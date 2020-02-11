Security and FUD Leftovers
Red Hat's Richard Hughes has released Fwupd 1.3.8 as the latest version of this Linux utility for performing firmware updates of various system components.
With the meteoric rise of Fwupd and LVFS, more Fwupd releases are having to deal with quirks and other peculiarities of different hardware components seeing Fwupd support and v1.3.8 is no different. Fwupd 1.3.8 adds a plug-in to support updating the power delivery controllers by Fresco Logic, a fix for Synaptics multi-stream transport devices, various EFI fixes/improvements, more parent devices are detected for different Lenovo USB hubs, support for GNUEFI file locations, and other fixes.
Cyber-gangs using SSH identities to sell on the black market
Malware campaigns equipped with the capability to exploit powerful, hidden backdoors are becoming commoditised, researchers from Venafi have warned.
The research shows several high-profile hacker campaigns are integrating the misuse of SSH machine identities capabilities into their attacks.
Now, any attacker with access to the dark web can gain access to the same techniques that took down the Ukrainian power grid against every business and government agency.
Malware can target common SSH machine identities used to access and automate Windows, Linux and MacOS in the enterprise and out to the cloud.
A revamped version of OWASP’s Software Assurance Maturity Model (SAMM) adds automation along with maturity measurements to the open source security-related framework.
OWASP SAMM v2 – released on Tuesday after three years of refinement – is geared towards helping organizations that develop software to travel down the path towards becoming more secure.
The approach is based on a community-led open source framework that “allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational software development lifecycle”.
[...]
The OWASP SAMM community includes security knowledgeable volunteers from both businesses and educational organizations. The global community works to create “freely-available articles, methodologies, documentation, tools, and technologies”.
Anu brought up the fact that the OMEMO XEP is not totally clear on the length of initialization vectors used for message encryption. Historically most clients use 16 bytes length, while normally you would want to use 12. Apparently some AES-GCM libraries on iOS only support 12 bytes length, so using 12 bytes is definitely desirable. Most OMEMO implementations already support receiving 12 bytes as well as 16 bytes IV.
More Openwashing Leftovers
The US National Renewable Energy Laboratory (NREL) after collaboration with global researchers has released a reference offshore wind turbine design with a 15MW nameplate capacity for both fixed-bottom and floating applications.
The reference wind turbine (RWT) – a complete open-source turbine system with supporting models for simulation and design – makes it possible to evaluate the performance and cost of modifications before prototype development, said the partners.
Top Smart Practises For Businesses Using GitHub
There’s something of a storm brewing in open source. The movement that originated as something of an altruistic rebuttal to the dominance of proprietary software was at first spurned, later eyed with suspicious intrigue… and then ultimately embraced by those who initially thought of it as a cancerous discoloration on the face of enterprise commercial software.
The storm channeling across the open [source] seas has come about as a result of the commercial sector now working to engage openly and visibly with major open source projects. The core mantra of open source remains one of free software for everyone in the community, but with an encouragement to ‘contribute back’ to the project in hand in the form of submitted code ‘commits’ or other forms of community involvement such as language translation, hosting special interest groups and so on.
But not everybody is willing to chant the full set of verses in the open mantra.
While large companies may have the budget to be tied into such licensing schemes, many small firms do not. A solution is cloud-based CFD. Indeed, Robin Knowles, founder of consultancy CFD Engine, undertakes simulation work for clients using just a laptop that operates the open-source CFD software, OpenFoam, which by its nature is free, with all his CFD workflow pushed to Amazon’s cloud computing platform, Amazon Web Services. “I don’t do anything locally, everything is in the cloud,” he said.
Within the CFD market there’s a fairly strong open-source capability with the most widely used open-source CFD software package being OpenFoam. This product has been verified and validated by many users. However, the key drawbacks, according to Knowles, are a steep learning curve and, unlike commercial CFD codes, OpenFoam’s user support is patchy, so making it tricky for new users to get to grips with. And, while it is possible to do a full end-to-end workflow using just open-source tools, it isn’t an accessible route for all users.
It’s in this gap in the market that new CFD cloud companies have popped up. The likes of SimScale, which was founded in 2012 in Munich with the intention of offering cloud-based simulation. Although still based on OpenFoam, the appeal is the ability to access the tool through a web browser and then being able to perform highly complex CFD simulations on SimScale’s cloud-based HPC platform.
Open source availability enables existing InterSystems partners and customers, as well as other organizations and academics, to capitalize on the bottom-up approach that delivers deeper insights with NLP provided by InterSystems iKnow.
With an open source core to be available under the Apache 2.0 license, the platform helps customers understand, manage and ensure the security of data from a single location – at a time when teams are overwhelmed and data breaches are hitting record numbers.
Zmanda, a leader in open source enterprise backup solutions, announced that a new software release is coming in the Spring of 2020. In the upcoming release, Zmanda has made security, reliability, and affordability its key focus. The 4.0 release will mean that IT teams no longer have to choose between affordability and feature-rich backup solutions. They can now have both.
Hindawi's open source scholarly infrastructure platform, Phenom, will now power the newly relaunched Lithosphere - the society-run, open access community journal for geosciences. The contract between GeoScienceWorld (GSW) and Hindawi was signed in late 2019 with Lithosphere opening for submissions on January 13th 2020.
