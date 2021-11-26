Security Leftovers
-
Security updates have been issued by Debian (apache-log4j2, libextractor, libpcap, and wireshark), Fedora (grub2, kernel, libopenmpt, log4j, mingw-binutils, mingw-python-lxml, and seamonkey), Mageia (golang, lapack/openblas, and samba), and openSUSE (go1.16, libaom, log4j12, logback, and runc).
-
In 2022, security will be Linux and open-source developers job number one | ZDNet [Ed: Back doors have crept into proprietary software at all levels, but SJVN/ZDNet participates in the phony narratives wherein the problem (security-wise) is the alternative to such software]
But with great power also comes great responsibility as Spider-Man knows. And, as many developers recently found out when multiple security vulnerabilities with the Apache Java logging open-source library log4j2 were discovered, also comes great headaches.
The log4j2 problems are as bad as bad can get. By the National Vulnerability Database (NVD) scale, it's rated as 10.0 CVSSv3 which is perfectly awful.
Its real trouble isn't so much with open-source itself. There's nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus's law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I'm now calling Schneier's law, "Security is a process, not a product," points out constant vigilance is needed to secure all software.
-
The annual meeting of the Chaos Computer Club, Germany’s giant hacker group, is online again this year. While those of us here are sad that we don’t get to see our hacker friends in person, our loss is your gain — the whole thing is online for the entire world to enjoy.
This year’s Congress has gone entirely decentralized, with many local clubs hosting their own video streams and “stages”. Instead of four tracks, there are now six or seven tracks of talks going on simultaneously, so prepare to be overwhelmed by choice. You can find the overall schedule here, so if you see anything you’d like to watch, you’ll know when to tune in.
LibreOffice 7.3 RC1 is available for testing
The LibreOffice Quality Assurance ( QA ) Team is happy to announce LibreOffice 7.3 RC1 is available for testing!
LibreOffice 7.3 will be released as final at the beginning of February, 2022 ( Check the Release Plan for more information ) being LibreOffice 7.3 RC1 the third pre-release since the development of version 7.3 started in mid June, 2021. Since the previous release, LibreOffice 7.3 Beta1, 241 commits have been submitted to the code repository and 130 issues got fixed. Check the release notes to find the new features included in this version of LibreOffice.
LibreOffice 7.3 RC1 can be downloaded from here for Linux, macOS and Windows, and it will replace the standard version.
In case you find any problem in this pre-release, please report it in Bugzilla ( You just need a legit email account in order to create a new account ).
Also: LibreOffice Calc Guide 7.1 Russian Edition
today's howtos
-
For those hating the Flatpak and Snap packages, here’s how to compile GNU Emacs editor (v27.2 tested) from the source tarball while the Kevin Kelley’s PPA seems NOT to be updated anymore.
Before getting started, it’s recommended to remove old Emacs (if any) by running command in terminal (Ctrl+Alt+T)...
-
If you’re a system administrator, you probably already know the hassle of checking the server loads on a Linux system. There are many tools that allow you to check the server loads in different ways. Some of them work in an integrated way, and some of them function as individual tools. However, there are ways to check the server load contentiously through the command-line interface in Linux. Using the CLI methods can save your time and be easy to use. Besides, the CLI also gives you an accurate value of the server load. No matter which server you work with, Apache or Nginx, the CLI commands for checking server load works smoothly on both.
-
Servers are one of the most critical components in any IT infrastructure. Virtually all business functions require some kind of server, from checking your email inbox to accessing client files. It's safe to say that servers are the backbone of your business—and it can be disastrous if they should fail.
According to ITIC's 2021 Hourly Cost of Downtime Survey, 91% of organizations say a single hour of server downtime costs $300,000 or more. And of that 91%, nearly half or 44% say that hourly outage costs exceed $1 million to over $5 million. Yikes.
It's impossible to completely avoid downtime. After all, some things are out of your control. However, it's possible to reduce the chance of it by improving and securing your server. It's also possible to be prepared for downtime so that when it happens, you can quickly bounce back.
-
In this tutorial, we will show you how to install VLC Media Player on Fedora 35. For those of you who didn’t know, VLC is a free and portable open-source media player for both audio and video. This app can play nearly all known multimedia files and DVDs, Audio CDs, VCDs, and various streaming protocols and can be extended and customized with various plugins.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the VLC Media Player on a Fedora 35.
-
In this video, I am going to show how to install elementary OS 6.1 Jólnir...
Kernel Articles: Intel, Motorola, and AMD
-
Intel's modern WiFi driver "IWLWIFI" is set to see a number of improvements with the Linux 5.17 kernel development cycle kicking off in January.
Merged to the networking subsystem's net-next branch ahead of the Linux 5.17 merge window in mid-January were a number of improvements for new and existing wireless hardware. Some of the Intel WiFi improvements coming for the Linux 5.17 kernel include:
- Continued work enabling their next-generation "Bz" hardware family. Going back to the summer Intel was working on Linux support for yet-to-be-released "Bz" WiFi hardware and that enablement work is continuing for Linux 5.17. There are also Rx changes for new hardware families.
-
It was nearly four years ago already that Intel announced Sound Open Firmware in pushing for open-source sound firmware for their hardware. The Sound Open Firmware effort has been a great success even if it's not a shiny project widely talked about among consumers. Just prior to the holidays Sound Open Firmware 2.0 was quietly released.
The Sound Open Firmware project provides an open-source digital signal processing (DSP) firmware stack and software development kit around it as well as open-source emulation support with QEMU, etc. Beyond the firmware itself the Linux kernel has the Sound Open Firmware host driver support and the SOF driver stack is dual-licensed under both the BSD and GPL. More details on the SOF project can be found via the project documentation.
-
When it comes to the Motorola 68000 "m68k" virtual machine targets, the most powerful option under Linux right now is the Quadra 800. That though for virtualization purposes isn't too useful by today's standards with being limited to 1GB of RAM and limited interface support. But a new Virtual M68k Machine aims to provide a more useful target and support has already landed in QEMU while the Linux kernel support is pending.
The new Virtual M68k Machine is based on Google's Goldfish interfaces used for the Android simulator and reuses some of that Goldfish code for this more relevant M68k machine.
-
AMD's official Vulkan driver team is ending out the year by pushing out AMDVLK 2021.Q4.3 as their official open-source Radeon Vulkan driver implementation for Linux systems. This alternative to the Mesa RADV driver finally has fixed up its very poor performance for Vulkan under Wayland.
AMDVLK 2021.Q4.3 was released this morning as their latest routine code drop accompanied by binaries for RHEL/CentOS 7 and 8 and Ubuntu LTS releases. It's been three weeks since the last AMDVLK code drop while this end-of-year release has just a few changes but rather notable.
Recent comments
2 min 24 sec ago
14 min 14 sec ago
21 min 30 sec ago
5 hours 9 min ago
5 hours 42 min ago
5 hours 50 min ago
6 hours 10 min ago
14 hours 52 min ago
15 hours 1 min ago
17 hours 19 min ago