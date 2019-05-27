Security: Updates, Kali Linux 2019.2, Ubuntu Security Podcast and What Red Hat Learns at Security Symposium Events
In this video, I am going to show an overview of Kali Linux 2019.2 and some of the applications pre-installed.
The Ubuntu Security Podcast is a weekly podcast covering all the latest news and developments from the Ubuntu Security team. Each week the team discuss the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved. Due to the expansive nature of the software packages provided by Ubuntu, each episode usually covers a diverse range of security issues, from buffer overflows, use-after-free’s and cache side-channel attacks; to cross-site scripting and cross-site request forgery. Whilst describing the various vulnerabilities, their impact is also covered, ranging from the low (denial of service, information disclosure etc) to the higher end of the spectrum (remote code execution, privilege escalation etc). Detailed show notes are also published along with each episode, referencing the particular CVEs discussed as well as their details.
The Ubuntu Security Team announces its new Ubuntu Security Podcast. The weekly podcast will cover "the various security updates that have been published across the Ubuntu releases, describing the technical details of both the security vulnerabilities as well as the fixes involved". The podcast is available from iTunes, Spotify, Google Podcasts or RSS.
Recently, I was asked to speak at one of Red Hat’s regional events, the Security Symposium series, which was an absolutely easy decision to make : Yes, I would much enjoy attending, speaking and, most importantly, listening at this event. Which brings me to why I wrote this post: What have I learned from participating in these events? What might you learn by attending?
Programming: Python, Kotlin, GCC and More
In this course, you’ll learn the core concepts behind Continuous Integration (CI) and why they are essential for modern software engineering teams.
Find out how to how set up Continuous Integration for your Python project to automatically create environments, install dependencies, and run tests.
Since our website was updated this year, we would like to remind you how you can configure your tickets and profiles, so that we get the right information for printing badges and adjusting catering counts.
We also had a few issues with the ticket configuration and assignments last week. As a result, some of the ticket name changes you may have made were lost. Please do consider assigning tickets to other rather than just changing the name on the ticket, since that way, we receive information about the new ticket owner’s preferences as well.
The workshop is aimed at women with little or no programming experience, but may also be useful if you’ve learned a different discipline (like data science) and would like to learn how to build websites with Django.
The workshop is free to attend, but you have to apply and be accepted. We only have 30 seats available for the workshop, and we’ll pick the best applicants based on the information you provide you provide on the form.
Throughout the summer I will be implementing a feature for GNOME Games. To be more specific, I will be implementing a “Savestates Manager”. The feature itself has already been designed and the details about how it should work are explained very well in this wiki page: https://wiki.gnome.org/Design/Playground/Games/Snapshots
I’ll be using this blog to track progress on packaging Kotlin and report on what I am doing during the GSoC period. So let me go on a head and start with the current progress in packaging Kotlin.
A lot of people who work on open source software get paid to do so. Many others do not. And as we learned during the Heartbleed aftermath, sometimes the unpaid (or under-paid) projects are very important. Projects have changed their licenses (e.g. MongoDB, which is now not an open source project by the Open Source Initiative’s definition) in order to cut off large corporations that don’t pay for the free software.
There’s clearly a broad recognition that maintainers need to be paid in order to sustain the software ecosystem. So if you expect that people are happy with GitHub’s recent announcement of a GitHub Sponsors, you have clearly spent no time in open source software communities. The reaction has had a lot of “pay the maintainers! No, not like that!” which strikes me as being obnoxious and unhelpful.
GitHub Sponsors is not a perfect model. Bradley Kuhn and Karen Sandler of the Software Freedom Conservancy called it a “quick fix to sustainability“. That’s the most valid criticism. It turns out that money doesn’t solve everything. Throwing money at a project can sometimes add to the burden, not lessen it. Money adds a lot of messiness and overhead to manage it, especially if there’s not a legal entity behind the project. That’s where the services provided by fiscal sponsor organizations like Conservancy come in.
The channel will host workshops and tutorial on Python and other languages, on operating systems, cryptography, and other topics that you can find here on this blog. I just finished recording the first part of my workshop "TDD in Python with pytest", which was successfully presented at PyCon UK, PyCon IT, PyCon Ireland, EuroPython and PyLadies London, and the 4 videos are already available on the channel.
While there are the Debian/RPM packages offered of the Radeon Open Compute (ROCm) stack for Linux users on supported distributions, the new "ROCm Enablement Tool" could assist in setting up this GPU compute stack on supported Linux distributions and elsewhere.
The ROCm Enablement Tool, or RET for short, is a currently experimental tool for setting up the ROCm driver stack as well as associated software like TensorFlow.
The bleeding-edge Arch Linux distribution has resorted to dropping the GCC 9.1 compiler from testing due to a data corruption bug.
If using the GCC 9 compiler to build the Linux kernel, this latest version of the GNU compiler is yielding faulty code that could lead to file-system corruption around BCache. This is the BCache corruption issue we pointed out earlier this month around Linux 5.0+ and GCC 9. But it's not to be confused with the other LVM/DM/SSD FSTRIM corruption bug talked about last week.
Ranger is the on-demand ranger generator being worked on for the GNU Compiler Collection (GCC) by Red Hat's compiler experts for the past several years. Following a recent update on the effort, it looks like Ranger might land for next year's GCC 10 release after failing to make it in time for GCC 9.
Ranger allows for querying range information on-demand for SSA names/variables from within anywhere in the IL with minimal overhead, Ranger was originally brought up last year by Red Hat's Andrew MacLeod and the discussion over it was reignited this past week following the latest status update. With their latest code, the Ranger'ed GCC compiler can build the entire Fedora package set. Using Ranger was found to help the performance in cases where checking the ranges were needed on just a few SSA names.
We’re organizing Guile Days at the University of Strasbourg, France, co-located with the Perl Workshop, on June 21st and 22nd.
Mozilla/Firefox: Tips, Glimpse and Mozilla Addons
Google Chrome and Mozilla Firefox are the most popular web browsers that are being used by people across the world, since quite some time now. Both browsers come with amazing features and hacks.
There are times when you want to use both the browsers and switch between them. Do you think it is possible, considering the fact that we keep saving data in each of them separately? Yes. It is. Once the data among the two browsers are synced, you can easily switch between the two of them.
In this article, we will share some useful tips on Firefox and Chrome web browsers: Sync, Bookmarks, Passwords and More.
Today we’re presenting new brand marks for Firefox Monitor and Firefox Lockwise. Lockwise? Yes, that’s the official name for the service we’d nicknamed “Lockbox” during its product development phase. The new icons are meant to signal the functions these apps perform. Firefox Monitor, which helps you discover if your email address has been part of a data breach and can alert you about further breaches, is represented by a magnifying glass. Firefox Lockwise, which provides an easy way to store your Firefox passwords and protect your data, suggests both a lock and a profile. The marks reinforce that all of our Firefox products and services help you keep your personal life private.
Our newest Friend of Add-ons is Martin Giger! Martin is a leader and member of the Mozilla Switzerland community, an extension developer, and a frequent contributor to Mozilla’s community forums, where he helps people find answers to their questions about extension development. If you have ever visited our forums or joined one of our channels on IRC, there’s a good chance you’ve seen Martin kindly and patiently helping people resolve their issues. (He has also written a great blog post about how to effectively ask for help when you get stuck on a problem.)
Martin began contributing to Mozilla in the early 2010s when he began localizing a Thunderbird extension into German and building his first Firefox extension. He also became involved with the Nightingle Media Player project, an open-source audio player and web browser based on the Mozilla XULRunner.
Phoronix on Intel Charm Offensives
