Navigation

Language Selection

Search

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 18th of January 2022 11:18:12 PM Filed under

Security

White House Meeting Explores Ways to Secure Software Supply Chain

The path forward will require collaboration from companies and organizations that consume and ship open source software, said Joe Brockmeier, Vice President Marketing & Publicity at Apache Software Foundation. “There's no single "silver bullet" to get there, and it will take all of our organizations working together to improve the open source supply chain.”
CISA Adds 13 Known Exploited Vulnerabilities to Catalog | CISA

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats

In response to recent malicious cyber incidents in Ukraine—including the defacement of government websites and the presence of potentially destructive malware on Ukrainian systems—CISA has published CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats.
Linux Lock Screen Policy Enables Consistent Device Governance

Every operating system should have security controls deployed, and Linux is no exception. Having a lock screen policy is even more of a consideration with a remote workforce where team members could be using a local coffee shop or other unsecured locations as an “office,” which increases the odds that bad actors could obtain physical access to devices. JumpCloud has created an easy-to-deploy policy to configure lock screen settings for Linux throughout your fleet, providing consistent governance and a scalable method for a secure OS configuration.
Oracle Releases January 2022 Critical Patch Update

Oracle has released its Critical Patch Update for January 2022 to address 497 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Login or register to post comments
Printer-friendly version
1388 reads
PDF version

More in Tux Machines

Programming Leftovers

Return String From Function C++

A way to identify a series of strings as a class member is specified in C++’s definition. The String class holds attributes as a stream of bits, with the ability to handle a single-byte character. In C++, we may retrieve a string, but we should still examine how the string will be retained and transferred. Because C++ returns elements on the heap, which has a finite amount of space, providing immense components will induce stack overflow issues that could result in errors and security flaws. If we can return a std::string object from the standard template library, we may provide a constant pointer to the string. Ascertain that the string is retained in static memory. This article outlines various approaches for returning a string from a C++ function.
How to round of Numbers in Java

Java provides a built-in class known as Math class which belongs to the java.lang package. The java.lang.Math class provides numerous methods that are used to perform different numeric operations such as rounding of a number, finding square root, and so on. The Math class offers multiple methods to round off a number such as round(), ceil(), floor().
Writing it down

PWC 165 refers us to mathsisfun for the algorithm to be used. Let’s write it down.

Emulate the VIC-20 home computer with Linux

Emulation is the practice of using a program (called an emulator) on a PC to mimic the behaviour of a home computer or a video game console, in order to play (usually retro) games on a computer. Home computers were a class of microcomputers that entered the market in 1977 and became common during the 1980s. They were marketed to consumers as affordable and accessible computers that, for the first time, were intended for the use of a single non-technical user. Back in the 1980s, home computers came to the forefront of teenagers’ minds. Specifically, the Amiga, ZX Spectrum, and Atari ST were extremely popular. They were hugely popular home computers targeted heavily towards games, but they also ran other types of software. The Commodore VIC-20 is an 8-bit home computer that was released in 1980/1. It featured a MOS Technology 6502 CPU, with 20KB ROM and 5KB RAM although 1.5K of the RAM was used for the video display and aspects of the BASIC and kernal. It offered limited low-resolution graphics (176 x 184) with storage provided by cassette and floppy disk.

PostgreSQL Anonymizer 1.0: Privacy By Design For Postgres

PostgreSQL Anonymizer is an extension that hides or replaces personally identifiable information (PII) or commercially sensitive data from a PostgreSQL database. The extension supports 3 different anonymization strategies: Dynamic Masking, Static Masking and Anonymous Dumps. It also offers a large choice of Masking Functions such as Substitution, Randomization, Faking, Pseudonymization, Partial Scrambling, Shuffling, Noise Addition and Generalization.

today's howtos

Web UI Dashboard for Kubernetes
Dmesg Command in Linux – Options + Examples
How to set up your graphics card in Zorin OS - Real Linux User

Most modern Linux distributions have out of the box outstanding support for most of the available hardware components, like your graphics card, printer and WiFi adapter. Even for many relatively new hardware technologies there is support with the help of Hardware Enablement. But it is always possible that the setup procedure doesn’t come up directly with the correct or most optimized drivers for your specific internal or external devices. In this article as part of my Zorin OS tutorial series I will focus on the support of graphics cards and will show you how to install or update graphics drivers in Zorin OS.
How to install Vivaldi browser on Fedora 36 - NextGenTips

Vivaldi browser is a freeware, cross-platform web browser developed by Vivaldi Technologies. It has a minimalistic user interface with basic icons and fonts and, an optionally color scheme that changes based on the background and design of the web page being visited.

Latest News

Looks Like Ubuntu 22.10 Will Finally Switch to PipeWire by Default and Drop PulseAudio

If you were wondering when Ubuntu will finally switch to PipeWire as default for audio, it looks like your wish might come true with the next release of Ubuntu Linux, the Kinetic Kudu, due out later this year on October 20th. Canonical employee and Ubuntu Desktop developer Heather Ellsworth was the one to reveal the other day on a thread on the Ubuntu Discourse channel the fact that the Ubuntu devs are planning to run only PipeWire and not PulseAudio as the default sound server for the Ubuntu 22.10 release.

today's leftovers

Pipewire as a replacement for pulseaudio

Are there any plans to migrate ubuntu to pipewire and wireplumber by default for audio, now that the LTS is out of the way? My anecdotal experience is that it seems to be working fine and in some cases (eg bluetooth audio, especially headsets) surparssing pulseaudio. Using Ubuntu Jammy’s built in packages.
Annual Report 2021: Attracting new contributors to LibreOffice [Ed: A good start would be, drop this "Personal Edition" thing as it perpetuates the idea volunteers work, without pay, for corporations. Corporations like to pretend to everything that is supposed to replace them. They want to control both sides. Why do you think proprietary software companies pretend to be -- and speak for -- "Open Source"? Corporations try to turn Free-as-in-Freedom into Free-as-in-Serfdom.]

Joining a large and established project like LibreOffice can be daunting for many. The software has a large codebase, and sub-projects use a wide array of tools. In recent years, we’ve made efforts to simplify the onboarding process by linking more services together with SSO (single sign-on), thereby reducing some of the complexity. In addition, we’ve created Easy Hacks and similar “bite size” projects in other areas, so that newcomers can get involved quickly and achieve something without months of work. Currently, we have two websites/pages that function as starting points for new contributors: What Can I Do For LibreOffice and the Get Involved page. The former was set up by LibreOffice’s Albanian community, and lets users click through topics of interest, until they find something they want to do. The latter is a regular page, with a list of sub-projects inside LibreOffice, and quick steps to make initial contact.
Tried overlay filesystem again

Back in the very early days of EasyOS, 2017, I tried the overlay filesystem (also known as overlayfs), but there were serious errors. Don't recall exactly what they were, but the result was I stayed with aufs.
Graylog: Industry Leading Log Management for Linux

The point of logging is to keep your servers happy, healthy, and secure. If you can’t find the data, you can’t use it effectively or efficiently. If you’re not logging what you need, you will miss some critical signs. Meanwhile, if you’re logging too much, you will miss them again because they’ll be buried in so much noise. Everyone can use an extra pair of eyes to manage Linux logs, whether you’re a beginner, expert, or somewhere in between. [...] You need to know whether the outage is intended or not. In some cases, the outage might be for regular maintenance, and someone ran the shutdown or reboot commands. In other cases, it could be that the machine crashed. While the logs spit out a lot of information, they don’t make it easy to find what you’re looking for. Reviewing Linux logs in plain text files written by a Syslog daemon is hard. When reviewing this information on your own, it’s easy to miss the needle of important information hidden in the haystack of plain text. It’s also extremely time-consuming, especially when you’re trying to figure out what happened to a machine that led to a service outage. In a centralized log management solution like Graylog, you don’t need to worry about knowing all the log file names or scanning through endless lines of plain text. You can set up dashboards that give you quick visibility.
PiHole – advertisement & tracking blocking (also runs on the even faster odroids) can speed up surfing +50%
Ep 169: 3D Print Vase Mode: Engage, Measuring Nanovolts Through Mega DIY, And The Softest Pants Are Software Pants

Join Hackaday Editor-in-Chief Elliot Williams and Assignments Editor Kristina Panos as we take a tour of our top hacks from the past week. Elliot brought some fairly nerdy fare to the table this time, and Kristina pines for physical media as we discuss the demise of the iPod Touch, the last fruit-flavored mp3-playing soldier to fall.

Fedora / Red Hat / IBM

Fedora Community Blog: Some docs repos are moving to GitLab

The Fedora Docs team is starting the process of moving repos from the fedora-docs namespace on Pagure to GitLab. We’re making this move in order to take advantage of features like improved in-browser editing and cross-repo kanban boards. This move will be entirely transparent to the docs published at docs.fedoraproject.org. However, if you are contributing to one of the repos in this namespace, you’ll need to update the git remote.
Red Hat 2022: Linux In a New Avatar, OpenShift Upgrades, and Other Announcements
Is the new open source standard no standard at all? | TechRepublic

We’re in a strange, somewhat unpredictable period in open source that has been caused perhaps by a lessening of Red Hat’s industry impact over the years. On Twitter, Brianna Wu asked men over 40 to comment on “structures [that] existed in your life to teach you how to be a good man.” Answers included things like Boy Scouts. A similar sort of question might be asked of developers and “open source structures…to teach you how to be a good open source citizen.” When I got started in open source, the obvious answer to most every question was “Red Hat.” What’s the right way to build a business in open source? Look to Red Hat was the stock response. What’s the right way to advocate for code freedom in open source? Again, look to Red Hat.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Gizmoz

FOSSMint

Debug Point

LXer

UbuntuBuzz

SparkyLinux

Linux Journal

Linux Today

System 76

Pop!_OS 22.04 LTS has landed!

Kernel Planet

Purism

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA