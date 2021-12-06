Language Selection

Winds a personalized RSS and Podcast app with an open-source flavor

Thursday 7th of April 2022 09:15:34 PM
Software

Winds is an open-source RSS & Podcast App Powered by Getstream.io

Stream is an API for building activity feeds. For Winds the follow suggestions and the list of articles from the feeds you follow is powered by Stream. Stream accounts are free for up to 3 million feed updates and handle personalization (machine learning) for up to 100 users.

Advice for data centers looking to change operating systems

Which OS a data center uses can vary, but the majority of platforms are based on or have compatibility with Linux. Linux is well known for its incredible flexibility and versatility, largely thanks to its open source nature and highly active global community. Because anyone can use Linux freely, developers around the world have built custom configurations suited to almost any purpose. Linux's modular nature also makes it a natural fit for the cloud -- easy to scale and match the pace of potentially rapid data center growth. Some of the biggest cloud platforms in the world are based on hardened versions of Linux, including AWS, Google Cloud Platform and Microsoft Azure. Many of today's existing data center OSes are compatible with Linux, but each OS often has a specific purpose. For example, Kubernetes provides a way to configure Docker containers into clusters of interacting services. It automatically accounts for resource density replication and service grouping and intelligently schedules these factors. Photon, on the other hand, operates as a minimal Linux container host with a focus on quick booting on VMware platforms. Read more

Games: Steam Deck Milestone and More

  • 2100 Games On The Steam Deck, with Metro 2033 Redux and Resonance of Fate as Verified - Boiling Steam

    A rather slow week again after the 2000 games milestone on the Steam Deck. There are now 2100 games (1997 at the time of writing) working on the Steam Deck – in two categories as usual...

  • Steam Deck gets a small update to fix Downloads, adds Triggers for Keyboard | GamingOnLinux

    Here we go again Steam Deck fans, another upgrading ready and waiting to be downloaded. This time though, it's a pretty small one with only a few changes. All welcome changes though of course. Some users noticed recently that downloading on the Steam Deck might cause the Steam Client to freeze. Obviously a pretty major problem and one thankfully Valve has solved quite quickly since the last update.

  • Valve marks the first month of the Steam Deck | GamingOnLinux

    Valve has released a news post going over some of the changes and improvements of the Steam Deck over the first month since the initial release. There's a lot that's been going on, with updates releasing rather regularly. Most of it, we've already gone over in articles you can follow on the Steam Deck tag and videos on the GamingOnLinux YouTube Channel. Some of what's mentioned includes jumping over 2,000 Verified and Playable titles, which is a nice healthy number for such a new system. There's quite a lot of issues there though, they know this, and so the feedback system was introduced to see how different the experience is compared with Deck Verified and what players actually see.

Security Leftovers

  • Red Hat gets RHEL 8.2 certified for high level US government security

    Linux slinger Red Hat has achieved Common Criteria certification for Red Hat Enterprise Linux 8.2. This means it is cleared as a platform suitable for US users with critical workloads in classified and sensitive deployments, including national security agencies, finance and healthcare organizations.

  • Ubuntu plocate security review
  • VMware Releases Security Updates | CISA

    VMware has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

  • Protecting Against the Spring4Shell Vulnerability | eSecurityPlanet

    Spring4Shell (CVE-2022-22965) is a remote code execution (RCE) vulnerability that affects Spring Core, a comprehensive framework for Java-based enterprise applications. Spring4Shell gets its name from the Log4Shell vulnerability, one of the most critical zero-day threats ever, which affected a Java software component called Log4j and allowed hackers to take control of web servers and networks. Spring4Shell is a critical vulnerability for web applications and cloud services. Any RCE is a serious threat, and GitHub is already full of POCs (proofs of concept) that disclose the exploit publicly, so cybercriminals can’t miss it.

  • Secure your Edge Solutions with Red Hat and ZettaSet

    Modern environments, especially edge computing and 5G, are complex, highly distributed, highly multi-tenant. Such environments push enterprise data close to the edge and create numerous exposure points and attack surfaces that did not exist in legacy monolithic deployments. In the previous article, we outlined five security considerations for edge deployments. The key component that will be addressed in this post is data. Let’s walk through how Red Hat OpenShift and Zettaset XCrypt for OpenShift customers can take advantage of a platform for microservices deployments with the granular and high performance data protection and management capabilities that modern architectures require.

gzip-1.12 released

Thanks to Paul Eggert and Lasse Collin for all the work
on fixing the exploitable zgrep bug, and to Paul for
handling most of the other changes.

Here are the compressed sources:
  https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.gz   (1.3MB)
  https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz   (808KB)

Here are the GPG detached signatures[*]:
  https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.gz.sig
  https://ftp.gnu.org/gnu/gzip/gzip-1.12.tar.xz.sig

Use a mirror for higher download bandwidth:
  https://www.gnu.org/order/ftp.html

Here are the SHA1 and SHA256 checksums:

91fa501ada319c4dc8f796208440d45a3f48ed13  gzip-1.12.tar.gz
W0+xTTgxTgny/IocUQ581UCj6g4+ubBCAEa4LDv0EIU  gzip-1.12.tar.gz
318107297587818c8f1e1fbb55962f4b2897bc0b  gzip-1.12.tar.xz
zl4D5Rn2N+H4FAEazjXE+HszwLur7sNbr1+9NHnpGVY  gzip-1.12.tar.xz

The SHA256 checksum is base64 encoded, instead of the
hexadecimal encoding that most checksum tools default to.

[*] Use a .sig file to verify that the corresponding file (without the
.sig suffix) is intact.  First, be sure to download both the .sig file
and the corresponding tarball.  Then, run a command like this:

  gpg --verify gzip-1.12.tar.gz.sig

If that command fails because you don't have the required public key,
or that public key has expired, try the following commands to update
or refresh it, and then rerun the 'gpg --verify' command.

  gpg --locate-external-key jim@meyering.net

  gpg --recv-keys 7FD9FCCB000BEEEE

  wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=gzip&download=1' | gpg --import -

This release was bootstrapped with the following tools:
  Autoconf 2.71
  Automake 1.16d
  Gnulib v0.1-5194-g58c597d13b

NEWS

* Noteworthy changes in release 1.12 (2022-04-07) [stable]

** Changes in behavior

  'gzip -l' no longer misreports file lengths 4 GiB and larger.
  Previously, 'gzip -l' output the 32-bit value stored in the gzip
  header even though that is the uncompressed length modulo 2**32.
  Now, 'gzip -l' calculates the uncompressed length by decompressing
  the data and counting the resulting bytes.  Although this can take
  much more time, nowadays the correctness pros seem to outweigh the
  performance cons.

  'zless' is no longer installed on platforms lacking 'less'.

** Bug fixes

  zgrep applied to a crafted file name with two or more newlines
  can no longer overwrite an arbitrary, attacker-selected file.
  [bug introduced in gzip-1.3.10]

  zgrep now names input file on error instead of mislabeling it as
  "(standard input)", if grep supports the GNU -H and --label options.

  'zdiff -C 5' no longer misbehaves by treating '5' as a file name.
  [bug present since the beginning]

  Configure-time options like --program-prefix now work.
Read more

