Debian News (manpages and TeX Live)
https://manpages.debian.org has been modernized! We have just launched a major update to our manpage repository. What used to be served via a CGI script is now a statically generated website, and therefore blazingly fast.
While we were at it, we have restructured the paths so that we can serve all manpages, even those whose name conflicts with other binary packages (e.g. crontab(5) from cron, bcron or systemd-cron). Don’t worry: the old URLs are redirected correctly.
As the freeze of the next release is closing in, I have updated a bunch of packages around TeX: All of the TeX Live packages (binaries and arch independent ones) and tex-common. I might see whether I get some updates of ConTeXt out, too.
Last week, news came out that unprotected MongoDB databases are being actively compromised: content copied and replaced by a message asking for a ransom to get it back. As The Register reports: Elasticsearch is next.
Protecting access to Elasticsearch by a firewall is not always possible. But even in environments where it is possible, many admins are not protecting their databases. Even if you cannot use a firewall, you can secure connection to Elasticsearch by using encryption. Elasticsearch by itself does not provide any authentication or encryption possibilities. Still, there are many third-party solutions available, each with its own drawbacks and advantages.
Getting physically fit is a typical New Year's resolution. Given that most of us spend more time online than in a gym, the start of the new year also might be a great time to improve your security “fitness.” As with physical fitness challenges, the biggest issue with digital security is always stagnation. That is, if you don't move and don't change, atrophy sets in. In physical fitness, atrophy is a function of muscles not being exercised. In digital fitness, security risks increase when you fail to change passwords, update network systems and adopt improved security technology. Before long, your IT systems literally become a “sitting duck.” Given the volume of data breaches that occurred in 2016, it is highly likely that everyone reading this has had at least one breach of their accounts compromised in some way, such as their Yahoo data account. Hackers somewhere may have one of the passwords you’ve used at one point to access a particular site or service. If you're still using that same password somewhere, in a way that can connect that account to you, that's a non-trivial risk. Changing passwords is the first of eight security resolutions that can help to improve your online security fitness in 2017. Click through this eWEEK slide show to discover the rest.
10th anniversary edition of Pwn2Own hacking contest offers over $1M in prize money to security researchers across a long list of targets including Virtual Machines, servers, enterprise applications and web browsers.
Over the last decade, the Zero Day Initiative's (ZDI) annual Pwn2Own competition has emerged to become one of the premiere events on the information security calendar and the 2017 edition does not look to be any different. For the tenth anniversary of the Pwn2Own contest, ZDI, now owned and operated by Trend Micro, is going farther than ever before, with more targets and more prize money available for security researchers to claim by successfully executing zero-day exploits.
In another case of scammers trying to buy keys with often stolen credit cards to sell on websites like G2A, the developers of 'Factorio' have written about their experience with it (and other stuff too).
Red Hat News
New release of Red Hat's enterprise-grade container platform is based on the recent Kubernetes 1.4 milestone, adding new dynamic storage capabilities and an enhanced dashboard.
Red Hat announced the release of its OpenShift Container Platform 3.4 on Jan. 18, providing enterprises with new container management capabilities. The new release follows the OpenShift Container Platform 3.3 milestone that debuted in September 2016.
Development News: LLVM, New Releases, and GCC
Hans Wennborg of Google, serving as the LLVM release manager, has announced the tagging of the first release candidate of the forthcoming LLVM 4.0.
LLVM 4.0 was branched last week, shifting new development to LLVM 5.0, per their new versioning scheme.
The GCC Steering Committee has approved of the RISC-V port being included in GCC.
Published earlier this month was the new RISC-V port of GCC, the promising open-source and royalty-free processor ISA that's been gaining ground the past few years. This GCC RISC-V port was initially held up by university lawyers but now it's ready to roll in GCC with the approval of the GCC steering committee.
The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas.