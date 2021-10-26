Security Leftovers
Security updates have been issued by Arch Linux (chromium, firefox, gitlab, grafana, grafana-agent, thunderbird, and vivaldi), Debian (apache-log4j2, privoxy, and wireshark), Fedora (firefox, grub2, mariadb, mod_auth_openidc, rust-drg, rust-tiny_http, and rust-tiny_http0.6), Mageia (chromium-browser-stable, curaengine, fetchmail, firefox, libvirt, log4j, opencontainers-runc, python-django, speex, and thunderbird), openSUSE (clamav, firefox, glib-networking, glibc, gmp, ImageMagick, log4j, nodejs12, nodejs14, php7, python-Babel, python-pip, webkit2gtk3, and wireshark), Red Hat (mailman:2.1 and samba), and SUSE (bcm43xx-firmware, firefox, glib-networking, ImageMagick, kernel-rt, and python-pip).
I’ve talked on this topic before but I realized I never did a proper blog post on the topic. So here it is: how we develop curl to keep it safe. The topic of supply chain security is one that is discussed frequently these days and every so often there’s a very well used (open source) component that gets a terrible weakness revealed.
Don’t get me wrong. Proprietary packages have their share of issues as well, and probably even more so, but for obvious reasons we never get the same transparency, details and insight into those problems and solutions.
NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US.
After it hacked dissidents and journalists for years, news that NSO’s technology targeted US diplomats has brought on sanctions and lawsuits. Plus, big oil’s big PR push.
IBM/Red Hat Leftovers
-
The Red Hat Enterprise Linux (RHEL) and Red Hat Insights teams invite you to try the public beta of the Image Builder hosted service, a part of the Insights application suite which is included with the RHEL subscription.
The Image Builder service, which can be found in the left navigation of the Red Hat Hybrid Cloud Console beta, simplifies and streamlines the process of assembling your own customized RHEL operating system images with the latest content and security updates for all of your hybrid cloud environments.
Today, building or installing operating systems for deployment across your hybrid cloud environments can be slow, tedious, and error prone. Building and updating a server image for traditional virtualization platforms require different tools and risky modifications to make it work in public cloud environments.
The automotive computing world, like many other industries, is going through a transformation. Traditionally discrete computing systems are becoming more integrated, with workloads consolidated into systems that look remarkably more like edge systems than embedded devices. The ideas driving this shift come from open source, but will Linux be part of this future, given that the existing standards for functional safety do not currently accommodate Linux-based operating systems?
Take Tidelift's 4th annual open source survey
Participate in Tidelift’s fourth annual open source survey and help shed light on how organizations manage their use of open source components for application development.
In the panicked move to remote work in 2020, most organizations cobbled together quick-and-dirty accommodations just to keep the business running. Plans for digital transformation accelerated at warp speed as employees shifted to working from home overnight with virtually no time for planning, research, or preparation. Instead of the thoughtful and careful rollout CIOs envisioned, they were instead forced to make urgent decisions and hope for the best, assuming this would all be short-lived.
Instead, those crisis plans became status quo, making 2021 the year of hybrid work. As organizations have settled into this new reality, it’s clear there’s no turning back. Despite best-laid plans, many CIOs believe the pace of digital transformation will continue to accelerate, primarily catalyzed by outside forces beyond their control.
If you’re feeling a little rusty in the social skills department these days, you are not alone. In fact, there’s a name for it: post-pandemic reentry anxiety.
It may take you some time to wrap your head around returning to face-to-face working conditions - or even a mix of office and remote work - after more than a year of remote work. Indeed, in February of this year, as promising light appeared at the end of this pandemic tunnel, U.S. adults reported their highest stress levels since the earliest days of the Covid-19 crisis, according to a survey by the American Psychological Association.
Of course, the softer skills of management, relationship building, communication, and collaboration are more critical than ever.
If you find you need a little remedial people skills training, take heart: We’ve gathered 10 great books to consider, several of which address the additional challenges of ongoing remote or hybrid interactions.
digiKam 7.4 Professional Photo Management App Brings New Features and Better Camera Support
Coming five months after digiKam 7.3, the digiKam 7.4 release is here with a new tool that lets users share items on the network with a Motion JPEG stream server, as well as an improved Showfoto component that received a new left sidebar which can host a folder-view to help users quickly explore images from their local file system or a stack-view to host your favorite contents.
An interesting change in digiKam 7.4 is the improved Image Quality Sorter tool, which helps users label images by accepted, pending, or rejected. Also improved is the database component, which now features the ability to use a local SQLite thumbnail database with an external MySQL configuration.
Open Access: What Is It & Why It’s Important For Science
Open Access is a publication model that allows anyone to use and access scientific papers produced by an academic journal or publication.
Historically, interested readers (Researchers, students… etc) need to pay for a subscription if they want to access the scientific papers produced by an academic publication, or they may need to pay the access price only for the articles they want to get.
Alternatively, they may also access them with the help of their universities or sponsoring institutes, which usually provide a free full/partial subscription for their researchers.
Those access fees could range anywhere from $20 to $500 per paper, and the monthly subscription fees are in a similar price range as well.
However, those access fees are a huge barrier for independent researchers which are not affiliated with a university or a funding source. Anyone who has tried to publish a scientific paper must have needed to read tens of related papers in the literature, and if he or she are going to pay for every single article they need to access, then they won’t be able to do science.
These fees are heavy even for universities themselves; they have to pay millions of dollars each year in order to keep providing their researchers with the scientific literature access they need. Sometimes, they may not have the enough funding to sign contracts with all the needed publishers, and hence, researchers have to deal with this situation for their own.
