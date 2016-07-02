Language Selection

Security and FUD Leftovers

Sunday 1st of September 2019
Security
  • #OSSummit: Don’t Ignore GitHub Security Alerts

    In a session at the Open Source Summit in San Diego, California on August 22, Gil Yehuda, senior director, open source and technology strategy at Verizon Media, outlined the security challenges and opportunities facing organizations that build open source projects on GitHub.

    GitHub has become the defacto primary place to share code for many organizations engaged in open source, including Verizon Media. Yehuda explained that Verizon Media is a conglomerate, which is effectively made up of what had been Yahoo and AOL and includes many different online media properties. Across all those properties, Verizon Media has started over 330 open source projects, ranging from screwdriver, which is a continuous delivery technology, to Denali design, which is a user interface design language for open source projects.

    [...]

    However, a challenge that Yehuda pointed out, is not for individual projects, but rather for managing many projects at scale. He noted that it’s great that a project maintainer gets an alert and is diligent about fixing the issue, but what happens if the individual maintainer just ignores the alert and doesn't fix the issue?

  • Binance Funds 40 Developers to Build Open-Source Crypto Software

    Malta-based crypto exchange Binance wants to spur greater research in open-source blockchain development.

  • Money 2.0 Stuff: Open Binance
  • How to Make Your CSO Happy with Your Open Source Components [Ed: Mild FOSS bashing by implying that it's FOSS that has defect whereas proprietary software has none]

    The secret to a CSO’s heart is through a healthy codebase. If you’re interested in introducing OSS into your company’s network, be prepared for a major security challenge. You’ll need to keep track of your OSS, keep an eye out for vulnerabilities, and keep the company codebase as secure as possible.

  • Close Agile open source tools vulnerabilities [Ed: Sonatype still ignoring the elephant in the room: defects and intentional 'defects' (back doors) in proprietary software]
  • Do the benefits of open source software outweigh the risks? [Ed: Let's pretend again that programming the proprietary software away is 100% perfect, has no defects and no secret back doors. Only FOSS is a risk. Every piece of software has some "risk" associated with it. It's not a FOSS thing. Proprietary software comes with a huge risk of EULA enforcement and massive fines, lawsuits. It also has secret back doors, with no liability. No audits. Complicity with spy agencies.]
  • Corelight’s Brian Dye: Data-Driven Approach, Open Source Tools Key to Building Defensive Cyber Program

    Brian Dye, chief product officer at cybersecurity firm Corelight, has said agencies should implement data-driven security approach and open source-based tools to protect their networks from cyber attacks. Dye wrote that some federal agencies have shifted toward that approach with the use of an open-source network analysis framework called Zeek and the Risk Management Framework of the National Institute of Standards and Technology.

    “For a high-level, strategic view, agencies need to have all three of those bases covered. If they don’t, it will take significantly longer to find threats, and some won’t be discovered. That puts organizations in the difficult position of not knowing what they don’t know,” Dye said.

    [...]

    “Open source-based tools are crucial for ensuring that agencies have good data to work with when building a defensive program,” he said. “Such tools provide data that is adaptable, extensible and often irreplaceable. If the right information isn’t in the raw data, no amount of post-processing or analytics will ever compensate for that.”

  • OPNsense® Partners With Sunny Valley Networks to Provide Next Generation Firewall Features on Its Platform

    Today, Deciso® the founder of OPNsense® and Sunny Valley Networks announced the public availability of Sensei, an easy-to-install plug-in, which empowers open source firewalls with next-generation firewall features. Sensei Free Edition is made available at no cost to OPNsense users, while the Premium Subscription, which offers more advanced features is available for purchase through OPNsense webshop.

    The technology behind Sensei is a very powerful packet analysis engine which can also provide protection against encrypted cyber-attacks that are gaining momentum. Sensei technology enables cyber security tools with utmost visibility, packet classification and fine-grained policy enforcement for any type of traffic. More packet intelligence means better decision making. Better decision making means better success rates in detecting & preventing cyber-attacks. Sensei provides rich packet intelligence so that the industry can enjoy great cyber security tools.

»

More in Tux Machines

Programming Leftovers

  • Motor control PLC in Python

    We have different types of devices like sov, motor, analog, digital, control valves etc. Each type of device has 100 items. Now our software continuously monitors with the PLC to read some property of each type according to which we need to write some property. As an example, if motor on command is high then we need to write on feedback at PLC end high. At the moment, I face the problem that it takes too much time to update.

  • Useful Development Tools For Beginners

    When starting out writing HTML/CSS it is important to use validators, especially when you don't have someone else to look over your work 24/7. Validators allow you to see where you went wrong (if you did), and help you learn best practices with the most recent releases of your chosen technologies.

  • LLVM 9.0-RC3 Released With The Official Compiler Release Coming Soon

    With LLVM 9.0-RC3, all known blocker bugs have now been resolved clearing its path for the official release. So assuming no serious blockers are uncovered, LLVM 9.0.0 could be officially released in the coming days. Though brought up this weekend was a regression for NetBSD support, but it looks like that may just be a fix that needs back-porting.

  • [llvm-dev] [9.0.0 Release] Release Candidate 3 is here
    Hello everyone,

9.0.0-rc3 was tagged today from the release_90 branch at r370450. In
the Git monorepo, it's tagged as llvmorg-9.0.0-rc3.

Source code and docs are available at https://prereleases.llvm.org/9.0.0/#rc3

Binaries will be added as they become available.

There are currently no open release blockers, which means if nothing
new comes up, the final release could ship soon and this is what it
would look like (except for more release notes, which are still very
welcome).

Please file bug reports for any issues you find, and mark them
blocking https://llvm.org/PR42474

Release testers, please run the test script, share your results and
upload binaries.

Many thanks,
Hans

today's howtos

4MLinux 30.0 STABLE released.

The status of the‭ 4MLinux 30.0 series has been changed to STABLE. Edit your documents with LibreOffice 6.2.6.2 and GNOME Office (AbiWord 3.0.2, GIMP 2.10.12, Gnumeric 1.12.44), share your files using DropBox ‬79.4.143,‭ surf the Internet with Firefox 68.0.2 and Chromium ‬76.0.3809.100,‭ send emails via Thunderbird 60.8.0, enjoy your music collection with Audacious 3.10.1, watch your favorite videos with VLC 3.0.7.1 and mpv 0.29.1, play games powered by Mesa 19.0.5 and Wine 4.14. You can also setup the 4MLinux LAMP Server (Linux 4.19.63, Apache 2.4.39, MariaDB 10.4.7, PHP 5.6.40 and PHP 7.3.8). Perl 5.28.1, Python 2.7.16, and Python 3.7.3 are also available. Read more

New Packages in Slackware

  • LibreOffice updates for Slackware 14.2 and -current

    This month, I am building different versions for LibreOffice, for our stable Slackware 14.2 and for the -current testing ground. During my holiday, new versions became available and last week I built packages from those sources. The 6.2.6 release which was announced by the Document Foundation two weeks ago brings some security fixes to the 6.2 series. Therefore it was important to get rid of the old 6.2.5 packages. I built 6.2.6 for Slackware 14.2 and those packages have been available for download now since early last week. Go get them!

  • VLC 3.0.8 packages

    The Release Notes state that this releases provides fixes for several security issues among wich 11 which are CVE-worthy. Meaning that it’s prudent to upgrade your VLC to 3.0.8 soonest. I have the new packages available (for Slackware 14.2 and -current) in my repository since a couple of days. I used the opportunity to update the following internal libraries as well: bluray, dav1d, ebml, and matroska. You will also probably note that there is no “npapi-vlc” package. I decided to retire this VLC based NPAPI webbrowser plugin from my repository. Modern browsers are all moving away from NPAPI plugin support, and relying on HTML5 instead. Chrome/Chromium always only supported PPAPI based plugins anyway.

  • Chromium package updates

    There was a new Chromium source release last week, but there were other software releases that had priority to get packages out the door. Therefore I could only chromium packages this weekend. Chromium 76.0.3809.132 fixes 3 security holes. Note that the version before that (76.0.3809.100) also fixed 4 critical holes but I never packaged that as I went on holiday. So, upgrading now would be a good idea.

