Linux Servers – Greguti Sun, 09 Jan 2022 19:09:26 +0000 en-US hourly 1 Linux Servers – Greguti 32 32 How much does Nord VPN cost per month? How much does it cost? Sun, 09 Jan 2022 13:06:40 +0000

What is NordVPN and how does it work?

Secure, fast, and remarkably easy to use, NordVPN is a premier virtual private network (VPN). Millions of people around the world trust NordVPN’s easy-to-use VPN app for Android, iPhone and iPad. Third parties cannot see what you are doing online because of this tool.

I can confidently recommend NordVPN to anyone looking for a VPN service.

How much does Nord VPN cost?

With Nord VPN, you have the possibility to choose between three EXTREMELY cheap plans. As low as $ 4 !!

NordVPN pricing

For just $ 4.92 per month, you can use NordVPN’s VPN service for a full year when you sign up for their annual plan.

Here’s a great offer for FedRegsAdvisor readers:

Click on here to check the cheapest offers

Features of the Nord VPN Premium plan

A NordVPN premium account can be used to connect up to six devices simultaneously, giving you six times the security. Even if you are using a different operating system than the one supported by NordVPN (Windows, Android, iOS, Linux), the service will still protect your privacy and keep your data secure.

For those paying for a premium plan, they will be protected from third party eavesdropping.

You have the option to cancel your premium subscription at any time.

With a premium subscription, you can access your account from anywhere and anytime. There are thousands of NordVPN servers in 59 different countries. You can expect a fast and stable internet connection wherever you are.

When it comes to personal information, you can rely on them to keep it private to ensure that no one else can see what you are doing online, NordVPN is protecting your IP address.

Bottom line is that it is one of the best and most reported VPN providers. No plug.

Source link

Azure Virtual Desktop Service gets reliable launch protections – Fri, 07 Jan 2022 23:51:21 +0000


Azure Virtual Desktop Service gets reliable launch protections

Microsoft on Friday announced Azure Virtual Desktop support for virtual machines with “Trusted Launch” protections.

Trusted Launch support for Azure virtual machines has reached “general availability” (retail version) November 2, but Microsoft is now “officially” announcing support for Trusted Launch for its Azure Virtual Desktop service. The Azure Virtual Desktop service (formerly known as “Windows Virtual Desktop”) is Microsoft’s virtual desktop infrastructure service that enables organizations to remotely access applications and desktops from Microsoft’s servers.

Reliable launch guards
Trusted Launch is Microsoft’s term for technologies that add boot-level protections to the operating system to block malware, called bootkits. Firmware, driver, and kernel rootkits that may be present are also blocked.

Specifically, Trusted Launch users benefit from Virtual Trusted Platform Module (vTPM) and Secure Boot assurances, as well as virtualization-based security protections.

Secure Boot establishes a “root of trust” for software on virtual machines and “works to ensure that only operating systems and signed drivers can boot,” according to Microsoft “Trusted Launch for Azure Virtual Machines” document.

The vTPM element in Trusted Launch has been described as conforming to the TPM 2.0 chip specification. It keeps the security keys separate from the virtual machine. A cloud-based service is used to certify the boot chain, the Microsoft document explains:

Secure launch uses vTPM to perform remote cloud attestation. This is used for platform health checks and for making decisions based on trust. As a health check, Trusted Launch can cryptographically certify that your virtual machine has started correctly.

The third component of Trusted Launch is virtualization-based security, which creates a “secure and isolated region of memory” to run security solutions. It enables the Hypervisor Code Integrity security solution, which is used to protect the Windows kernel against code injection and the execution of unsigned files. It also enables Windows Defender Credential Guard, which “isolates and protects secrets so that only privileged system software can access them,” the document explains.

Trusted Launch Limitations
Trusted Launch for Azure Virtual Desktop includes support for Windows systems and multiple Linux systems. However, a big problem for current users of the Azure Virtual Desktop service is that using Trusted Launch is also dependent on usage. Generation 2 Azure virtual machines. In addition, these virtual machines must be newly created to benefit from Trusted Launch protections.

Here is Microsoft’s warning to this effect, according to the document:

Safe launch requires the creation of new virtual machines. You cannot enable Secure Launch on existing virtual machines that were originally created without it.

The document also listed some other limitations for Trusted Launch. This requires the use of certain sizes of Azure VMs. It also does not currently work with the Azure Site Recovery service. You cannot use nested virtualization with. Azure Dedicated Host is not supported, and more.

Microsoft is also touting the use of the Microsoft Defender for Cloud service with Trusted Launch, as these users receive alerts when Trusted Launch-protected issues arise. However, Microsoft noted that these “alerts are only available in the Standard level Azure Defender for the Cloud. ”

Microsoft Defender for Cloud is a recently renamed product. It is a combination of Azure Security Center and Azure Defender products.

About the Author

Kurt Mackie is Senior News Producer for 1105 Media’s Converge360 Group.

Source link

Get started with Linux programming with this $ 20 development pack Wed, 05 Jan 2022 23:08:49 +0000


BleepingOffers on computers

You use Linux every day, you just might not realize it. Anytime you enter a query on Google, scroll through your Facebook feed, or stream a video to YouTube, you’re essentially communicating with a Linux server. If you have an Android phone, you also indirectly use a version of the Linux kernel.

While Windows and iOS take the lion’s share of operating systems, Linux dominates HTTP servers. Almost all of the major sites use their server software, which is also built using the Linux kernel.

If you want to get into IT and work with servers, it is worth learning Linux and getting started. The Linux mastery development set. The collection contains $ 1,400 of content, but you can buy it today for $ 20 – no coupon needed – at Bleeping Computer Deals.

This 7-part set is primarily aimed at helping you master Linux Command Line, Bash Shell, Secure Shell, Ubuntu, and Kali. It contains 34 hours of expert instruction and is designed to help you master one of the best business operating systems out there.

Each course is suitable for beginners so as not to overwhelm you with technical information, and you are free to take the courses at your own pace and at your own pace.

As well as teaching you the basics via a comprehensive introduction, the pack also covers using Linux for cybersecurity. You will explore Kali Linux, an advanced platform for penetration testers, hackers, security analysts, bug hunters, and security administrators.

There is also a dedicated shell scripting course, where you will receive a step-by-step guide on how to write scripts to automate tasks and save time.

If your goal for the New Year is to dive deep into something new, now is the best time to take it back. Normally $ 1,400, order today for $ 20 to get lifetime access to the seven bundled courses.

Prices subject to change.

Disclosure: This is a StackCommerce agreement in partnership with In order to participate in this offer or giveaway, you must create an account in our StackCommerce store. To learn more about how StackCommerce handles your registration information, please see the StackCommerce privacy policy. Additionally, earns a commission for every sale made through StackCommerce.

Source link

Curious about Trump’s “Truth” social network? Make your own instead Sat, 01 Jan 2022 19:00:15 +0000

Source: Pocketnow

Former US President Donald Trump has raised $ 1.25 billion to create its own social network “Truth” to move away from large technological social networks like Twitter and Facebook … and also because he was banned from these platforms for violating their terms of use. The “Truth” social media platform that the Trump team is developing will be based on Mastodon, a Fediverse social media platform very similar to Twitter. The difference is that Mastodon is open source, it federates with all the other social media platforms in the federated universe, and anyone can create their own server instance for free.

Trump’s social ‘truth’ the developers simply installed Mastodon and made some modifications. This is actually encouraged in the open source software community and Fediverse, but there is one big rule that the developers at Trump have ignored … the software license requires that any changes you make also be open source and published. Trump didn’t do it at first, instead claiming that Social Truth is something completely new, but they released the source as a ZIP file when called in case of software license violation.

But what is the Fediverse?

It is basically a network of social media servers. Instead of a single monopoly social network like Facebook where everything that happens on Facebook is essentially owned and controlled by Facebook, the Fediverse is more collaborative and open. The special thing about social media platforms in Fediverse is that you can create an account on one server and “follow” accounts on other servers AND other platforms.

What makes this especially cool is the diversity of the Fediverse platforms. For example, Mastodon looks a lot like Twitter, Peertube looks a lot like YouTube, Pixelfed looks like Instagram, and Funkwhale looks like Soundcloud. You can see a whole list of the different Fediverse platforms on Fediverse.Party and find out how they differ.

Make your own.

There are many documents available to start your own instance of the Fediverse social network for free. Most will require a Linux server, but you can create one at home or sign up for a cloud-based VM instance. Here are some links and videos to point you in the right direction.

As an option, if you already have a WordPress site, there is a development plug-in that adds Fediverse support to your existing site.

Rent your own server

If this all sounds too complicated, there are Fediverse hosting services as well. You can pay someone else a monthly fee to run a Mastodon server for you and handle all the technical stuff. Host Masto is a good example. For 6 euros / month you can get 5 users and a 2 GB database; perfect for a family … or you can build a bigger social network community with something like 2000 users for 89 euros / month. There are also many other options, such as: MaaStodon, Russian Space Bears, and BitCap Network

Or just join someone else’s server instance

Presumably Trump’s “Truth” social network will have all the federation capabilities that Mastodon and other Fediverse platforms have (I haven’t looked at their source code), so of course you can just join the instance. Someone else’s fediverse and have the same capabilities. As mentioned, a Fediverse account has complete freedom to track and interact with other accounts on completely different platforms and instances.

There is a Fediverse Observer List of available servers where you can see which ones are accepting new users as well as other information such as the number of users they already have and their stability in terms of availability. You can also choose more local instances for you. For example, if you live in Brazil, why not join a Brazilian social network?

Make sure you understand, however, that joining someone else’s forum means you will be governed by their policies, just as Trump was governed by the policies of Twitter. If you want to create your own policies, create your own server.


Will Trump’s removal from Big Tech social media help strengthen the decentralized web and make more people aware of the freedom of the Fediverse? May be. You should, however, circulate this article to disseminate information about the Fediverse. I’ve been using it for a few years now, so if you sign up, feel free to follow me here: Adam (@[email protected])

Source link

Biggest data breaches, hacks of 2021 Fri, 31 Dec 2021 14:02:50 +0000

In 2021, thousands of new cybersecurity incidents were recorded – and although cryptocurrency theft and loss of data is now commonplace, this year stands out with several high-profile incidents involving ransomware, chain attacks. procurement and exploitation of critical vulnerabilities.

The Identity Theft Research Center (ITRC) reported an increase by 17% of the number of data breaches recorded in 2021 compared to 2020. However, a deep-rooted lack of transparency around the disclosure of security incidents continues to persist – and so this may be a low estimate.

According to IBM, the average cost of a data breach has now reached more than $ 4 million, while Mimecast estimates that the average demand for ransomware on U.S. businesses is well over $ 6 million. the world record for the largest payment, made by an insurance company this year, now stands at $ 40 million.

Read on: He is the perfect ransomware victim, according to cybercriminals | Cost of corporate data breaches hit record high during COVID-19 pandemic |

Experts have warned that the security issue could persist for years with the recent emergence and rapid exploitation of the Log4j vulnerability. This also applies to data breaches, breaches and theft, the numbers of which are unlikely to decrease in the near future.

Here are some of the most notable security incidents, cyber attacks and data breaches of 2021.


  • Live Corner: Following an alleged hack in December, the Livecoin cryptocurrency exchange closed its doors and exited the market in January. The Russian Trade Post claimed that the threat actors were able to break in and falsify the values ​​of cryptocurrency exchange rates, causing irreparable financial damage.
  • Microsoft Exchange Server: One of the most damaging cybersecurity incidents this year was the widespread compromise of Microsoft Exchange servers caused by a set of zero-day vulnerabilities known collectively as ProxyLogon. The Redmond giant became aware of the flaws in January and released emergency fixes in March; however, the state-sponsored threat group Hafnium was joined by others for months after attacks on unpatched systems. Tens of thousands of organizations have reportedly been compromised.
  • Meetmindful: The data of more than two million users of the dating app has reportedly been stolen and disclosed by a hacking group. The leaked information included everything from full names to Facebook account tokens.


  • SITA: An IT provider of aviation services around the world, SITA, has said that a security incident involving the servers of SITA’s passenger service system led to the exposure of personally identifiable information belonging to airline passengers. Airlines involved in the data breach were then required to contact their customers.
  • ATFS: A ransomware attack against payment processor ATFS forced several US cities to send data breach notifications. The group of cybercriminals that claimed responsibility, Cuba, claimed to have stolen a wide range of financial information from their leak site.


  • Mime: Due to the Solarwinds supply chain attack disclosed in December 2020, Mimecast found itself the recipient of a malicious software update that compromised the company’s systems. Mimecast said its production grid environment was compromised, resulting in the exposure and theft of source code repositories. In addition, certificates issued by Mimecast and certain client server connection datasets were also factored into the violation.
  • Attached: Tether faced an extortion demand from cyber attackers who threatened to release documents online that “would harm the Bitcoin ecosystem.” The request, for around $ 24 million or 500 Bitcoin (BTC), was met on deaf ears as the blockchain organization refused to pay.
  • CNA Financial: CNA Financial employees were unable to access company resources and were stranded following a ransomware attack that also involved the theft of company data. The company reportedly paid a ransom of $ 40 million.


  • Facebook: A data dump of information belonging to more than 550 million Facebook users has been posted online. Facebook IDs, names, dates of birth, gender, location and relationship status have been included in logs, which Facebook – now known as Meta – was collected through scratching in 2019.


  • Colonial pipeline: If there has ever been an example of the impact of a cyberattack on the physical world, it is the cyberattack experienced by Colonial Pipeline. The fuel pipeline operator was hit with ransomware, courtesy of DarkSide, resulting in fuel delivery disruption and panic buying across the United States. The company paid a ransom, but the damage was already done.
  • Omiai: Japanese dating app said unauthorized entry may have led to the exposure of data belonging to 1.7 million users.


  • Volkswagen, Audi: The automakers have disclosed a data breach affecting more than 3.3 million customers and some potential buyers, the majority of whom were based in the United States. An associated vendor has been singled out as the cause of the breach, suspected of being responsible for exposing this data in an insecure manner at “some point in time” between August 2019 and May 2021.
  • JBS United States: The international meat packaging giant suffered a ransomware attack, attributed to the ransomware group REvil, which had such a disastrous impact on operations that the company chose to pay an $ 11 million ransom in exchange for it. ‘a decryption key to restore access to its systems.


  • UC San Diego Health: UC San Diego Health said employee email accounts were compromised by malicious actors, leading to a larger incident in which patient, student, and employee data, potentially including medical records, claims information, prescriptions, treatments, social security numbers, etc. were exhibited.
  • The British hunting rifles, rifles and shooting equipment trade website said records of around 100,000 gun owners, including their names and addresses, had been published online. As the ownership and supply of firearms is tightly controlled in the UK, this leak has caused serious privacy and personal safety concerns.
  • Kaseya: A vulnerability in a platform developed by IT service provider Kaseya was exploited to affect approximately 800 to 1,500 customers, including MSPs.


  • T Mobile: T-Mobile experienced another data breach in August. According to reports, names, addresses, Social Security numbers, driver’s licenses, IMEI and IMSI numbers, and customer credentials have been compromised. It is possible that around 50 million existing and potential customers have been affected. A 21-year-old man took responsibility for the hack and claimed to have stolen around 106 GB of data from the telecommunications giant.
  • Poly Network: Blockchain organization Poly Network revealed an Ethereum smart contract hack used to steal more than $ 600 million in various cryptocurrencies.
  • Liquid: More than $ 97 million worth of cryptocurrency has been stolen from the Japanese cryptocurrency exchange.


  • Finance Cream: The decentralized finance organization (DeFi) Cream Finance reported a loss of $ 34 million after exploiting a vulnerability in the project’s market system.
  • AP-HP: Paris public hospital system, AP-HP, was targeted by cyber attackers who successfully scanned the personal information of individuals who passed COVID-19 tests in 2020.
  • Debt-IN Consultants: South African debt collection firm says cyberattack resulted in ‘significant’ incident with impact client and employee information. Personal information, including names, contact details, salaries and employment records and debts owed, are suspected to be involved.


  • Coinbase: Coinbase sent a letter to around 6,000 users after detecting a “third-party campaign to gain unauthorized access to Coinbase customer accounts and transfer customer funds out of the Coinbase platform.” The cryptocurrency was taken without the permission of certain user accounts.
  • Neiman marcus: In October, Neiman Marcus made public a data breach that occurred in May 2020. The intrusion was not detected until September 2021 and included the exposure and potential theft of more than 3.1 million credit cards. customer-owned payment, although most are considered invalid or expired.
  • Argentina: A hacker claimed to have compromised the Argentine government’s National Register of Persons, thereby stealing the data of 45 million people. The government denied the report.


  • Panasonic: Japanese tech giant revealed a cyberattack took place – a data breach occurring from June 22 to November 3, with a discovery on November 11 – and admitted information was viewed on a file server .
  • Squid game: Cryptocurrency operators jumping on the popularity of the Netflix Squid Game show (though not officially associated) have crushed the value of the SQUID token in what appears to be an exit scam. The value fell from a high of $ 2,850 to $ 0.003028 overnight, losing millions of dollars to investors. An anti-dumping mechanism ensured that investors couldn’t sell their tokens – and could only look in horror at the value of the destroyed coin.
  • Robin Hood: Robinhood disclosed a data breach impacting approximately five million users of the trading application. Email addresses, names, phone numbers and more were accessible through a customer support system.


  • Bitmart: In December, Bitmart said a security breach allowed cyber attackers to steal around $ 150 million in cryptocurrency and caused total losses, including damage, reaching $ 200 million.
  • Log4j: A zero-day vulnerability in the Log4j Java library, a remote code execution (RCE) vulnerability, is now actively exploited in the wild. The bug is known as Log4Shell and is now being turned into a weapon by botnets, including Mirai.
  • Kronos: Kronos, an HR platform, was the victim of a ransomware attack. Some Kronos Private Cloud users are now facing an outage that can last for weeks, and right before Christmas as well.

Prior and related coverage

Do you have any advice? Contact us securely via WhatsApp | Call +447 713 025 499, or on Keybase: charlie0

Source link

2021: A year in open source Mon, 27 Dec 2021 22:20:13 +0000

Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more

Leave him OSS Company Newsletter guide your open source journey! register here.

Open source software (OSS) is never too far from praise and controversy, whether it’s a major security incident, a marquee battle, or flying a helicopter on Mars.

Let’s take a look back at some big OSS talking points from the year.

A serious open source flaw

Above: the Log4j logo

Security is still a major topic of discussion in the open source world, and 2021 was no different. The biggest story of the year was almost certainly the zero-day vulnerability found in the Apache logging library Log4j, which is used by countless consumer and enterprise companies, from Apple’s iCloud to AWS and IBM.

Log4Shell, as the vulnerability is known, had been around since 2013, but was not discovered by Alibaba security staff until the end of November and publicly revealed two weeks later. It is considered particularly dangerous, since it enables remote code execution (RCE), allowing hackers to gain access to remote systems and sensitive data. Log4Shell was elevated to near-celebrity when it achieved a Common Vulnerability Scoring System (CVSS) security rating of 10.

Although the Apache team released a patch on December 6, Log4j’s ubiquity in cloud services, infrastructure, and everywhere in between, makes it difficult for every business to update their systems quickly enough. to know that their software relies on Log4j in the first place. Needless to say, attackers started looking to exploit Log4Shell in the wild and widened their reach into the realm of ransomware.

There are many lessons to be learned, as Justin Dorfman, Reblaze’s open source program manager, wrote in VentureBeat:

“The incident shows how a vulnerability in a seemingly simple piece of infrastructure code can threaten the security of banks, tech companies, governments, and just about any other type of organization.”

However, as a result of the Log4j vulnerability, the usual argument has surfaced, with countless people noting that it made the light on the inherent security gaps of community software. But others responded by saying the main problem was that companies were happy to take advantage of open source at the right times, give nothing back, and then point the finger at OSS when things go wrong. .

Serving as a somewhat sobering reminder, one of the main people behind the Log4j project – Ralph Goers, who patched the vulnerability – has a full-time job elsewhere as a software architect. Goers works on “Log4j and other open source projects” in his spare time.

Poetic license

LAS VEGAS, NEVADA - NOVEMBER 30: Attendees arrive during AWS re: Invent 2021,

Above: LAS VEGAS, NEVADA – NOVEMBER 30: Attendees arrive during AWS re: Invent 2021,

Image Credit: Noah Berger / Stringer via Getty

Arguably one of the most important talking points came at the start of the New Year, when Elastic revealed it was in transition its database search engine Elastic search from an Apache 2.0 open source license to a duo of “source available” proprietary licenses. The move came as no surprise and was the culmination of years of confrontation between Elastic and Amazon’s cloud computing arm, Amazon Web Services (AWS).

As a fully open source project, any company was free to do whatever they wanted with Elasticsearch, including offering it ‘as a service’, as Amazon did when it launched Amazon Elasticsearch Service in. 2015. chain reaction of events that ultimately led Elastic to move Elasticsearch – and the Kibana visualization dashboard – to new licenses.

One of the issues was that Amazon chose to use “Elasticsearch” on behalf of its own managed service – it was, in Elastic’s view, a clear trademark violation, and it caused confusion. in the market space as to which Elasticsearch service was which. This is why Elastic filed a complaint against Amazon in 2019, but lawsuits are usually not a quick process. Additionally, the license change helped speed things up by moving Amazon away from the Elasticsearch brand. It worked, because just a week after Elastic announced the license change, Amazon revealed he would start working on an open source Elasticsearch fork, which would eventually ship under a brand new name – Open search.

Licensing issues were also evident elsewhere in the open source sphere. The Software Freedom Conservancy (SFC), whose sponsors include Google and Red Hat, sued Vizio, alleging that the smart TV maker violated two open source licenses by using and modifying the software without making the derived source code available to the public. . Vizio shows no signs of changing, however, and the deal took a turn a little ugly when Vizio filed a request to “withdraw” the case from the California State Court, apparently based on the belief that “consumers have no third party beneficiary rights under copyleft.”

Meanwhile, former US President Donald Trump’s next social network “Truth Social” apparently violated Mastodon open source license, Mastodon threatening legal action. The crux of the matter was that Truth Social’s terms of service stated that the code was fully proprietary and made no reference to its Mastodon foundation – furthermore, the open source license states that all derivative projects must also be available under the same License.

While the social network has yet to officially launch, it appears to have taken a certain step towards meeting Mastodon’s licensing requirements – it recently recognized that it was built on Mastodon, and the developers downloaded a zip file of its source code. Whether this will suffice remains to be seen, but the eyes of the open source community will remain on Trump’s company ahead of the official launch in 2022.

Brand fights

The brand issue is by no means unique to AWS vs Elastic. Just before the start of the new year, Facebook claimed brand ownership over the open source “PrestoDB” project. This caused a problem for PrestoSQL, a fork created by the original creators of Presto when they left Facebook – they were forced to change the name of their project in Trino.

Fast forward ten months to November and live streaming software provider Streamlabs OBS had to give up “OBS” from his name after he was called by the open source OBS project on which it is built. Similar to AWS vs. Elastic, avoiding brand confusion was at the heart of this, with Project OBS’s Twitter account revealing that some of its support volunteers were facing angry Streamlabs customers, who were apparently confused between the two entities. .

Open source eats Mars

Open source software is so ubiquitous that it has often been said to devour the world. But if the first martian helicopter flight is something to pass, open source software is eating up the entire solar system.

The historic achievement was made possible by “an invisible team of open source developers around the world,” former GitHub CEO Nat Friedman wrote. Some 12,000 developers have contributed to the open source projects used in the software that propelled the helicopter’s maiden flight to the Red Planet – and yet, “most of these developers don’t even know they helped make it possible. the first Martian helicopter flight, ”noted Friedman.

To mark the occasion, GitHub placed a March 2020 Helicopter Mission badge on the GitHub profile of each developer who contributed code used in the mission.

Above: GitHub badge

Linux turns 30

Linux was first exit On September 17, 1991, the ubiquitous open source operating system turned 30 this year.

It is impossible to underestimate the importance of Linux across the technology spectrum. Android, the world’s most widely used mobile operating system, is based on a modified version of the Linux kernel. Today, Linux is used in everything from automobiles to air traffic control at Medical equipement, and is also widely used in web servers, the most common being Apache. In fact, much of the growth of the web over the past 30 years has been fueled by Linux and similar open source software.

Here are the next 30 years of open source innovation.


VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Source link

Phoronix Test Suite 10.8 released with many enhancements for Open Source benchmarking Sun, 26 Dec 2021 10:14:00 +0000

Phoronix Test Suite 10.8 is the latest quarterly feature update for our open source, automated, cross-platform benchmarking software.

Phoronix Test Suite 10.8 unifies its management of environment variable options to now easily expose all these options from the Phoromatic server web interface for more robust testing. Phoronix Test Suite 10.8 also improves its test setup and detection of test run errors, also for more robust reporting in Phoromatic. In addition, there are many other fixes and improvements to the Phoromatic component for automated orchestration of benchmark tests within laboratories. Phoronix Test Suite 10.8 also features improvements to macOS 12 support, PHP 8.1 fixes, new / upcoming processor detection, and more.

Phoronix Test Suite 10.8 is available for download at Phoronix test suite on GitHub. Below is the longer list of notable changes with Phoronix Test Suite 10.8.

Phoronix 10.8.0 test suite

December 25, 2021

pts-core: Remaining PHP 8.1 warnings / patches resolved

pts-core: various macOS 12 warning fixes

pts-core: allows the use of the OUTPUT_DIR / OUTPUT_FILE environment variables to control the result-file-to * subcommands

pts-core: improved JSON output generation, added option to results viewer

pts-core: add result-file-to-html subcommand and simple inline HTML result output option from results viewer

pts-core: allow sorting of results by test date / time

pts-core: add the TEST_EXECUTION_SORT environment variable to allow sorting the test execution order in several ways

pts-core: consolidate / centralize the management of environment variable options to pts_env

pts-core: add remove-incomplete-results-from-result-file helper command to remove results with incomplete or missing data

pts-core: add environment variable REMOVE_TESTS_ON_COMPLETION as another way to automatically uninstall / remove tests after execution

pts-core: improved test / reporting installation and detection of test execution errors

pts-core: allow recording / archiving of installation and runtime errors in installation metadata

pts-core: add list-failed-installs subcommand to display tests that failed to install

pts-core: add list-test-errors subcommand to display test execution errors

pts-core: add variables subcommand to display descriptions of environment variables and what is set

pts-core: dynamic detection of the location of the Windows download folder

pts-core: improved Zip management on Windows

phodevi: Added detection for Arm Cortex-A710 and Neoverse-N2 cores

phodevi: Added detection for AMD Zen 4 cores

phodevi: Added detection for Intel Raptor Lake

phodevi: Allows better model number detection on Windows / Linux for Dell and Apple laptops

phodevi: CPU temperature monitoring under Windows

phodevi: display the value of scaling the frequency of the processor “energy_performance_preference” if applicable

phodevi: Linux CPUFreq EPP reporting support

phodevi: report security features of Windows 10+

phodevi: add environment variable PHODEVI_SAnitIZE for those who want to remove certain hardware / software strings from system information

cleanup: add a module that can automatically uninstall tests that do not run within a given period of time

phoromatic: allow the exposure of the PTS environment variables relevant for configuration by the Phoromatic server for marks / programs as an “advanced options” area

phoromatic: Use unified results visualization code to present results graphs and other results page data

phoromatic: use the shared / common code of the results viewer to allow adding / editing annotations, editing the title / description of the results file and removing individual results from the results viewer

phoromatic: improved efficiency when viewing results with a single results file

phoromatic: allow the Phoromatic client to connect to Phoromatic’s HTTPS servers

phoromatic: optionally allow the download of the test installation / execution logs on the Phoromatic server

phoromatic: “Run benchmark” low zone to run conventional PTS / system test suites

phoromatic: allow the test programs page to add suites to a program rather than just adding test profiles

phoromatic: add option to settings page to always uninstall / remove tests after execution for all Phoromatic tests

phoromatic: also allows you to define environment variables on a global basis from the Settings page of the Phoromatic server

phoromatic: allows submission of test installation metadata to the Phoromatic server so that the systems area can display currently installed tests and any errors

phoromatic: Registration support (settings page) for streaming current benchmark results to the Phoromatic server between tests so that the results can be viewed from the server as and when they are finished

phoromatic: further unify the results viewer and the common Phoromatic display code

Source link

Bay Area City requests cybersecurity assistance Thu, 23 Dec 2021 21:49:37 +0000

This story is limited to Techwire Insider members.

This story is limited to Techwire Insider members. Log in below to read this story or learn more about membership.

In a recent solicitation, a coastal town in the Bay Area is seeking cybersecurity assistance from IT companies.

In one request for proposals (RFP) published on December 8, the city of Fremont is issuing a call for tenders to provide it with a cybersecurity assessment early next year. Among the takeaways:

  • The city is seeking “an established IT professional service provider” with “a clear grasp in a wide range of cybersecurity and compliance areas” including penetration testing, risk assessment, security assessment. security, identity and access management, vulnerability management, application security assessment, and regulation and compliance. executives, according to the RFP. The project involves performing “a variety of penetration testing and security assessments of the city’s internal, external and wireless networks”. The objective is to allow Fremont to have “a comprehensive understanding of the potential risks associated with current vulnerabilities, to assess the effectiveness of current controls”, to ensure that its existing cybersecurity efforts align with “the key security frameworks and best practices such as NIST ‘and improve the effectiveness of the city’s cybersecurity program.
  • Fremont’s current environment includes “several” physical sites connected to its network via city-owned fiber optic and two 1 Gbps Internet connections through which the city has “provided a secure VPN tunnel to encrypt traffic.” . The “topology of the city’s core network is based on Ethernet and consists of two central switches connected via a 10 Gbps WAN (Wide Area Network) fiber optic link”. City workstations and servers connect to 1 Gbps edge switches; these switches have “redundant fiber links that connect at 1 Gbps to each primary switch.” Fremont “primarily” uses “Microsoft Windows operating systems (OS) for endpoints and Microsoft Windows and Linux for servers and devices in addition to several other (OS) used in endpoints, network devices , databases, storage, (Internet of Things), etc. . “
  • The requirements include a “pre-assessment approach, project management and stepwise approach methodologies for the proposed solution”; roughly predetermine the extent of “any additional network traffic resulting from the various scans and / or assessments” to avoid denials of service and / or bandwidth issues; the scope of external penetration tests for up to 42 IP addresses; and the scope of internal penetration testing and vulnerability assessments for up to 300 IP addresses. The selected vendor will also be responsible for the scope of wireless network penetration testing for up to seven SSIDs across multiple physical locations. The proponent will also configure “all software and / or hardware components necessary for the implementation of the various cybersecurity assessments offered”. The scope of the proposed cybersecurity assessment “will include up to 10 web application penetration tests”.
  • The Respondent’s Statement of Qualifications must indicate the “size, stability and capacity” of the organization, including the total number of years in business and the number of years the proponent has provided “service”. similar to the scope of the services described in this RFP ”. The declaration must also include the total number of current employees; number of offices and locations; number of employees in the office that will provide the services; any “past, current or potential conflict of interest” that may arise as a result of the performance of this work; Respondent’s experience in providing cybersecurity and risk assessments, and in completing “projects of similar size, scope and complexity to the procurement required by this RFP.” The proponent should also include a list of recent projects. The proposed project staff should include “Account Manager, Project Manager, Senior Trainer, Technical Architect” and all other people assigned to the project, along with their qualifications.
  • The precise value of the contract is not indicated. Its duration must begin after all have signed and “continue until the completion of all services” in accordance with the time requirements. Questions must be asked by 3 p.m. on January 7, and answers by January 12. Proposals must be submitted by 2:00 p.m. on January 18.
Source link

Extradited Americans accuse Russian financial data thief • The Register Mon, 20 Dec 2021 22:23:00 +0000

The Massachusetts attorney’s office on Monday announced the extradition of Vladislav Klyushin, a Russian business executive with ties to the Kremlin on charges of hacking U.S. computer networks and fraud in securities trading in undisclosed financial data.

Klyushin, 41, from Moscow, Russia, was arrested in Sion, Switzerland on March 21, 2021, would have disembarking from his private jet while on vacation with his family. The following month, Russia requested that he be returned home, and almost two weeks later, the United States requested that he be returned to America for trial. The Swiss rejected Russia’s request to be incompatible with its laws and ultimately accepted the American request.

Monday, the Ministry of Justice unsealed charges against Klyushin ahead of his scheduled court appearance. Federal government accuses him of conspiring to gain unauthorized access to computers and to commit wire and title fraud, and to gain unauthorized access to computers, and then to commit wire fraud and on titles.

Klyushin, also spelled “Kliushin,” said in the government complaint [PDF] being the owner of the M-13 penetration testing company, is one of the five co-accused. The others, still at large, are: Ivan Ermakov, 35, from Moscow, former officer in the Main Russian Intelligence Directorate (GRU); Nikolai Rumiantcev, 33, from Moscow; Mikhail Vladimirovich Irzak, 43, from St. Petersburg, Russia; and Igor Sergeevich Sladkov, 42, from St. Petersburg.

Ermakov, also spelled “Yermakov”, is one of the seven suspected agents of the GRU indicted by the Ministry of Justice in October 2018, with hacking, wire fraud, aggravated identity theft and money laundering linked to the 2016 US election and disinformation operations targeting sports and anti-doping organizations.

M-13, according to the US government complaint, provided computer and media monitoring services, cybersecurity advice and penetration testing, and claimed prominent Russian government officials and agencies as clients. The company also reportedly offered investment management in return for 60% of investors’ profits – a particularly attractive rate unless extraordinary profits are assured.

Between January 2018 and around September 2020, Klyushin, Ermakov and Rumiantcev allegedly conspired with others to gain access to the computer networks of two U.S. companies authorized to file electronic documents with the SEC on behalf of corporate clients. The defendants allegedly used stolen employee credentials, associated with the networks of the two depository companies, to gain access to the financial information of hundreds of publicly traded companies before it was released.

“Armed with these reports, which contained important non-public information, the defendants further conspired to enrich themselves by trading in the securities of these companies,” the complaint said. “Thanks to this ploy, the defendants have made tens of millions of dollars in illegal profits.”

The defendants allegedly bought the shares of companies reporting positive results and sold short the shares of those planning to publish negative results. They are said to have bought or sold shares of Snap, Cytornx Therapeutics, Horizon Therapeutics, Puma Biotechnology, Synaptics, Capstead Mortgage, SS&C Technologies, Roku, Avnet and Tesla, among others.

Boiler room scam

The separate complaint against Irzak and Sladkov [PDF] describes similar transactions in non-public information involving some of the aforementioned companies as well as others, including, but not limited to: Grubhub, Patterson UTI-Energy, Ultra Clean Holdings, CNH Industrial NV, Getty Realty, Essendant, Tandem Diabetes Care, Kohl’s, Box, IBM and The Nielsen Company.

The program is said to have brought in tens of millions of dollars to participants. According to the affidavit of FBI agent BJ Kang [PDF], Irzak and Sladkov made deals involving 149 companies before the results were announced and achieved a 66% success rate, accurately anticipating whether the relevant share price would rise or fall.

The charges against Klyushin – the sole of the alleged conspirators currently in custody – carry potential maximum penalties, if convicted, of: five years for conspiring to gain unauthorized access to a computer and commit electronic fraud and securities fraud; five years for unauthorized access to a computer; and 20 years each for securities and wire fraud. Per-count penalties also include up to three years of supervised release, potential fines of $ 250,000 or double the gross gain or loss, and provisions for restitution and forfeiture.

Following the Swiss court’s decision to send Klyushin to the United States and the dismissal of Klyushin’s appeal, Russia’s Foreign Ministry via Twitter last week expressed its dissatisfaction with the legal process.

“We are deeply disappointed with the decision handed down in Switzerland on the extradition of Russian citizen Vladislav Klyushin to the United States,” the ministry said. noted last week, noting that the Swiss had rejected the Russian Attorney General’s request to return Klyushin to Russia and instead accepted “the highly questionable US allegations.” ®

Source link

Open Source Advent Calendar: The Ubuntu Linux PC Operating System Sun, 19 Dec 2021 04:33:56 +0000

It’s an advent calendar for tech-savvy people. In the fully commercialized digital world, almost everything is owned by a large internet company. Their software is neither open nor free. As an alternative, there is this small island of the open source world: software whose code is publicly visible and can be independently verified for possible security breaches and backdoors. Software that can be freely used, distributed and improved. Often the motivation for work is simply the joy of providing something useful to the company.

Short portraits of open source projects will be published on heise online from December 1 to 24. These are the functions of the respective software, pitfalls, history, context, and funding.

Short portraits of open source projects will be published on heise online from December 1 to 24. These are the functions of the respective software, pitfalls, history, context, and funding. Some projects are supported by an individual, others by a loosely organized community, a tightly managed foundation with full-time staff, or a consortium. The work is completely voluntary, or it is funded through donations, cooperation with internet companies, government funding, or an open source business model. Whether it is a single application or a complex ecosystem, whether it is a PC program, an application or an operating system, the diversity of open source is overwhelming.

In the small Linux desktop operating system market, Ubuntu is the largest. The open source project focuses on the Canonical company, which is developing Ubuntu with a large community. The main decision-maker is a “benevolent dictator for life”. Ubuntu is the most popular Linux desktop operating system. Relative to the overall market, distribution is manageable. Linux has a market share of only 2% worldwide and throughout Germany. In the Linux cosmos, however, Ubuntu is a leader. There are no reliable figures. If you look at the number of visits to German language articles on popular Linux distributions as a guide to their popularity, you see the following benefit: Ubuntu is ahead (with about 17,000 monthly article views) ahead of Debian (12,000) and Mint (11,000). Ubuntu is a desktop operating system for end users, but it is also used on servers. The software is available under different, mainly open source GPL licenses.

Ubuntu, for its part, is an ecosystem that integrates a wide range of open source software: well-known programs such as the Firefox browser or the LibreOffice office suite are always supplied ready to use. Additional programs can be installed through an integrated software center. By default, Ubuntu uses the Gnome graphical user interface. But you can switch to alternatives like Xfce or Cinnamon. Ubuntu is part of the big linux family tree and a descendant of the Debian branch on which most Linux PC operating systems are based. Ubuntu, for its part, started a family and spawned dozens of derivatives. These include the versions released by developer Ubuntu Canonical, such as Ubuntu Studio, which focuses on audio, graphics, and video editing. Linux Mint is an external Ubuntu fork. Ubuntu was developed by former Debian developer, South African IT entrepreneur and multi-millionaire Mark Shuttleworth. In 1999, when he was in his mid-twenties, he sold his IT security and consulting firm Thawte to the US company VeriSign for $ 575 million. On October 20, 2004, he released Ubuntu, with the goal of creating a Debian distribution that was easy to use, even for computer scientists. In the spring of that year, he founded the Canonical company, which has been at the center of the Ubuntu cosmos ever since.

It is difficult to find numbers and general information on the company behind Ubuntu. The provider is noisy Privacy Policy Canonical Group Limited, based in London. The company is part of a small Corporate Cosmos. The parent company is Canonical Limited, based in the Isle of Man. The semi-autonomous island state of the Irish Sea is a popular tax haven, where business figures are difficult to research. For the Canonical Group Limited in London are due to the British legal situation Annual Report accessible. According to the report for 2020 (“Company Group Accounts” of June 26, 2021), the company had 441 employees and a turnover of 141 million US dollars with a profit of five million. When asked by Heise Online, Canonical wrote that the group of companies has a total of 750 people in more than 50 countries. The company isn’t revealing how high the total revenue is, but Canonical has been profitable since 2019.

The company has a typical open source business model, comparable to Automattic, the company behind the WordPress blog and web software: company employees develop and market free software in collaboration with a community. , Canonical earns money with related services and products.

Among other things, Canonical is working with various partners that offer Ubuntu support, as well as with PC manufacturers such as Dell, HP and Lenovo, the company explains. And Canonical licenses Ubuntu with additional security features for use in embedded systems, for example in the software as a service domain or in the cloud domain. Canonical also provides direct support and infrastructure for business customers to. Canonical said goodbye to a revenue model directly in Ubuntu Desktop last year: an Amazon integration that was introduced in 2012 after an update to Ubuntu. A search of the local office provided Amazon’s product suggestions via the “buy lens.” Canonical has been heavily criticized for this for years and has even been called “spyware”. In 2020, integration finally disappeared again.

Most of the development work for Ubuntu is done by Canonical employees. When Heise Online asked what Canonical’s share of code production was, the company didn’t respond, but wrote that 50 employees were working on Ubuntu Desktop. Canonical estimates the size of the global community at 50,000 people. They take on different tasks: they participate in code development, fix bugs, do technical documentation, organize local Ubuntu events or answer questions in the Ubuntu forums such as

Originally there was a foundation for Ubuntu. Shuttleworth had the Ubuntu Foundation in 2005 based and endowed them with seed capital of ten million US dollars. As Canonical Heise reports online, that no longer exists. The foundation was just a financial safeguard that was supposed to build trust. She needs to make sure long-term Ubuntu support continues regardless of what happens to Canonical. This structure is no longer necessary since Canonical is cost effective and can guarantee long term support for the software itself.

The power of the Ubuntu ecosystem is highly concentrated at Canonical. Importantly, Canonical owns Trademark rights on Ubuntu and related terms. This had caused discontent in the past. In 2013, an American Eletronic Frontier Foundation activist posted a script called “Fixubuntu” on a website that could be used to suppress Amazon’s integrated search. Canonical informed him that the use of the Ubuntu logo on the website and the use of the term Ubuntu in a domain name infringed Canonical’s trademark rights. After public criticism, Shuttleworth apologized and wrote that the company’s “exceptionally permissive” branding policy actually allowed such a thing.

the Administrative structure of the Ubuntu ecosystem, as described on the Ubuntu website, has several components. There are thematic teams and about 200 national and local communities. The German Ubuntu community discovered the association Ubuntu Germany organizes and operates, among other things, a German speaking company Ubuntu-Wiki. It is the highest control body

Ubuntu Community Tip, which ensures compliance with a common code of conduct, settles disputes and organizes the elections of subordinate bodies. The board consists eight people, including Shuttleworth and the president of the Ubuntu Germany association, Torsten Franz. The board is elected through an online vote by the community. Anyone can nominate a candidate. However, Mark Shuttleworth decides who gets on the shortlist and can actually be elected.

There is also technical expertise body with six members, including Shuttleworth. If there is a stalemate in the votes, Shuttleworth can decide. There are comparable structures in most open source projects. Third governing body after the municipal council and the technical body, the Governance declaration page Also on SABDFL, short for “self-proclaimed benevolent lifelong dictator”. This “self-proclaimed benevolent dictator for life” is Mark Shuttleworth, who is said to play the “thankfully undemocratic role of godfather”.

The work on the article series is based in part on a grant “Neustart Kultur” from the Federal Government Commissioner for Culture and Media, awarded by VG Wort.


Disclaimer: This article is generated from the feed and not edited by our team.

Source link