today's leftovers

Wednesday 6th of January 2021 11:28:24 AM
Misc
  • Open-source developer and manager David Recordon named White House Director of Technology

    President-elect Joe Biden's transition team announced that David Recordon, one of OpenId and oAuth's developers, has been named the White House Director of Technology. Recordon most recently was the VP of infrastructure and security at the non-profit Chan Zuckerberg Initiative Foundation.

    This isn't Recordon's first time in the White House. During President Barack Obama's term of office, Recordon served as the first Director of White House Information Technology. There, Recordon worked on IT modernization and cybersecurity issues. He's also served as the Biden-Harris transition team's deputy CTO.

    Recordon will face enormous challenges. With technology and science downplayed by President Donald Trump, he'll need to rebuild the executive branch's technology base. In addition, Recordon will need to help address such technology issues as net neutrality, Big Tech business regulation, broadband expansion, and how the administration gets a grip on next-generation technology such as facial recognition, artificial intelligence, and predictive analytics.

    Some people will object to Recordon's Facebook connections, but sources who've known him state: "David is one of the good guys," and he "knows his tech and how to get people excited and working together, he'll be great."

  • The Month in WordPress: December 2020

    We bid goodbye to 2020 in style with the release of WordPress 5.6 and the launch of Learn WordPress. But these weren’t the only exciting updates from WordPress in December. Read on to learn more!

  • Controlled Experiments - Why Bother?

    I spent some time earlier this year orchestrating a massive experiment for Firefox. We launched a bunch of new features with Firefox 80 and we wanted to understand whether these new features improved our metrics.

    In the process, I ended up talking with a bunch of Firefox engineers and explaining why we need to run a controlled experiment. There were a few questions that got repeated a lot, so I figure it's worth answering them here.

    This article is the first in a series I'm writing on building data intuition. This article is targeted at new data scientists or engineers interested in data. I also hope this becomes a useful resource for data scientists, so they can point their stake-holders to this resource.

  • Meet team behind the mini Raspberry Pi–powered ISS
  • Ben Hutchings: Debian LTS work, December 2020

    I was assigned 16 hours of work by Freexian's Debian LTS initiative and carried over 9 hours from earlier months. I worked 16 hours this month, so I will again carry over 9 hours to January.

  • tuxtrans 20.04_b is out

    tuxtrans is a Desktop GNU/Linux System developed for translators on the basis of the widely used distribution Ubuntu, more specifically the version with the XFCE desktop called Xubuntu. As a Linux distribution listed on Distrowatch it is a full-fledged operating system and includes a broad collection of software applications which allow a translator to do his/her job most efficiently and in line with the latest standards.

  • Panfrost Gallium3D Flips On AFBC For Bifrost GPUs - Phoronix

    Adding to the long list of changes for Mesa 21.0 is the Panfrost Gallium3D driver that provides open-source OpenGL for Arm Mali graphics hardware now supporting Arm Frame Buffer Compression (AFBC) for Bifrost GPUs.

    The Panfrost Gallium3D driver has enabled Arm Frame-Buffer Compression on 2D arrays and 3D textures for Bifrost (or just Bifrost v7 for 3D textures). The AFBC support isn't there for the Midgard GPUs also supported by Panfrost.

  • Tumbling Into the New Year! | LINUX Unplugged 387

    We have some strong opinions about the state of openSUSE Tumbleweed. We've secretly been running it for the past week, and share our experience.

  • mintCast 351.5 – Batting a Thousand

    1:40 Linux Innards
    1:12:18 Vibrations from the Ether
    1:17:37 Check This Out
    1:21:21 Outro

    In our Innards section, we look back on last year’s predictions, and make new ones.

    And finally, the feedback and a couple of suggestions

  • Russell Coker: Planet Linux Australia

    Linux Australia have decided to cease running the Planet installation on planet.linux.org.au. I believe that blogging is still useful and a web page with a feed of Australian Linux blogs is a useful service. So I have started running a new Planet Linux Australia on https://planet.luv.asn.au/. There has been discussion about getting some sort of redirection from the old Linux Australia page, but they don’t seem able to do that.

  • OpenStreetMap, Easy Peasy for Newbie

    Here's my own Open Street Map's basic guide for everybody. To start using OSM, go to MapQuest.com and we will show you the rest.

    Let me share with you. Below is Jakarta, Capital of Indonesia live from Open Street Map. This map is live, you can drag it, move it, zoom it as you wish. You can make a map like this on your website by sharing the embed code. Simpler than this, I can also give you just the link (mapq.st/38dRV54). How to do that?

Security Leftovers

     
  • One month after ransomware attack, Metro Vancouver’s transit system still not up to speed [iophk: Windows TCO]
                     
                       

    The attack, at the beginning of December 2020, saw [crackers] access company databases, plant the Egregor ransomware which locked down systems by encrypting data files, and even churn out a ransom note on hijacked printers.

    •                
  • TransLink warns staff [attackers] accessed personal banking information in cyberattack [iophk: Windows TCO]
                     
                       

    The ransomware attack, which was first reported Dec. 2 and confirmed by the transit authority a day later, forced TransLink to shut down all of its online operations after sources said the entire database was breached earlier that week. Credit card tapping on Compass gates and non-cash payments at Compass vending machines were also temporarily disabled.

  • [Old] Egregor ransomware hits again, another business email scam and an insider blamed for Italian job [iophk: Windows TCO]
                     
                       

    It was just over a month ago that a leading ransomware gang called Maze claimed it had stopped operating. If true a group called Egregor, first seen in September, is trying to fill the void. The Egregor ransomware strain has quickly hit a number of organizations, including Metro Vancouver’s TransLink public transit system. The latest victims are American retail chain KMart and an international human resource consulting firm called Randstad. In a statement last week Randstad said a limited number of servers were hit, but data relating to operations in the U.S., Italy, France and Poland were affected. The Egregor gang has begun publishing what it says is some of the data it stolen before encrypting information.

    •                
  • [Old] RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report [iophk: Windows TCO]
                     
                       

    Other ransomware groups that also manage leak sites for the data stolen in ransomware attacks include Conti, Clop, Egregor and REvil, among others. Several of these groups have pulled off a number of significant attacks in the last few months, some of which resulted in data being leaked on their respective sites.

                       

    Last week Egregor hit both the Vancouver metro system Translink and U.S. retailer Kmart with ransomware attacks. Prior to that, the group also mounted major attacks in October against bookseller Barnes & Noble and gaming companies Ubisof and Crytek.

    •                
  • [Old] Metro Vancouver and the world's largest staffing firm hit by Egregor ransomware [iophk: Windows TCO]
                     
                       

    Two major organizations — Randstad, the world's largest staffing agency and Translink, the Metro Vancouver transporting agency — fell victim to Egregor ransomware attacks. The Egregor ransomware group is found to be highly operational in recent times, and it continues to wreak havoc on enterprises. Egregor ransomware caused disruptions to the Chilean retail giant Cencosud recently followed by an attack on Kmart.

                       

    Randstad has mentioned that the Egregor ransomware group has disclosed one percent of the stolen data and has exposed 32.7 MB of data with 184 files. Randstad is a global staffing agency with offices in 38 markets and has an employee count of 38,000 with a revenue of €23.7 billion in 2019. Randstad is also the owner of the popular employment website monster.com. Randstad has also mentioned that only a limited number of servers were compromised and its team is doing its best to resolve the situation.

    •                    
  • LibreSSL languishes on Linux
                         
                           

    The OpenSSL project, though, has merged over 5,000 patches during approximately the same time period; that work came from 276 developers. Just as importantly, much of that work is supported by organizations that depend on OpenSSL; large contributors include Oracle, Siemens, Akamai, Red Hat, IBM, VMware, Intel, and Arm — along with the OpenSSL Software Foundation itself. This level of support has enabled the OpenSSL project to address many of its longstanding problems; by 2016, the project was on a much more stable footing. Security problems still exist, of course — this is software we are talking about, after all — but they are dealt with in a coordinated way and people don't worry about OpenSSL as they once did.

                           

    One result of all this work is that Linux distributions have, in general, not shifted away from OpenSSL. Two distributions that did attempt to provide LibreSSL support were Alpine Linux and Gentoo. Alpine Linux supported LibreSSL as its primary TLS library for a while, but switched back to OpenSSL with the 3.9.0 release in January 2019. Gentoo never tried to switch over completely, but it supports LibreSSL as an alternative.

    •      
  • Hamas May Be Threat to 8chan, QAnon Online
           
             

    In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas.

Android Leftovers

My 3 favorite open source productivity apps

Productivity apps can really make your workflow much easier. In this article, I'll share a few of the open source applications I have used to streamline my workflow and increase my overall productivity. All of the productivity applications in this article are free Linux productivity applications. Tomboy is a simple note-taking application that can be used on Linux, Windows, and macOS. It's open source under the GNU LGPLv2. Tomboy is pretty straightforward to use. You write a note, choose whether to make it sticky on your desktop, and delete it when you're done with it. Read more

Software: QuickWall, RSS Guard, VSCP

  • QuickWall – Command Line Tool Setting Wallpapers from Unsplash

    QuickWall is a free and open-source tool to grab the latest wallpapers from Unsplash and set as your desktop background. It works with nitrogen, feh background setter as well as Xfce, KDE, Gnome, Unity. Besides setting wallpapers from Unsplash, it can also change your theme (seems only for terminal theme) based on the wallpapers.

    •   
  • RSS Guard 3.8.4 - Neowin

    RSS Guard is a simple (yet powerful) feed reader. It is able to fetch the most known feed formats, including RSS/RDF and ATOM. It's free, it's open-source. RSS Guard currently supports Czech, Dutch, English, French, German, Italian. RSS Guard will never depend on other services - this includes online news aggregators like Feedly, The Old Reader and others.

  • Open-source VSCP IoT/M2M automation framework supports Arduino, Raspberry Pi

    VSCP (Very Simple Control Protocol) is an open-source IoT framework that works on development boards like Arduino or Raspberry Pi, and lets you control IoT home automation tasks. The framework is highly scalable, has a very low footprint, and as such is specially designed for resource-limited devices. [...] For the Arduino library of VSCP software framework for Level 1 devices, you can connect an LED that shows the node state. An example showing the basic integration of the VSCP Arduino library uses CAN-BUS Shield from Seeed-Studio or CAN-BUS Shield from Sparkfun.

