KDE: Tasks, Gear, and Kdenlive

Wednesday 1st of June 2022 08:49:35 PM
KDE

  • My week in KDE: Improvements to Tasks

    This past week I mainly worked on two things, getting Tasks to remember its window size and position and adding a way to search through tasks.

    [...]

    Next is the search feature, I thought it would be pretty cool if this worked similarly to the less command line utility. The way it works in less is after you type the / character, everything after that will be the search pattern.

  • KDE Gear 22.08 release schedule finalized
  • SCAM: Lightmoon IS NOT Kdenlive. Lightmoon is MALWARE.

    We have been notified of a site that is using Kdenlive’s name and likeness to distribute malware to users. We will not be linking to the site to avoid accidental downloads, but if a search lands you on a site offering “lightmoon”, “a free video editor” that looks in the screenshots identical to Kdenlive, this is malware.

Audiocasts/Shows/Video: FLOSS Weekly, Flatpaks, Alma Linux, LXLE Focal

Istio 1.14 and Visual Guide to Kubernetes Networking Fundamentals

  • Announcing Istio 1.14

    This is the second Istio release of 2022. We would like to thank the entire Istio community for helping to get Istio 1.14.0 published. Special thanks are due to the release managers Lei Tang (Google) and Greg Hanson (Solo.io), and to Test & Release WG lead Eric Van Norman (IBM) for his help and guidance.

  • Istio 1.14 Upgrade Notes

    When you upgrade from Istio 1.13.x to Istio 1.14.0, you need to consider the changes on this page. These notes detail the changes which purposefully break backwards compatibility with Istio 1.14.0. The notes also mention changes which preserve backwards compatibility while introducing new behavior. Changes are only included if the new behavior would be unexpected to a user of Istio 1.13.x. Users upgrading from 1.12.x to Istio 1.14.0 should also reference the 1.13.0 change logs.

  • Istio 1.14 Change Notes

    This feature is intended primarily for use on VMs, where system administrators need to restrain interception of the outgoing traffic down to a few applications instead of intercepting all outgoing traffic. By default, as before, the Istio Sidecar will intercept outgoing traffic from all processes, no matter what user groups they are running under.

  • A visual guide to Kubernetes networking fundamentals | Opensource.com

    Moving from physical networks using switches, routers, and ethernet cables to virtual networks using software-defined networks (SDN) and virtual interfaces involves a slight learning curve. Of course, the principles remain the same, but there are different specifications and best practices. Kubernetes has its own set of rules, and if you're dealing with containers and the cloud, it helps to understand how Kubernetes networking works.

Security Leftovers

  • Cops' Killer Bee stings credential-stealing scammer [Ed: Microsoft Windows TCO]

    "It will also exfiltrate credentials from multiple software programs like Google Chrome, Mozilla Firefox, and Microsoft Outlook — making its potential impact truly catastrophic," Qualys Principal Research Engineer Ghanshyam More wrote in a technical analysis earlier this year.

  • Global tech industry objects to India’s new infosec reporting regime

    Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy. The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers’ names, dates on which services were used, and even customer IP addresses, and store that data for five years. Another requirement is to report over 20 types of infosec incident, even port scanning or attempted phishing, within six hours of detection. Among the reportable incidents are “malicious/suspicious activities” directed towards almost any type of IT infrastructure or equipment, without explanation of where to draw the line between malicious and suspicious activity. The new rules attracted plenty of local criticism on grounds that a six-hour reporting window is too short, the requirement to record VPN users’ details is an attack on privacy, and that the requirements are too broad and therefore represent an onerous compliance burden.

  • Clever — and Exploitable — Windows Zero-Day

    Researchers have reported a still-unpatched Windows zero-day that is currently being exploited in the wild.

  • Code execution 0-day in Windows has been under active exploit for 7 weeks | Ars Technica

    A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products. The Microsoft Support Diagnostic Tool vulnerability was reported to Microsoft on April 12 as a zero-day that was already being exploited in the wild, researchers from Shadow Chaser Group said on Twitter. A response dated April 21, however, informed the researchers that the Microsoft Security Response Center team didn't consider the reported behavior a security vulnerability because, supposedly, the MSDT diagnostic tool required a password before it would execute payloads.

Red Hat/IBM Leftovers

  • Red Hat to help DOE to containerize supercomputing • The Register

    Cloud-native architectures have changed the way applications are deployed, but remain relatively uncharted territory for high-performance computing (HPC). This week, however, Red Hat and the US Department of Energy will be making some moves in the area. The IBM subsidiary – working closely with the Lawrence Berkeley, Lawrence Livermore, and Sandia National Laboratories – aims to develop a new generation of HPC applications designed to run in containers, orchestrated using Kubernetes, and optimized for distributed filesystems. The work might also make AI/ML workloads easier for enterprises to deploy in the process.

  • Happy third anniversary, Enable Sysadmin!

    In just three years, this community site "by sysadmins, for sysadmins" has given millions of people information to help them do their work better.

  • Red Hat Learning Subscription Premium enables learning around the globe

    In the first quarter of 2022, the labor market continued its trend of what has been coined the "great resignation," leaving many organizations competing to recruit and retain top talent. Red Hat continues to iterate its training offerings to keep pace with the changing needs of this talent as well as the landscape of technology. Employees who participate in Red Hat Training average longer tenures and higher satisfaction with their jobs. Further, 75% of Red Hat Learning Subscription users agree that the subscription makes it faster and easier for them to troubleshoot issues with Red Hat technologies and 84% agree that they feel more confident on the job as a result of their training.

  • Improved analysis of IBM Power environments with Red Hat Insights

    As part of Red Hat’s hybrid cloud vision, Red Hat Insights is available on all actively supported versions of Red Hat Enterprise Linux (RHEL), to help continuously analyze platforms and applications and better predict potential risk, no matter where RHEL is actually deployed. Even with this relative ubiquity of the service, we’ve never had IBM Power-specific recommendations in Insights — until now. Insights now integrates with an offering from IBM, the IBM Fix Level Recommendation Tool (FLRT). IBM FLRT provides cross-product compatibility information and fix recommendations for IBM products. One of the main IBM FLRT use cases is to plan upgrades of key components and to verify the installed software and firmware level to assess health and stability of your IBM Power systems.

