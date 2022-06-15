The US military wants to understand the most important software on Earth
Now DARPA, the US military’s research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it’s too late.
DARPA’s “SocialCyber” program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It’s different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.
“The open-source ecosystem is one of the grandest enterprises in human history,” says Sergey Bratus, the DARPA program manager behind the project.
Security Leftovers
-
“Pass the SALT” (PTS) is a small IT security conference in Lille, France. It has less participants than speakers at the RSA conference. I gave talks at both events. RSA is a lot more prestigious event, but I still prefer PTS. Why?
-
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses, insights, and commentaries on computer security and cryptography. In this issue, Random Notes on the SQL Slammer, The Importance of Authentication, and a nice analysis of Matt Blaze's door locks attack in Locks and Full Disclosure. "I'd rather have as much information as I can to make an informed decision about security. I'd rather have the information I need to pressure vendors to improve security. I don't want to live in a world where locksmiths can sell me a master key system that they know doesn't work or where the government can implement security measures without accountability.". . .
-
Security updates have been issued by Debian (request-tracker4), Fedora (kernel and vim), Mageia (gerbv, gnupg2, pgadmin4, and python-coookiecutter), Slackware (xorg), SUSE (cifs-utils, gmp, gnutls, libnettle, kernel, libsolv, libzypp, zypper, logrotate, openssl-1_1, opera, squid, and virglrenderer), and Ubuntu (ca-certificates, git, linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon, linux, linux-aws, linux-azure, linux-azure-5.4, linux-azure-fde, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-kvm, linux, linux-aws, linux-azure, linux-gcp, linux-gke, linux-ibm, linux-kvm, linux-lowlatency, linux-oracle, linux-aws, linux-oem-5.14, and vim).
-
Containerized environments can be relatively complex to secure, particularly for enterprise teams used to more traditional network security processes and strategies. There was initial optimism that containerized infrastructure would actually be more inherently secure because microservices are limited in function and can be hardened. The reality, though, has proved otherwise.
Here are five reasons why securing container and Kubernetes environments requires new approaches that must diverge from—and go beyond—traditional security capabilities.
Red Hat Leftovers
-
I did the RHCE exam some time ago, and still there are some tricks and advices I tell the people to bear in mind some of the things I used and that were also provided in the Red Hat Enterprise 8 Administration book:
Don’t remember every step, it’s not effective, for example as I don’t recall syntax for BIND, I do remember package that has some files with examples and I use that one to check what I need to do
-
A little over a year ago, Rocky Linux arrived, and it was an instant hit. Rocky Linux, the brainchild of CentOS co-founder and high-performance computing (HPC) veteran Gregory Kurtzer has come a long way since then. First, the Linux distro became available on the major public clouds. Now, Rocky Linux 9, a Red Hat Enterprise Linux (RHEL) 9 clone, has arrived.
But, Rocky Linux 9 is not just another RHEL clone. True, like its rivals, such as AlmaLinux 9, it is based on CentOS Stream and duplicates RHEL 9's functionality. But, to me, the real killer difference is that the new Rocky Linux comes with an open-source build system called Peridot.
-
It takes more than a promotion or job title to make a great leader. The best are those who constantly strive to improve their leadership skills – and who are thoughtful in their words, actions, and how they show up for their people every day.
Recently, finalists in the 2022 National CIO of the Year ORBIE Awards each shared a piece of advice they had collected over their careers. We’ve rounded up the 9 best quotes on leadership below. Read on, or download the complete quote book for advice on leadership, soft skills, career development, strategy, and more.
-
This issue in a monthly column covers improvements in Apache Kafka, including the release in progress, 3.3.0, and recent Kafka Improvement Proposals.
-
This is a summary of the work done on initiatives by the CPE Team. Each quarter CPE Team together with CentOS and Fedora community representatives choose initiatives that will be being worked on in this quarter. The CPE Team is then split into multiple smaller sub-teams that will work on chosen initiatives + day to day work that needs to be done.
Canonical/Ubuntu: Lubuntu 22.04 Backports PPA, Ubuntu Studio 21.10 EoL, and More
-
The Lubuntu Team is happy to announce that the Lubuntu Backports PPA is now available as a beta. Please see details below to help us test it.
-
As of July 14, 2022, all flavors of Ubuntu 21.10, including Ubuntu Studio 21.10, codenamed “Impish Indri”, have reached end-of-life (EOL). There will be no more updates of any kind, including security updates, for this release of Ubuntu.
If you have not already done so, please upgrade to Ubuntu Studio 22.04 LTS via the instructions provided here.
No single release of any operating system can be supported indefinitely, and Ubuntu Studio has no exception to this rule.
-
Welcome to the Ubuntu Weekly Newsletter, Issue 743 for the week of July 3 – 9, 2022.
-
Welcome to the Ubuntu Weekly Newsletter, Issue 742 for the week of June 26 – July 2, 2022.
-
Google details the benefits of moving from "big bang" OS upgrades to rolling releases. It saved its engineers from burn out.
Recent comments
19 min 31 sec ago
20 min 23 sec ago
37 min 42 sec ago
7 hours 59 min ago
10 hours 12 min ago
10 hours 15 min ago
17 hours 30 min ago
17 hours 37 min ago
17 hours 44 min ago
21 hours 40 min ago