Community Member Monday: Sandra Louvero
Today we’re talking to Sandra Louvero, who is helping to spread the word about LibreOffice and FOSS in Congo. Also, she recently became a Member of The Document Foundation, the non-profit entity behind LibreOffice…
In Pointe-Noire I belong to a community called “Librists”. Our goal is to help people discover the world of open source software here in Congo – which very few people know about. I am responsible for training people to use the LibreOffice suite, and we have named the training “SPRINT”, which lasts 60 days per component starting from Writer, Calc, Impress etc.
The aim of this sprint is to help users learn the applications, and get their comments, to then bring back to the LibreOffice Francophone community, to which I also belong. Then we can continue to improve LibreOffice.
Qt Creator 4.13 Beta2 released
We are happy to announce the release of Qt Creator 4.13 Beta2 !
For an overview of the improvements in Qt Creator 4.13, please head over to the first Beta blog post.
GnuCash 4.1 and GNU World Order 364
GnuCash is a personal and small business finance application, freely licensed under the GNU GPL and available for GNU/Linux, BSD, Solaris, Mac OS X and Microsoft Windows. It’s designed to be easy to use, yet powerful and flexible. GnuCash allows you to track your income and expenses, reconcile bank accounts, monitor stock portfolios and manage your small business finances. It is based on professional accounting principles to ensure balanced books and accurate reports.
GnuCash can keep track of your personal finances in as much detail as you prefer. If you are just starting out, use GnuCash to keep track of your checkbook. You may then decide to track cash as well as credit card purchases to better determine where your money is being spent. When you start investing, you can use GnuCash to help monitor your portfolio. Buying a vehicle or a home? GnuCash will help you plan the investment and track loan payments. If your financial records span the globe, GnuCash provides all the multiple-currency support you need.
Security: Backups & Protecting Backups, Case Against Full-Disk Encryption, and Open Source Security Podcast
I can already hear some readers saying that backups are an IT problem, and not a security problem. The reality, of course, is that they’re both. Information security is commonly thought of in terms of the CIA Triad – that is, Confidentiality, Integrity, and Availability, and it’s important to remember those concepts when dealing with backups.
We need look no farther than the troubles Garmin is having in dealing with a ransomware attack to find evidence that backups are critical. It’s unclear whether Garmin lacked adequate backups, had their backups ransomware’d, or is struggling to restore from backups. (It’s possible that they never considered an issue of this scale and simply aren’t resourced to restore this quickly, but given that the outage remains a complete outage after 4 days, I’d bet on one of those 3 conditions.)
So what does a security professional need to know about backups? Every organization is different, so I’m not going to try to provide a formula or tutorial for how to do backups, but rather discuss the security concepts in dealing with backups.
Before I got into security, I was both a Site Reliability Engineer (SRE) and a Systems Administrator, so I’ve had my opportunities to think about backups from a number of different directions. I’ll try to incorporate both sides of that here.
Like with any industry, the information security industry, more commonly referred to as “cybersecurity,” for all its raging debates, has rallied around a small corpus of best practices.
One of the highest on this list is full-disk encryption, which security experts regard as sacrosanct, a no-brainer that everyone should use at the barest of minimums. This is the encryption that ensures that someone who snatches your device won’t be able to know everything you’ve got saved on it.
I’m here to make the case that most of you are better off not using it. I know this might sound crazy, since I’m kind of the security guy here, but hear me out.
I am in no way about to talk you out of using encryption — without it, the digital tools that we rely on every day would be unusable. That’s why I’m not arguing against encryption, period; but specifically against full-disk encryption, and only for certain users.
What I contend is that, for most people facing the overwhelmingly most common use cases, full-disk encryption is overkill. These users enjoy no measurable gain in security compared to alternative data at rest encryption, yet they pay for it with a measurable performance hit. This isn’t just a matter of efficiency or load times, but literal increased cost to users, too.
Alternatives exist which afford normal everyday users, with normal everyday security concerns, a level of protection commensurate with what full-disk encryption offers. They are admittedly a bit off the beaten path, as most consumer tech companies have adopted full-disk encryption, but they’re out there.
Josh and Kurt start this one by explaining how the Twitter hacker was just a dumb criminal (most criminals are dumb). We then discuss the new GPT-3 AI that can create text. How we create, and how social media is doing everything it can to weaponize our attention. It’s not a fight humanity is winning.
