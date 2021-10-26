Security Leftovers Security updates for Monday [LWN.net] Security updates have been issued by Arch Linux (chromium, firefox, gitlab, grafana, grafana-agent, thunderbird, and vivaldi), Debian (apache-log4j2, privoxy, and wireshark), Fedora (firefox, grub2, mariadb, mod_auth_openidc, rust-drg, rust-tiny_http, and rust-tiny_http0.6), Mageia (chromium-browser-stable, curaengine, fetchmail, firefox, libvirt, log4j, opencontainers-runc, python-django, speex, and thunderbird), openSUSE (clamav, firefox, glib-networking, glibc, gmp, ImageMagick, log4j, nodejs12, nodejs14, php7, python-Babel, python-pip, webkit2gtk3, and wireshark), Red Hat (mailman:2.1 and samba), and SUSE (bcm43xx-firmware, firefox, glib-networking, ImageMagick, kernel-rt, and python-pip).

Keeping curl safe I’ve talked on this topic before but I realized I never did a proper blog post on the topic. So here it is: how we develop curl to keep it safe. The topic of supply chain security is one that is discussed frequently these days and every so often there’s a very well used (open source) component that gets a terrible weakness revealed. Don’t get me wrong. Proprietary packages have their share of issues as well, and probably even more so, but for obvious reasons we never get the same transparency, details and insight into those problems and solutions.

NSO Group’s Pegasus Spyware Used Against US State Department Officials NSO Group’s descent into Internet pariah status continues. Its Pegasus spyware was used against nine US State Department employees. We don’t know which NSO Group customer trained the spyware on the US.

Blacklisted: Israeli spyware firm NSO faces sanctions, lawsuits After it hacked dissidents and journalists for years, news that NSO’s technology targeted US diplomats has brought on sanctions and lawsuits. Plus, big oil’s big PR push.

IBM/Red Hat Leftovers Introducing the hosted beta experience Red Hat Enterprise Linux Image Builder The Red Hat Enterprise Linux (RHEL) and Red Hat Insights teams invite you to try the public beta of the Image Builder hosted service, a part of the Insights application suite which is included with the RHEL subscription. The Image Builder service, which can be found in the left navigation of the Red Hat Hybrid Cloud Console beta, simplifies and streamlines the process of assembling your own customized RHEL operating system images with the latest content and security updates for all of your hybrid cloud environments. Today, building or installing operating systems for deployment across your hybrid cloud environments can be slow, tedious, and error prone. Building and updating a server image for traditional virtualization platforms require different tools and risky modifications to make it work in public cloud environments.

How can we make Linux functionally safe for automotive? The automotive computing world, like many other industries, is going through a transformation. Traditionally discrete computing systems are becoming more integrated, with workloads consolidated into systems that look remarkably more like edge systems than embedded devices. The ideas driving this shift come from open source, but will Linux be part of this future, given that the existing standards for functional safety do not currently accommodate Linux-based operating systems?

Take Tidelift's 4th annual open source survey [Ed: IBM/Red Hat shilling a self-serving survey of a firm partly controlled by Red Hat's founder] Participate in Tidelift’s fourth annual open source survey and help shed light on how organizations manage their use of open source components for application development.

Digital transformation: 4 CIO tips for 2022 In the panicked move to remote work in 2020, most organizations cobbled together quick-and-dirty accommodations just to keep the business running. Plans for digital transformation accelerated at warp speed as employees shifted to working from home overnight with virtually no time for planning, research, or preparation. Instead of the thoughtful and careful rollout CIOs envisioned, they were instead forced to make urgent decisions and hope for the best, assuming this would all be short-lived. Instead, those crisis plans became status quo, making 2021 the year of hybrid work. As organizations have settled into this new reality, it’s clear there’s no turning back. Despite best-laid plans, many CIOs believe the pace of digital transformation will continue to accelerate, primarily catalyzed by outside forces beyond their control.

10 books to build your people skills | The Enterprisers Project If you’re feeling a little rusty in the social skills department these days, you are not alone. In fact, there’s a name for it: post-pandemic reentry anxiety. It may take you some time to wrap your head around returning to face-to-face working conditions - or even a mix of office and remote work - after more than a year of remote work. Indeed, in February of this year, as promising light appeared at the end of this pandemic tunnel, U.S. adults reported their highest stress levels since the earliest days of the Covid-19 crisis, according to a survey by the American Psychological Association. Of course, the softer skills of management, relationship building, communication, and collaboration are more critical than ever. If you find you need a little remedial people skills training, take heart: We’ve gathered 10 great books to consider, several of which address the additional challenges of ongoing remote or hybrid interactions.