Language Selection

English French German Italian Portuguese Spanish

Site Map

Blogs

Community blog and recent blog authors at Tux Machines.

Forum

forums

content

blog

More in Tux Machines

Today in Techrights

today's leftovers: OpenSUSE Tumbleweed, Fedora Program Management, Security and More

  • Dominique Leuenberger: openSUSE Tumbleweed – Review of the week 2019/33

    Week 2019/33 ‘only’ saw three snapshots being published (3 more were given to openQA but discarded).

  • FPgM report: 2019-33

    Here’s your report of what has happened in Fedora Program Management this week. I have weekly office hours in #fedora-meeting-1. Drop by if you have any questions or comments about the schedule, Changes, elections, or anything else. (Just not this week because I will be traveling)

  • Security updates for Friday

    Security updates have been issued by Debian (freetype, libreoffice, and openjdk-7), Fedora (edk2, mariadb, mariadb-connector-c, mariadb-connector-odbc, python-django, and squirrelmail), Gentoo (chromium, cups, firefox, glibc, kconfig, libarchive, libreoffice, oracle-jdk-bin, polkit, proftpd, sqlite, wget, zeromq, and znc), openSUSE (bzip2, chromium, dosbox, evince, gpg2, icedtea-web, java-11-openjdk, java-1_8_0-openjdk, kconfig, kdelibs4, mariadb, mariadb-connector-c, nodejs8, pdns, polkit, python, subversion, and vlc), Oracle (ghostscript and kernel), Red Hat (mysql:8.0 and subversion:1.10), SUSE (389-ds, libvirt and libvirt-python, and openjpeg2), and Ubuntu (nginx).

  • A compendium of container escapes

    My name is Brandon Edwards, I’m Chief Scientist at Capsule8. Today we’ll be talking about a compendium of container escapes in the podcast. We’ve previously talked about escaping containers and the sorts of vulnerabilities people should be concerned with a while back. In particular we’re discussing how the RunC vulnerability had engendered all this interest, or concern, or almost shock, the trust the people are placing in containers was broken. Oh wow, an escape could happen! I think it’s really valuable to be able to communicate and show all the other ways that that sort of thing can happen, either from misconfiguration, or over granting privileges, or providing host mounts into the container, or having kernel vulnerabilities that could somehow compromise any of the elements of the security model of container, which is both fragile and complex.

  • Apollo data graph brings managed federation to enterprises

    Data graph vendor Apollo is aiming to help overcome several obstacles to enterprises using graph databases with its latest Apollo Data Graph Platform update, which became generally available on July 16. Among the key new features in the platform are federated management capabilities that enable more scalability across different GraphQL data graph instances. GraphQL is an open source query language for APIs, originally created by Facebook that is used to enable data graph capabilities.

Videos: Pardus and Linux Action News

today's howtos, LibreOffice development, 'DevOps' and programming leftovers

  • How to use apt Command in Linux
  • FreeBSD Display Information About The System Hardware
  • btLr text direction in Writer, part 4

    You can get a snapshot / demo of Collabora Office and try it out yourself right now: try unstable snapshot. Collabora is a major contributor to LibreOffice and all of this work will be available in TDF’s next release, too (6.4).

  • LibreOffice Community at FrOSCon 2019

    LibreOffice development takes place mostly via the internet: volunteers, certified developers and other community members collaborate on programming, design, quality assurance, documentation and other tasks. But we also like to meet up in person, to share information, bring new people into the project, and have fun! So on the weekend of 10 and 11 August, we attended FrOSCon 2019 in Sankt Augustin, a town just outside Bonn, Germany. FrOSCon is one of the largest free and open source software (FOSS) conferences in the country, with around 2,000 attendees. Most of the visitors know about FOSS already, but some had only learnt about it recently, and were eager to discover more.

  • 10 ways DevOps helps digital transformation

    DevOps helps organizations succeed with digital transformation by shifting the cultural mindset of the business, breaking down detrimental silos, and paving the way for continuous change and rapid experimentation: All those elements help organizations meet evolving customer demands, experts point out. This helps organizations “self-steer” toward better solutions to continually improve, says Matthew Skelton, head of consulting at Conflux and co-author of Team Topologies.

  • CloudBees Advances State of the DevOps World

    At its annual user conference, CloudBees previews a new Software Delivery Management platform as the DevOps vendor celebrates 15 years of Jenkins.

  • How do you verify that PyPI can be trusted?

    Now Go's packaging story is rather different from Python's since in Go you specify the location of a module by the URL you fetch it from, e.g. github.com/you/hello specifies the hello module as found at https://github.com/you/hello. This means Go's module ecosystem is distributed, which leads to interesting problems of caching so code doesn't disappear off the internet (e.g. a left-pad incident), and needing to verify that a module's provider isn't suddenly changing the code they provide with something malicious. But since the Python community has PyPI our problems are slightly different in that we just have to worry about a single point of failure (which has its own downsides). Now obviously you can run your own mirror of PyPI (and plenty of companies do), but for the general community no one wants to bother to set something up like that and try to keep it maintained (do you really need your own mirror to download some dependencies for the script you just wrote to help clean up your photos from your latest trip?). But we should still care about whether PyPI has been compromised such that packages hosted there have not been tampered with somehow between when the project owner uploaded their release's files and from when you download them.

  • Spyder 4.0 beta4: Kite integration is here

    As part of our next release, we are proud to announce an additional completion client for Spyder, Kite. Kite is a novel completion client that uses Machine Learning techniques to find and predict the best autocompletion for a given text. Additionally, it collects improved documentation for compiled packages, i.e., Matplotlib, NumPy, SciPy that cannot be obtained easily by using traditional code analysis packages such as Jedi.