Language Selection

English French German Italian Portuguese Spanish

Login

Enter your Tux Machines username.
Enter the password that accompanies your username.

More in Tux Machines

Security Leftovers

  • Does Your Domain Have a Registry Lock?

    Dijkxhoorn said one security precaution his company had not taken with their domain prior to the fraudulent transfer was a “registry lock,” a more stringent, manual (and sometimes offline) process that effectively neutralizes any attempts by fraudsters to social engineer your domain registrar.

    With a registry lock in place, your registrar cannot move your domain to another registrar on its own. Doing so requires manual contact verification by the appropriate domain registry, such as Verisign — which is the authoritative registry for all domains ending in .com, .net, .name, .cc, .tv, .edu, .gov and .jobs. Other registries handle locks for specific top-level or country-code domains, including Nominet (for .co.uk or .uk domains), EURID (for .eu domains), CNNIC for (for .cn) domains, and so on.

  • Cisco Warns of Critical Network Security Tool Flaw

    The flaw exists in the web-based management interface of the Cisco Firepower Management Center (FMC), which is its platform for managing Cisco network security solutions, like firewalls or its advanced malware protection service. Cisco has released patches for the vulnerability (CVE-2019-16028), which has a score of 9.8 out of 10 on the CVSS scale, making it critical in severity.

  • No big deal, Rogers, your internal source code and keys are only on the open web. Don't hurry to take it down

    Source code, internal user names and passwords, and private keys, for the website and online account systems of Canadian telecoms giant Rogers have been found sitting on the open internet. The leaked software, seemingly uploaded to GitHub by a Rogers engineer before they left the telco, is written in Java and powered various components of Rogers.com. The materials are marked "closed source" and copyright Rogers, yet can be found on the web if you know where to look. Details of and credentials for services and systems on the ISP's internal networks are included. This kind of information, along with source code to skim for security bugs, is a boon for miscreants casing the telco to compromise it. These details may have already been exploited by criminals, or may prove useful for future attacks. It's also a reminder that engineers and management must take all precautions to avoid pushing private company code to public repositories. It should be noted that no customer information nor account details – beyond the names, passwords, and email addresses of some members of the ISP's web development team – are present in the public code repository. The web app blueprints date back to 2015, so just how much of this code remains in production is unclear. One hopes the passwords and keys have been replaced over the past five years, at least. With any luck, this may well be more of an embarrassment to one of Canada's biggest broadband'n'telly telcos than anything else.

  • Rogers’ internal passwords and source code found open on GitHub

    Sensitive data of another major Canadian firm has been found sitting open on the GitHub developers platform. Security researcher Jason Coulls said he recently discovered two open accounts with application source code, internal user names and passwords, and private keys for Rogers Communications. No customer data was found. He suspects the code belonged to a developer who has left the telco. Coulls, who works in the IT department of a Toronto firm and has his own security consultancy, initially told The Register of the discovery, after which the news site contacted Rogers. One problem is the code he saw describes data payloads and how it goes between databases and web services. “You can use that to get to the stuff that people [thieves] would go after,” he explained.

  • How to patch your open source software vulnerabilities

    Software vulnerabilities are a fact of life. Researchers -- if not hackers -- constantly discover new ways to compromise popular software libraries. It's up to enterprises to quickly deploy patches to secure software before hackers get in. Consider the Equifax breach, in which a hacker exposed the data of more than 145 million users, resulting in $575 million in fines for the credit rating agency. A U.S. Senate investigation identified a backlog of over 8,500 unpatched vulnerabilities at Equifax -- the hacker gained access through just one of those unpatched systems. Vulnerability backlogs are especially prevalent within enterprises that rely on open source components. Nearly all applications make use of some open source components that take the place of either mundane or arcane coding tasks. An open source project often has an active community to maintain and augment it, but that's not always the case. Ultimately, open source software requires a leap of faith from the user that what they're adopting is secure and effective.

Entrapment and Digital Prisons (Microsoft GitHub and Sonos)

  • Microsoft open-sources ONNX Runtime model to speed up Google’s BERT

    This is the most recent leap forward in natural language for Microsoft, but not its first attempt to make Google’s BERT better. About a year ago, Microsoft AI researchers also released MT-DNN, a Transformer-based model that set new high performance standards for the GLUE language model performance benchmark.

  • GitHub now uses AI to recommend open issues in project repositories [Ed: Microsoft now uses mindless buzzwords like "HEY HI!!!" (AI) to market its proprietary software trap]
  • AVSystem Releases a New Version of Open-Source Anjay LwM2M SDK

    AVSystem is pleased to announce that an open-source version of Anjay 2.2.1 has just been released on GitHub.

  • See you later, Sonos: Meet the open-source audio system that would perhaps perhaps no longer ever die

    This week, Sonos launched — after which therefore retracted — that it would perhaps perchance ruin-of-life a assortment of popular audio streaming products made by the corporate at some level of its first 10 years in alternate. Sonos had made up our minds to complete improve on yarn of these first-skills products lack sufficient processing vitality and storage to accommodate contemporary aspects. Regardless that there delight in been many enhancements in presents, miniaturization, and general efficiency, loudspeaker skills has no longer fundamentally changed since its introduction in the 1920s. Offered that they’re no longer inclined outside their efficiency specifications, the drivers and cones can closing a long time. Diverse elements inner speakers encompass magnets constituted of ferrous and uncommon earth presents that attain no longer expire.

  • So long, Sonos: Meet the open-source audio system that will never die

    Sonos had decided to end support because these first-generation products lack sufficient processing power and storage to accommodate new features. Although there have been many improvements in materials, miniaturization, and overall performance, loudspeaker technology has not fundamentally changed since its introduction in the 1920s. Provided that they aren't used outside their performance specifications, the drivers and cones can last decades. Other components inside speakers include magnets made out of ferrous and rare earth materials that do not expire. In addition to solid-state MOSFET-based signal amplifiers, self-powered speakers also contain transformers, which are made of solid cores of metal wound with fine conductive wire. Updates to transformer technology in recent years include Gallium Nitride (GaN), which reduces heat and overall footprint. These components, particularly MOSFETs do not "go bad" unless they are abused, such as being subjected to high temperatures, very high voltages, or transient power spikes, which can be mitigated by a simple surge suppressor or power conditioner.

FUD and Openwashing Leftovers

  • Kevin Owocki on Gitcoin, Controversy and the Future of Open Source Funding

    Some of that controversy has been from outside the Ethereum community, pointing to Consensys and Ethereum Foundation support as an example of centralization. Some of the controversy has come from within, as debates rage about what is or isn’t an acceptable use of “public” resources.

  • Sonatype: Secure code with less hassle

    Software development has changed drastically over the past decade. Take a 22-year-old graduate with a degree in computer science. At one time, they would start off testing code, then start to write code line-by-line. Today, 80% of applications are developed using open source software. Instead of laboriously worrying over each caret and comma, code is grabbed and assembled. This can make for quick iterations and rapid project completion.

  • Lyft's open source asset tracking tool simplifies security

    The modern map -- in fact, any map since the Age of Sail -- serves an important purpose in navigation. Exploration feats, such as Magellan's circumnavigation of the globe, Lewis and Clark's American expedition, or more recent excursions to the Earth's polar regions, would not have been possible without mapping knowledge and ability. A cursory look at ancient or medieval history shows that early maps, prior to their use for navigation, served a different purpose entirely. The map in the 15th century manuscript La Fleur des Histoires was by no means intended to be geographically accurate. Instead, it was designed to convey a concept or idea -- in this case, the separation of ruling powers by region. However, the real power of mapmaking -- that is, for navigation -- would not be realized for generations.

  • vChain, the Makers of the CodeNotary Open Source Code Trust Solution With Over 9 Million Monthly Customer Integrity Verifications Raises $7 Million in Series A to Secure Today’s DevOps Process

    vChain, the leading trust and integrity company, announces the close of a $7M Series A investment round. Elaia, a leading European tech venture fund, led the new investment round which includes also other notable investors such as Swiss-based Bluwat and Acequia Capital (Seattle, USA). vChain was founded in late 2018 and released its first product in April 2019.

  • Open source licence series - WhiteSource: permissive is winning, but is there a hurt factor?
  • Open source licence series - Instaclustr: Is open core a rotten deal?

    Ideally, open source software should be, well, free and open.

  • Open source licence series - Percona: is the battle won, or is this a different war?

    Recently, the Cryptographic Autonomy License (CAL) was submitted for OSI consideration. As Holo’s co-founder Arthur Brock explains in his blog post, his goal is to protect end-user privacy and autonomy. Restrictions in this case focus not on whom, but how the software should be used. While many on the OSI board seem to support the licence, Bruce Perens, OSI co-founder and the person who drafted the original Open Source Definition (OSD), resigned from OSI saying, “… it seems to me that the organisation is rather enthusiastically headed toward accepting a licence that isn’t freedom-respecting. Fine, do it without me, please.”

  • Open Source Wood Innovation Award Given to an Active Member
  • Open Source Plant Material And Intellectual Property

    Today we hear the term “open source” more and more. It is a term that is most commonly identified with software and firmware development out of the Silicon Valley. However, the term is becoming common in the plant industry.

  • Garadget review: Open your garage door with open-source technology

    There’s no scheduling system nor (surprisingly) a logging system built into Garadget, but it does support Alexa, Google Assistant, SmartThings, IFTTT, and a whole host of lesser-known third-party tools, but all of that will invariably force you into the system’s forums again. For example, there are two Garadget Alexa skills, one for if you want to say “smart garage” and one for if you want to say “Garadget” to invoke the skill. Setting up a connection to SmartThings requires using Samsung’s developer tools.

Linux Foundation: CHIPS Alliance, Cloud Foundry Foundation, Kubernetes News

  • Intel joins CHIPS Alliance to promote Advanced Interface Bus (AIB) as an open standard

    CHIPS Alliance, the leading consortium advancing common and open hardware for interfaces, processors and systems, today announced industry leading chipmaker Intel as its newest member. Intel is contributing the Advanced Interface Bus (AIB) to CHIPS Alliance to foster broad adoption.

  • Intel Joins CHIPS Alliance, Contributes Advanced Interface Bus

    Intel this week became a member of CHIPS Alliance, an industry consortium that is working to accelerate the development of open source SoCs (and SiPs) for various applications. As part of their membership, Intel has also contributed its Advanced Interface Bus to the group, giving developers access to the bus and thus the means to interoperate with Intel (and other) chips that will be using it. Designed for use with system-in-packages (SiPs) devices, Intel’s AIB is a high-bandwidth, low-power, die-to-die PHY level standard that uses a clock forwarded parallel data transfer mechanism (akin that used by modern DDR DRAM interfaces). The technology is agnostic to manufacturing processes and packaging technology, so it can be used to connect a wide variety of chips/chiplets using different types of packages, including Intel’s own EMIB, TSMC’s CoWoS, or other 2.5D technologies from numerous vendors. Intel’s AIB has been available to third parties on a royalty-free basis for a while now, so contributing the technology to CHIPS Alliance is the next step for Intel in increasing its adoption. By making AIB available to a very broad group of chip designers, Intel is encouraging development of an ecosystem of chiplets that can later be used with its own CPUs, GPUs, FPGAs, and other components to build special-purpose multi-die SiPs.

  • Cloud Foundry Foundation Announces 2020 Summits in North America and Europe

    Cloud Foundry Foundation, home to open source projects helping build the future of cloud applications, today announced Cloud Foundry Summits for North America and Europe, now co-located with the Linux Foundation's Open Source Summits. Cloud Foundry NA Summit will take place on Thursday, June 25, 2020, in Austin, Texas and Cloud Foundry EU Summit will take place on Thursday, October 29, 2020, in Dublin, Ireland. Early bird registration for Cloud Foundry NA Summit is now open.

  • Octarine Open Sources the Kubernetes Common Configuration Scoring System and kube-scan

    Octarine, the continuous Kubernetes security company that simplifies DevSecOps, today announced the release of two new open source projects: the Kubernetes Common Configuration Scoring System (KCCSS), a new framework for rating security risks associated with misconfigurations, and kube-scan, a workload and assessment tool that scans Kubernetes configurations and settings to identify and rank potential vulnerabilities in applications within minutes.

  • Octarine releases open-source security scanning tools for Kubernetes

    Octarine, a startup that helps automate security of Kubernetes workloads, released an open-source scanning tool today. The tool, which is called Kube-scan, is designed to help developers understand the level of security risk in their Kubernetes clusters. The company is also open-sourcing a second tool called The Kubernetes Common Configuration Scoring System, or KCCSS for short, which is the underlying configuration framework used in Kube-scan. As Ocatrine’s head of product Julien Sobrier points out, there are 30 security settings in Kubernetes, and Kube-scan can help you see where you might be vulnerable on any one of them, measured on a scale of 0-10, with 10 being extremely vulnerable.

  • SReview kubernetes update

    About a week and a half ago, I mentioned that I'd been working on making SReview, my AGPLv3 video review and transcode system work from inside a Kubernetes cluster. I noted at the time that while I'd made it work inside minikube, it couldn't actually be run from within a real Kubernetes cluster yet, mostly because I misunderstood how Kubernetes works, and assumed you could just mount the same Kubernetes volume from multiple pods, and share data that way (answer: no you can't). The way to fix that is to share the data not through volumes, but through something else. That would require that the individual job containers download and upload files somehow. I had a look at how the Net::Amazon::S3 perl module works (answer: it's very simple really) and whether it would be doable to add a transparent file access layer to SReview which would access files either on the local file system, or an S3 service (answer: yes).