Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Six things you need to know about IoT security
  • OpenStack Cloud Security Moves Forward

    When it comes to understanding security in the cloud and specifically security in OpenStack clouds, there are many factors to consider. In a panel session moderated by eWEEK at the OpenStack Summit in Boston, leaders from across different elements of the OpenStack security spectrum provided insight and recommendations on cloud security.

    Security is a broad term in the OpenStack context and isn't just one single item. There is the OpenStack Security Project, which has a mission to help build tools and processes that help to secure OpenStack and its various projects. There is also the Vulnerability Management Team (VMT) that handles vulnerabilities for OpenStack project. Security in OpenStack is also reflected in various OpenStack projects, including notably Project Barbican for security key management. Finally there is just general security for cloud deployment by operators, which includes secure configuration and monitoring.

  • We Wuz Warned

    The tools that are infecting computers worldwide were indeed developed by, and then leaked from, the NSA. (Thanks for nothing, spooks.) The bitcoin.com article contains tips about how to protect yourself, and links to Windows patches, if you haven't yet been hit. Fortunately for us, the attacks seem to be focused on Windows systems; our Linux desktops are so far unscathed.

  • NSA-created cyber tool spawns global attacks — and victims include Russia

    Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia, with Russia among the hardest-hit countries.

    But the Department of Homeland Security told POLITICO it had not confirmed any attacks in the U.S. on government targets or vital industries, such as hospitals and banks.

  • GCHQ tweeted about keeping Britain cyber-safe and it majorly backfired
  • Leaked NSA Hacking Tool On Global Ransomware Rampage [Ed: No, the problem isn't "patching" or "upgrade", the problem is Windows itself, irrespective of which version (back doors)]

    Thus, there's some debate online about whether the "problem" here is organizations who don't upgrade/patch or the NSA. Of course, these things are not mutually exclusive: you can reasonably blame both. Failing to update and patch your computers is a bad idea these days -- especially for large organizations with IT staff who should know better.

  • An NSA-derived ransomware worm is shutting down computers worldwide
  • WCry is so mean Microsoft issues patch for 3 unsupported Windows versions [Ed: Back doors in old versions of Windows belatedly closed because Microsoft risks losing millions of useds [sic] for good]

More in Tux Machines

today's leftovers

  • Why Linus is right (as usual)
    Last year, some security “hardening” code was added to the kernel to prevent a class of buffer-overflow/out-of-bounds issues. This code didn’t address any particular 0day vulnerability, but was designed to prevent a class of future potential exploits from being exploited. This is reasonable. This code had bugs, but that’s no sin. All code has bugs. The sin, from Linus’s point of view, is that when an overflow/out-of-bounds access was detected, the code would kill the user-mode process or kernel. Linus thinks it should have only generated warnings, and let the offending code continue to run.
  • Kube-Node: Let Your Kubernetes Cluster Auto-Manage Its Nodes
    As Michelle Noorali put it in her keynote address at KubeCon Europe in March of this year: the Kubernetes open source container orchestration engine is still hard for developers. In theory, developers are crazy about Kubernetes and container technologies, because they let them write their application once and then run it anywhere without having to worry about the underlying infrastructure. In reality, however, they still rely on operations in many aspects, which (understandably) dampens their enthusiasm about the disruptive potential of these technologies. One major downside for developers is that Kubernetes is not able to auto-manage and auto-scale its own machines. As a consequence, operations must get involved every time a worker node is deployed or deleted. Obviously, there are many node deployment solutions, including Terraform, Chef or Puppet, that make ops live much easier. However, all of them require domain-specific knowledge; a generic approach across various platforms that would not require ops intervention does not exist.
  • Red Hat, Inc. (RHT) Shares Bought by Aperio Group LLC
  • Cloudera, Inc. (CLDR) vs. Red Hat, Inc. (RHT): Breaking Down the Data

Software: VidCutter, Super Productivity, MKVToolNix

  • VidCutter 5.0 Released With Improved UI, Frame Accurate Cutting
    A new version of VidCutter, a free video trimmer app, is available for download. VidCutter 5.0 makes it easier to cut videos to specific frames, improves the export of video clips with audio and subtitle tracks, and refreshes the default application icon. Why Vidcutter? If you want split video, trim video, or join video clips into a single montage then Vidcutter is ideal. The app lets you perform these tasks, as well as many more, quickly and easily. VidCutter is a Qt5 application that uses the open-source FFMpeg media engine.
  • Linux Release Roundup: Fedora 27, Shotwell, Corebird + More
    It’s been another busy week in the world of Linux, but we’re here to bring you up to speed with a round-up of the most notable new releases. The past 7 days have given us a new version of free software’s most popular photo management app, a new release of a leading Linux distribution, and updated one of my favourite app finds of the year.
  • Super Productivity is a Super Useful To-Do App for Linux, Mac & Windows
    Super Productivity is an open-source to-do list and time tracking app for Windows, macOS and Linux. It’s built using Electron but doesn’t require an internet connection (which is pretty neat). And it has (optional) integration with Atlassian’s Jira software.
  • MKVToolNix 18.0.0 Open-Source MKV Manipulation App Adds Performance Improvements
    A new stable release of the MKVToolNix open-source and cross-platform MKV (Matroska) manipulation software arrived this past weekend with various performance improvements and bug fixes. MKVToolNix 18.0.0 continues the monthly series of stability and reliability updates by adding performance improvements to both the AVC and HEVC ES parsers thanks to the implementation of support for copying much less memory, and enabling stack protection when building the program with Clang 3.5.0 or a new version.

OSS Leftovers

  • Reveal.js presentation hacks
    Ryan Jarvinen, a Red Hat open source advocate focusing on improving developer experience in the container community, has been using the Reveal.js presentation framework for more than five years. In his Lightning Talk at All Things Open 2017, he shares what he's learned about Reveal.js and some ways to make better use of it. Reveal.js is an open source framework for creating presentations in HTML based on HTML5 and CSS. Ryan describes Gist-reveal.it, his project that makes it easier for users to create, fork, present, and share Reveal.js slides by using GitHub's Gist service as a datastore.
  • Font licensing and use: What you need to know
    Most of us have dozens of fonts installed on our computers, and countless others are available for download, but I suspect that most people, like me, use fonts unconsciously. I just open up LibreOffice or Scribus and use the defaults. Sometimes, however, we need a font for a specific purpose, and we need to decide which one is right for our project. Graphic designers are experts in choosing fonts, but in this article I'll explore typefaces for everyone who isn't a professional designer.
  • Broader role essential for OpenStack Foundation, says Mirantis’ Renski
  • URSA Announces Name Change to Open Source Integrators to Reflect Their Full Spectrum of Open ERP Expertise
  • 2018 is Year for Open Source Software for Pentagon
    The US Pentagon is set to make a major investment in open source software, if section 886 of the National Defense Authorization Act for Fiscal Year 2018 is passed. The section acknowledges the use of open source software, the release of source code into public repositories, and a competition to inspire work with open source that supports the mission of the Department of Defense.
  • How startups save buckets of money on early software development
     

    Moving along, we have to segue with a short modularity lesson. More specifically, how modularity applies to software.

    Essentially, all products and services become cheaper and more plentiful when all the processes involved in production become modularised.

today's howtos