developing applications or solutions with a modular architecture. Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Its modular and versatile design satisfies a broad range of industry use cases, and it offers a unique approach to consensus that enables performance at scale while preserving privacy. 

LFS272-JP provides a deep understanding of the Hyperledger Fabric network and how to administer and interact with chaincode, manage peers, and operate basic CA-level functions. Upon completion, participants will have a good understanding of the Hyperledger Fabric network topology, chaincode operations, administration of identities, permissions, how and where to configure component logging, and much more. The course also serves as preparation for the Certified Hyperledger Fabric Administrator (CHFA-JP) exam, which can be taken with a Japanese proctor (the exam itself is conducted in English).

While Hyperledger Fabric Administration is the newest Japanese course offered by Linux Foundation Training & Certification, it is far from alone. Our catalog of Japanese-language offerings includes:

System Administration/Engineering

Cloud & Containers

Blockchain

We also partnered with LPI-Japan recently to make certifications even more accessible in Japan, creating new stacked certifications leveraging LPI-Japan’s LinuC 1 and LinuC 2 with The Linux Foundation’s CKA and CKAD.

Linux Foundation Executive Director Jim Zemlin commented, “Japan is one of the top contributors to the open source community globally, in terms of code as well as financial support and end user adoption. We know how important it is to support the open source community in Japan, which is why The Linux Foundation is proud to offer Japanese language training and certification options for that community. Our team looks forward to continuing to expand these learning opportunities in the future.”

The post The Linux Foundation Continues to Expand Japanese Language Training & Certification appeared first on Linux Foundation – Training.

The post The Linux Foundation Continues to Expand Japanese Language Training & Certification appeared first on Linux.com.

New Mobile Native Foundation to Foster Development Collaboration

Wednesday 3rd of March 2021 12:00:00 AM

Linux Foundation hosts effort to improve processes and technologies for large-scale mobile Android and iOS applications; Lyft makes initial contributions

SAN FRANCISCO, Calif., March 2, 2021 – The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the Mobile Native Foundation (MNF). The MNF will bring developers together to improve processes and technologies that support large-scale Android and iOS applications. Organizations contributing to this effort include Airbnb, Capital One, Corellium, Elotl, Flare.build, GitHub, GogoApps, Haystack, Line, LinkedIn, Lyft, Microsoft, Peloton, Robinhood, Sauce Labs, Screenplay.dev, Slack, Solid Software, Spotify, Square and Uber.

“Like many of our industry peers, Lyft discovered that platform vendors did not solve all of the problems we faced as our mobile team grew from a dozen engineers to hundreds of active contributors,” said Keith Smiley, Staff Engineer, Lyft. “The Mobile Native Foundation will foster a diverse community that encourages collaboration and builds libraries and tools to move the industry forward.”

The MNF is a forum for collaboration on open source software, standards and best practices that can result in common UI frameworks, architectural patterns, build systems and networking stacks that can accelerate time to market and reduce duplicative work across companies.

“The mobile developer community is innovating and we know that open source and collaboration can ensure that continues,” said Mike Dolan, executive vice president and GM of Projects at the Linux Foundation. “The MNF will accelerate and smooth mobile app development and brings new contributions to the Linux Foundation ecosystem.”

Lyft is making early project contributions to the MNF that includes Kronos, index-import and set-simulator-location. Matthew Edwards is also contributing Flank.

For more information and to begin contributing, please visit: https://mobilenativefoundation.org

Partner Statements

Elotl

“We are excited to pioneer the state of art Kubernetes stack to build, test, and run modern mobile applications at cloud scale. We appreciate the opportunity to collaborate with industry leaders on this vision! “said Madhuri Yechuri, Founder & CEO, Elotl.

Flare.build

“We look forward to collaborating with the community on many projects related to our core vision of decreasing friction and boosting productivity for teams creating applications at scale,” said Zach Gray, co-founder and CEO, Flare.build.

LinkedIn

“The Mobile Native Foundation will advance the state-of-the-art in mobile development by bringing together open source developers and leading tech companies in a place where we can collaborate and enable anyone to build and operate large scale mobile applications. We are excited to be part of the launch and look forward to what we can accomplish together,” said Oscar Bonilla, Engineer, LinkedIn.

Microsoft

“We see this as a great opportunity to more inclusively collaborate on challenges we face across the industry and we can’t wait to see the improvements to mobile development we can make when we all work together,” said Mike Borysenko, distinguished engineer, Microsoft.

Robinhood

“Robinhood’s award-winning mobile apps wouldn’t be possible without the open source tools we rely on and contribute back to. We look forward to working together with the open source community as we continue to scale and address shared technical challenges,” said Lee Byron, Engineering Manager, Robinhood.

Screenplay.dev

“We could not be more humbled or more excited to have the opportunity to work with industry leaders to push the state of mobile development forward,” said Tomas Reimers, Co-founder, Screenplay.

Slack

Slack’s mobile engineering has benefited tremendously from the open source community. We’re excited to see the energy and experience behind MNF and look forward to participating in shaping the future of mobile development at scale,” said Valera Zakharov, Tech Lead of the Mobile Developer Experience Team.

Spotify

“We are excited to join forces with the community in the mission of solving issues and providing better technologies to ship mobile apps at scale,” said Patrick Balestra, iOS Infrastructure Engineer, Spotify.

Uber

“Uber mobile apps have scaled with the help of a thriving open source community and we are now proud to collaborate with other organizations on the Mobile Native Foundation to further give back,” said Ty Smith, Android Tech Lead, Uber.

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more.  The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

###

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our trademark usage page:  https://www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

Media Contact

Jennifer Cloer
for the Linux Foundation
503-867-2304
jennifer@storychangesculture.com

The post New Mobile Native Foundation to Foster Development Collaboration appeared first on Linux Foundation.

The post New Mobile Native Foundation to Foster Development Collaboration appeared first on Linux.com.

Learn About the RISC-V ISA with Two Free Training Courses from The Linux Foundation and RISC-V International

Tuesday 2nd of March 2021 10:00:04 PM

The online courses are offered on edX.org and will make RISC-V training more accessible

SAN FRANCISCO – EMBEDDED WORLD – March 2, 2021The Linux Foundation, the non-profit organization enabling mass innovation through open source, and RISC-V International, a non-profit corporation controlled by its members to drive the adoption and implementation of the free and open RISC-V instruction set architecture (ISA), have announced the release of two new free online training courses to help individuals get started with the RISC-V ISA. The courses are available on edX.org, the online learning platform founded by Harvard and MIT. 

“RISC-V International is committed to providing opportunities for people to gain a deeper understanding of the RISC-V ISA and expand their skills,” shared Calista Redmond, CEO, RISC-V International. “These courses will allow everyone to build deeper technical insight, learn more about the benefits of open collaboration, and engage with RISC-V for design freedom.”

With the recent market momentum of RISC-V cores, systems-on-chips (SoCs), developer boards, and software and tools across computing from embedded to enterprise, there is a strong community need to empower individuals who understand how to implement and utilize  RISC-V. In order to help meet that demand, The Linux Foundation and RISC-V International designed these free online courses to significantly reduce the barrier to entry for those interested in gaining RISC-V skills.

The first course, Introduction to RISC-V (LFD110x), guides participants through the various aspects of understanding the RISC-V ecosystem, RISC-V International, the RISC-V specifications, how to curate and develop RISC-V specifications, and the technical aspects of working with RISC-V both as a developer and end-user. The course provides the foundational knowledge needed to effectively engage in the RISC-V community, contribute to the ISA specifications, and develop a wide range of RISC-V software and hardware projects. Introduction to RISC-V was developed by Jeffrey “Jefro” Osier-Mixon, program manager for RISC-V International, and Stephano Cetola, technical program manager for RISC-V International. 

The second course, Building a RISC-V CPU Core (LFD111x), focuses on digital logic design and basic central processing unit (CPU) microarchitecture. Using the Makerchip online integrated development environment (IDE), participants will implement technologies ranging from logic gates to a simple and complete RISC-V CPU core. The class will allow participants to familiarize themselves with a variety of emerging technologies supporting an open source hardware ecosystem, including RISC-V, transaction-level verilog, and the online Makerchip IDE. Building a RISC-V CPU Core was developed by Steve Hoover, founder of Redwood EDA.

Enrollment is now open for Introduction to RISC-V and Building a RISC-V CPU Core. Auditing each course through edX is free for seven weeks, or you can opt for a paid verified certificate of completion, which provides access to the course for a full year and additional assessments and content to deepen their learning experience. 

About  RISC-V International

RISC-V is a free and open ISA enabling a new era of processor innovation through open collaboration. Founded in 2015, RISC-V International is composed of more than 1,200 members building the first open, collaborative community of software and hardware innovators powering a new era of processor innovation. The RISC-V ISA delivers a new level of free, extensible software and hardware freedom on architecture, paving the way for the next 50 years of computing design and innovation.

RISC-V International, a non-profit organization controlled by its members, directs the future development and drives the adoption of the RISC-V ISA. Members of RISC-V International have access to and participate in the development of the RISC-V ISA specifications and related HW / SW ecosystem. 

About the Linux Foundation

Founded in 2000, the Linux Foundation is supported by more than 1,000 members and is the world’s leading home for collaboration on open source software, open standards, open data, and open hardware. Linux Foundation’s projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.

# # #

The post Learn About the RISC-V ISA with Two Free Training Courses from The Linux Foundation and RISC-V International appeared first on Linux Foundation – Training.

The post Learn About the RISC-V ISA with Two Free Training Courses from The Linux Foundation and RISC-V International appeared first on Linux.com.

Top Sysadmin content February 2021

Tuesday 2nd of March 2021 04:46:54 AM

Top Sysadmin content February 2021

Be sure to catch up on all of our best content from the last month.
tcarriga
Mon, 3/1/2021 at 8:46pm

Image

Photo by Pexels

Even though it was a short month, February of 2021 was another great month for the Enable Sysadmin community. We generated 29 articles from 20 different authors; generating over 475k pageviews and bringing in more than 325k unique visitors. It was also a great month for some of our older content.

In this month’s top content, you’ll find topics ranging from Ansible automation and reboot modules to cryptography and career advice. No matter your role or skill level, there is sure to be something of interest to you, so enjoy it.

Topics:  
Linux  
Read More at Enable Sysadmin

The post Top Sysadmin content February 2021 appeared first on Linux.com.

Linux sysadmins: What’s your favorite IDE?

Sunday 28th of February 2021 04:50:00 AM

Linux sysadmins: What’s your favorite IDE?

If you program or script in Linux, what’s your favorite IDE? The old standby vi or something a little newer?
skenlon
Sat, 2/27/2021 at 8:50pm

Image

Image by StockSnap from Pixabay

When you think of the tools a sysadmin relies on every day, an IDE isn’t necessarily the first thing that comes to mind. IDEs are for developers. It’s literally in the name: Integrated Development Environment (IDE).

Topics:  
Linux  
Programming  
Read More at Enable Sysadmin

The post Linux sysadmins: What’s your favorite IDE? appeared first on Linux.com.

More in Tux Machines

Here’s Why Switching to Linux Makes Sense in 2021

Linux does have several benefits over Windows and macOS in certain areas. People are realizing it, and it is slowly gaining popularity in the desktop OS market. Of course, the majority of desktop users still swear by Windows or macOS, but a greater number of users are trying out new Linux distributions to see if they can switch to Linux. They may have heard good things about Linux as a desktop choice, or just want to try something different while confined to their homes. Who knows? Here, I will be presenting you all the good reasons why Linux makes more sense in 2021. Read more

today's leftovers

  • LHS Episode #416: The Weekender LXXIII

    It's time once again for The Weekender. This is our bi-weekly departure into the world of amateur radio contests, open source conventions, special events, listener challenges, hedonism and just plain fun. Thanks for listening and, if you happen to get a chance, feel free to call us or e-mail and send us some feedback. Tell us how we're doing. We'd love to hear from you.

  • Donation button removed

    Over the years, I have blown hot and cold over whether to have a donation button. Did take it down for awhile, about a year ago I think. I received an email asking if can send me a bank cheque, which reminded me about that donation button. I declined the offer. I really don't need donations. It is really my pleasure to upload blog reports about EasyOS, Puppy, DIY hiking gear, and all the rest that have posted about. Ibiblio.org is still very kindly hosting downloads, and I also went back to the Puppy Forum.

  • Akademy 2021 – I

    I am still digesting the load of information that Marc Mutz gave in his intense training session last night between 6 and almost 11 p.m. about C++/STL history, containers, iterators, allocators, the Non-Owning Interface Idiom and all that other good stuff. Great job Marc.

  • Stuck Updates Fix

    When rolling out a new feature that lets you skip (offline) updates on boot-up earlier this week we have messed up and also brought in a nasty bug that prevents updates from applying. Unfortunately we can’t automatically rectify this problem because, well, updates are never applied. In case you find Discover showing the same updates over and over again, even after rebooting to apply the update, you may be affected.

  • AWS SSM Parameters

    If you are not familiar with the Parameter Store it provides hierarchical storage for config data, strings, and other values. As well as being used for storing private information the parameter store provides a public namespace for SUSE, /aws/service/suse, which is now being leveraged to provide the latest image id’s for all active SUSE images.

Proprietary Software Leftovers

  • Steam on ChromeOS: Not a Rumor Anymore - Boiling Steam

    If you follow us or other sources like Chrome Unboxed you are by now aware that there’s ample rumors about Google/Valve working on bringing Steam on ChromeOS. We know the technology pieces are there, as recently discussed with Luke Short in our recent podcast. However, we are still waiting for an official announcement that would turn the expected rumors into reality.

  • First American Financial Pays Farcical $500K Fine

    In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.

  • How Russian threats in the 2000s turned this country into the go-to expert on cyber defense

    Estonia is no stranger to the cyber threat posed by Russia. Back in 2007, a decision to relocate a Soviet-era war memorial from central Tallinn to a military cemetery sparked a diplomatic spat with its neighbor and former overlord. There were protests and angry statements from Russian diplomats. And just as the removal works started, Estonia became the target of what was at the time the biggest cyberattack against a single country.

    The Estonian government called the incident an act of cyberwarfare and blamed Russia for it. Moscow has denied any involvement.

    The attack made Estonia realize that it needed to start treating cyber threats in the same way as physical attacks.

  • Most Businesses That Pay Off After Ransomware Hack Hit With Second Attack: Study [iophk: Windows TCO]

    The study surveyed nearly 1,300 security professionals around the world and found that 80 percent of businesses that paid after a ransomware attack suffered a second attack. Of those hit a second time, 46 percent believed it came from the same group that did the first attack.

    Censuswide, which performed the study on behalf of the international cybersecurity company Cybereason, found that 25 percent of organizations hit by a ransomware attack were forced to close. In addition, 29 percent were forced to eliminate jobs.

Kernel: Oracle, UPower, and Linux Plumbers Conference

  • Oracle Sends Out Latest Linux Patches So Trenchboot Can Securely Launch The Kernel - Phoronix

    Trenchboot continues to be worked on for providing boot integrity technologies that allow for multiple roots of trust around boot security and integrity. Oracle engineers on Friday sent out their latest Linux kernel patches so it can enjoy a "Secure Launch" by the project's x86 dynamic launch measurements code. The latest kernel patches are a second revision to patches sent out last year around the Trenchboot launch support for enhancing the integrity and security of the boot process. This kernel work goes along with Trenchboot support happening for GRUB.

  • Nearly A Decade Later, UPower Still Working Towards 1.0 Release

    For nearly one decade there has been talk of UPower 1.0 while in 2021 that still has yet to materialize for this former "DeviceKit-Power" project but at least now there is UPower v0.99.12 as the first release in two years. UPower 1.0 has yet to materialize and it certainly isn't advancing these days like it was in the early 2010s. With Thursday's UPower 0.99.12 release the key changes to land over the past two years are supporting more device types and power reporting for newer Apple iPhone smartphones like the iPhone XR, XS, and other newer models.

  • Linux Plumbers Conference: Tracing Microconference Accepted into 2021 Linux Plumbers Conference

    We are pleased to announce that the Tracing Microconference has been accepted into the 2021 Linux Plumbers Conference. Tracing in the Linux kernel is constantly improving. Tracing was officially added to Linux in 2008. Since then, more tooling has been constantly added to help out with visibility. The work is still ongoing, with Perf, ftrace, Lttng, and eBPF. User space tooling is expanding and as the kernel gets more complex, so does the need for facilitating seeing what is going on under the hood.