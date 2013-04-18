Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Submitted by Roy Schestowitz on Tuesday 21st of June 2022 09:26:32 PM Filed under
Security
  • Security updates for Tuesday [LWN.net]

    Security updates have been issued by Debian (tzdata), Oracle (cups), and SUSE (atheme, golang-github-prometheus-alertmanager, golang-github-prometheus-node_exporter, node_exporter, python36, release-notes-susemanager, release-notes-susemanager-proxy, SUSE Manager 4.1.15 Release Notes, SUSE Manager Client Tools, and SUSE Manager Server 4.2).

  • Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

    Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both. (The Center for American Progress wrote a good summary and evaluation of them. I have written in support of the bill that would force Google and Apple to give up their monopolies on their phone app stores.)

    There is a significant problem, though. Both bills have provisions that could be used to break end-to-end encryption.

    Let’s start with S. 2992. Sec. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers “have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks.” That language is far too broad. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer). All Apple would need to do is point to any number of FBI materials decrying the security risks with “warrant proof encryption.”

  • Slim.AI introduces beta software supply chain container security as a service | ZDNet

    This service is being built on the foundation of Slim.AI's open-source project, DockerSlim. This popular developer program optimizes and secures your containers by analyzing your code and throwing away unnecessary code, thus "slimming" down your containers' attack surface. It also can reduce the size of your container by up to 30x.

  • 5 Best Practices When Implementing a Container Strategy

    Software developers must be vigilant in regards to their use of hardware resources. Dedicated hardware is often expensive to buy, run, and maintain—and there’s only so much room in a data center for extra servers.

    The ability to run multiple virtual machines on one piece of hardware makes virtualization a good option. Yet, each virtual machine must include its own guest OS and everything that entails. That eats up system resources. These days, using virtualization is like using stock music when you could be using a full orchestra. When it comes to scalability, consistency and efficiency, there is a better way: You should be considering implementing a container strategy.

  • OpenSSF details advancements in open-source security efforts | VentureBeat

    Open-source security is currently undergoing a period of accelerated change, thanks in no small part to the efforts of the Linux Foundation’s OpenSSF (Open Source Security Foundation).

»

More in Tux Machines

Open Hardware/Modding: Arduino and RISC-V

  • This high-speed Arduino pen plotter creates drawings in mere minutes | Arduino Blog

    Pen plotting projects are everywhere nowadays, with the vast majority using a couple of stepper motors for moving the writing utensil and a servo to raise or lower it. But they are quite slow due to the lack of rigid assembly and because the servo motor takes around a second to move the pen. This problem is what drove YouTuber IV Projects to create a very novel design that swaps out the servo for another stepper motor and drastically increases drawing speed. Just like most other pen plotters, the X-axis is driven by a NEMA17 stepper motor with a timing belt attached to the central pen carriage. However, the Y-axis takes a different approach by relying on a pair of rollers that are covered in 120-grit sanding bands, which help to grab the paper securely and move it whenever the stepper motor rotates the drive wheel. This helps to minimize slipping compared to rubber rollers and is much faster than a belt-driven design.

  • RISC-V Announces First New Specifications of 2022, Adding to 16 Ratified in 2021 | RISC-V International
  • Think Silicon to Unveil Industry’s First RISC-V 3D GPU at Embedded World 2022

    Think Silicon®, a leader in ultra-low power graphics IP, will showcase the industry’s first RISC-V-based GPU – the NEOX™ G-Series & A-Series – at Embedded World 2022. The company will also introduce the NEMA®|pico-VG, the latest in the NEMA®|GPU-Series for MCU-driven SoCs – which supports rich vector graphics and improves system efficiency by offloading CPU utilization up to 95%.

FSFE Legal Network LLW Conflict of Interest Scandal: Polina Malaja, Open Invention Network

In 2019, we published evidence of a conflict of interest scandal at the FSFE Legal & Licensing Workshop (LLW). We redacted the names. Following subsequent actions from FSFE, we now publish the full email. Open Invention Network (OIN) was responsible for the scandal. Read more

Your authorization to use the Debian trademark in domain names

Personally, I've been doing things with Debian and free software for almost thirty years. I was really shocked when I heard that Debian funds were being used to try and shut down independent, volunteer-run web sites publishing news about Debian itself. I had a closer look at the situation myself and realized that nobody has registered a Debian trademark in Switzerland. Therefore, the Software Freedom Institute submitted an application for the mark. The application was submitted on 14 May 2022 and granted on 8 June 2022. Software Freedom Institute SA immediately published a statement authorizing legitimate use of the trademark in domain names. It appears really bizarre that some rogue members of Debian have collaborated for months with an expensive lawyer and yet none of them bothered to ensure they were holding a registration in Switzerland before filing their attacks at WIPO. The Swiss Institute for Intellectual Property charges a fee of just CHF 550 to register a trademark. That is less than what Debian pays for two hours with their lawyer. Einstein himself used to work there but you don't need to be Einstein to realize who got better value for their money in this case. Read more Also: Louis-Philippe Véronneau: Montreal's Debian & Stuff - June 2022

Videos: "Normies", GitHub & GitLab, Manjaro 21.3.0 Xfce Edition

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6