Language Selection

English French German Italian Portuguese Spanish

Integrity/Availability Leftovers

Filed under
Misc
  • Guy [cracks] UZ and allocates accommodation to students, netting US$3000 in the process

    UZ has an online platform where students can apply for accommodation. What the State is alleging is that Martin gained access to the UZ’s computer network and could edit information on that accommodation platform.

    Once he had that access he proceeded to approach students who were seeking accommodation and charged them between US$40 and $60 to secure it. He is said to have done this between October and November 2021. All in all, he allegedly pocketed over US$3000 from the 64 students he offered the service.

  • ZBC suffers power outage disrupting radio & television programming

    The Zimbabwe Broadcasting Corporation (ZBC) has, in a tweet, notified the nation that it has suffered a power outage at its Pockets Hill Broadcasting Centre.

  • Why Are Authentication and Authorisation So Difficult?

    Once you’ve selected which type of authentication to support, you may also need to pick a specific implementation if it is not a standard. This potentially complicates the end user’s environment if it’s not a match for the other applications in use. This National Security Agency (NSA) guide categorizes specific MFA solutions into the evaluation criteria from the National Institute of Standards and Technology’s (NIST) 800-63 authentication documents and is a very helpful resource for understanding the strength of each solution. If you are less familiar with identity management and all it encompasses, the NIST documentation is an excellent resource to learn more about this complex set of technologies.

  • Simple Things That Are Actually Hard: User Authentication

    And that’s for the most obvious feature that every application has. No wonder it has been implemented incorrectly many, many times. The IT world is complex and nothing is simple. Sending email isn’t simple, authentication isn’t simple, logging isn’t simple. Working with strings and dates isn’t simple, sanitizing input and output isn’t simple.

  • Hidden Certificate Authorities

    The security of encrypted Web traffic depends upon a set of Certificate Authorities (CAs). Browsers and operating systems are configured with a list of CAs that they trust. The system is brittle, in the sense that if any of the multitude of CAs that your browser trusts is incompetent or malign, the security of all your traffic is imperiled. I've written several times on the topic of misbehaving CAs; there is a list of links at the end of the post.

    In Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure, Thomas Claiburn reports on an important paper, Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem by Yiming Zhang et al. This paper looks at what happens when, by fair means or foul, unofficial entries are added to or replace the CAs in the official list that your browser trusts. Below the fold I discuss their findings.

More in Tux Machines

Programming Leftovers

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?

  • An outdated Python for openSUSE Leap [LWN.net]

    Enterprise distributions are famous for maintaining the same versions of software throughout their, normally five-year-plus, support windows. But many of the projects those distributions are based on have far shorter support periods; part of what the enterprise distributions sell is patching over those mismatches. But openSUSE Leap is not exactly an enterprise distribution, so some users are chafing under the restrictions that come from Leap being based on SUSE Enterprise Linux (SLE). In particular, shipping Python 3.6, which reached its end of life at the end of 2021, is seen as problematic for the upcoming Leap 15.4 release. [...] OpenSUSE and SLE have generally been aligned over the years. In 2020, Leap and SLE grew even closer together. The build system and repositories between the two were shared starting with Leap 15.2, which corresponded to the second "service pack" (SP) of SLE (i.e. SLE 15-SP2). In 2021, with Leap 15.3 and SLE 15-SP3, the two distributions effectively merged, such that all of the base packages were shared between the two. To a first approximation, Leap is an openSUSE-branded version of SLE, much like what CentOS used to be for Red Hat Enterprise Linux.

  • Make Your Python CLI Tools Pop With Rich | Hackaday

    It seems as though more and more of the simple command-line tools and small scripts that used to be bash or small c programs are slowly turning into python programs. Of course, we will just have to wait and see if this ultimately turns out to be a good idea. But in the meantime, next time you’re revamping or writing a new tool, why not spice it up with Rich?

Linuxfx 11.1 WxDesktop 11.0.3

It is with great pleasure that we announce the release of Linuxfx version 11.1.1103. This update releases several new features for the operating system. The system kernel has been updated to version 5.13, bringing better support for more modern hardware. System tools gained new translations: French, German, Italian, Japanese, Chinese, Spanish, American and Portuguese is now supported for WxDesktop. Android support has been improved, now in addition to supporting opengl, we also release support for Vulkan (experimental). Finally, all system packages have been updated, including WxDesktop, Onlyoffice and many others. The image has been scaled down to fit on a DVD. Users of older versions will receive this update over the internet. New users can download the new image from our portal. Read more

Audiocasts/Shows: TLLTS, Going Linux, and FLOSS Weekly

  • The Linux Link Tech Show Episode 939

    Joel aint got no time for outlook! He is too busy working jenkins.

  • Going Linux #417 · A Tribute To Tom

    We remember former co-host, Tom with a re-broadcast of Tom at his best in episode 180, Listener Feedback and an interview with Jonathan Nadeau.

  • FLOSS Weekly 664: Tailscale - Avery Pennarun, VPN

    Avery Pennarun of Tailscale and much more, blows the minds of Doc Searls and Aaron Newcomb on a can't-miss show that explains how the best development is all "chickens and eggs." Pennarun explains thatfree software and open source is the gifting nature of the former, and how startups succeed and fail at crossing chasms. All while touching on so much more that we now have a Part 2 of the discussion planned.

Android Leftovers