For those that don’t know, immutable operating systems have been increasing in popularity recently. An immutable operating system is one in which some, or all, of the operating system file systems, are read-only, and cannot be changed.
Immutable operating systems have a lot of advantages. They are inherently more secure, because many attacks and exploits depend on writing or changing files. Also, even if an exploit is found, bad actors cannot change the operating system on disk (which in itself will thwart attacks that depend on writing to the filesystem), so a reboot will clear any memory-resident malware and recover back to a non-exploited state.
Immutable systems are also easier to manage and update: the operating system images are not patched or updated but replaced atomically (in one operation that is guaranteed to fully complete or fully fail — no partial upgrades!) Immutable systems also can claim to be more stable than traditional operating systems, simply by virtue of eliminating many of the vectors that introduce instability into a system — most of which are human. No sysadmins can “just change this one setting to fix things” — with unforeseen impacts that aren’t found until hours later. (I’ve been that sysadmin.) No partially complete terraform or puppet runs that leave systems in odd states…
On the workstation side, there are approaches to immutable OSes such as rpm-ostree. This attempts to create immutability and image-based deployments in the operating system, but layers a flexible file system architecture on top, so that packages can still be managed and updated by RPM.
On the server side, there is a spectrum of immutability amongst container-specific operating systems. All support image-based OS updates, and no package manager at all. Some operating systems such as Flatcar Linux make /usr read-only, but allow common runtime modifications such as dynamically loading kernel modules, and overriding systemd configurations.
Why Chris is moving away from using Containers, Alex's new project, and some great follow-up.
An alpha of Asahi Linux has been released for Apple’s M1, and the reviews are showing the potential it has, and the problems Apple has with macOS.
The Asahi Linux Project has been working to port Linux to the M1 chip. Asahi is based off of the Arm version of Arch Linux. The team has been working without any assistance from Apple, adding to both the challenge and reward of releasing a working Alpha.
Most impressive of all, however, is that Asahi is already proving to be much faster than macOS on the same hardware, in some cases as much as twice as fast, according to Lifewire.
Apple Silicon Macs have gotten mostly glowing reviews on Ars and elsewhere for their speed, power efficiency, and the technical achievement they represent—the chips are scaled-up phone processors that can perform as well or better than comparable Intel chips while using less power.
But the move away from x86 hardware has also made the Mac a bit less useful for those who want to run multiple operating systems on their Macs. While you can run ARM versions of Linux and (with caveats and without official support) Windows within virtual machines on Apple Silicon Macs, running alternate operating systems directly on top of the hardware isn't something Apple supports. Apple doesn't distribute drivers for other operating systems, and moving away from x86 CPUs and widely supported Intel and AMD GPUs makes it harder for other developers to step in and provide those drivers.
Asahi Linux for Apple Silicon has launched for the public. It is the first Linux distribution to offer native support for Apple M1 chips. As this is an alpha release, please be aware of the likelihood of easy to stumble upon bugs and some significant missing features. However, this critical milestone now made, “things will move even more quickly going forward,” promises the Asahi Linux development team.
Asahi isn’t just a beer. It is the Japanese word for ‘morning sun,’ so it is quite an apt name for a pioneering Linux distribution for M1-powered Apple Macs. “We’re really excited to finally take this step and start bringing Linux on Apple Silicon to everyone,” wrote the development team in a blog post. Importantly, installing Asahi Linux on your Mac doesn’t require a jailbroken device. In addition, it won’t affect the security level of your macOS install, so Mac features like FileVault, running iOS apps, and watching Netflix in 4K can continue.
The Apple M1 series of processors are still relatively new, limiting new Macs to Apple’s own operating system. That is starting to change this year, with Asahi revealing itself as the first Linux distro to work on M1-powered devices.
Currently, Asahi Linux for M1 Macs is still in alpha, so the current version is aimed at developers and power users. With that in mind, there will likely be bugs present. Fortunately, installing Asahi will not affect the macOS data, so you can revert if you need to and you don’t need to jailbreak the Mac beforehand either.
Each Linux desktop environment comes with its own screenshot utility. Many have similar features, but that doesn't make them equally usable. Whose looks the best? Which is the most powerful?
Since this is open-source software, some desktop environments reuse the same screenshot tool. Here is a look at what the screenshot experience is like across many of the most popular Linux desktops.
Today we are looking at how to install Audacity 3.1.3 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.
This tutorial will only work on Chromebooks with an Intel or AMD CPU (with Linux Apps Support) and not those with an ARM64 architecture CPU.
If you are new to Linux, and just started using it, you might have heard some terms like var, root, bin, etc and many others. Today we will talk about these terms and try to clear your confusion.
var, root, bin, etc are actually different directories on your Linux distribution. The directory structure in Linux is quite different from the directory structure in Windows. In Windows, we see that most of the programs are being installed in a directory named Program Files and system files are in system32.
In Linux, the file hierarchy is totally different. There is a “Filesystem Hierarchy Standard (FHS)” maintained by Linux foundation that defines the structure and the content of directories in all UNIX based systems. Because of maintaining this standard, almost all the Linux distros have the same directory structure.
Docker Compose is a useful tool for running multi-containers Docker applications. Using Docker Compose, we can configure the application’s services in a YAML file that helps you to create and start all services from the defined configurations. It allows different users to launch, run, communicate and close containers using a just single coordinated command.
In order to track the ownership, deployment process, and details of all servers, a powerful IT asset manager is required. This can be achieved by installing and using Snipe-IT, an open-source IT asset management tool.
In this article, we will discuss the installation of Snipe-IT on an Ubuntu 22.04 server.
For those sticking to the old Ubuntu 18.04, but need higher Linux kernel version for specific hardware support, here’s how to install the Linux Kernel 5.13 from Ubuntu 20.04 repository.
NOTE: Ubuntu 20.04’s kernel package does install and seems running good in Ubuntu 18.04. But I’m not sure if it will cause compatibility issues. Install it ONLY that you do require it, and use it at your own risk!!
In this tutorial, we will show you how to install Drupal on Fedora 35. For those of you who didn’t know, Drupal is an open-source, flexible, highly scalable, and secure Content Management System (CMS) that allows users to easily build and create websites. It is written in PHP programming language and uses MySQL/MariaDB as a backend database. Drupal is available with thousands of add-ons, which makes it highly customizable.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of the Drupal content management system (cms) on a Fedora 35.
Unattended Upgrades software helps us auto-update and upgrade system packages in the background without user interaction to keep up to date with the latest features and security patches.
This feature can be a handful to secure your system with the latest security issues, even ubuntu providing it out of the box with its latest iso.
Unexpected background updates can be irritating for regular Linux users. At the time of background update, if you try to install any package or attempt to execute the apt command, you will get a similar error as shown below.
This guide will take you through how to install and configure SSSD for LDAP authentication on Ubuntu 22.04. SSSD (System Security Services Daemon) is a system service to access remote directories and authentication mechanisms such as an LDAP directory, an Identity Management (IdM) or Active Directory (AD) domain, or a Kerberos realm.
There are now more than 1700 games working on the Steam Deck – (1703 at the time of writing) in two categories as usual:
Steam Deck Verified: 912 titles Steam Deck Playable: 791 titles Total: 1703 titles
So tracking the number of games over time making it on the Steam Deck is fun and all, but let’s check this time what’s the situation with publishers when it comes to Steam Deck Support: namely which publisher has the most games Steam Deck Verified at this stage?
And the answer is…
UPDATE: shortly after, Valve officially announced this new system and it's live now. Valve confirmed they can already grab data on things like crashes but this new opt-in system is to gather more info on the "overall experience". They also said the "data collected by this system won't directly change the Deck compatibility category for a title". So they're not crowdsourcing the compatibility process but checking to see if their process is working well or not.
Wine is the compatibility layer that allows you to run games and applications developed for Windows - on Linux (plus also macOS and BSD). A new development release is out with Wine 7.5. It's a major part of what makes up Steam Play Proton and enables a ton of games to work on the Steam Deck. Once a year or so, a new stable release is made.
Wine 7.5 is out as the latest bi-weekly software update for enjoying Windows games and applications under Linux, macOS, and other platforms.
Wine 7.5 continues the recent trend of converting more components to portable executable (PE) format, with this release bring Wine's ALSA driver now converted.
The Wine development release 7.5 is now available.
What's new in this release: - ALSA driver converted to PE. - Locale database generated from Unicode CLDR. - HLSL compiler support with the bundled vkd3d. - Initial support for the OCSP protocol. - More cleanups to support 'long' type. - Various bug fixes.
The source is available from the following locations:
https://dl.winehq.org/wine/source/7.x/wine-7.5.tar.xz http://mirrors.ibiblio.org/wine/source/7.x/wine-7.5.tar.xz
Binary packages for various distributions will be available from:
https://www.winehq.org/download
You will find documentation on https://www.winehq.org/documentation
You can also get the current source directly from the git repository. Check https://www.winehq.org/git for details.
Wine is available thanks to the work of many people. See the file AUTHORS in the distribution for the complete list.
Given the great work others did already on the Qt 6 porting of KDE Frameworks, let’s take a look at Kate & KWrite on Qt 6.
With only minor patches, both applications now run on the current master state of KDE Frameworks and Qt 6.2.
Close to all functionality is available, I think the only stripped out part is the hot new stuff upload for snippets and I didn’t test the Konsole part.
Update on what happened across the GNOME project in the week from March 18 to March 25.
Lakka 4.0 is the latest release of the game emulator based on LibreELEC 10.0.2 and RetroArch 1.10.1 frontend GUI for LibRetro game emulators cores. While Lakka was initially designed for Raspberry Pi boards in a way similar to RetroPie, it also works just fine on many other Arm platforms and PCs.
Main changes to Lakka 4.0 compared to version 3.7...
Based on the Debian GNU/Linux 11 “Bullseye” (Stable) operating system series and powered by Linux kernel 5.16, Parrot 5.0 is here almost a year after Parrot 4.11 with a new LTS (Long-Term Support) release model, a new architect edition, an experimental Raspberry Pi edition, as well as a plethora of new tools for ethical hackers and penetration testers.
Meet Parrot Architect Edition, a minimalist ISO image of Parrot OS that only features an installer to let expert users fully customize their installations.
The ParrotSec team (The company behind Parrot OS) made an announcement regarding the availability of Parrot 5.0 security OS. Parrot 5.0 is powered by Linux Kernel 5.16 and is based on the Debian GNU/Linux 11 “Bullseye”. Parrot 5.0 introduces a new Long Term Support release model.
EasyOS was created in 2017, derived from Quirky Linux, which in turn was derived from Puppy Linux in 2013. Easy is built in woofQ, which takes as input binary packages from any distribution, and uses them on top of the unique EasyOS infrastructure.
Throughout 2020, the official release for x86_64 PCs was the Buster-series, built with Debian 10.x Buster DEBs.
EasyOS has also been built with packages compiled from source, using a fork of OpenEmbedded (OE). Currently, the Dunfell release of OE has been used, to compile two sets of binary packages, for x86_64 and aarch64.
The latter have been used to build EasyOS for the Raspberry Pi4, and first official release, 2.6.1, was in January 2021.
The page that you are reading now has the release notes for EasyOS Dunfell-series on x86_64 PCs, also debuting in 2021.
Ongoing development is now focused on the x86_64 Dunfell-series. The last version in the x86_64 Buster-series is 2.6.2, on June 29, 2021, and that is likely to be the end of that series. Releases for the Pi4 Dunfell-series are still planned but very intermittent. The version number is for EasyOS itself, independent of the target hardware; that is, the infrastructure, support-glue, system scripts and system management and configuration applications.
The latest version is becoming mature, though Easy is an experimental distribution and some parts are under development and are still considered as beta-quality. However, you will find this distro to be a very pleasant surprise, or so we hope.
Once again we were able to demonstrate the power of OBS and openQA by allowing the GNOME maintainers to bring the shiny new GNOME 42 into a snapshot ‘the day it is published upstream’. GNOME 42 was released on March 23, 2022, and snapshot 20220323 already contains it. But of course, this is not all that happened during the last week. After all, we had a total of 6 snapshots published (0318…0323).
The keycloak package prior to version 17.0.1-2 was running with WildFly server. Since upstream officially moved to Quarkus distribution, Arch Linux follows this approach. This means some manual intervention is required for the upgrade.
Red Hat was founded on March 26, 1993—29 years ago this month, and just over a year after Linux was first unleashed upon the world.
So much has changed since then. Open source grew from being a little known and largely misunderstood engineering model to being one of the driving forces in modern software development. Linux evolved from a niche passion project for a handful of developers to being one of the most important technologies enabling the internet, artificial intelligence, space exploration, and more.
But today, we invite you to go back to the beginning and revisit some stories from Red Hat’s early days.
In December 2021, Bob Young—founder and CEO of Lulu.com and co-founder of Red Hat—returned to chat with Chief Architect Adam Clater about the early history of open source software and building what would become the largest open source software company in the world.
Red Hat will release the next version of Red Hat Satellite as Satellite 6.11, rather than 7.0 as previously announced. Our next release is still full of enhancements, but as we got closer to completing the release we determined this release did not warrant a major version increment.
Red Hat Satellite versions are used mainly to distinguish releases. Generally speaking, Satellite follows a scheme of Major.Minor.Patch version numbers.
The IBM Stock Trader application is a simple stock trading sample, where you can create various stock portfolios and add shares of stock to each for a commission. It keeps track of each portfolio’s total value and its loyalty level, notifying you of changes in level, which affect the commission charged per transaction. It also lets you submit feedback on the application, which can result in earning free (zero commission) trades, based on the tone of the feedback. (Tone is determined by calling the Watson Tone Analyzer, which will be covered in a future article).
The sample is intended to showcase what one might expect after performing a lift-and-shift of a traditional monolithic, on-premises application to one that has been refactored as Docker(container)-based microservices running within a modern Kubernetes-based environment. It deliberately shows off how to use the traditional Java EE programming models, such as JDBC and JMS, to access traditional system-of-record resources, such as a relational database or a message queueing infrastructure. Note that while the application usually uses IBM Db2 and MQ, it also works great with open source technologies, like Apache Derby as the relational database, and with the JMS server built into Open Liberty, an open-source cloud-native Java runtime.
Here’s your weekly Fedora report. Read what happened this week and what’s coming up. Your contributions are welcome (see the end of the post)!
Blockchain is a shared, replicated immutable ledger for recording transactions, tracking assets, and building trust. An asset can be tangible (for example, a house or a car) or intangible (for example, intellectual property or patents). Blockchain is built on properties like consensus, provenance, immutability, finality.
In a traditional business scenario, a transaction that involves multiple organizations is recorded differently by each business. If two organizations disagree on the state of a transaction, then a dispute occurs, which can often be costly and time consuming to resolve. Blockchain introduces the following concepts:
Devuan is a Linux distribution that aims to provide a simpler alternative to Debian. Since 2014, the developers of Debian have started to move towards larger and larger frameworks to manage the operating system. Debian’s adoption of the SystemD initialization system (init system) created a ripple effect among its community which prompted the creation of Devuan.
[...]
The init system is an integral part of a Linux distribution. It is the first program that the kernel runs after starting up. Aside from that, the init system also manages all the other programs that will run after it.
This is a minor change that won’t affect a great many people as, thus far, it was only something those testing the latest daily builds of the upcoming release will have had access to.
But I felt I should mention it “publicly” since I did make a bit of a hoo-hah about the (overly persistent) Ubuntu Pro notification that appeared every time you logged in.
The smart home industry continues to grow year after year. Devices made available only recently, such as smart speakers, are now ubiquitous. New houses often come with smart features built-in such as smart locks and thermostats. Doorbell cameras have become de rigueur in many neighbourhoods. Despite the innovation, investment, and growth in the space, smart homes have never quite lived up to their promise.
[...]
An open question in the smart home space is what will become of the smart home hub. Some smart home systems today run entirely on WiFi, which has no need for a dedicated hub other than a home’s WiFi router. Using WiFi only typically precludes battery powered devices, however, because WiFi requires a lot of electrical power to operate. Bluetooth uses less energy, but typically has too short of a range to be used for most smart home devices.
Existing wireless standards like Z-Wave or Thread are low-power protocols with longer range than WiFi, but they require a dedicated hub to function. That hub also needs an internet connection to connect to any backend services associated with the smart home. This adds cost and clutter to smart home solutions compared to systems that work with a pre-existing router.
There are a few wireless protocols that have gained some adoption recently which try to solve the hub issue as well. LTE Cat-M and NB-IoT both aim to connect IoT devices to cellular networks, while keeping power consumption low enough to allow for long battery life. Additionally, LoRa radios can give many kilometres of range, and several companies have set out to create their own networks based on this new protocol.
If you follow Canonical’s code and documentation, you may have noticed that we’re slowly changing some common computing terms. You might wonder what has caused these changes. You might ask why Canonical is putting in the effort to make this more inclusive language stick.
Internet access, Electronic power, Mental and Physical issues …. all about is because of Military Coup.
Sometimes feeling guilty, we are selfish ?
DongshanPI has revealed a “Dongshan Nezha STU Core” board that runs Linux on the RISC-V based Allwinner D1 and offers HDMI, GbE, Type-C, and a GPIO carrier. Meanwhile, Clockwork Pi has launched a D1 option for its DevTerm retro handheld.
The Allwinner D1 continues to expand its claim on the low-end Linux RISC-V market. A new project has appeared on GitHub detailing an upcoming, open-spec Dongshan Nezha STU Core board featuring the D1, which is built around a single 1GHz XuanTie C906 RISC-V core from Alibaba’s T-Head subsidiary. The module plugs into a small carrier board via a SODIMM connection but can also operate on its own as an SBC. In related news from last week, Clockwork Pi has introduced an Allwinner D1 equipped DevTerm Kit R-01 version of its open-spec DevTerm retro handheld device selling for $239 (see farther below).
Ten years ago this week (more or less), the Open Source Robotics Foundation announced that it was spinning out of Willow Garage as a more permanent home for the Robot Operating System. We covered this news at the time (which makes yours truly feel not quite so young anymore), but it wasn’t entirely clear just what would happen to OSRF long term.
Obviously, things have gone well over the last decade, not just for OSRF, but also for Gazebo, ROS, and the ROS community as a whole. OSRF is now officially Open Robotics, but that hasn’t stopped all sane people from continuing to call it OSRF anyway, because five syllables is just ridiculous. Meanwhile, ROS has been successful enough that it’s getting increasingly difficult to find alliterative turtle names to mark new releases.
To celebrate this milestone, we asked some of the original OSRF folks some awkward questions, including what it is about ROS or ROS users that scares them the most.
Capyloon is an operating system designed around web apps and technologies that picks up where Firefox OS when Mozilla abandoned its now-abandoned web-based operating system. Capyloon uses Mozilla’s open source Boot to Gecko operating system as its base, but features a new user interface and suite of apps designed with privacy and distributed technologies in mind.
The new operating system is very much a work-in-progress that’s still in its early stages. But just a few days after I first took note of the OS, the developer delivered a new way to try the software: as a set of packages that allow you to try Capyloon on mainline Linux smartphones including the PinePhone Pro and Purism Librem 5.
It’s been less than a year since the WordPress Pattern Directory was launched, and we already have more exciting news to share. The Pattern Creator is live! You can now build, edit, and submit your best block patterns to the Pattern Directory—submissions are open to all with a WordPress.org user account!
These are some answers to the Week 157 of the Perl Weekly Challenge organized by Mohammad S. Anwar.
Spoiler Alert: This weekly challenge deadline is due in a couple of days from now (on March 27, 2022 at 24:00). This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.
For me, this is really important as I hate being in car. It makes me sick, dizzy and angry to be in a car. Car trips ruins my day.
[...]
As we work remotely most of the time, we started to ask the question :ââ¬Â¯should we move somewhere else? I’m a water-loving guy and Iââ¬Â¯dream everyday of living near the ocean.
For a few years in the early 2000s, I worked for a public-access television station. Part of my job included adding graphics, text, station DOG/bug—the little station logo/ID that typically appears in the lower right corner of a program—to both live and recorded programs. While we used more modern (for the time) software, I’ve always been fascinated by on-screen graphics—especially from the 1970s and ’80s. But there’s one piece of graphics tech I’ve always been interested in exploring. In today’s Tedium, we’re getting a little bit graphic with a look at the Quantel Paintbox.
In June 2019, former Microsoft Senior Director Yasser Elabd traveled to Washington, D.C., to meet with members of the Securities and Exchange Commission, the Federal Bureau of Investigation and the U.S. Attorney General’s office to discuss his allegations that Microsoft was ignoring bribery at subsidiaries in the Middle East and Africa.
The meetings lasted nearly the entire day. Federal agents asked Elabd questions for hours. Elabd’s attorney told him that it was one of the first times they had witnessed the AG’s office send a representative to a whistleblower meeting like his.
But more than a year later, the SEC still hadn’t made a decision about Elabd’s allegations. The agency kept promising him that the team in charge of his case would make a decision soon about whether they would bring charges against Microsoft. Finally, at the beginning of March 2022, the case agent in charge of Elabd’s whistleblowing report told his lawyer that the SEC was closing the case because it didn’t have the resources to conduct interviews and find documentation abroad during the coronavirus pandemic.
So Elabd decided to try a different route to share what he knows. Today he published an essay on the whistleblowing website Lioness that accuses Microsoft of firing him after two decades with the company because he asked questions about what he saw as bribery within the contracting services Microsoft uses to sell software to government and public bodies in countries in the Middle East and Africa.
“We are committed to doing business in a responsible way and always encourage anyone to report anything they see that may violate the law, our policies, or our ethical standards. We believe we’ve previously investigated these allegations, which are many years old, and addressed them. We cooperated with government agencies to resolve any concerns," Becky Lenaburg, Microsoft's vice president & deputy general counsel for compliance and ethics, wrote to Protocol.
I was recruited by Microsoft in 1998, and I helped bring the company’s products throughout the Middle East and Africa for the next 20 years. I was successful and received many promotions. But eventually, I noticed something strange: many employees younger than me, in lower positions, were driving luxury cars and purchasing homes sometimes worth millions of dollars. For my part, I could not afford to buy a home, let alone anything else luxurious, despite my career success. I wondered, naively, whether these colleagues had families with money—but if so, why would they be working on a Microsoft sales team?
I put the thought out of mind as Microsoft’s business in the Middle East and Africa boomed. I established contracts in the public sector in Ghana, Nigeria, Zimbabwe, Qatar, Egypt, Ethiopia, Kenya, and many other countries. I sold licensing and solutions to Saudi Arabia’s Ministry of Health, Ministry of the Interior, and National Guard. The Sub-Saharan Africa team I built generated $1 million in 2002; a year later, our revenue was over $15 million. This is, of course, a tiny amount compared to the $4 billion Microsoft now banks in the region, with its near monopoly.
To accomplish this kind of growth in such a short time, Microsoft has long utilized a network of partners known as Licensing Solution Partners, who are authorized to engage with large public customers because they possess certain technical and business competencies. Together with these partners, Microsoft brings e-health solutions to hospitals and GPS and digitized services (such as online tax payments) to government agencies. The partner then takes a share of Microsoft’s licensing sales revenue, usually 10–15 percent.
One way Microsoft closes deals using these partners is to create a business investment fund to pay for training or pilot projects that could cement longer-term deals. As the director of public sector and emerging markets for the Middle East and Africa, I had oversight of the requests for these funds.
In 2016, a request came through in the amount of $40,000 to accelerate closing a deal in one African country. When I looked through the submission, I immediately knew something was wrong. The customer did not appear in Microsoft’s internal database of potential clients. On top of that, the partner in the deal was underqualified for the project’s outlined scope, and he wasn’t even supposed to be doing business with Microsoft: he had been terminated four months earlier for poor performance on the sales team, and corporate policy prohibits former employees from working as partners for six months from their departure without special approval.
I brought these issues up with the Microsoft services architect who wrote the request, asking why she didn’t take the work in this case to our very capable in-house team, Microsoft Services. She said our in-house daily rate is very expensive, and she needed a less expensive team to handle the pilot.
Still suspicious, I escalated the issue to my manager, and then to the human resources and legal departments. I took the business investment fund very seriously, and wondered why we would be giving money to a partner who could not achieve the desired results. The legal and HR teams put a stop to the $40,000 spend, but to my surprise, did not look deeper into the Microsoft employees who were orchestrating the fake deal.
Last week I posted that I was adjusting my workflow to use MacOS Native Fullscreen. Well, that was a bad idea. I ran into too many problems making it just not worthwhile.
Apple plans to offer the iPhone as as Disservice (iaaD), ensuring you never own even the hardware.
Dave Ramsey offers simplistic financial advice to “consumers”, but his advice on “extended warranties” is dead on. People should refuse to buy “extended warranties”.
They’re essentially a way to pay a “service company” that you may not actually get to honor any claims, or worse, the manufacturer itself, a portion of the device’s cost, in order to get a “service plan”.
The reason I say paying the manufacturer is worse is because it essentially tells the manufacturer that it’s fine to produce junk that breaks a lot, and even if you are buying it through the store, it signals to the store that it’s fine to carry products that are unreliable because they’ll only make more money when customers bet against the reliability of the device they are there to purchase.
Ramsey advises not to buy them because devices tend not to break down within the extended service period, and by the time one thing you buy has a problem, you’ll have paid for so many plans that you’ll be out more money than had you declined all of the plans, and have to fix one thing yourself out of the money that you saved by turning down the plans. And that’s _if_ you can get anyone to honor the plans. Half the time, they come up with some total bullshit reason why they don’t have to, or never even respond to your claim.
The National Security Agency (NSA) has issued guidelines on how to make Kubernetes environments more secure.
Security updates have been issued by Debian (tiff), Fedora (nicotine+ and openvpn), openSUSE (bind, libarchive, python3, and slirp4netns), Oracle (cyrus-sasl, httpd, httpd:2.4, and openssl), Red Hat (httpd and httpd:2.4), Scientific Linux (httpd), SUSE (bind, libarchive, python3, and slirp4netns), and Ubuntu (firefox).
CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
As previously announced, support for Istio 1.11 has now officially ended.
At this point we will no longer back-port fixes for security issues and critical bugs to 1.11, so we heartily encourage you to upgrade to the latest version of Istio (1.13.2) if you haven’t already.
Google has released Chrome 99.0.4844.84 for Windows, Mac, and Linux users to address a high-severity zero-day bug exploited in the wild.
"Google is aware that an exploit for CVE-2022-1096 exists in the wild," the browser vendor said in a security advisory published on Friday.
The Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released.
The vulnerability is tracked as CVE-2022-0543 and was discovered in February 2022, affecting both Debian and Ubuntu Linux distributions.
