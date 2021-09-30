Language Selection

In the spirit of open government, France dumps 9,067 repos online to show off its FOSS credentials

Submitted by Roy Schestowitz on Friday 12th of November 2021 03:50:09 PM
OSS

Le Gouvernement de la République française – the government of France for Anglophones – has published a website containing 9,067 repositories of FOSS software created by 1,022 organisations and groups in the French public sector.

After two years of work, the site hit version 1.0 on Wednesday.

Helpfully for non-Francophones, the homepage and much of the info is in English – although saying that, just to warn you, the same isn't true of all the background information and the various organisational pages we're about to link to.

The site is run by Etalab [Fr], which is a department of DINUM [Fr], the Interministerial Digital Directorate, and the software is released under Etalab's Open License 2.0 – defined in English in this PDF file.

The release happened as a result of a decree [Fr] of Open Government [Fr] from 30 October 2019 after the French government joined the Open Government Partnership in April 2014.

Security Leftovers

  • This Week in Security: Unicode Strikes, NPM Again, and First Steps to PS5 Crack [Ed: Microsoft keeps serving malware through NPM and the media keeps blaming the victims, who basically receive malicious software because of Microsoft]

    Maybe we really were better off with ASCII. Back in my day, we had space for 256 characters, didn’t even use 128 of them, and we took what we got. Unicode opened up computers to the languages of the world, but also opened an invisible backdoor. This is a similar technique to last week’s Trojan Source story. While Trojan Source used right-to-left encoding to manipulate benign-looking code, this hack from Certitude uses Unicode characters that appear to be whitespace, but are recognized as valid variable names. [...] Last week, the coa and rc packages temporarily updated to versions containing malicious code. The timing, and nearly identical added code, indicates that it was the same individual or group behind both packages. While the malware seemed to be non-functional on some systems, it should be assumed that anywhere these malicious versions were deployed is compromised. At a combined 20 million weekly downloads for these two packages, there are sure to be many compromises, even given the short time the malicious packages were available on the 4th. NPM was hosting the malicious version of coa for one hour and twelve minutes. The rc package pushed the malicious update a couple hours later, and it’s unclear how long that version was available. The malicious code was run using a preinstall script, which seems to be the common vector for these hacks. There have been suggestions that install scripts should be disabled by default. While that would prevent these very simple attacks, it wouldn’t actually protect against the underlying problem. Supply chain attacks are a growing problem, but they seem to be particularly problematic in the world of full-stack JavaScript. If the popularity of node.js and npm are to continue, we will need a better solution to this pernicious problem.

  • Security updates for Friday

    Security updates have been issued by Debian (node-tar, postgresql-11, postgresql-13, and postgresql-9.6), Fedora (autotrace, botan2, chafa, converseen, digikam, dmtx-utils, dvdauthor, eom, kxstitch, pfstools, php-pecl-imagick, psiconv, q, R-magick, radeontop, rss-glx, rubygem-rmagick, synfig, synfigstudio, vdr-scraper2vdr, vdr-skinelchihd, vdr-skinnopacity, vdr-tvguide, and WindowMaker), Mageia (kernel, kernel-linus, and openafs), openSUSE (kernel), Red Hat (freerdp), SUSE (bind and kernel), and Ubuntu (openexr, postgresql-10, postgresql-12, postgresql-13, and samba).

  • CISA Releases Advisory on Vulnerabilities in Multiple Data Distribution Service Implementations

    CISA has released an Industrial Control Systems Advisory (ICSA) related to a public report detailing vulnerabilities found in multiple open-source and proprietary Object Management Group (OMG) Data-Distribution Service (DDS) implementations. Successful exploitation of these vulnerabilities could result in denial-of-service or buffer-overflow conditions, which may lead to remote code execution or information exposure. CISA encourages users and administrators to review ICSA-21-315-02: Multiple Data Distribution Service (DDS) Implementations and apply the necessary updates as quickly as possible.

  • MacOS Zero-Day Used against Hong-Kong Activists

    Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

  • Google Caught Hackers Using a Mac Zero-Day Against Hong Kong Users

    Google researchers caught hackers targeting users in Hong Kong exploiting what were at the time unknown vulnerabilities in Apple’s Mac operating system. According to the researchers, the attacks have the hallmarks of government-backed hackers. On Thursday, Google’s Threat Analysis Group (TAG), the company’s elite team of hacker hunters, published a report detailing the hacking campaign. The researchers didn’t go as far as pointing the finger at a specific hacking group or country, but they said it was “a well resourced group, likely state backed.” “We do not have enough technical evidence to provide attribution and we do not speculate about attribution,” the head of TAG Shane Huntley told Motherboard in an email. “However, the nature of the activity and targeting is consistent with a government backed actor.”

Alpine 3.14.3 released

The Alpine Linux project is pleased to announce the immediate availability of version 3.14.3 of its Alpine Linux operating system. Read more

First Look: You Can Now Run Android 12 on Your Raspberry Pi 4 Computer

Created by renowned XDA member KonstaT (KonstaKANG), there’s now an unofficial LineageOS 19.0 build for Raspberry Pi 4 Model B, Raspberry P 400, and Raspberry P Compute Module 4 (CM4) computers, based on the Android 12 mobile operating system and, to my surprise, it runs quite well. The image is distributed in the same format as any other Raspberry Pi operating system, which means that after you’ve downloaded the image (see direct download link at the end of the article), you’ll be able to easily write it on a microSD card with the official Raspberry Pi Imager utility or a similar tool. Read more

today's howtos

  • 16 Practical and Useful Examples of Echo Command in Linux

    The shell commands have always been a crucial tool in Linux. So learning about them gives a user fine-grained control over the Linux machine. Such a command of Linux bash shell is echo command. However, the echo command seems to be a pretty straightforward and easy one. It has a unique job that cannot be done with other commands, especially while writing a bash script. The echo command in Linux is mainly used for printing text in the console. It can show messages for the user while a bash script is executing.

  • How to Install Chromium Browser on Fedora 35 - LinuxCapable

    Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web. The Chromium codebase is widely used. Microsoft Edge, Opera, and many other browsers are based on the code.

  • How to Install OpenLiteSpeed on Rocky Linux/AlmaLinux –

    In this tutorial guide we will learn how to install Openlitespeed server on Rocky Linux/Alma Linux Openlitespeed is an easy to use open source web server. It offers unbeatable features and performance to your website along with top notch security. The server understands all the Apache rewrite rules and has intelligent cache acceleration features that let you implement the fastest caching on your server.

  • How to SSH into a Docker Container and Run Commands - Unixcop the Unix / Linux the admins deams

    Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers. Docker is a utility that lets you create a container for running applications. A Docker container is a fully-contained virtual machine. This guide will show you three methods to SSH into a Docker container and run commands.

  • How to Turn Off directory browsing on Apache and Nginx - Unixcop the Unix / Linux the admins deams

    The directory content listing enabled by default when you install Apache web server, This may_be a desirable features in some scenarios, but it’s a potential security hole in others. It’s easy enough to turn this setting on or off for each website (virtual host) that you have set up. In this guide, we’ll show you how to turn off directory browsing on Apache & Nginx web servers.

  • How to install and Configure Mariadb 10 in Debian 11 – Citizix

    MariaDB is an open-source one of the most popular relational database management system (RDBMS) that is a highly compatible drop-in replacement of MySQL. It is built upon the values of performance, stability, and openness, and MariaDB Foundation ensures contributions will be accepted on technical merit. MariaDB was developed as a software fork of MySQL in 2009 in response to Oracle’s acquisition of MySQL. MariaDB intends to remain free and open-source software under the GNU General Public License. It is part of most cloud offerings and the default in most Linux distributions. In this guide we will learn how to install and configure MariaDB in Debian 11.

