Navigation

Language Selection

Search

Security Leftovers

Submitted by Roy Schestowitz on Monday 24th of January 2022 04:02:12 PM Filed under

Security

Security updates for Monday [LWN.net]

Security updates have been issued by Debian (chromium, golang-1.7, golang-1.8, pillow, qtsvg-opensource-src, util-linux, and wordpress), Fedora (expat, harfbuzz, kernel, qt5-qtsvg, vim, webkit2gtk3, and zabbix), Mageia (glibc, kernel, and kernel-linus), openSUSE (bind, chromium, and zxing-cpp), Oracle (kernel), Red Hat (java-11-openjdk and kpatch-patch), Scientific Linux (java-11-openjdk), SUSE (bind, clamav, zsh, and zxing-cpp), and Ubuntu (aide, dbus, and thunderbird).
LogJ4 Security Inquiry – Response Required

On Friday January 21, 2022 I received this email. I tweeted about it and it took off like crazy.

The email comes from a fortune-500 multi-billion dollar company that apparently might be using a product that contains my code, or maybe they have customers who do. Who knows?

My guess is that they do this for some compliance reasons and they “forgot” that their open source components are not automatically provided by “partners” they can just demand this information from.

I answered the email very briefly and said I will be happy to answer with details as soon as we have a support contract signed.

I think maybe this serves as a good example of the open source pyramid and users in the upper layers not at all thinking of how the lower layers are maintained. Building a house without a care about the ground the house stands on.

I believe this email is genuine and my reply was directed to a big-company .com email address domain that did not bounce. In my tweet and here in my blog post I redact the name of the company. I most probably have the right to tell you who they are, but I still prefer to not. (Especially if I manage to land a profitable business contract with them.) I suspect we can find this level of entitlement in many companies.
Trend Micro : Analysis and Impact of LockBit Ransomware's First Linux and VMware ESXi Variant [Ed: Ransomware is predominantly a Windows issue, but there are attempts to shift attention and manipulate perceptions]

The release of this variant is in line with how modern ransomware groups have been shifting their efforts to target and encrypt Linux hosts such as ESXi servers. An ESXi server typically hosts multiple VMs, which in turn hold important data or services for an organization. The successful encryption by ransomware of ESXi servers could therefore have a large impact on targeted companies. This trend was spearheaded by ransomware families like REvil and DarkSide.

Login or register to post comments
Printer-friendly version
1530 reads
PDF version

More in Tux Machines

Openwashing and Linux Foundation

China’s GitHub clone making all repos private pending mysterious ‘review’ [Ed: It is not a GitHub clone because GitHub was not the first]
Sysdig Welcomes Google Open Source Lead to Head up OSS Ecosystem Team
Google assuring open-source code to secure software supply chains
Hyperledger Foundation Announces Development Milestones for Three Projects; Plans for Hyperledger Global Forum
OCI at KubeCon + CloudNativeCon Europe
Cloud Foundry Foundation launches Korifi to simplify the Kubernetes developer experience
Kubernetes security report finds people have no idea how to use Kubernetes

Kubernetes seems to be a security nightmare because it’s super complex to use, and people tasked with using it are struggling to cope, a report from Red Hat has found.
Is the Kubernetes Skills Gap Shrinking? -- Virtualization Review

Specifically, in Canonical's 2022 Kubernetes and Cloud Native Operations Survey, 48 percent of respondents say lack of in-house skills and limited manpower are the biggest obstacles to migrating to or using Kubernetes and containers, while the 2021 report had 54.5 percent of respondents citing that challenge as their top issue.
Datadog Adds Support for OpenTelemetry Protocol [Ed: Openwashing surveillance in "telemetry" clothing]

At the KubeCon + CloudNativeCon Europe 2022 event, Datadog announced it made support for the OpenTelemetry Protocol (OTLP) generally available in the agent software it provides to instrument applications.
Ingest OpenTelemetry Traces and Metrics with the Datadog Agent
Boeing Joins Cloud Native Computing Foundation as a Platinum Member
Cloud Native Computing Foundation Hits 800 Member Milestone at KubeCon + CloudNativeCon Europe 2022

Android Leftovers

Stay Organized With These 7 Calendar Apps for Linux

Keep track of time and events while working on your desktop using these must-have calendar apps for Linux. Calendar apps are a necessity for keeping track of events and your to-do tasks in this hectic modern work life. These apps can help you never forget anything again. The calendar apps available for Linux have a lot of handy productivity features that will help you remember stuff, suggest important dates, and help build good habits.

Games: 3000 Games On The Steam Deck, The Legend of Zelda: Ocarina of Time, 5 Best 3D Games for GNU/Linux

3000 Games On The Steam Deck! - Boiling Steam

It took less than 4 months and here we are, with 3000 games on the Steam Deck! To be precise, there are now 3014 games at the time of writing working on the Steam Deck – in two categories as usual: Steam Deck Verified: 1527 titles Steam Deck Playable: 1487 titles
Zelda: Ocarina of Time’s PC port now supports 60fps, save states, Linux and more

The fan-made PC port of The Legend of Zelda: Ocarina of Time, ‘Ship of Harkinian’ now supports 60fps, Linux and more. As part of the fan development team’s latest “Ship of Harkinian Direct”, Habour Masters unveiled the frame-rate boost as well as a host of new features. In addition to 60fps, the port now runs on Linux, and new features such as save states, Gameshark-style cheats and accessibility features such as voice descriptions have been added to the game.
5 Best 3D Games for Linux To Play in 2022

It is true that Linux doesn’t have a good name for the gaming sectors like Windows and macOS. But still, there are a lot of interesting games, including many 3D games available for Linux users. Indeed, the gaming companies are now getting interested in Linux, and so they are producing more games for this system. However, if you are a Linux user and want to enjoy some games in your free time, I can help. Today, we will discuss the best 3D games for Linux.

Latest News

today's leftovers

Here's what's new and changed in Kodi 20 'Nexus' Alpha 1

Yesterday, we revealed that the next big version of Kodi had hit an important milestone. Nightly builds of Kodi 20 'Nexus' have been available for months, but now there’s a much more stable release for users to download. Although it’s only a pre-release build, and therefore will likely have some bugs to watch out for, Kodi 20 'Nexus' Alpha 1's arrival will excite a lot of people. Team Kodi is very proud of this release, and highlights the following changes and new features.
MiTubo 1.0: playlist support, new “website” | Mardy

Expanding a bit on the points above, the first thing worth saying is that the choice of releasing this version as “1.0” does not mean that it's more stable than the previous ones; it just means that I'm rather satisfied with the feature set, and that I believe that the program is ready for more widespread use. This is also the reason why I decided to prepare a web page for it: mardy.it/mitubo. I didn't go for a completely separate website, unlike what I previously did for Mappero Geotagger, PhotoTeleport and Imaginario (which reminds me that I haven't been working on the latter for a long time! I should try to correct this soon!), both because this way it's simpler to publish news about it (I'll continue doing that here, instead of cross-posting in two sites), and because having it in the same domain might be mutually beneficial for the SEO ranking of the blog and of MiTubo.
Adriaan de Groot: Blue Systems Farewell

Calamares serves the needs of several dozen Linux distributions, large and small. I’ve been running the Calamares project for five years now, sponsored by Blue Systems who have supported the Calamares project since its beginning and through two maintainers now. After these five years, I have decided to hand in my badge and move on to different things. This means that I’m no longer paid to spend three days a week on Calamares and my involvement is going to be dialed back to incidental-volunteer-contributor. This means that maybe I’ll finally ignore Linux distro’s and sit down to make it work for FreeBSD.
Elevate from a normie to an elite internet user - Invidious
Strengthening digital infrastructure: A policy agenda for free and open source software

While there is little debate that digital forces are playing an increasingly crucial role in the economy, there is limited understanding of the importance of the digital infrastructure that underlies this role. Much of the discussion around digital infrastructure has focused on broadband availability (which is certainly important), but the role of free and open source software (FOSS or OSS) has gone underappreciated. FOSS—software whose source code is public, is often created by decentralized volunteers, and can be freely used and modified by anyone—has come to play a vital role in the modern economy. It is baked into technology we use every day (cars, phones, websites, etc.), as well as into various aspects of critical infrastructure including our finance and energy systems.
Improve legibility and reduce layout shifts with x-height adjustments

There’s more to setting the text size on your webpages than just the CSS font-size property. It only controls the size of majuscule (“uppercase”, e.g. “A”) letters, numbers, and punctuation. The size of minuscule (“lowercase”, e.g. “a”) letters is left up to the font. [...] Unfortunately, font-size-adjust is only supported in Firefox. It has been supported by this browser for over a decade already. It was implemented in Chrome for almost half a decade, but it has been left to rot behind the Experimental Web Platform features flag. It’s not implemented in Safari.

Linux and "Open" Devices

Intel promises ‘substantial contributions’ to RISC-V growth • The Register

Here's something that would have seemed outlandish only a few years ago: to help fuel Intel's future growth, the x86 giant has vowed to do what it can to make the open-source RISC-V ISA worthy of widespread adoption. In a presentation, an Intel representative shared some details of how the chipmaker plans to contribute to RISC-V as part of its bet that the instruction set architecture will fuel growth for its revitalized contract chip manufacturing business.
Project Cassini sees first hardware with congatec SMA... eeNews Europe

ARM’s Project Cassini has released its first standard hardware. congatec in Germany has developed a SMARC Computer-on-Module based on NXP i.MX8 M Plus processor, achieved ARM’s SystemReady IR certification as part of the project. Cassini aims to overcome the barriers of ARM deployments by providing a comprehensive and secure ecosystem…
Arm Project Cassini completed: congatec modules with NXP i.MX 8M Plus processor now Arm SystemReady IR certified

Hardware with Cassini SystemReady IR certified bootloader is validated to run unmodified ISO images of Ubuntu, Fedora, openSUSE and Debian operating systems, making native software installation an easily executable task.
congatec simplifies Arm deployments with i.MX 8M Plus | RoboticsTomorrow
Mixtile Blade 3 is a stackable single-board PC with RK3588 processor, support for cluster computing (crowdfunding)

The boards ship with Android 12 software, with a custom version of the Debian 11 GNU/Linux distribution pre-loaded in a container, and source code and SDKs are available for Buildroot and Yocto.
Marvell CXL roadmap goes all-in on composable infrastructure • The Register

Introduced in early 2019, CXL is an open interface that piggybacks on PCIe to provide a common, cache-coherent means of connecting CPUs, memory, accelerators, and other peripherals. The technology is seen by many, including Marvell, as the holy grail of composable infrastructure, as it enables memory to be disaggregated from the processor.

"Open Source" as False Marketing

Once frenemies, Elastic and AWS are now besties

To cut a War and Peace-esque story short, Amazon had introduced its own managed Elasticsearch service called Amazon Elasticsearch Service way back in 2015, and in the intervening years the “confusion” this (among other shenanigans) caused in the cloud sphere ultimately led Elastic to transition Elasticsearch from open source to “free and open” (i.e., a less permissive license), exerting more control over how the cloud giants of the world could use the product and Elasticsearch name.
What sort of open source licence is your database?

If vendors are changing the licence to make them more restrictive, does that make them any different to proprietary software? Zaitsev says no. He sees such a move as meaning a company and its products are no longer open source.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

FOSSMint

Debug Point

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Pop!_OS 22.04 LTS has landed!

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA

Navigation

Language Selection

Search

Tux Machines Section/s

Authors Information

LWN

Active forum topics

Collabora

9to5Linux

Gnu Planet

FOSS Force

FOSSLinux

Phoronix

OpenSource.com

Kde Planet

Fedora Magazine

Mozilla