Language Selection

English French German Italian Portuguese Spanish

Server

Security, FUD, Openwashing and Threats

Filed under
Server
Security
  • Security updates for Tuesday

    Security updates have been issued by Debian (curl and otrs2), Fedora (NetworkManager-ssh and python-psutil), Mageia (ipmitool, libgd, libxml2_2, nextcloud, radare2, and upx), openSUSE (inn and sudo), Oracle (kernel, ksh, python-pillow, and thunderbird), Red Hat (curl, kernel, nodejs:10, nodejs:12, procps-ng, rh-nodejs10-nodejs, ruby, and systemd), SUSE (dpdk, firefox, java-1_7_1-ibm, java-1_8_0-ibm, libexif, libvpx, nodejs10, nodejs8, openssl1, pdsh, slurm_18_08, python-azure-agent, python3, and webkit2gtk3), and Ubuntu (libapache2-mod-auth-mellon, libpam-radius-auth, and rsync).

  • New Critical RCE Bug in OpenBSD SMTP Server Threatens Linux Distros [Ed: Typical FUD associating "Linux" with a package that GNU/Linux distros do not come with]

    Security researchers have discovered a new critical vulnerability in the OpenSMTPD email server. An attacker could exploit it remotely to run shell commands as root on the underlying operating system.

  • New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers [Ed: Again attributing to operating systems bugs in pertinent packages they may not even have]

    OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
    OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
    It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems.

  • Y2K bug has a 2020 echo

    The New Scientist reports on problems with software caused by an echo of the Y2K bug that had every excited in the late 1990s.

    It turns out one of the fixes then was to kick various software cans down the road to 2020. In theory that gave people 20 years to find long term answers to the problems. In some cases they might have expected software refreshes to have solved the issue.

    [...]

    This happens because Unix time started on January 1 1970. Time since then is stored as a 32-bit integer. On January 19 2038, that integer will overflow.

    Most modern applications and operating systems have been patched to fix this although there are some compatibility problems. The real issue comes with embedded hardware, think of things like medical devices, which will need replacing some time in the next 18 years.

  • The “Cloud Snooper” malware that sneaks into your Linux servers [Ed: They don't want to mention that people actually need to install this malware on GNU/Linux for dangers to become viable. Typical Sophos FUD/sales.]
  • Cybersecurity alliance launches first open source messaging framework for security tools [Ed: Openwash of proprietary software firms]

    Launched by the Open Cybersecurity Alliance (OCA), a consortium of cybersecurity vendors including IBM, Crowdstrike, and McAfee, on Monday, the OCA said that OpenDXL Ontology is the "first open source language for connecting cybersecurity tools through a common messaging framework."

  • Microsoft uses its expertise in malware to help with fileless attack detection on Linux [Ed: Truly laughable stuff as Microsoft specialises in adding back doors, then abusing those who speak about it]
  • Azure Sphere, Microsoft's Linux-Powered IoT Security Service, Launches [Ed: Microsoft is Googlebombing "Linux" again; you search for Linux news, you get Microsoft Azure (surveillance) and proprietary malware, instead.]

Aiven Nets Money for Cloudwashing (Closing) of Free Software

Filed under
Server
OSS

Servers News and Linux Foundation

Filed under
Server
  • The 15 Best Cloud OS to Use in 2020: The Experts’ Recommendation

    Joli cloud operating system is a multiuser, cross-browser user-friendly Web Desktop Environment. This web operating system comes with a set of interesting applications of web office that makes the system more versatile. It is a multiuser system that can be installed on LAMP ( Linux/Apache/MySQL/Perl) and is an independent platform.

  • Google, IBM Join Forces to Take on Cloud Leaders

    After locking horns last year, Google and IBM are now collaborating to catch their larger cloud services competitors.

    Whether the union is a strategic masterstroke or a marriage of convenience, it promises greater flexibility for enterprise customers making the shift to so-called “compute and storage” services in the cloud.

  • Tachyum Running Apache is a Key Milestone for Prodigy Universal Processor Software Stack

    Semiconductor startup Tachyum Inc. today announced that it has completed another critical stage in software development by successfully achieving an Apache web server port to Prodigy Universal Processor Instruction Set Architecture (ISA). This latest milestone by Tachyum’s software team brings the company’s Prodigy Universal Processor one step closer to being customer-ready in anticipation of its commercial launch in 2021.

    After its successful GNU toolchain port and the creation of multiple simulation environments to execute Prodigy’s native ISA in 2018, Tachyum’s software developers concentrated on achieving their first successful Linux kernel port in 2019. After confirming the kernel’s functionality, the team moved on to GNU userland open source applications porting.

  • How High Performance Computing is Powering the Age of Genomic Big Data

    What does bacteria, a blade of grass and the human body have in common? On the surface, very little. But given the title of this blog, you’re probably way ahead of me.

  • Kubernetes administration policy made easy with brewOPA

    Cloud-native computing -- with such technologies as Kubernetes, service-mesh, and continuous integration and continuous delivery (CI/CD) -- is revolutionizing IT. But managing can still be a major pain in the server. That's where Open Policy Agent (OPA), an open-source Cloud Native Computing Foundation (CNCF) project, comes in. But it has its own steep learning curve. Cyral with brewOPA wants to ease their climb and make managing policies across cloud-native platforms much easier.

  • Linux Foundation Training Announces a Free Online Course- Ethics in AI and Big Data

    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, today announced the availability of a new, free course – Ethics in AI and Big Data. This course is offered through edX, the trusted platform for learning.

    The Fourth Industrial Revolution is upon us; the physical, digital, and biological worlds are being fused in a way that has a tremendous impact on our global culture and economy. It is no secret that people, machines, data, and processes are increasingly connected in today’s world. While technological advancements like AI bring along promises and opportunities, they also raise concerns about security, user privacy, data misuse, and more. Trust is critical when it comes to AI adoption. People have a tendency to distrust artificial intelligence. It is the responsibility of business and data professionals to change that: add transparency, develop standards and share best practices to build trust, and drive AI adoption. A recent IBM study highlights that globally, 78% of respondents believe “it is very or critically important that they can trust that their AI’s output is fair, safe, and reliable.”

Servers and CMS Leftovers (HPCC, Weblate and AgoraCart)

Filed under
Server
OSS
Web
  • Stanford Student Program Gives Supercomputers a Second Life

    Despite their incredible capabilities, today’s supercomputers typically only have three years of operating life before they need an upgrade. With the march of Moore’s Law, faster, more efficient systems are always waiting to replace them.
    A novel program at Stanford is finding a second life for used HPC clusters, providing much-needed computational resources for research while giving undergraduate students a chance to learn valuable career skills. To learn more, we caught up with Dellarontay Readus from the Stanford High Performance Computing Center (HPCC).

  • 30 projects migrated their translation to Weblate, what about yours?

    The localization community gave it’s approval: Weblate fits our expectations. Many projects have already migrated. It’s time for yours to migrate, because the next Fedora release will mark the end of the old translation platform.

  • AgoraCart "Route 66" Version Released

    I have avoided any spotlight in the Perl community after negative experiences early on but at the urging of Gabor Szabo over at PerlMaven.com, I realized that I should not care if I am not the normal Perl community member/developer. As a result, announcements on Perl type groups was skipped until now. So here's to new beginnings.

    I love the flexibility of Perl and hated the feeling that I was giving up on it as other languages rose in popularity and Perl seemed to surrender from the web on its own accord. I restarted development of the new version of AgoraCart during my masters degree coursework, and kept grinding on the development and testing for another 2+ years. This release marks a huge milestone, for AgoraCart and for me personally. I basically gave up on AgoraCart for a few years (motivation to work on it came and went like the changes in the wind after a family tragedy).

Servers: GNU/Linux, Microsoft Hypocrisy/Lies, Kubernetes and Clown Computing

Filed under
Server
  • What's the source of sluggish career advancement for Linux system administrators?

    I know a lot of Linux sysadmins who work 60, 70, or more hours per week who rarely see the light of day and even more, rarely see a bonus or hear a "thank you." It's no wonder there's massive burnout and job turnover, but now it's time to get to the heart of the problem and find out why. Career mobility and advancement are two big reasons and I suspect that others feel that same pain. Let's find out the source of the career advancement question.

  • Microsoft, Google, Amazon – Who’s the Biggest Climate Hypocrite?

    Some of the world’s biggest tech companies want you to know they take climate change seriously. In fact, Amazon, Microsoft, and Google have each developed a plan to address its contributions to climate change. While each company’s plan is unique, none address their problematic contracts that help oil majors use artificial intelligence to extract more oil and gas.

    Here we unpack Amazon, Microsoft, and Google’s sustainability plans. While each company earns hypocrisy points, Amazon is trailing the pack on climate action. And to make matters worse–rather than rise to the challenge, Amazon is currently threatening employees who speak out on its climate plan.

  • While Microsoft Was Making Its Climate Pledge, It Was Sponsoring an Oil Conference

    Last week, Microsoft made a splash when it announced its intention to become a “carbon negative” company—one that pulls more climate-warming carbon dioxide out of the atmosphere than it puts in—by 2030. The news drew widespread attention and praise for the tech giant. Reuters declared Microsoft had “set a new ambition among Fortune 500 companies,” and the UN’s executive secretary of climate change called the move “remarkable.”

    A day earlier, the 12th International Conference on Petroleum Technology drew to a close in Dhahran, Saudi Arabia. This year, Microsoft received special billing as the event’s “Digital Transformation Partner,” meaning it hosted all of the online sessions according to the Saudi Gazette. The company also had a booth at the conference, and Omar Saleh, Microsoft’s regional director of energy and manufacturing for the Middle East and Africa, participated in a panel discussion titled “The Role of the Fourth Industrial Revolution in Developing the Oil and Gas Sector.”

    [...]

    The disconnect is striking because Microsoft’s new climate pledge is, otherwise, pretty impressive. The company’s timeline—which includes shifting to 100 percent renewable energy for its data centers, buildings, and campuses by 2025, and becoming carbon negative by 2030—is in line with what the science says needs to happen to prevent the worst consequences of climate change. To reach net zero and eventually become a carbon negative company, Microsoft has pledged to put $1 billion into so-called negative emissions technologies that pull carbon out of the air. This, too, is significant: Most climate models agree that we’ll need negative emissions tech to bring atmospheric carbon dioxide down to safe levels. The federal government isn’t investing nearly enough in these technologies; Microsoft’s commitment could spur others in the private sector to help fill the gap.

    "Microsoft was one of a number of sponsors for the event," Microsoft said in a statement. "Microsoft attends and sponsors a number of events spanning many industries."

  • Kubernetes Operators: 4 facts to know

    As Kubernetes environments grow, so too does the interest in Operators. coreOS first introduced Operators back in 2016, and they got a big boost with the launch of the Operator Framework in March 2018. (Red Hat acquired coreOS in January 2018, expanding the capabilities of the OpenShift container platform.)

    There’s been a noticeable bump in the interest in and implementation of Operators of late, according to Liz Rice, VP of open source engineering at Aqua Security. Rice also chairs the Cloud Native Computing Foundation’s technical oversight committee.

    “At the CNCF, we’re seeing interest in projects related to managing and discovering Kubernetes Operators, as well as observing an explosion in the number of Operators being implemented,” Rice says. “Project maintainers and vendors are building Operators to make it easier for people to use their projects or products within a Kubernetes deployment.”

    This growing menu of Operators means there’s a need for a, well, menu. “This proliferation of Operators has created a gap for directories or discovery mechanisms to help people find and easily install what’s available,” Rice says.

    The relatively new OperatorHub.io is one place where Kubernetes community members can find existing Operators or share their own. (Red Hat launched Operator Hub in conjunction with Amazon, Microsoft, and Google.)

  • Multi-Cloud Adoption to Better Enable the Developer Workforce

    Over the past decade, we started to see a broader shift toward the use of multiple cloud providers by the enterprise. The need to reduce risk, optimize cloud usage, manage costs and the push to open source and cloud vendor-agnostic technologies are providing more options for developers, which will likely lead to an even steeper increase in multi-cloud usage.

Docker knits together Hub stats, says Pulls over 8 billion

Filed under
Server

Docker wants the world to know that it’s still riding the waves following the offloading of its Enterprise business last year and has issued some insight from its container registry to prove it.

The first batch of figures from the Docker Index showed that there were 8 billion pulls on the Docker Hub “in the past month”, compared to 5.5 billion a year ago. We’re presuming the past month refers to January.

Fleshing things out a little more, there were 6 million repositories on Hub, with 5 million users and 2.4 million desktop installations, the vendor said. The total number of pulls on Hub stands at 130 billion – presumably since the hub was launched in 2014.

Read more

Amazon Linux Users Win a Major Migration Reprieve

Filed under
GNU
Linux
Server

Are you running AWS on the original Amazon Linux AMI?

Good news, you’ve won a major reprieve from plans to end support for the operating system this summer, with the cloud provider bowing to “customer feedback” and agreeing to extend end-of-life to December 31, 2020.

AWS had planned to phase out support by June, but push-back from customers has seen it extend that date by six months; and add a minimal three-year maintenance support period to June 30, 2023 for good measure.

Maintenance will be limited: users of the 10-year-old AMI (Amazon Machine Image) will only get critical and important security updates for a reduced set of packages, with no guaranteed support for new AWS features.

AWS still wants users to migrate to Amazon Linux 2, saying “we strongly encourage you to use it for your new applications.”

Read more

SimpleLogin: Open Source Solution to Protect Your Email Inbox From Spammers

Filed under
Server
Software
OSS

SimpleLogin is an open-source service to help you protect your email address by giving you a permanent alias email address.

Normally, you have to use your real email address to sign up for services that you want to use personally or for your business.

In the process, you’re sharing your email address – right? And, that potentially exposes your email address to spammers (depending on where you shared the information).

What if you can protect your real email address by providing an alias for it instead? No – I’m not talking about disposable email addresses like 10minutemail which could be useful for temporary sign-ups – even though they’ve been blocked by certain services.

Read more

Also: Google promises next week's cookie-crumbling Chrome 80 will only cause 'a very modest amount of breakage'

Kubernetes Leftovers

Filed under
Server
OSS

Server: Kubernetes, Anchore, Octarine

Filed under
Server
  • Just Released: Kube-Scan Open Source Scanning Tool for Kubernetes

    A startup focused on Kubernetes security has released an open source risk assessment tool for the popular container orchestration platform. Cloud-native app security provider Octarine's Kube-Scan is a cluster risk assessment tool for developers that scans Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications in minutes.

    The tool's risk score is based on Octarine's own Kubernetes Common Configuration Scoring System (KCCSS), a framework similar to the widely used Common Vulnerability Scoring System (CVSS). The KCCSS is similar to the CVSS, but it focuses on the configurations and security settings themselves.

  • Catalogic Software Debuts Open Source Backup Tool for Kubernetes

    Catalogic Software has made available the open source KubeDR utility for backing up and recovering Kubernetes cluster configuration, certificates and metadata residing in an etcd repository.

    Company COO Sathya Sankaran says Catalogic Software has been working to extend the reach of its backup and recovery software for Kubernetes and that KubeDR represents an effort to give back to the open source community. The company’s backup and recovery software already have been extended to support instances of Red Hat OpenShift, which is based on a distribution of Kubernetes, running in OpenStack environments.

    As part of that effort, Catalogic Software, which spun out of Syncsort in 2013, has created Catalogic Labs, committed to developing additional open source data protection technologies.

    KubeDR is designed to enable IT organizations to recover Kubernetes configuration, certificates and metadata stored in an S3-compatible object storage system. The idea is to make it easier for IT organizations to recover a Kubernetes cluster in the event of a failure. IT teams still need a separate tool to back and recover any application data that might have been lost as well.

  • Container software startup Anchore raises $20 million

    The open source software evolution that garnered a $150 million buyout by software giant RedHat in 2015 is fueling a second venture for return founder Saïd Ziouani, this time focused on securing the containers at the core of app development.

  • New open-source projects look to secure Kubernetes

    Kubernetes security company Octarine has announced two new open-source projects designed to protect against cloud-native security vulnerabilities. The Kubernetes Common Configuration Scoring System (KCCSS) is a framework for rating security risks, and kube-scan is a workload and assessment tool.

    “Our mission is to make the adoption of DevSecOps best practices simple, understandable, and achievable for any organization running Kubernetes,” said Julien Sobrier, head of product at Octarine. “One glaring blindspot is at the configuration level when building and deploying cloud native apps. We hope these two new projects benefit the Kubernetes practitioners industry-wide and look forward to collaborating with the community to make Kubernetes as secure and compliant as possible.”

Syndicate content

More in Tux Machines

Today in Techrights

Regain your focus: Manage your push notifications in Linux

I have been working in a professional IT environment of a large organization for over 20 years and during that time I have seen a lot of different visions and opinions on individual and collective productivity. What I have noticed in all those years is how many people think that you are a bad-ass professional if you can do an insane amount of tasks simultaneously. But let’s be honest, doing many things at the same time is not the same as doing things right. But gradually, cracks start to appear in the common opinion that it is always good to multitask. More and more studies show that multitasking undermines focus. And focus is necessary to not waste valuable time due to finding back your concentration as a result of an attention switch. Focus makes sure that you can deliver some high-quality results instead of just many, but probably mediocre results. In this article I want to delve deeper into the backgrounds behind focus, productivity, the impact of notifications on your productivity, and the things that you should consider in allowing and managing your push notifications under Linux. [...] In the introduction I already indicated that nowadays we are increasingly questioning the importance of being good at multitasking, and that perhaps single-tasking is much better. There is, however, a nuance, since multitasking can be fine in itself, as long as all the tasks you want to perform don’t require an equal amount of brain activity and attention. For example, if you like to listen to music during your study time, it is better to listen to instrumental music instead of music in which lyrics play the leading role. With spoken text, you unconsciously interpret and shift your attention from your main task to the music, so you constantly need to refocus back again to your main task. But if you still want to listen to music with vocals, then it is advisable to only listen to music that you have known for years instead of listening to songs with song texts that you have never heard before. New texts subconsciously require more of your attention than texts that you have already known for years. Multitasking is therefore only great when it comes to a combination of simple activities alongside your main task, such as making simple sketches, creating doodles, playing with an elastic band, or chewing your pencil, during a colleague’s presentation or while reading an advice report or listening to a teacher. These doodles and fiddling with a piece of rubber do not require brain effort, so you can keep all your real focus on the main task. But constantly looking at your messages on your mobile phone while listening to a presentation of your colleague, will lead to a loss of focus and loss of information, and of course this is not the nicest and most respectful thing to do in front of a presenting colleague. Read more

Android Leftovers

Access an independent, uncensored version of Planet Debian

Please update your bookmarks and RSS subscriptions to use the new links / feeds below. A number of differences of opinion have emerged in the Debian Community recently. People have expressed concern about blogs silently being removed from Planet Debian and other Planet sites in the free software universe. These actions hide the great work that some Debian Developers are doing and undermines our mutual commitment to transparency in the Debian Social Contract. Read more