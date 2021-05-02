Language Selection

today's leftovers

Misc

  • Petter Reinholdtsen: Playing and encoding AV1 in Debian Bullseye

    Inspired by the recent news of AV1 hardware encoding support from Intel, I decided to look into the state of AV1 on Linux today. AV1 is a free and open standard as defined by Digistan without any royalty payment requirement, unlike its much used competitor encoding H.264. While looking, I came across an 5 year old question on askubuntu.com which in turn inspired me to check out how things are in Debian Stable regarding AV1. The test file listed in the question (askubuntu_test_aom.mp4) did not exist any more, so I tracked down a different set of test files on av1.webmfiles.org to test them with the various video tools I had installed on my machine.

  • Red Hat Summit to address the open hybrid cloud ecosystem

    Recently, Red Hat’s president and CEO, Paul Cormier spoke at length about the CIO’s paradox. On one hand, they’re expected to keep track of the latest trends in technology, but it’s another matter when it comes to actually evaluating and implementing technologies for their organisations.

  • How to Build Linux Server to Full Desktop - Invidious

    This makes the fastest, minimal desktop with only the packages you choose! Learn how to make your own Linux Distribution and make your system exactly the way you want!

Kernel: HarmonyOS 3.0, OnePlus, and Brendan Gregg Quits Netflix

  • Huawei Nova 8 SE 4G grabbing HarmonyOS 2.0.0.155 software update [Ed: They don't talk about it, but it is based on Linux apparently]

    Huawei has pushed a new software update for the Nova 8 SE 4G that comes with HarmonyOS 2.0 version 2.0.0.155 in China. The new information reveals that the latest update brings March 2022 HarmonyOS security improvements for better system security.

  • HarmonyOS 3.0 coming in September, first betas to roll out next month [Ed: Apparently Linux based as it's Android/AOSP]

    The third major version of Huawei’s Harmony OS was announced in October of last year with the first Developer Preview coming out a few weeks later. However, development seems to have hit a bit of a snag, so the rollout schedule had to be pushed back.

  • OnePlus 10 Pro kernel source code publicly released - 9to5Google

    After a delayed release, the OnePlus 10 Pro is now available in global markets for eager fans to snap up. For third-party ROM developers and tinkerers, we have good news with the release of the OnePlus 10 Pro kernel source code — which is now publicly available.

  • OnePlus 10 Pro kernel source code is now available

    OnePlus finally took the wraps off the global variant of the OnePlus 10 Pro, but the company slacked off a bit and did not give us the kernel sources right after the launch. If you have already managed to score one for yourself for the sake of tinkering, we have good news for you. To facilitate custom development, the Chinese OEM has now released the kernel sources for the OnePlus 10 Pro.

  • Netflix End of Series 1 [Ed: Brendan Gregg quits Netflix]

    Last time I quit a job, I wanted to share publicly the reasons why I left, but I ultimately did not. I've since been asked many times why I resigned that job (not unlike The Prisoner) along with much speculation (none true).

Games: Steam and More Proprietary Stuff

  • Steam on Chrome OS explainer dashes hopes of easy modding

    One of the most interesting things about covering Google's technologies and products is how communicative the company can be when explaining how things work. It recently kicked off the first part of a planned series illuminating how it finagled Steam on Chromebooks. In this first high-level overview of the technologies involved, one key fact has already been detailed: Modifying games (even just to tweak configuration files) might be pretty hard, if not impossible.

  • 'You can't really gamify compassion': Jenova Chen on building ethical free-to-play games [Ed: If it's not free as in free software, can it still be ethical rather than monopoly?]

    Hello, and welcome to Protocol Entertainment, your guide to the business of the gaming and media industries. This Tuesday, we’re chatting with Thatgamecompany co-founder Jenova Chen about ethical game design on mobile, as well as taking a closer look at Epic’s new $2 billion funding round and its metaverse ambitions with The Lego Group.

  • Teardown: Valve Steam Deck

    The Steam Deck is not the first attempt at a handheld for PC gaming, but it does come with a pedigree and a market-friendly price. Since 1996, Valve has evolved from game developer (the Half-Life franchise) into being a major online market for PC games, into offering an open-hardware platform (Steam Engine) and now, fully into the console market after a flirtation with peripherals.

  • Report: More PCs Running Windows XP, 7, and 8 Than Windows 11 [Ed: Microsoft boosters are alarmed by the failure that is Vista 11]

Openwashing and Free Software

  • NAB 2022: TAG Integrates Redis Within Realtime Media Performance Platform [Ed: And why a dash in "open-source"? Because it's misleading...]

    Redis serves as a pipeline that connects the levels of TAG’s platform, a 100% IP 100% software open-source solution that monitors, aggregates, manages and utilizes data-driven viewer analytics. The foundation of the RMP is TAG’s Multi-Channel Monitoring (MCM) system, that monitors every type of signal from live production through OTT delivery, providing deep monitoring for critical analysis into signal health.

  • Elon Musk, Twitter, and the Weaponization of Open Source

    When we talk about “open sourcing” something, that’s a big part of it, right? We want to be able to run it ourselves. We want to be able to take the code and adapt it and tweak it to our needs, on our own servers. We want to collectively help out, fixing bugs and contributing to that codebase.

  • From C to Python: The evolution of programming languages in the last 50 years

    The book, The C Programming Language, by Bell Labs’ Brian Kernighan and Dennis Ritchie, played a defining role in the development and popularisation of C. The book, released in 1978, is still widely read.

  • Understanding software copyright and licences

    A copyright gives a creator the legal right to own, distribute and profit from his or her creative work. Software, like any other technology has all shades of licences facilitating its use. On one end of the spectrum, there is proprietary software which is to be purchased as a one-time transaction or as yearly licences. A popular example is Microsoft Windows which is purchased along with the computer or Microsoft Office which typically has a yearly licence that has to be renewed upon payment. On the other hand, there are different kinds of software licences that allow free use of software. There is the Creative Commons licence (CC) which is public domain: any software or work that is in CC can be used and distributed free of cost. For example, Wikipedia is under CC and hence its contents can be used freely with the condition that attribution is made to Wikipedia (this is called ‘Creative Commons – Attribution-ShareAlike).

  • Stamus Networks Announces Availability of SELKS 7

    SELKS is a Stamus Networks contribution to the open-source community and is released, at no cost, under the GNU GPLv3 license as ISO images, Docker package, or as source code.

  • Kubernetes Crosses the Chasm, and Other Lessons from the 2021 CNCF Survey
  • OpenMetal Joins the Open Infrastructure Foundation

    Open source software and community advocate, OpenMetal, is increasing its commitment to open source, building upon an Open Infrastructure Foundation (OIF) membership.

  • VuFind® Joins the Open Library Foundation

    By joining the Open Library Foundation, VuFind will benefit from infrastructure support including legal, operational, administrative, and financial resources. The foundation is also able to ensure that VuFind is owned by the VuFind community and is able to expand beyond the interests of any single entity.

  • JD com : Explore Academy's Qiling Framework Accepted in GSoC 2022

    The Qiling framework developed by the Shepherd Lab of JD Explore Academy has been accepted in GSoC (Google Summer of Code) 2022 after recommendation by The Honeynet Project. Starting from 2005, GSoC has been devoted to helping contributors find open source projects. More than 18,000 students from 112 countries, who get help from 17,000 mentors of 746 open source organizations, have written more than 40M lines of code in fields they love.

  • Identifying Europe's Critical Open Source Software - FOSSEPS

    FOSSEPS stands for Free and Open Source Solutions for European Public Services and is an initative by the EU Commission to identify the most critical open source software used by European Public Services. Open Source Software powers everything, from modern servers, to IoT, to the desktops at work and is at the heart of the European Union systems too. It is so important that the European Commission's Open Source Programme Office has decided to offer bug bounties on popular open source software as described in "European Union Will Pay For Finding Bugs In Open Source Software". The issue with the bug bounty was which apps were going to be labeled as critical or important in order to allocate resources to them. This is the same problem faced by the Open Source Security Foundation in its effort to make open source software sustainable and for which the Criticality Score Project was set up. This has already led to critical OSS projects being identified, most recently with the publication of "Census II of Free and Open Source Software - Application Libraries", as we reported last month.

Security Leftovers

  • Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene | ZDNet

    A new botnet is targeting routers, Internet of Things (IoT) devices, and an array of server architectures.

  • SPRING4SHELL: THE NEW ADDITION TO THE TRENDING ZERO-DAY EXPLOITS - Kratikal Blogs
  • Spring4Shell under active exploit by Mirai botnet herders • The Register

    There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to run the Mirai botnet. Mirai is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things (IoT) devices, such as IP cameras and routers, into a botnet that can then be used in such campaigns as distributed denial-of-service (DDoS) and phishing attacks. The Trend Micro researchers wrote in a post that they observed the bad actors weaponizing and run Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.

  • Best Ethical Hacking Tools & Software 2022 | IT Business Edge

    Hacking is the use of any tools or technology to obtain unauthorized access to or circumvent security measures of a computer system or network. An ethical hacker is an independent security tester who checks computer systems, networks, and programs, looking for potential vulnerabilities that an attacker could exploit. Ethical hackers use the same tools and techniques as malicious hackers; however, they do it to improve system security and uphold privacy policies and standards instead of causing damage or stealing information. Examples include penetration testing and vulnerability scanning.

  • Career progression often lies ‘beyond your comfort zone’

    Throughout this week, we’ve heard from a variety of infosec professionals about what first drew them to security, from PwC’s Katherine Cancelado starting to learn RedHat and Debian Linux at age 12 to Nitro’s David Lenoe getting to grips with new tech during a third-party security review. Elly Stritch studied business information systems at University College Cork and it was here that her interest in cybersecurity began.

  • ‘Not everything in cybersecurity is hacking’

    Katherine Cancelado’s interest in cybersecurity was sparked when she was about 12 years old and she started learning RedHat and Debian Linux. This led her to a variety of tech communities where she learned more and shared her knowledge, and started engaging with cybersecurity without even realising it. “I learned so much about how to create secure and optimal configurations for different systems and applications, and this was what caused me to move towards cybersecurity as a way to make things better and not to simply make things work,” she told SiliconRepublic.com.

  • Ukraine Thwarts Cyberattack on Electric Grid, Officials Say

    Customized malware targeted not only Microsoft Corp. Windows-based systems, but also those running on common Unix platforms Linux or Solaris, Mr. Boutin said.

  • PS5 Firmware 5.02 & PS4 Firmware 9.51 released, in context of FreeBSD heap buffer overflow vulnerability. Do not update - Wololo.net

    PlayStation pushed PS5 Firmware 22.01-05.02.00 (PS5 5.02) and PS4 Firmware 9.51 yesterday. Those are your typical “improves system performance” updates, but as always, we (and several prominent members of the hacking scene) recommend you do not update your console, if you can, and if you’re expecting to Jailbreak it eventually.

  • Experts warn of concerns around Microsoft RPC bug

    Cybersecurity experts and researchers have raised alarms around a vulnerability disclosed by Microsoft Tuesday concerning Windows hosts running the Remote Procedure Call Runtime (RPC).

  • Critical Infrastructure, ICS/SCADA Systems Under Attack by Advanced Threat Groups

    Such lateral movements are often used to escalate privileges, for example, in Active Directory.

  • Is API Security on Your Radar?

    Cybercriminals are targeting APIs more aggressively than ever before, and businesses must take a proactive approach to API security to combat this new aggression.

  • 6 Browser Extensions to Protect You From Cyberattacks - CNET

    The first three browser extensions in this list -- HTTPS Everywhere, Privacy Badger and uBlock Origin -- have enjoyed some long-standing recommendations from CNET reviewers. The HTTPS Everywhere extension is available through a partnership between the Electronic Frontier Foundation and the TOR Project. Many websites use secure connections already, but some don't, leaving their visitors vulnerable to threats, like having malware delivered to their device. If you're visiting an unprotected website, HTTPS Everywhere checks to see if it offers a secure connection. If one is available, the add-on forces the site to use that connection.

  • Backup frustration brought this CTO to forefront of ransomware protection [Ed: Ransomware is primarily a Microsoft Windows problem]

    INTERVIEW As CTO of The New York Times two decades ago, Andres Rodriguez became frustrated with the time-consuming and unreliable process of backing up massive amounts of data that was only tested when it failed.

  • Arcserve enhances key ransomware defence solution
  • Pentera Labs finds new vulnerability in vCenter VMWare impacting over 500K appliances [Ed: While VMWare run viciously anti-Linux PR campaigns its own proprietary software was being breached without patches available]

    New patch issued by VMware for Information Disclosure vulnerability CVE-2022-22948 discovered by Pentera Labs’ Yuval Lazar, Senior Security Researcher.

  • Microsoft's huge Patch Tuesday includes fix for bug under attack [Ed: Not just by NSA anymore?]

    Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. In total, the Redmond giant patched over 100 bugs today, including 10 critical remote code execution (RCE) vulnerabilities.

