Security and Proprietary Software

Submitted by Roy Schestowitz on Friday 29th of April 2022 02:20:35 PM
Misc
  • Increasing the security bar in Ingress-NGINX v1.2.0

    The Ingress may be one of the most targeted components of Kubernetes. An Ingress typically defines an HTTP reverse proxy, exposed to the Internet, containing multiple websites, and with some privileged access to Kubernetes API (such as to read Secrets relating to TLS certificates and their private keys).

    While it is a risky component in your architecture, it is still the most popular way to properly expose your services.

    Ingress-NGINX has been part of security assessments that figured out we have a big problem: we don't do all proper sanitization before turning the configuration into an nginx.conf file, which may lead to information disclosure risks.

  • Organisations must report cyber security breach within six hours [iophk: Windows TCO]

    According to the latest order, data centres, virtual private server (VPS) providers, cloud service providers and virtual private network service (VPN Service) providers need to register the accurate information related to subscriber names, customer hiring the services, ownership pattern of the subscribers etc, and maintain them for five years or longer duration as mandated by the law.

  • Microsoft study unclear on impact of Ukraine attacks: researcher [iophk: Windows TCO]

    "Yet it tells us little about the impact of these operations, especially on the strategic level. The report is clear about this, noting 'Microsoft is not able to evaluate their broader strategic impact'."

  • Pulseway announces extended functionality for macOS and Linux, plus deep IT Glue integration
  • Blizzard’s Plan To Combat Emulation Of New ‘Diablo’ Title: Just Release It On PC

    Over the past few years, we’ve seen a flurry of activity centering around video game emulation. Much of that has been focused on how a few companies, namely Nintendo, have reacted to emulation sites. Almost universally, these companies see emulation as a threat and try to get them shut down. Often times those same companies use the market demand in the public that those emulation sites created to sell inferior versions of these older or emulatable games. In other words, the lesson learned here is that the default gaming industry position on emulation is that it must be destroyed so that the company’s wares can only be bought and used in the manner in which that company desires, market demand be damned.

  • Simple PDF Linking to Malicious Content

    Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they don’t contain an exploit to trigger a vulnerability and infect the victim’s computer. They are just used as a transport mechanism to deliver more malicious content. Yesterday, Didier analyzed the same kind of Word document[1]. They are more and more common because they are (usually) not blocked by common filters at the perimeter.

More in Tux Machines

Games: Projekt Z, ProtonUp-Qt, and More

  • Easy GE-Proton installer ProtonUp-Qt now shows Steam Deck compatibility | GamingOnLinux

    ProtonUp-Qt is great. A very simple application that allows you to download extra compatibility layers for Linux desktops and the Steam Deck and now it's even better. This tool helps you install GE-Proton (formerly Proton-GE) and Luxtorpeda for Steam, plus it also helps with Wine-GE for the game managers Lutris and Heroic Games Launcher.

  • Absolute classic Seven Kingdoms: Ancient Adversaries gets a new upgrade | GamingOnLinux

    Seven Kingdoms: Ancient Adversaries, an absolute classic strategy game originally from Enlight Software that released in the 90s and later become open source just had a surprise update. While you can buy it from stores like GOG and Steam, it's not needed since the open source release includes the game data too. The open source release is far more advanced too, and cross-platform.

  • Mistlands in Valheim will have strange structures — and Hares | GamingOnLinux

    As work continues on the major Mistlands update for Valheim, Iron Gate have given us another teaser of what's to come for their co-op survival game. Firstly, a video they did earlier this month that I missed, is that Valheim will have Hares hopping around in the Mistlands.

  • First-person zombie co-op shooter Projekt Z is up on Kickstarter | GamingOnLinux

    Projekt Z from German studio 314 Arts is now live on Kickstarter, with an ambitious plan to release a free to play shooter that's supported on Linux. A game that I've followed for quite some time, as their early development blog videos were pretty impressive and they definitely left the impression of knowing what they're doing. It will be interesting to see how the crowdfunding goes, especially since they're asking for funds for what will be free to play.

  • Owlboy gets a nice upgrade, should now work great on the Steam Deck | GamingOnLinux

    Owlboy, a rather sweet story-driven platformer developed by D-Pad Studio has been updated and it's quite a major change for the tech behind it that will make it run nicely on the Steam Deck. Currently, the game has an "Unsupported" rating but this should hopefully move it over to Verified.

The future of Linux: Fedora project leader Matthew Miller weighs in

I think, fundamentally, the problem is that there’s not a mass-market for operating systems at all. Some people, of course, find technology at this level fascinating — probably a lot of the folks interested in reading what you and I have to say about it. But, relative to even other geeky pursuits which have become mainstream (hello, grown-ups who build cool LEGO things! hello, fellow D&D nerds!), caring about your operating system at all is pretty esoteric. There is certainly a market for operating systems at a corporate level, in the enterprise and for millions of different technology use cases businesses need to solve. Something has to power the cloud, and there needs to be a platform for all the software that a modern electric car needs to run. Those markets have actually already decided that the answer is Linux, and those are definitely markets with a lot of money at stake. Read more

Wireless Ear Buds Powered by Open Source? Sounds Good To Me!

A pair of high-end in-ear wireless headphones called PineBuds are on the horizon. These includes features most would expect in 2022, like ambient and environment noise cancellation, and a lengthy battery life. The earbuds will also be end-user flashable, opening up a world of possible uses. But first things first: as with other products produced by Pine64 the story starts with developers. Read more

Mastodon Gaining at Twitter's Expense

                           
  • What is Mastodon?
                               
                                   

    Mastodon is an open-source, decentralized social network founded back in 2016. It has seen a surge of new users over the last 24 hours.

                                   

    Mastodon saw a similar spike in popularity in response to Twitter's content moderation practices in 2019, particularly from users in India.

                               
                           
    •                        
  • Mastodon Gains 30,000 New Users After Musk Buys Twitter
                               
                                   

    Mastodon functions a lot like Twitter, but it operates as a decentralized social network through thousands of independent servers that each have their own rules. “Anyone can become such a provider as Mastodon is free and open-source,” Rochko added. “It has no ads, respects your privacy, and allows people/communities to self-govern.”

                                   

    However, Mastodon itself is a nonprofit, so it doesn’t have the resources of a major tech company like Twitter or Facebook. Its user base also remains small. Rochko estimates Mastodon has over 3 million registered users; Twitter has 217 million daily active users.

                               
                           
    •                        
  • What Elon Musk Can Learn From Mastodon—and What He Can’t
                               
                                   

    Musk’s vision has fueled uncertainty about what the future of Twitter may look like. But many of those ideas are already at work on another social network, one that thousands of people have flocked to in recent days: Mastodon.

                                   

    Mastodon emerged in 2016 as a decentralized alternative to Twitter. It is not one website, but a collection of federated communities called “instances.” Its code is open source, which allows anyone to create an “instance” of their own. There is, for example, metalhead.club, for German metalheads, and koyu.space, a “nice community for chill people.” Each instance operates its own server and creates its own set of rules. There are no broad edicts about what people can and cannot say across the “fediverse,” or the “federated universe.” On Mastodon, communities police themselves.

                               
                           

