Companies and developers, open-source organizations, and government agencies gather together to lock down and secure the software supply chain.
The post Open Source Security at the White House appeared first on Linux Today.
Source: Linux Today – Open Source Security at the White House
Discovered by William Liu and Jamie Hill-Daniel, the new security flaw (CVE-2022-0185) is an integer underflow vulnerability found in Linux kernel’s file system context functionality, which could allow an attacker to crash the system or run programs as an administrator.
The security vulnerability affects all supported Ubuntu releases, including Ubuntu 21.10 (Impish Indri) systems running Linux kernel 5.13, Ubuntu 21.04 (Hirsute Hippo) systems running Linux kernel 5.11, as well as Ubuntu 20.04 LTS (Focal Fossa) and Ubuntu 18.04 LTS (Bionic Beaver) systems running Linux kernel 5.4 LTS.
The post New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now appeared first on Linux Today.
Source: Linux Today – New Linux Kernel Vulnerability Patched in All Supported Ubuntu Systems, Update Now
AT&T and Verizon activated their C-band 5G spectrum today, a move that marks the long-awaited arrival of true 5G speeds for hundreds of millions of customers.
Source: Gizmodo – Despite Warnings of Airport Mayhem, Verizon and AT&T Just Turned On True 5G
OpenBoard is an interactive open source whiteboard for educators, schools, and universities. Learn more here.
The post OpenBoard: An Interactive Open Source Whiteboard for Educators appeared first on Linux Today.
Source: Linux Today – OpenBoard: An Interactive Open Source Whiteboard for Educators
The 33rd annual GLAAD Media Award nominations are here, and—as is often the case—sci-fi and fantasy projects are well-represented on the list. Dubbed by the organization as “the most visible annual LGBTQ awards show in the world,” the event honors fair representations of LGBTQ issues and people in settings both…
Source: Gizmodo – Eternals, Star Trek: Discovery, Chucky, and Other Genre Projects Nab GLAAD Media Award Nominations
Enlarge / An artist’s rendering of Google’s current reputation. (credit: Aurich Lawson)
Google says the free ride is over for early users of the company’s custom domain G Suite service. Google has long offered a service that lets you use Google apps on a custom domain, allowing you to have a Google email that ends in your domain instead of “gmail.com.” Today, you have to pay for the privilege of a custom domain with a Google account, but for the first six years of the service’s life, the basic tier allowed you to create a custom domain account for free. Google turned off the ability to create these accounts for free in 2012, but it wouldn’t take away accounts from existing users, would it?
Google will. As 9to5Google was the first to report, Google is going to shut down free G Suite accounts if the users don’t transition to a paid account. Google is sending out emails to users of “G Suite legacy free edition” accounts, telling them they have until July 1 to start paying. A support page is up detailing how this is going to work. Starting May 1, Google will try to automatically “upgrade” users to a paid account if it has available billing information. If there is no such information by July, accounts will be “suspended.” After 60 days, those accounts will lose access to “core” Google services like Gmail and Calendar.
Google’s custom domain started in 2006 as “Google Apps for Your Domain.” It’s been through a million name changes since then—”Google Apps for Work,” then “G Suite,” and now “Google Workspace”—but the outcome has all been the same: you get Gmail and other Google apps, but they’ve been custom branded for your company, giving them a more professional appearance than a gmail.com email address. Today, the service starts at $6 per user, per month, with higher tiers available for higher storage needs. From 2006 to 2012, the basic tier was free.
Read 3 remaining paragraphs | Comments
Source: Ars Technica – Google tells free G Suite users: Pay up or lose your account
Android tablets are a dime a dozen, but finding one that’s a real iPad rival is like scouring for a diamond in the rough. That’s why Samsung’s Galaxy Tab S8 Ultra, which was unexpectedly leaked on an official Bixby support page, looks so intriguing.
Source: Gizmodo – Samsung Just Leaked Its Own New Tablet—and It Has a Notch
OpenSubtitles, one of the largest repositories of subtitle files on the internet, has been hacked. TorrentFreak reports: Founded in 2006, the site was reportedly hacked in August 2021 with the attacker obtaining the personal data of nearly seven million subscribers including email and IP addresses, usernames and passwords. The site alerted users yesterday after the hacker leaked the database online.
“In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data,” the post reads. “We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data.”
Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more. […] OpenSubtitles describes the hack as a “hard lesson” and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage. The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate.
Read more of this story at Slashdot.
Source: Slashdot – OpenSubtitles Hacked, 7 Million Subscribers’ Details Leaked Online
Enlarge (credit: Western Digital)
Western Digital has patched three critical vulnerabilities—one with a severity rating of 9.8 and another with a 9.0—that make it possible for hackers to steal data or remotely hijack storage devices running version 3 of the company’s My Cloud OS.
CVE-2021-40438, as one of the vulnerabilities is tracked, allows remote attackers with no authentication to make devices forward requests to servers of the attackers’ choosing. Like the other two flaws Western Digital fixed, it resides in the Apache HTTP Server versions 2.4.48 and earlier. Attackers have already successfully exploited it to steal hashed passwords from a vulnerable system, and exploit code is readily available.
The vulnerability with a severity rating of 9 out of a maximum 10 stems from a Server-Side Request Forgery. This class of bug lets attackers funnel malicious requests to internal systems that are behind firewalls or otherwise not accessible outside a private network. It works by inducing server-side applications to make HTTP requests to an arbitrary domain of the attacker’s choosing.
Read 5 remaining paragraphs | Comments
Source: Ars Technica – If you like the data on your WD My Cloud OS 3 device, patch it now
Online tax filers will soon be required to submit a selfie to a third-party identity verification company using facial recognition tech in order to file their taxes or make IRS payments online.
Source: Gizmodo – IRS Will Require Facial Recognition Scans to Access Your Taxes
The Linux framebuffer device (fbdev) subsystem has long languished in
something of a purgatory; it was listed as “orphaned” in the
MAINTAINERS file and saw fairly minimal maintenance, mostly driven
by developers working elsewhere in the kernel graphics stack. That all
changed, in an eye-opening way, on January 17, when Linus Torvalds
merged a change
to make Helge Deller the new maintainer of the subsystem. But it turns out
that the problems in fbdev run deep, at least according to much of the rest
of the kernel graphics community. By seeming to take on the maintainer role in order to
revert the removal of some buggy features from fbdev, Deller has created
something of a controversy.
Source: LWN.net – [$] Resurrecting fbdev
Soccer’s Video Assistant Referee (VAR) is seemingly here to stay, at least in some parts of the world. CONCACAF (Confederation of North, Central America and Caribbean Association Football) has revealed it will use VAR to help refs in numerous 2022 competitions. You can expect the technology in all remaining CONCACAF qualifiers for the 2022 FIFA World Cup, the men’s and women’s U20 Championships and the W Championship.
The organization’s decision was prompted in part by success with VAR in 2021 competitions like the CONCACAF Champions League, Gold Cup and Nations League Finals. The Confederation said progress on VAR had been “considerably” delayed due to the COVID-19 pandemic, but now has enough VAR-qualified referees and venues to expand the technology’s use.
VAR still has its critics despite receiving FIFA’s approval for World Cup use in 2018. Enthusiasts are concerned the requests for video reviews can slow down matches, and that the use of centralized review hubs could be used to skew decisions. Soccer already has plenty of drama over tackles and handballs, they argue — VAR just draws out those disputes and takes away from the thrill of the game.
However, the arguments against the system appear to have lost some momentum. VAR helped reverse 17 out of 20 bad calls during the 2018 World Cup, and some backers have contended that video reviews would have overturned other mistakes if they had been used more consistently. Like it or not, tech is more likely to loom in the background of soccer matches than it has before.
Source: Engadget – Video reviews will be used in 2022 North and Central American soccer tourneys
AWS Simple Queue Service (SQS) is a fully managed message queuing service that enables us to decouple and scale microservices, serverless applications, and distributed systems. In this article, we will see the steps to create a Standard and FIFO Queue using Cloudformation Stack.
Source: LXer – How to use Cloudformation to create SQS Queues on AWS
After what’s felt like ages of waiting, Amazon revealed a little more about its plans for its Lord of the Rings prequel streaming series today, namely, its name: The Rings of Power. Sauron’s plans to ensorcell the Elves, Dwarves, and realms of Men with his magical trinkets has been at the heart of Tolkien’s universe…
Source: Gizmodo – Lord of the Rings’ Rings of Power, Explained
Computer graphics in the modern age are already a delicate dance between CPU and GPU. Throw in the power management concerns that come from operating in a constrained environment, such as a laptop, and you add on a whole further level of complexity. Historically, we allowed each component in the system to manage its own power usage, but as
Source: Hot Hardware – Why NVIDIA Just Quietly Unlocked A GPU Feature That Could Boost Graphics Performance
Enlarge / A drive-up COVID-19 vaccination site from Renown Health on December 17, 2020, in Reno, Nevada. (credit: Getty | Patrick Fallon)
Even before their rollout, a distinct feature of safe and effective COVID-19 vaccines has been their “reactogenicity“—that is, their tendency to cause mild symptoms that signal immune responses firing up after a shot, particularly the second one. As vaccine supplies were unleashed in the US last year, families, friends, and coworkers swapped stories of their harrowing post-jab days, often recalling fevers, chills, fatigue, and general crumminess.
Although those experiences are unquestionably real, their connection to the vaccines may not be. As more and more results from randomized-controlled vaccine trials hit science journals, researchers kept noting that, while trial participants often reported mild symptoms after shots, so too did the participants who received placebos—and not at trivial levels.
Many people are familiar with “placebo effects,” which happen when an inert intervention leads people to report health benefits that couldn’t possibly have been caused by the faux treatment. Placebo effects are well-documented and real—in that people can indeed experience a certain extent of psychosomatic benefits. A placebo will not treat serious medical conditions, such as cancer, but it could, for example, lead people to feel they have more energy or less general discomfort.
Read 9 remaining paragraphs | Comments
Source: Ars Technica – Nocebo responses explain up to 76% of COVID vaccine side effects
An anonymous reader quotes a report from The New York Times: Vishal Garg, the Better.com founder, who fired roughly 900 of his workers via Zoom last month and then took “time off,” is returning to his position as the head of his mortgage lending company. “As you know, Better’s C.E.O. Vishal Garg has been taking a break from his full-time duties to reflect on his leadership, reconnect with the values that make Better great and work closely with an executive coach,” Better.com’s board said on Tuesday in an email to the staff, which was reviewed by The New York Times. “We are confident in Vishal and in the changes he is committed to making to provide the type of leadership, focus and vision that Better needs at this pivotal time.”
Better.com has since conducted a “thorough, independent” review of its culture, according to the board’s memo on Tuesday. The review was led by Anthony Barkow, a partner at the law firm Jenner & Block and a former federal prosecutor. As a result of that investigation, the company is working to expand its leadership by recruiting a new chairman for the board, a president and a chief human resources officer. In the meantime, a former McKinsey senior partner, Richard Benson-Armer, will serve as interim head of human resources, and the company’s chief financial officer, Kevin Ryan, will serve as interim president. Two members of the board also recently resigned, but not “because of any disagreement with Better,” according to the memo. Some of the additional measures the company announced Tuesday include a training program on building “a respectful workplace” and a new ethics and compliance committee, reporting directly to the board.
Read more of this story at Slashdot.
Source: Slashdot – Better.com’s Founder Returns As CEO After Firing 900 Workers On Zoom
Splitgate, the sci-fi portal shooter that transported me back to carefree Quake 3 Arena days, is getting a slew of updates on January 27th with its Beta Season One update. There’s a map builder for constructing and sharing stages with friends, a 100 level battle pass, as well as new One Flag CTF and Evolution modes. (The latter gives the losing team of every round increasingly powerful weapons.) Developer 1047 Games also says the Foregone Destruction map is getting a major fidelity bump, which should be a sign of similar upgrades coming to other maps.
“Our custom map creator will continue to evolve alongside the rest of the game,” Ian Proulx, CEO of 1047 Games, said in a statement. “We’re looking at the map creator as an evolutionary tool driven by the community — it’s a robust feature for fans to play with day one of our new season, and we’re really interested in hearing feedback from the community regarding the types of features and tools they want.”
All of this sounds like great news for Splitgate fans—at least, the few who’ve stuck around. According to SteamDB, the game is currently seeing 1,000 to 2,500 players per day, a far cry from its 67,000 player peak five months ago. I’d wager the launch of Halo Infinite’s free multiplayer mode in December didn’t help (that’s where all my free time has been spent lately), but Splitgate’s popularity has also steadily dropped since its open beta last August.
Sure, it was impressive that Splitgate hit 10 million downloads in under 30 days, but with the plethora of free shooters out there, 1047 Games will need to do more to actually keep people interested for the game’s full release. A hardcore fanbase isn’t enough.
Source: Engadget – ‘Splitgate’ is getting a map builder and new modes on January 27th
Web scraping is the process of analyzing the structure of HTML pages and programmatically extracting data. Learn how to scrape web pages from the command line using htmlq here.
The post How to Scrape Web Pages from the Command Line Using htmlq appeared first on Linux Today.
Source: Linux Today – How to Scrape Web Pages from the Command Line Using htmlq
It’s bizarre, but it looks like Apple wants Android users to switch to iPhone less than it used to. Overnight, the top amount of money the Cupertino-based smartphone maker will give for Android devices dropped like a rock.
Chip prices are skyrocketing, so you might think that older Samsung Galaxy devices would be worth more. Not in Apple’s
Source: Hot Hardware – Apple Just Made Trading-In Your Android For An iPhone A Lot Less Attractive
