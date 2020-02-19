Language Selection

Security and FUD: SpaceX, NMap, Polyverse, MongoDB, NGINX and Kubernetes

Monday 24th of February 2020 05:17:20 AM
Security
  • All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert

    Last month, SpaceX became the operator of the world's largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade.

    This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.

  • NMap - A Basic Security Audit of Exposed Ports and Services

    For a plethora of reasons, auditing the security of our servers and networks is of paramount importance. Whether we are talking about a development server, a workstation, or a major enterprise application, security should be baked into every step of the deployment. While we can easily check our firewall settings from “the inside” of our systems. It is also a good idea to run a security audit from "the outside”. Using a network enumeration tool such as the famous and highly vetted Network Mapper (NMap).

  • Cybersecurity startup Polyverse raises $8M to protect Linux open-source code from hackers [Ed: Right around the corner from Bill Gates, another company like Black Duck and it'll "protect" Linux... just buy its proprietary software]

    Polyverse has been validated by the U.S. Department of Defense for mitigating zero-day attacks, intrusions that occur just as a vulnerability becomes public, such as the infamous WannaCry ransomware and hacks of companies like Equifax. The company says its technology is “running on millions of servers.”

  • MongoDB: developer distraction dents DevSecOps dreams

    MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security.

    Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis

  • NGINX Unit Adds Support for Reverse Proxying and Address-Based Routing

    NGINX announced the release of versions 1.13 and 1.14 of NGINX Unit, its open-source web and application server. These releases include support for reverse proxying and address-based routing based on the connected client's IP address and the target address of the request.

    NGINX Unit is able to run web applications in multiple language versions simultaneously. Languages supported include Go, Perl, PHP, Python, Node.JS, Java, and Ruby. The server does not rely on a static configuration file, instead allowing for configuration via a REST API using JSON. Configuration is stored in memory allowing for changes to happen without a restart.

  • Kubernetes Security Plagued by Human Error, Misconfigs

    Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform, continued wide-spread adoption has seen security become somewhat of an afterthought.

    However, if security concerns continue inhibiting business innovation, does that fall on businesses for neglecting security practices or the market for not providing them with the tools to confidently secure their deployments?

    “People just get security wrong sometimes,” McLean said. “Companies need a combination of increased learning, cross-pollination, new tooling, and updated processes to identify and remediate these security ‘mistakes’ during build and deploy vs. waiting for exposure during runtime.”

Contributing to KDE is easier than you think — Localization plain and simple

Today’s post will essentially describe how quick and easy it is to work with localization for KDE software. My latest post might have sounded intimidating or people might have gotten tired from reading it in the middle, which is a shame; hence the reason for this post. Oh, existing translators should also have a reason to read this post, as I’ll be showing brand new functionality in Lokalize too. As a brief note, I’m currently using openSUSE Krypton with Plasma from master, meaning it’s as updated as possible. I’m also using the XWayland session, because it’s dope af. It doesn’t affect my workflow at all, either. But well, let’s keep it short and begin. Read more

FOSS in Finance and 'Crypto' Currency

  • One million developers will work on Ethereum in the long term

    Joseph Lubin, a co-founder of Ethereum and founder of ConsenSys, the largest development studio behind Ethereum, confirmed at ETH Denver 2020 that he remains committed to bringing more than one million developers into the ETH ecosystem. Lubin first announced the initiative at Devcon 5 last October, although it only really got underway in January, as Jim Jagielski, the open source head of ConsenSys, explained.

  • Visa Head of Crypto Sees Bright Future for Bitcoin

    Cuy Sheffield, Head of Crypto at credit card giant Visa, envisions Bitcoin Sats as the internet native unit of account for purchases less than one cent. He sees this as the main use case where the leading asset can supersede fiat.

  • How Bitcoin Optech Is Connecting the Open-Source and Corporate Worlds

    Bitcoin Core and other open-source projects have, over the years, built a range of technologies to improve Bitcoin scaling and the general Bitcoin user experience. With examples including Segregated Witness (SegWit), Replace-By-Fee and the Lightning Network, Bitcoin users have a number of tools at their disposal to utilize the Bitcoin blockchain as best and efficiently as possible.

  • Sectors Realizing the Full Potential of DeFi Protocols In 2020

    As the new decade unreels, a new wave of disruption seems to be coming to the shores of the global financial system. That wave is called decentralized finance protocols. Decentralized finance, or DeFi, simply refers to financial software that is built on the blockchain to make it easy for anyone to piece together digital assets and financial smart contracts.

  • Infographic: Who Has Funded Bitcoin Core Development?

    Monetarily, free and open-source software (FOSS) has always been at a disadvantage to proprietary software. It’s easier to solicit funding for a centralized project than for a decentralized one, not least of all because companies necessitate business models. Conversely, funding (and the agendas that often come with it) seems almost anathema to FOSS projects. At the very least, it is elusive. And Bitcoin is no exception.

International Centre for Free and Open Source Software wins honour by Malayalam Mission

The International Centre for Free and Open Source Software (ICFOSS) was awarded the first-ever Bhasha Pratibha Puraskaram instituted by the Malayalam Mission. ICFOSS was selected for making Malayalam language technology-friendly and also for promoting open-source software. ICFOSS chief and CEO of Kerala IT Parks Sasi PM received the award from Chief Minister Pinarayi Vijayan at the Ayyankali Hall here recently. The award carries a cash prize of Rs 50,000 and a citation. This is the first technology award instituted by the Malayalam Mission for the technical help got for “expanding and democratising” Malayalam on the internet and Malayalam computing, said a statement. ICFOSS focuses on a variety of areas including machine translation, free and open-source software (FOSS) training, research and development. The jury observed that the ICFOSS made commendable efforts in coordinating the development of free software and thus by defending corporatisation in the language computing arena. It also lauded the efforts of the agency in developing new fonts and for giving free training government staff in language computing. Read more

Audiocasts/Shows: Laravel News, Open Source Security Podcast, GNU World Order and Linux Action News

  • Reading logs, Collision, and open source trailers

    In this episode of the Laravel News podcast, Jake and Michael discuss all the latest Laravel releases, tutorials, and happenings in the community.

  • Open Source Security Podcast: Episode 184 - It’s DNS. It's always DNS

    Josh and Kurt talk about the sale of the corp.com domain. Is it going to be the end of the world, or a non event? We disagree on what should happen with it. Josh hopes an evildoer buys it, Kurt hopes for Microsoft. We also briefly discuss the CIA owning Crypto AG.

  • GNU World Order 341

    The journey through the Slackware **ap** software set continues. The **amp** mp3-to-wav converter, **ash** shell, and the **at**, **atq**, **atrm**, **batch** commands.

  • Linux Action News 146

    Microsoft Defender for Linux is in preview, Mozilla's VPN has a secret advantage, and why the community is calling out NPM Inc. Plus a new report about open source security, and more.

