This setup using Arch Linux with GNOME 3.38 series. It also works on most popular Linux Distributions with GNOME 3.38 as the default desktop, such as Ubuntu, Pop_OS, Manjaro GNOME Edition, Fedora Workstation, Debian, Solus GNOME Edition, OpenSUSE Leap GNOME, Zorin OS, and Mageia GNOME edition.
Ubuntu 21.10, Impish Indri is out and like all non-LTS releases, this version is packed with new features and changes. We get a ton of improvements in the user interface especially.
Last week I half destroyed my Linux VM and almost had to restart the entire Linux from scratch project and today I hope I don't somehow do the same.
Proposed Linux kernel patches by a Google engineer -- based on existing functionality found within Android and Chrome OS kernel builds -- would allow Linux's DRM display/GPU drivers to more easily know when system input events occur.
Why should the Linux Direct Rendering Manager drivers be looking out for user-initiated input events? Ultimately it's about speculatively trying to reduce latency. If the system has been idle but an input event just occurred, chances are there will be text or a portion of the rendered display changing.
There isn't any shiny new drivers part of the kernel's staging area for Linux 5.16 but exciting from a maintenance perspective is a rather healthy clean-up affecting multiple areas of this "proving grounds" area of the kernel.
While no big additions for staging in Linux 5.16, there are multiple clean-ups to different staging components that yielded a lot of code removed. In fact, over 20k lines of code were removed from the staging area for Linux 5.16.
Sent in on Friday by Bjorn Helgaas were all of the PCI subsystem updates for the Linux 5.16 merge window.
Arguably most notable with the PCI feature pull request is the introduction of the Apple Silicon PCIe driver. That Apple PCIe driver written by Alyssa Rosenzweig and Marc Zyngier is to get more components working for the Apple M1 MacBook and Mac Mini systems. Besides PCI Express itself being important, getting this driver mainlined is necessary for being able to get USB Type-A, Ethernet, WiFi, and Bluetooth working on the Apple M1 hardware.
Furthermore, those two groups are only different by 25 bytes. I could post-process the mesa package and convert the two groups into symlinks. So instead of 11 files occupying 139MB, there would be just 2 files occupying 26MB. The size difference is staggering! Today I decided to try and find out how this has come about in the first place. Well, it seems that the mesa developers are incredibly stupid: they create these drivers as hardlinked files. However, hardlinked files cannot be copied across filesystems, they become separate files. The mesa project has done this right from the start, which I find extraordinary. Do they have some good reason to do this? Are they in fact not stupid? Have I misunderstood something?
Internet Relay Chat (IRC) is a form of real-time Internet text messaging (chat) or synchronous conferencing. IRC was born during summer 1988 when Jarkko Oikarinen wrote the first IRC client and server when he was working in the Department of Information Processing Science at the University of Oulu, Finland. This system enables millions of people around the world to communicate in real time. While IRC has lost some popularity, IRCv3 looks interesting with some advanced client features such as instant notifications, improved security and more.
IRC is mainly designed for group communication in discussion forums, called channels, but it also allows one-to-one communication via private message as well as chat and data transfers via Direct Client-to-Client.
IRC is used for many different purposes such as obtaining technical support from developers and users, for conducting meetings and even for rolegaming.
This simple tutorial shows how to limit the time that your kids spend on PC running with Ubuntu or Debian.
GNOME, Ubuntu’s default desktop environment, is working on parental control app (Malcontent) though it so far lacks the time limitation feature. In this tutorial, I’m going to introduce Timekrp-nExT, a screen time managing app works on GNOME, XFCE, KDE, and all other Linux desktops.
In this guide, we are going to install Apache OpenOffice – a free alternative for Office productivity tools – in Fedora Workstation.
Apache OpenOffice is an open-source office productivity software suite containing word processor, spreadsheet, presentation, graphics, formula editor, and database management applications. OpenOffice is available in many languages, works on all common computers, stores data in ODF – the international open standard format – and is able to read and write files in other formats, included the format used by the most common office suite packages. OpenOffice is also able to export files in PDF format. OpenOffice has supported extensions, in a similar manner to Mozilla Firefox, making easy to add new functionality to an existing OpenOffice installation.
Telnet is a protocol that allows you to connect to remote computers (called hosts) over a TCP/IP network using a client-server protocol to establish a connection to Transmission Control Protocol port number 23
In the following tutorial, you will learn how to install Telnet on a Fedora 35 operating system.
In this guide we are going to explore how to install Zoom Client on Fedora 35 Workstation.
Zoom Meetings is a proprietary video teleconferencing software program developed by Zoom Video Communications. The free plan allows up to 100 concurrent participants, with a 40-minute time restriction. Users have the option to upgrade by subscribing to a paid plan.
You can easily download Zoom on your PC to start video conferencing with your colleagues and friends around the world. Zoom offers remote conferencing services including video calls, online meetings, and collaborative tasks. Zoom is free to use but does offer paid subscriptions which offer additional features.
Mozilla Firefox is a free and open-source web browser developed by the Mozilla Foundation. Firefox utilizes the Gecko rendering engine to display web pages, which implements current and future anticipated web formats and standards.
For the most part, Firefox is often up to date with the latest stable release on Ubuntu-based desktops, however non-stable builds such as beta or the more bleeding edge nightly builds can be installed and tested the new features or test your websites before its hits the stable repository.
For the most part, the beta build is what curious users should be installing, and the nightly build should never be used by anyone other than sysadmins or developers looking to test a particular feature.
Git is a mature, actively maintained open source project initially developed in 2005 by Linus Torvalds, the famous Linux operating system kernel creator. Git is designed for developers that need a pretty straightforward version control system. Most software is collaborative efforts and sometimes can have hundreds of people with commits working on software development projects. It is essential to track these commits customarily done in branches in most projects before being merged into the master for release. It is easy to review and track down any incorrect commits and revert, leading to a much easier development if anything goes wrong.
In the following tutorial, you will learn how to install Git on your Fedora 35 operating system with various methods.
In this guide we are going to explore how to install Java Runtime Environment (JRE) and the Java Developer Kit (JDK) in Fedora 35 system.
Java and the JVM (Java’s virtual machine) are required for many kinds of software, including Tomcat, Jetty, Glassfish, Cassandra and Jenkins.
Java is a high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. Java was developed by Sun Microsystems (which is now the subsidiary of Oracle) in the year 1995. James Gosling is known as the father of Java.
In this tutorial you will learn how to make a windows bootable usb on Linux.
When using Linux it's not that you have a lot of choices what software to use to make bootable usb, one of the best software is etcher but this software doesn't work to make Windows bootable usb only other OS, so one of the best and one that works perfect for Linux is WoeUSB.
The Fedora project will not include any package that doesn't comply with Fedora licensing policies in the official repositories. So, many users rely on third-party repositories like RPM Fusion to install propriety drivers, software and codecs that Fedora doesn't want to ship due to legal and licensing reasons. In this guide, we will see what is Fedy and how to install third-party software and multimedia codecs with Fedy in Fedora Linux operating systems.
In this tutorial, we will show you how to install Bitwarden on Debian 11. For those of you who didn’t know, Bitwarden is a secure and free password manager for all of your devices. It allows you to store all of your login credentials and keep them synced between all of your devices. It is designed for individuals, teams, and business organizations to manage their credentials from a centralized location.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Bitwarden password manager on a Debian 11 (Bullseye).
Follow through this tutorial to learn how to install Webmin on Debian 11. Webmin is a web based control panel that allows system administrators to manage system administration tasks such as user account management, package management, e.t.c from the browser.
In this Guide we are going to learn how to install and configure Jenkins in Fedora 35.
Jenkins is a popular open source automation tool to perform continuous integration and build automation. Jenkins allows to execute a predefined list of steps, e.g. to compile golang source code to build build binary file. The trigger for this execution can be time or event based.
Once you get a VPS at a hosting provider like DigitalOcean or OVH, you might want to customize the partition layout. However, often you have no choice: you select the desired OS and then it gets installed on a single partition, taking all the available disk space.
Yet, VPS are not only for single-partitioned web servers! Depending on your needs, you may want to add a swap partition, another for your data…
In this tutorial, we will show you how to install Sails.js Framework with Nginx on Ubuntu 20.04 LTS. For those of you who didn’t know, Sails.js is a Javascript framework for Node.js. It is used for developing real-time applications very quickly. Sails.js is designed to resemble the MVC architecture from frameworks like Ruby on Rails, but with support for the more modern, data-oriented style of web app development.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Sails.js Framework on Ubuntu 20.04 (Focal Fossa). You can follow the same instructions for Ubuntu 18.04, 16.04, and any other Debian-based distribution like Linux Mint.
As we explained previously: the continued conversion of various modules to PE is another change that will gradually increase compatibility in many ways over time for certain expected behaviour needed by Windows applications. Previously Wine has built its Win32 libraries (like DLLs and EXEs) as ELF but for many reasons (like better compatibility) they've started to move them over to use PE instead.
For bugs reported as fixed as of this release they noted 26 including issues solved for: Call of Duty: Black Ops II, Sniper Elite series, Resident Evil 0 HD Remaster, Homesick, Call of Juarez: Gunslinger, Resident Evil 6, Skyrim SE, various Unreal Engine 4 games, Resident Evil 4 HD and much more.
Today marks nine years already since Valve began rolling out their Steam Linux beta client after a very exciting summer. While the initial Steam on Linux excitement phased out a bit after Steam Machines didn't materialize, as we approach a decade with Steam on Linux it's easily as exciting as ever thanks to Steam Play / Proton for allowing massive amounts of Windows games to run on Linux and the imminent release of the Steam Deck that has fueled renewed interest around Linux gaming.
9 years to the date, Valve officially put up a limited Beta release of the Steam Client for Linux. It's safe to say it's been a rather bumpy but exciting ride.
Want to know the history of how things happened? Back in July 2021 we wrote up a detailed look into it all titled "Faster Zombies to Steam Deck: The History of Valve and Linux Gaming". Based on that we'll refrain from going over it all again, we suggest you grab a quick coffee and give that a read.
Recently we had announcements from both Easy Anti-Cheat and BattlEye in regards to Linux, specifically for the Steam Play Proton compatibility layer and the Steam Deck and now BattlEye are making it easier. While developers who produce native Linux games can just use the native versions of both anti-cheats, the situation is different for Proton because it's running the Windows version.
The problem with the previous announcements was that developers had to opt into it manually, with EAC specifically explaining that developers had to upgrade to a new SDK. Not something that's actually quick and easy, since a lot of games need to go through many hands to test and approve it, especially for bigger developers.
Back in September it was announced that the BattlEye anti-cheat technology would support Proton with an emphasis on the forthcoming Steam Deck. Now as a nice present for Steam's 9th birthday on Linux, that BattlEye support is coming together.
Today's Proton Experimental update paired with the latest Steam client beta has the necessary integration in place for working with BattlEye.
All Godot contributors are delighted to release our latest milestone today, Godot 3.4, after more than 6 months of development!
While most development focus is on our upcoming Godot 4.0 release, many contributors and users want a robust and mature 3.x branch to develop and publish their games today, so it's important for us to keep giving Godot 3 users an improved gamedev experience. As such, most of the focus was on implementing missing features or bugfixes which are critical for publishing 2D and 3D games with Godot 3, and on making the existing features more optimized and reliable.
Godot 3.4 is compatible with Godot 3.3.x projects and is a recommended upgrade for all 3.3.x users.
While we eagerly await the release of Godot 4 as a massive update to this leading open-source game engine, out this weekend is Godot 3.4 as a rather significant update to Godot 3.x with a number of new features and improvements.
Godot 3.4 remains compatible with Godot 3.3.x projects while adding support for large files (greater than 2GiB), frame delta smoothing support, improved input handling, a variety of rendering features were added, Android and HTML5 platform improvements, enhancing various aspects of its physics support, support for lossless WebP encoding of assets, a revamped UI theme editor, 2D viewport scaling factor, and general usability improvements.
After six months of development , the user environment LXQt 1.0 (Qt Lightweight Desktop Environment) was released, developed by the joint development team of the LXDE and Razor-qt projects. The LXQt interface continues to follow the classic desktop organization, bringing a modern look and feel to enhance the user experience. LXQt is positioned as a lightweight, modular, fast and convenient continuation of the development of the Razor-qt and LXDE desktops, incorporating the best features of both shells. The code is hosted on GitHub and licensed under GPL 2.0+ and LGPL 2.1+. builds are expected for Ubuntu Prebuilt (LXQt is offered by default in Lubuntu), Arch Linux , Fedora , openSUSE , Mageia , FreeBSD , ROSA and ALT Linux .
KDE developers began November working on yet more Plasma Wayland session fixes and other enhancements to their open-source desktop environment.
KDE developer Nate Graham is out with his usual weekly summary highlighting the diverse range of work going on weekly by developers involved with this massive free software desktop effort.
That’s right! Kalendar is now on version 0.1, and we have a first release. There’s still a lot we have left to work on before we get to 1.0, but we are getting there! More on this below.
We also have a truly titanic changelog for the past two weeks. Some truly big changes and a load of smaller ones make Kalendar better than ever and should mean a beta that is a significant improvement upon our previously unstable builds.
pkgin is aimed at being an apt / yum like tool for managing pkgsrc binary packages. It relies on pkg_summary(5) for installation, removal and upgrade of packages and associated dependencies, using a remote repository.
Based on Gentoo Linux, Chrome OS is Google’s very own operating system. It is based on Chromium OS and makes use of Google Chrome as its default user interface.
The Fedora developers have released a new version of their Linux distribution. In Fedora 35, they worked intensively on stabilizing changes that had already been implemented in earlier versions – such as the “Pipewire” sound server introduced with Fedora 34 as a replacement for PulseAudio.
Gnome makes the step to version 41 as the primary desktop environment of this distribution, whereby its package management “Gnome-Software” now, if not all, integrates the most popular Flatpak packages from flathub.org via an additional repository. The “systemd-resolved” service, which has been responsible for name resolution for network connections since Fedora 33, has the ability to deal with “DNS over TLS” (DoT).
Another novelty: Fedora “Kinoite”, a modularized Linux system that maintains system partitions in read-only mode and updates them separately from installed applications.
The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, Inc., has announced the general availability of Fedora Linux 35, the latest version of the fully open source Fedora operating system. The new features and enhancements in Fedora 35 are aimed at improving the overall experience for all levels of users, from beginner to advanced.
This release continues the Fedora Project's emphasis on delivering leading-edge open source technologies and includes updates spanning the Linux kernel to the desktop experience.
The Fedora Project, a community-driven open source collaboration sponsored by Red Hat, has announced the general availability of Fedora Linux 35, the latest version of the fully open source Fedora operating system. The new features and enhancements in Fedora 35 are aimed at improving the overall experience for all levels of users – from beginner to advanced. This release continues the Fedora Project’s emphasis on delivering leading-edge open source technologies and includes updates spanning the Linux kernel to the desktop experience.
Linux platform company Red Hat Inc. today announced the beta release of the next major update to its flagship Red Hat Enterprise Linux platform.
RHEL 9 Beta features numerous updates aimed at making it a better platform for the most demanding hybrid multicloud deployments, with simplified automation and management capabilities and improved container development at the top of the list.
RHEL is a Linux-based operating system that’s widely used by large enterprises and smaller businesses. It’s one of the most reliable platforms of its kind, known for its ability to support diverse workloads in physical, virtualized and cloud environments. Red Hat offers various versions of RHEL designed to run on computer servers, mainframes, SAP applications, desktops, edge devices and OpenStack.
In a blog post, Red Hat explains that RHEL 9 will be something of a departure from previous releases in that, although it still offers many improvements, there are far fewer changes that will require administrators to learn new ways of doing things. In other words, anyone who’s familiar with the RHEL 8 release is sure to feel right at home with RHEL 9.
“The decision not to attend college for fear that it’s a bad deal is among the most economically irrational decisions anybody could make in 2014,” wrote NY Times journalist David Leonhardt in Is College Worth It? in May of 2014. “Over the long run, college is cheaper than free,” he added, citing an article by MIT economist David Autor which pointed out that a college-educated worker can expect an additional lifetime earning of over $500,000 compared to one whose highest degree is a high school diploma. Experts and journalists questioning the value of a college education are most likely obsessing to get their toddlers into an elite nursery school, so they are on-track for the right schools over the ensuing 20 years, added Leonhardt.
In May, 2019 seminar I attended, Autor noted that over the last four decades, the US and other industrial economies have seen a remarkable rise in wage inequality by educational attainment, with the earnings of the most-educated increasing, and the earnings of the least-educated falling in real terms. Since the 1980s, the earnings of those with a four year college degree have risen by 40% to 60%, while the earnings of those with a high school education or less have fallen among men and barely changed among women.
Every year, the US Bureau of Labor Statistics publishes a set of earning projections by educational attainment. Their 2020 projections showed that the median weekly earnings for all workers is $1,029; for those with less than a high school degree it is $619; high school diploma - $781; some college, no degree - $877; associate’s degree - $938; bachelor’s degree - $1,305; master’s degree - $1,545; doctoral degree - $1,885; and professional degree - $1,893.
Love Debian and Ubuntu but want an alternative better suited to your needs? Here's a list of the best Debian-based Linux distros for you to try.
The standard Debian and its popular offshoot Ubuntu are great, all-around choices for a Linux system, but if you have more specialized needs, you might want a Debian alternative.
Here's a list of the best Debian-based distributions that offer robust features and a stable environment to Linux users.
As a bonus, the gadget functions as a Pomodoro timer of sorts — that’s the time management method where you work for 25-minute periods and take 5-minute breaks in between, with a longer break every four Pomodoros. Brain displays a quote for 25 minutes and then flashes the screen to draw [zorbash]’s attention to the fact that time is up. We think this is a nice, unobtrusive way to do things. There are no breaks built in, but that’s just how [zorbash] rolls.
The quotes are fetched using Bookworm, a script [zorbash] wrote that’s available on GitHub. It uses a Raspberry Pi 2 B, an SD card to store the JSON’d quotes, and a Wi-Fi dongle to allow the fetching. If you’re wondering about the enclosure, it’s made of clay.
Managing a long line of crowds is a tricky business. At a certain point, the service should be automated to ensure disciplinary queue management among the customers.
For our entire collection, check out the categories below. This is the largest compilation of recommended software. The collection includes hundreds of articles, with comprehensive sections on internet, graphics, games, programming, science, office, utilities, and more. Almost all of the software is free and open source.
Yes, thanks to open source tech development, you absolutely can. If you are a little handy, you can cut the costs of solar power even further by building your own systems of any size and budget, and To Catch the Sun guides you on exactly how to do it. To Catch the Sun is a brand new book I co-authored with the legendary open source appropriate technology hacker and Appropedia founder Lonny Grafman. Built on open source MediaWiki and Semantic MediaWiki, Appropedia is the largest wiki dedicated to developing and sharing collaborative solutions in sustainability, poverty reduction, and international development through the use of sound principles and appropriate technology. Together we are something like the double-O 7 team of the solar world. A bit like James Bond, Lonny Grafman from sunny California, is an adventurer taking his students from Humboldt State University all over the world to build solar photovoltaic systems in the most challenging conditions. I am perhaps more Q-like, developing open source solar photovoltaic technology quietly from my labs deep in the north at Western University in Canada. Together we provide ways to make solar work for you in just about any context.
Irvine-based Vizio has been sued over its use of open source software, with a group saying that Vizio should be required to share the source code underlying its televisions, due to their use of General Public License (GPL) software for its Smartcast televisions. The lawsuit was filed on Thursday by the Software Freedom Conservancy (SFC), a nonprofit which supports and defends free software. The group claims Vizio had "repeated failures to fulfill even the most basic requirements" of the license. GPL is the license that popular operating system Linux is based upon. The SFC is not seeking monetary damages, only access to source code that Vizio uses to run its televisions.
The Software Freedom Conservancy (SFC) has commenced litigation in the US against smart TV manufacturer Vizio for alleged breaches of open source software (OSS) licences. While a US case, this is interesting to monitor as the SFC is taking a novel approach to OSS enforcement which, if successful, could lead to businesses re-evaluating their risk-based approach to OSS compliance. It could also form an important part of the “right to repair” movement which is aiming to reduce e-waste – a particularly pertinent topic in the light of the ongoing COP26 summit.
Houston, we've had a problem: our rocket scientists don't entirely understand the nuances of software licensing.
NASA, of course, is more than just rocket scientists. It's home to software engineers and other technical types, as well as those inclined to maintenance, management, and administration, and other less storied roles.
But among those at the US space agency who deal with software – writing it, requisitioning it, glaring at it – there's less understanding of open-source software requirements than there should be.
Or so say John Haiducek, Thom Edwards, Wade Duvall, Sarah Cannon, Kai Germaschewski, and Jason Kooi – a medley of boffins from the US Naval Research Laboratory, Technical University of Denmark, University of New Hampshire, and others.
Haiducek et al. recently completed a short paper titled, "Recommendations to clarify NASA open source requirements," that was released via ArXiv. Therein the researchers observe that while NASA has a policy designed to encourage open source software development, its personnel continue to be confused about the specific meaning of terms like “open source software,” “free software,” and “permissive license.”
"Some NASA documents and policies have acknowledged the OSI and FSF definitions as widely accepted, but NASA does not always use and apply these definitions consistently," the paper explains.
Have you ever had a program crash before your main function executes? it is rare, but it can happen. When it does, you need to understand what happens behind the scenes between the time the operating system starts your program and your first line of code in main executes. Luckily [Patrick Horgan] has a tutorial about the subject that’s very detailed. It doesn’t cover statically linked libraries but, as he points out, if you understand what he does cover, that’s easy to figure out on your own.
The operating system, it turns out, knows nothing about main. It does, however, know about a symbol called _start. Your runtime library provides this. That code contains some stack manipulation and eventually calls __libc_start_main which is also provided by the library.
Codasip, the leading supplier of customizable RISC-V processor IP, today announced that it has signed XtremeEDA - a Design and Functional Verification services to the ASIC, SoC, and FPGA hardware industry - as a Codasip Certified Design Services Company. This means it will enlarge the experienced engineering resources available to support Codasip customers with their custom RISC-V processor designs.
When I was a software developer long ago, I was always excited about optimizing the platforms, tools, and libraries that enabled writing code, building applications, and deploying them to environments. I started out using Concurrent Versions System and SubVersion for version control, writing makefiles for C++ apps, developing Apache Ant scripts to package Java apps, and writing way too many Unix scripts to automate deployments. Today, Git, Jenkins, and other tools have simplified many essential devops practices, and many organizations consider them necessary software development tools.
Solidity is the programming language used by smart contracts on the Ethereum blockchain. It's a statically-typed, object-oriented programming language.
Solidity uses a semantic versioning scheme and, at the time of writing, the latest version is 0.8.9. As you can see, the language uses a semantic X.Y.Z versioning format, which indicates how fast-paced its changes are.
Programming languages such as C++ and JavaScript inspired the Solidity language. In this guide, you'll see how you can write and compile your first smart contract.
The PaSh Project gives your POSIX script superpowers by utilizing parallelization in order to speed up execution times. This leads to faster results for data scientists, engineers, biologists, economists, administrators, and programmers.
I remember the time when the saying was "Learn Perl so you don't have to learn the Shell and its hundreds of utilities". Fast forward some decades and the use of shell scripts still has not been eradicated. On the contrary, their use has increased due to the rise of containers, VM's, administering the cloud, and Linux itself.
This also serves as a lesson to those who are quick to denounce technologies as 'dead'. There's a time where a new use case revitalizes an old technology.
The NeXTCube was a workstation manufactured between 1988 and 1995 by NeXT, the company founded by Steve Jobs after leaving Apple in 1985, also famous for its iconic cube-shaped black chassis.
Called simply NeXT Computer, the first version of the machine was also the first computer released by NeXT. With it, Jobs wanted to demonstrate what his visionary approach could achieve without the interference of Apple’s shareholders.
Security firm Tenable has released version 10.0 of Nessus, a vulnerability scanner that is among the better known tools used to search for vulnerabilities on networked systems.
In a statement, the company said with this version, the number of supported platforms for Nessus had been extended to include the Raspberry Pi.
Nessus works by testing out each port on a system, determining what service it is running and then testing the service to see if it is a vulnerable version.
Nessus server is available for Unix, Linux and FreeBSD, while the client runs on both Unix-based and Windows-based operating systems.
On October 4, 2021, Apache HTTP Server Project released Security advisory on a Path traversal and File disclosure vulnerability in Apache HTTP Server 2.4.49 and 2.4.50 tracked as CVE-2021-41773 and CVE-2021-42013. In the advisory, Apache also highlighted "the issue is known to be exploited in the wild" and later it was identified that the vulnerability can be abused to perform remote code execution. For exploiting both the vulnerabilities Apache HTTP server must be running in non-default configuration.
Bug Bounty Bootcamp (Amazon, No Starch Press) by Vickie Li is one of No Starch Press’s newest offerings in the security space. The alliterative title is also the best three word summary I could possibly offer of the book – it is clearly focused on getting the reader into a position to participate in Bug Bounties from the first page to the last. This differentiates this book well against other web security books, despite covering many of the same vulnerabilities.
[...]
The first couple of chapters provide an introduction to the Bug Bounty space, helping the reader to understand the role of bounties in the overall security program of a company, selecting a bounty to participate in, and how the programs are managed in different situations. It also does a fairly good job of setting expectations for new bounty participants, but I think it might be a little bit on the optimistic side for some that are newer to the space.
Anybody running on-premise GitLab servers need to patch for CVE-2021-22205, an exploit that was discovered in April, and which GitLab patched on April 14.
Evidently a lot of people didn’t get the message to install the fix, which is unfortunate because the vulnerability is being exploited in the wild.
According to the headline on one security website: “Tens of thousands unpatched GitLab servers under attack.” Another website says that black hats are taking advantage of the vulnerability to launch distributed denial of service attacks exceeding 1 Tbps.
Trends have changed and some companies have nothing
While a federal grand jury subpoena is not something a company would make PR capital over, Signal has made much hay over a silly attempt to get data from its servers.
According to a post on the Signal blog, a federal grand jury in the Central District of California has subpoenad Signal for shedloads of user data, like subscriber information, financial information, transaction histories, communications, and more.
