Language Selection

English French German Italian Portuguese Spanish


Today in Techrights

Filed under
Syndicate content

More in Tux Machines

Debian: Turris Omnia With Debian, ClojureSYNC, Debconf 2018

  • Using the switch on Turris Omnia with Debian
    After installing Debian on Turris Omnia there are a few more steps needed to make use of the network switch. The Armada 385 CPU provides three network interfaces. Two are connected to the switch (but only one of them is used to "talk" to the switch), and one is routed directly to the WAN port.
  • ClojureSYNC Talk Resources
  • Debconf 2018, MATE 1.2.0, libqalculate transition etc
    First up is news on Debconf 2018 which will be held in Hsinchu, Taiwan. Apparently, the CFP or Call for Proposals was made just a few days ago and I probably forgot to share about it. Registration has also been opened now. The only thing most people have to figure out is how to get a system-generated certificate, make sure to have an expiry date, I usually have a year, make it at least 6 months as you would need to put up your proposal for contention and let the content-team decide it on the proposal merit. This may at some point move from alioth to salsa as the alioth service is going away. The best advice I can give is to put your proposal in and keep reworking/polishing it till the end date for applications is near. At the same time do not over commit yourself. From a very Indian perspective and somebody who has been to one debconf, you can think of the debconf as a kind of ‘khumb‘ Mela or gathering as you will. You can definitely network with all the topics and people you care for, but the most rewarding are those talks which were totally unplanned for. Also it does get crazy sometime so it’s nice if you are able to have some sane time for yourself even if it just a 5-10 minute walk.

Mozilla: Facebook-Mozilla Rift, MDN, No More Notifications (If You Want)

  • Mozilla stops Facebook advertising, demands privacy changes
    It’s probably not top of Mark Zuckerberg’s worry list this week but Mozilla Corporation, developer of the Firefox browser, is officially unhappy with Facebook.
  • Results of the MDN “Competitive Content Analysis” SEO experiment
    The next SEO experiment I’d like to discuss results for is the MDN “Competitive Content Analysis” experiment. In this experiment, performed through December into early January, involved selecting two of the top search terms that resulted in MDN being included in search results—one of them where MDN is highly-placed but not at #1, and one where MDN is listed far down in the search results despite having good content available. The result is a comparison of the quality of our content and our SEO against other sites that document these technology areas. With that information in hand, we can look at the competition’s content and make decisions as to what changes to make to MDN to help bring us up in the search rankings.
  • No More Notifications (If You Want)
    Online, your attention is priceless. That’s why every site in the universe wants permission to send you notifications about new stuff. It can be distracting at best and annoying at worst. The latest version of Firefox for desktop lets you block those requests and many others.

EUPL planned actions

A revised set of guidelines and recommendations on the use of the open source licence EUPL v1.2 published by the Commission on 19 May 2017 will be developed, involving the DIGIT unit B.3 (Reusable Solutions) and the JRC 1.4 (Joint Research Centre – Intellectual Property and Technology Transfer). The existing licence wizard will be updated. New ways of promoting public administrations' use of open source will be investigated and planned (such as hackathons or app challenges on open source software). The target date for the release of this set of guidelines on the use of the European Public Licence EUPL v1.2, including a modified Licence Wizard, is planned Q2 2018. Read more

Security: Dropbox, FUD, CNCF, 'Cloud'

  • Dropbox has some genuinely great security reporting guidelines, but reserves the right to jail you if you disagree

    Dropbox's position, however reasonable in many of its aspects, is woefully deficient, because the company reserves the right to invoke DMCA 1201 and/or CFAA and other tools that give companies the power to choose who can say true things abour mistakes they've made.

    This is not normal. Before DRM in embedded software and cloud connectivity, became routine there were no restrictions on who could utter true words about defects in a product. [...]

  • Hackers Infect Linux Servers With Monero Miner via 5-Year-Old Vulnerability [Ed: A five-year-old vulnerability implies total neglect by sysadmins, not a GNU/Linux weakness]
    Attackers also modified the local cron jobs to trigger a "watchd0g" Bash script every three minutes, a script that checked to see if the Monero miner was still active and restarted XMRig's process whenever it was down.
  • GitHub: Our dependency scan has found four million security flaws in public repos [Ed: No, GitHub just ran a scan for old versions being used and reused. It cannot do this for proprietary software, but the issues are there and the risks are no better.]
    GitHub says its security scan for old vulnerabilities in JavaScript and Ruby libraries has turned up over four million bugs and sparked a major clean-up by project owners. The massive bug-find total was reached within a month of the initiative's launch in November, when GitHub began scanning for known vulnerabilities in certain popular open-source libraries and notifying project owners that they should be using an updated version.
  • Envoy CNCF Project Completes Security Audit, Delivers New Release
    The Cloud Native Computing Foundation (CNCF) has begun a process of performing third-party security audits for its projects, with the first completed audit coming from the Envoy proxy project. The Envoy proxy project was created by ride-sharing company Lyft and officially joined the CNCF in September 2017. Envoy is a service mesh reverse proxy technology that is used to help scale micro-services data traffic.
  • Hybrid cloud security: Emerging lessons [Ed: 'Cloud' and security do not belong in the same headline because 'cloud' is a data breach, typically involving a company giving all its (and customers') data to some spying giant abroad]