Language Selection

English French German Italian Portuguese Spanish

today's leftovers

Filed under
Misc
  • Kafka destination improved with template support in syslog-ng - Blog - syslog-ng Community - syslog-ng Community

    The C implementation of the Kafka destination in syslog-ng has been improved in version 3.30. Support for templates in topic names was added as a result of a Google Summer of Code (GSoC) project. The advantage of the new template support feature is that you no longer have to use a static topic name. For example, you can include the name of your host or the application sending the log in the topic name.

    From this blog you can learn about a minimal Kafka setup, configuring syslog-ng and testing syslog-ng with Kafka.

  •  

  • Announcing Istio 1.8.2

    This release contains bug fixes to improve robustness. This release note describes what’s different between Istio 1.8.1 and Istio 1.8.2

  • 2.5-inch "Industrial Pi" Pico-ITX SBC offers PoE , mini DP++ port

    The company also provides a 15mm thick heat spreader for fanless operation, and support for Windows 10 IoT Enterprise (64-bit) and Linux operating systems.

  •   

  • ZimaBoard Intel Apollo Lake SBC and micro server goes for $69.99 and up (Crowdfunding)

    The board is passively cooled by its enclosure acting as a heatsink, and ships with Linux by default, although we’re not being told which distribution, possibly Ubuntu 20.04.

  •       

  • Algolia Search in Jekyll

    I am relieved and delighted to have finally managed the Algolia search setup for Unix Tutorial. I’ve been looking to upgrade search for a long time but had not enough JavaScript and CSS knownledge to replace the default search with Algolia’s one.

    I’m going through a short technical course about Vue (JavaScript framework), so this must have put me into the right mindset.

  •  

  • Partners Feel ‘Betrayed,’ ‘Taken Aback’ By Microsoft’s Direct Calls To Customers

    A California MSP learned a lesson years ago when a software vendor tried to go direct with his end users. So when Microsoft demanded contact information for his customers, he gave them an email address that went directly to him instead. Earlier this week that email account, which was set up about 18 months ago in the hopes that it would not be used, received a message from a Microsoft business development specialist offering his customer “free training.” “That’s exactly what I would do if I was trying to steal someone else’s business,” said the MSP, who asked not to be named because he fears retribution from Microsoft for speaking out. “It’s just wrong. It’s just wrong. Plain and simple.”

  •  

  • Windows 10 bug corrupts your hard drive on seeing this file's icon

    In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.

    When exploited, this vulnerability can be triggered by a single-line command to instantly corrupt an NTFS-formatted hard drive, with Windows prompting the user to restart their computer to repair the corrupted disk records.

    The researcher told BleepingComputer that the flaw became exploitable starting around Windows 10 build 1803, the Windows 10 April 2018 Update, and continues to work in the latest version.

    What's worse is, the vulnerability can be triggered by standard and low privileged user accounts on Windows 10 systems.

  • The Linux Foundation launches 7-part open source management training program
  • Open source software security in an ICT context – benefits, risks, and safeguards

    In a recent report, contributors to free and open source software (FOSS) claimed they spent only 2.27 percent of their contribution time on security. In our latest blog post, we delve into open source software security, and discuss why it’s key for building robust and open interoperable networks.

    [...]

    Is open source software better than proprietary software when it comes to security vulnerabilities? Elias Levy, the person behind the infamous (vulnerability) full disclosure mailing list, Bugtraq, said two decades ago: “No. Open Source Software certainly does have the potential to be more secure than its closed source counterpart. But make no mistake, simply being open source is no guarantee of security”.

    Building and delivering complex system software without security vulnerabilities requires investment and due diligence, regardless if the code is open sourced or proprietary (see figure 1, below). As the Mozilla Foundation states: “Security is a process. To have substantial and lasting benefit, we need to invest in education, best practices, and a host of other areas”.

    Tools and resources are available. With safeguards in place, OSS can be used effectively at low risk to realize its intended benefits. ICT products relying on OSS must be developed using methodologies and safeguards that ensure the expected level of security is met. OSS can accelerate innovation, reduce the development timeline, speed time to market, realize cost savings, and be secure. ICT vendors must take responsibility and practice a higher level of due diligence when using OSS components.

  • Email is the messenger you should migrate to

    But the most important thing: Delta Chat allows you to communicate even with people who don’t use Delta Chat at all, all you need is an email address! If you write to someone without Delta Chat, they will just get a normal email. I would argue that even beats Matrix or XMPP.

    Conclusion: If you are concerned about security when chatting and would rather use a decentralized messenger (no silo), you are in good hands with email and Delta Chat.

  • IMAPS specialisations – call for participation in the public review of LIMAPS, OIMAPS, SIMAPS and TIMAPS!

    The objective of this public consultation is to produce updated releases of the IMAPS specialisations, which will provide insights on specific interoperability viewpoints of the digital public service, i.e. the legal, organisational, technical and semantic interoperability viewpoints. Both IMAPS and its specialisations assess the various areas of a digital public service in terms of behavioural interoperability specifications, capabilities and manifestations. The update of the releases of the IMAPS specialisations will be based on change requests coming from stakeholders interested in the solutions.

More in Tux Machines

20 Years FSFE: Interview with Reinhard Müller

Reinhard Müller claims that his T-shirt folding capabilities are legendary. Without denying this fact, anyone who has worked with Reinhard on behalf of the FSFE can confirm that his dedication to Free Software and the FSFE is legendary as well. Reinhard joined the FSFE as a volunteer in its first year and met in person with the volunteers behind the FSFE's very first booth at FOSDEM in 2002. In the years following, Reinhard held many different positions inside the FSFE community. Reinhard became a founding member of the Austria country team, joined the FSFE's General Assembly as an official member and even helped to run the organisation for several years as Financial Officer and part of the FSFE's Executive Council. In all these positions Reinhard helped shape the organisation of the FSFE and still does, so much that many people are surprised when they hear that Reinhard is a volunteer and not a paid staffer of the FSFE. Read more

Security: Patches, Reproducible Builds, Hijacking of Perl's Site

  • Security updates for Friday

    Security updates have been issued by Fedora (389-ds-base, dogtag-pki, dpdk, freeipa, isync, openvswitch, pki-core, and screen), Mageia (bind, chromium-browser-stable, gnome-autoar, jasper, openldap, openssl and compat-openssl10, screen, webkit2, and xpdf), Oracle (grub2), Red Hat (java-1.7.1-ibm, java-1.8.0-ibm, nodejs:10, and nodejs:12), SUSE (freeradius-server), and Ubuntu (wpa).

  • Reproducible Builds: Reproducible Builds in February 2021

    Welcome to the report from the Reproducible Builds project for February 2021. In our monthly reports, we try to outline the most important things that have happened in the world of reproducible builds. If you are interested in contributing to the project, though, please visit our Contribute page on our website. [...] A few days earlier, Eric Brewer, Rob Pike, Abhishek Arya, Anne Bertucio and Kim Lewandowski wrote a post on the Google Security Blog proposing an industry-wide framework they call “Know, Prevent, Fix” which aims to improve how the industry might think about vulnerabilities in open source software, including “Consensus on metadata and identity standards” and — more relevant to the Reproducible Builds project — “Increased transparency and review for critical software”...

  • The Hijacking of Perl.com

    For a week we lost control of the Perl.com domain. Now that the incident has died down, we can explain some of what happened and how we handled it. This incident only affected the domain ownership of Perl.com and there was no other compromise of community resources. This website was still there, but DNS was handing out different IP numbers. First, this wasn’t an issue of not renewing the domain. That would have been a better situation for us because there’s a grace period. Second, to be very clear, I’m just an editor for the website that uses the Perl.com domain. This means that I’m not actually the “injured party” in legal terms. Tom Christiansen is the domain registrant, and should legal matters progress, there’s no reason for me, nor anyone else, to know all of the details. However, I’ve talked to many of the people involved in the process.

QBittorrent Support For BitTorrent 2.0 Is Looking Good

BitTorrent 2.0, defined in BEP52 all the way back in January 2008, is a big upgrade to the existing BitTorrent protocol. It uses SHA-256 instead of the now very insecure SHA-1 hash algorithm, it has a much more efficient directory structure in the .torrent files and the pieces of files within a torrent are represented by merkle hash trees. One potentially fun advantage of the new .torrent file format is that individual files within a .torrent get their own hash. That could be used to participate in two or more public swarms if two or more torrents happen to contain the same file(s). There is no code for such a cross-leaching feature as of today, but is in theory quite possible. BitTorrent clients have been very slow to implement the new BitTorrent 2.0 protocol. libtorrent-rasterbar 2.0, released in October 2020, was the first widely used BitTorrent library to full support it and all its features. The popular qBittorrent client, available for macOS newer than High Sierra, Windows 7+ and Linux, is built on the libtorrent-rasterbar library. The latest stable v4.3.3 release from January 2021 uses libtorrent-rasterbar 1.2. Read more

Android Leftovers