today's leftovers

Submitted by Roy Schestowitz on Sunday 20th of December 2020 12:06:04 PM
Misc
  • 5 stories about open principles changing organizations in 2020 [Ed: Bryan Behrenshausen (Red Hat) is trying some more openwashing even after IBM in effect canned CentOS; unethical corporations trying to pass themselves off as "charities", "communities", "job creators" etc. rather than grifters, spies, informants and rats]

    Open principles are reshaping our organizations. These stories—our most-read of the year—explain how and why that's happening.

  • Russell Coker: SMART and SSDs

    The Hetzner server that hosts my blog among other things has 2*256G SSDs for the root filesystem. The smartctl and smartd programs report both SSDs as in FAILING_NOW state for the Wear_Leveling_Count attribute. I don’t have a lot of faith in SMART. I run it because it would be stupid not to consider data about possible drive problems, but don’t feel obliged to immediately replace disks with SMART errors when not convenient (if I ordered a new server and got those results I would demand replacement before going live).

    Doing any sort of SMART scan will cause service outage. Replacing devices means 2 outages, 1 for each device.

    I noticed the SMART errors 2 weeks ago, so I guess that the SMART claims that both of the drives are likely to fail within 24 hours have been disproved. The system is running BTRFS so I know there aren’t any unseen data corruption issues and it uses BTRFS RAID-1 so if one disk has an unreadable sector that won’t cause data loss.

  • AWS IoT Core for LoRaWAN launched with asset tracking and smart building kits

    With increasing connectivity issues on low-power devices, which transmit data over long-range, work on batteries that can last several years without replacement, LoRaWAN is one of the major solutions to address these issues as it has support in Zephyr OS as well.

  • Download Ubuntu 20.04 LTS – DVD ISO Images

    Ubuntu 20.04 Focal Fossa is the latest LTS release available to download. This tutorial will provide you the download links to DVD ISO Images of Ubuntu 20.04 LTS with different desktop flavors. You can find the Ubuntu 20.04 release notes on its official website.

    In this tutorial, you will find instructions to download Ubuntu 20.04 LTS Focal Fossa ISO images from official site. Also you will learn how to download images with zsync command line utility.

  • Alan Pope: Multiple GPUs in a Skull Canyon NUC

    Every 3 years at Canonical we get a laptop refresh fund. With it we can buy whatever devices we need to work. I used my last one to buy a ThinkPad T450. The most recent one arrived in November this year. I was considering replacing the ThinkPad with a desktop computer of some kind. I can certainly keep the T450 for portable work, but I mostly sit at the same desk all day, so figure I may as well get a desktop rather than a laptop.

  • Rooted in Tacoma, cloudPWR’s Shadrach White delivers tech solutions for governments everywhere

    I use Mac daily and Slackware Linux on occasion.

»

Web Browsers: Brave, Web Surveillance and Mozilla

  • What is Brave browser’s market share [Ed: Those are not legitimate measures.

    How large is the Brave browser’s market share in the browser wars? A slew of technical hurdles make it difficult to count Brave’s user base, so no one has shared any market share analysis numbers that include Brave. Until now. [...] Brave blocks the tracking scripts from these two companies by default, so its users are excluded from these datasets.

  • Kartikaya Gupta: 9 years and change

    I should probably note here that November 20 was my last day as a Mozilla employee. In theory, that shouldn't really change much, given the open-source nature of Mozilla. In practice, of course, it does. I did successfully set up a non-staff account and migrate things to that, so I still retain some level of access. I intend to continue contributing; however, my contributions will likely be restricted to things that don't require paging in huge chunks of code, or require large chunks of time. In other words, mostly cleanup-type stuff, or smaller bugfixes/enhancements. [...] Working at Mozilla was in many ways a dream come true. It was truly an honour to work alongside so many world-class engineers, on so many different problems. I'm going to miss it, for sure, but I am also excited to see what the future holds.

  • Mozilla Firefox Appears Ready To Enable AVIF Image Handling Support By Default

    It looks like Mozilla Firefox very soon will be enabling support for AVIF as the image format based on AV1 video coding. Google added support for AVIF to Chrome/Chromium earlier this year and shipped with Chrome 85. There has been other industry adoption as well around AVIF images, even by the likes of Microsoft with Windows. Now in an upcoming Firefox release, AVIF image support will be present too.

Security Leftovers

  • Dutch Prosecutors Say One Man Got Into Trump's Twitter Account With 'MAGA2020!' Password

    This sort of thing will never stop amazing me. For any American President, one would assume they would have all kinds of advisers on all matters regarding security and best practices when it comes to the systems and technology they use. I'm old enough to remember when everyone freaked out over Barack Obama using a Blackberry, but at the time I hand-waived any such concerns under the assumption that there were checks in place to make such technology secure.

  • Josh Bressers: Episode 245 – Door 20: Is SMS 2FA better than no 2FA?

    Josh and Kurt talk about if SMS 2 factor auth is better than no 2FA

  • FireEye clear that APT29 not behind attacks, says Dragos chief

    Breached cyber security company FireEye has explicitly said that the alleged Russian group APT29 is not behind the attack on its own infrastructure and a number of other private and public firms, according to the head of security company Dragos.

  • VMware Flaw a Vector in SolarWinds Breach?

    U.S. government cybersecurity agencies warned this week that the attackers behind the widespread [cracking] spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian [attackers] to impersonate authorized users on victim networks.

  • Nothing makes me worry more about the SolarWinds hack than Trump now saying it’s ‘under control’

    Here are a few perspectives on the SolarWinds [crack] from entities that do not currently have negative credibility: [...]

  • Trump Downplays Suspected Russia-led [Crack]

    U.S. President Donald Trump is downplaying the severity of a massive cybersecurity breach by suspected Russian operatives that has exposed the networks of government agencies and private sector companies, contradicting the assertions of his secretary of state and lawmakers briefed on the matter.

    After days of silence, Trump took to Twitter on Saturday for his first comments on the [attack], which is thought to have impacted at least 18,000 customers of SolarWinds, a Texas-based software management company. Those affected include the Energy, Treasury and Commerce departments, as well as state and local governments.

  • Building a Trusted ICT Supply Chain [iophk: Windows TCO]

    This white paper specifies five key and eight supporting recommendations to build trusted supply chains for critical ICT technologies, including guidance to conduct a public-private collaborative process to identify goods and materials critical to the continual function of the economy, society, and government. The paper also supports reinvigorating American high-tech manufacturing and innovation with partner nations to ensure continual availability of these goods and materials. In addition, the white paper recommends an approach to ensure that American and partner companies are able to compete with Chinese companies in domestic and global markets through the use of strategic government investment and instruments of the development community.

  • Trump downplays Russia in first comments on [cracking] campaign

    Contradicting his secretary of state and other top officials, President Donald Trump on Saturday suggested without evidence that China — not Russia — may be behind the cyber espionage operation against the United States and tried to minimize its impact.

    In his first comments on the breach, Trump scoffed at the focus on the Kremlin and downplayed the intrusions, which the nation’s cybersecurity agency has warned posed a “grave” risk to government and private networks.

  • Trump Contradicts Own Administration While Downplaying Massive Cyber Attack

    One day after the president’s own secretary of state pinned the blame on Russia for recent cyber attacks, Trump falsely claimed the incident has been exaggerated by “the Fake News Media”

    Trump’s first public remarks on the massive and ongoing cyberattack that breached dozens of US federal agencies, think tanks, and companies were aimed at continuing the president’s cozy relationship with Russian President Vladimir Putin — while showing little regard for what his own national security officials are saying.

  • SolarWinds [crack] shows we need a 'whole of society' national cyber strategy [iophk: Windows TCO]

    By now you have probably heard of the SolarWinds [attack], reportedly attributed to a Russian [cracking] group (Cozy Bear or APT29), that used a compromised vendor platform to exploit networks across the U.S. government and possibly the private sector. Sadly, there is a poignant parallel to the current COVID-19 crisis. Individuals can take extensive precautions to protect themselves, but if others are lax, ultimately it puts everyone at risk.

    The same is true for cyber. As showcased by the SolarWinds [attack], the cybersecurity of government agencies, Fortune 500 companies, and other businesses and institutions is directly tied to downstream providers. This means that even a “whole of government” approach is not sufficient: The U.S. desperately needs a national cyber strategy aligned with a “whole of society” approach.

Android Leftovers

What Does 'Install Multimedia Codecs' Do in Linux Mint?

Here’s a simple analysis on what packages will be downloaded and installed by a special option named ‘Install Multimedia Codecs’ on Mint 20 Ulyana all editions. With this analysis I hope you can see what software licenses you are accepting, including the nonfree ones, and whether it is a Digital Restrictions Management (DRM) enters your computing. This analysis requires you to understand basic Debian’s package management system which is the basic of Mint software distribution especially the concepts of package dependency. Don’t worry I will explain them briefly for you so you can grasp the table clearly. I wish you enjoy discussion below. Read more

