KDE Plasma 5.19.1 Desktop Arrives as First Point Release, 30 Bug Fixes Included
KDE Plasma 5.19.1 is here just one week after the launch of the KDE Plasma 5.19 desktop environment series, which brought more polished features, consistency changes, and improved usability.
As expected from a first point release, KDE Plasma 5.19.1 includes only bug fixes. These address various important issues reported by users, such as the battery applet not being displayed in the system tray area or the Bluedevil applet tooltip displaying the wrong name for connected devices.
Moreover, OpenVPN support was improved in the Plasma NetworkManager (plasma-nm) applet to avoid enabling TCP if the remote has been set on another line, the former default action of the Plasma Vault applet has been restored, and KRunner KCM now opens in System Settings.
Plasma 5.19.1
IBM: New Fedora 32 Builds, Red Hat Satellite and Marketing/PR With COVID
-
The Fedora Respins SIG is pleased to announce the latest release of Updated F32-20200601-Live ISOs, carrying the 5.6.18-300 kernel.
This set of updated isos will save considerable amounts of updates after install. ((for new installs.)(New installs of Workstation have about 900+MB of updates)).
A huge thank you goes out to irc nicks dowdle, Southern-Gentleman, vdamewood for testing these iso.
-
A few common questions which we hear from Red Hat Satellite users are "do I have adequate hardware?" and "Is my Satellite environment tuned as per my environment needs?" Let's take a look at some options to tune Satellite and how to choose the right profile for your environment.
There is no one size fits all for Satellite tuning because the usage differs a lot among customers. If you don't have enough hardware or if proper tunings are not applied, you may see performance degradation of the Satellite server.
The Satellite tuning guide is a great resource to identify and tune specific Satellite components. Over the years working with several large customer installations, we learned that we can standardize some common tunings based on the environment size. In this post we'll review the Satellite predefined tuning profiles of Satellite 6.7 which help you automatically apply Satellite tuning based on your environment size.
Last year, Satellite 6.6 introduced pre-defined tuning profiles which provided Satellite customers with ready to use custom-hiera.yaml tunings that can be applied in their deployments. Now, with Satellite 6.7 these tuning profiles are integrated into the satellite-installer for ease of use.
-
As a developer participating in the 2020 Call for Code Global Challenge taking on two of the world’s most urgent issues, security in your solution might not be at the top of your mind. But it should be if you want your application to be deployed to address the impact of COVID-19 or climate change.
A successful Call for Code solution might involve health records, personal information, or other sensitive data. It might be implemented at an enterprise, federal agency, or other organization where security concerns are paramount. As such, Call for Code submissions using proven and popular open source technologies as well as IBM Cloud and Red Hat OpenShift are more likely to be secure and have a leg up in their journey to real-world deployment.
Security Leftovers
-
Security updates have been issued by Fedora (galera, grafana, libjcat, libvirt, mariadb-connector-c, and perl), Gentoo (asterisk, bubblewrap, cyrus-imapd, faad2, json-c, openconnect, openjdk-bin, pcre2, PEAR-Archive_Tar, thunderbird, and tomcat), Mageia (mbedtls and scapy), openSUSE (libntlm, libupnp, prboom-plus, varnish, and xen), Oracle (libexif), Red Hat (kpatch-patch), Scientific Linux (libexif), SUSE (mariadb, nodejs6, and poppler), and Ubuntu (apport).
-
If you care about privacy, Signal messenger is currently the gold standard of how messenger services should be build. It provides strong end-to-end encryption, without requiring any effort on the user’s side. It gives users an easy way to validate connection integrity via another channel. Its source code is available for anybody to inspect, and it’s generally well-regarded by experts.
The strong commitment to privacy comes with some usability downsides. One particularly important one was the lack of a cloud backup – if you ever lost your phone, all your messages would be gone. The reason is obviously that it’s hard to secure this sensitive data on an untrusted server. That isn’t an issue that other apps care about, these will simply upload the data to their server unencrypted and require you to trust them. Signal is expected to do better, and they finally announced a secure way to implement this feature.
-
On Monday June 15, the developers of the Tor Project announced the initial plan for the deprecation of Onion services v2. You can identify v2 addresses easily as they are only 16 character long, where as the v3 addresses are 56 character long.
-
How these tools work varies from vendor to vendor, but the basics are the same. The network-based tool monitors traffic on the network and matches it to a long list of known signatures. These signatures describe a variety of attacks ranging from simple corrupt packets to more specific attacks such as SQL injection.
Host-based tools tend to have more capabilities as they have access to the entire host. A host-based IPS can look at network traffic as well as monitor files and logs. One of the more popular tools, OSSEC-HIDS, monitors traffic, logs, file integrity, and even has signatures for common rootkits.
More advanced tools have additional detection capabilities such as statistical anomaly detection or stateful protocol inspection. Both of these capabilities use algorithms to detect intrusions. This allows detection of intrusions that don't yet have signatures created for them.
[...]
The second EPEL package is fail2ban. Fail2ban is more of an IPS style tool in that it monitors and acts when it detects something awry. One common implementation of fail2ban is monitoring the openssh logs. By building a signature that identifies a failed login, fail2ban can detect multiple attempts to login from a single source address and block that source address. Typically, fail2ban does this by adding rules to the host's firewall, but in reality, it can run any script you can come up with. So, for instance, you can write a script to block the IP on the local firewall and then transmit that IP to some central system that will distribute the firewall block to other systems. Just be careful, however, as globally blocking yourself from every system on the network can be rather embarrassing.
