Open-source News

New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers  The Hacker News

Effortlessly Save Your Linux Desktop Settings with SaveDesktop  It's FOSS News

Besides the ongoing work around the reverse-engineered Apple Silicon graphics driver being brought up in the Rust programming language, the other notable Rust effort within the Direct Rendering Manager (DRM) kernel subsystem is a rewrite of the basic VGEM driver in this increasingly-used programming language. That Rust VGEM driver has now been sent out on the mailing list for review as part of a request for comments...

Linux VGEM Driver Rewritten In Rust Sent Out For Review  Phoronix

With the Linux 6.3 kernel the Habana Labs AI driver has moved to the new "accel" accelerator subsystem/framework while for the Linux 6.4 cycle this summer this Intel driver is continuing to speed ahead as it prepares support for the new Gaudi2 AI hardware and making other improvements for this open-source training/inference stack...

Intel's Habana Labs Accelerator Driver Readying More Gaudi2 ...  Phoronix

Big Ambitions drops Native Linux support shortly after the Steam release  GamingOnLinux

Trisquel 11 is now available as the latest major release for this one of a few Free Software Foundation (FSF) approved Linux distributions that is "100% libre" and meets all of the fully free software requirements. Trisquel 11 is re-based against Ubuntu 22.04 LTS while making various other changes in the process...

Trisquel 11 LTS Released As Ubuntu-Based, FSF-Approved Linux ...  Phoronix

Labwc 0.6.2 was released on Monday as the newest version of this wlroots-based window-stacking Wayland compositor that is inspired by Openbox...

A 5-minute tour of the Fediverse murph Tue, 03/21/2023 - 03:00

People want to communicate over the internet as easily as they do in real life, with similar protections but, potentially, farther reach. In other words, people want to be able to chat with a group of other people who aren't physically in the same location, and still maintain some control over who claims ownership of the conversation. In today's world, of course, a lot of companies have a lot to say about who owns the data you send back and forth over the world wide web. Most companies seem to feel they have the right to govern the way you communicate, how many people your message reaches, and so on. Open source, luckily, doesn't need to own your social life, and so appropriately it's open source developers who are delivering a social network that belongs, first and foremost, to you.

The "Fediverse" (a portmanteau of "federated" and "universe") is a collection of protocols, servers, and users. Together, these form networks that can communicate with one another. Users can exchange short messages, blog-style posts, music, and videos over these networks. Content you post is federated, meaning that once one network is aware of your content, it can pass that content to another network, which passes it to another, and so on.

Most platforms are run by a single company or organization, a single silo where your data is trapped. The only way to share with others is to have them join that service.

Federation allows users of different services to inter-operate with one another without creating an account for each shared resource.

Admins for each service instance can block other instances in case of egregious issues. Users can likewise block users or entire instances to improve their own experience.

Examples of Fediverse platforms

Mastodon is a Fediverse platform that has gotten a lot of attention lately, and it's focused on microblogging (similar to Twitter). Mastodon is only one component of the Fediverse, though. There's much, much more.

• Microblogging: Mastodon, Pleroma, Misskey
• Blogging: Write.as, Read.as
• Video hosting: Peertube
• Audio hosting: Funkwhale
• Image hosting: Pixelfed
• Link aggregator: Lemmy
• Event planning: mobilizon, gettogether.community

History of the Fediverse

In 2008, Evan Prodromou created a microblogging service called identi.ca using the Ostatus protocol and status.net server software. A few years later, he changed his service to use a new protocol, called pump.io. He released the Ostatus protocol to the Free Software Foundation, where it got incorporated into GNU/social. In this form, the fediverse continued along for several years.

In March 2016, Eugen Rochco (Gargron) created Mastodon, which used GNU/social with an interface similar to a popular Twitter interface called Tweetdeck. This gained some popularity.

Image by:

(Robert Martinez, CC BY-SA)

In 2018, a new protocol called ActivityPub was accepted as a standardized protocol by the W3C. Most Fediverse platforms have adopted it. It was authored by Evan Prodromou, Christine Lemmer-Weber, and others, and it expanded upon the previous services to provide a better and more flexible protocol.

What does the Fediverse look like?

The Fediverse, being made of any application using the ActivityPub protocol, is pretty diverse in appearance. As you might imagine, a microblogging platform has different requirements than a video sharing service.

It can be intimidating to wander into the great unknown, though. Here are some screenshots of my favorite federated services:

The Mastodon web client has a simplified view, as well as the advanced view, the simplified default view shows a single column of the Home feed, with options on the right to view more.

Image by:

(Bob Murphy, CC BY-SA 4.0)

The Advanced Web Interface, shown below, has the home timeline, local timeline, federated timeline, as well as a user's profile. When users first start, the easier one-column view is the default.

Image by:

(Bob Murphy, CC BY-SA 4.0)

Pixelfed has an interface focused around displaying images and videos:

Image by:

(Bob Murphy, CC BY-SA 4.0)

Peertube is for sharing videos:

Image by:

(Bob Murphy, CC BY-SA 4.0)

Mobilizon is an event planning site, with plans for Fediverse integration:

Image by:

(Bob Murphy, CC BY-SA 4.0)

Our favorite resources about open source Git cheat sheet Advanced Linux commands cheat sheet Open source alternatives Free online course: RHEL technical overview Check out more cheat sheets Switch to open source social

Ready to start? Check out fediverse.info for a nice video explanation and a subject-based way to find (self-selected) other users.

Go to fedi.tips for a comprehensive guide on how to get started, how to migrate your data, and more.

Mastodon has several great entry points:

• Joinmastodon.org: The largest list of Mastodon servers
• Joinfediverse.wiki: Great information on different fediverse services and instances
• Fedi.garden: A well-curated list of instances

For help deciding which instance to join (assuming you don't want to spin up your own just yet), visit fediverse.party/en/portal/servers.

Are you a data nerd? Visit the-federation.info for stats, monitoring service, and a data-driven look at the known Fediverse.

Get federated

The Fediverse is a way to use the social media in an individualized way, either by choosing an instance with a community that suits your needs, or running your own server, and making it exactly the way you want. It avoids the advertising, algorithms, and other unpleasantries that plague many social networks.

If you are looking for a community that better suits your needs than the big silos, take a look, the Mastodon and the Fediverse may be a good fit for you. Get federated today.

You can find me at @murph@hackers.town on the Fediverse.

A whirlwind tour of all the connected sites that form the world of open source social networks.

Image by:

Opensource.com

Tools Alternatives SCaLE What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

Assess security risks in your open source project with Scorecard snaveen Tue, 03/21/2023 - 03:00

Software supply chain attacks are becoming increasingly common, and attackers are targeting vulnerabilities in dependencies early in the supply chain to amplify the impact of their attacks. Dependency security is very much in the spotlight. It’s important to stay informed about the software projects you rely upon. But when you’re a software developer, you’re likely using a lot of code from lots of different sources. It’s an intimidating prospect to try to keep up with all the code you include in your own project. That’s where the OpenSSF Scorecard comes in.

The OpenSSF’s Scorecard project is an automated tool that assesses a software project’s security practices and risks. According to a recent report by Sonatype, a Scorecard score was one of the best indicators of whether a project had known vulnerabilities. Adopting Scorecard is a great first step to understanding the reliability of the software you use and improving your software supply chain security.

Scorecard is a set of benchmarks that allows you to quickly assess the risk associated with a code project based on best security practices. The aggregated project score, ranging from 0 to 10, provides an indication of how seriously a project appears to take security. This is critical for identifying vulnerable points in your supply chain. A dependency that doesn’t meet your own internal security standards may be the weakest link in your software.

Examining the individual scores for each of the 19 different Scorecard metrics tells you whether a project’s maintainers follow the practices that are most important to you. Does the project require code review when contributors make changes? Are branches protected against unauthorized deletion or changes? Are dependencies pinned, so that compromised version updates cannot be pushed without review? The Scorecard’s granularity in scoring individual best practices is similar to a good restaurant review that answers the question, “do I want to eat here?” Moreover, Scorecard provides project maintainers with a to-do list of actionable steps to improve security.

Open Source Insights

You can use Scorecard to evaluate someone else’s software, or you can use it to improve your own.

To see a project’s score quickly, you can visit Open Source Insights. This site uses Scorecard data to report on the health of dependencies. For anything not covered on Open Source Insights, you can use the Scorecard command-line utility to scan any project on GitHub, or you can run Scorecard locally:

$ scorecard --local . --show-details --format json | jq .

You can run Scorecard on your Git server or on local development machines and trigger it to run with a Git hook.

GitHub Action

If your code is on GitHub, you can add the GitHub Scorecard Action to your repository. The GitHub Action runs a Scorecard scan after any repository change, so you get immediate feedback if a PR causes a regression in your project’s security. The results provide remediation tips and an indication of severity, enabling you to raise your score and secure your project.

Image by:

(Naveen Srinivasan, CC BY-SA 4.0)

More on security The defensive coding guide 10 layers of Linux container security SELinux coloring book More security articles Scorecard API

The Scorecard API is a powerful tool that allows you to assess the rigor of a large number of open source projects quickly and easily. With this API, you can check the scores of over 1.25 million GitHub repositories that are scanned weekly. The API provides a wealth of information about the security practices of each project, allowing you to quickly identify vulnerabilities and take action to protect your software supply chain. This data can also be used to automate the process of judging software, making it easy to ensure that your software is always secure and up to date. Whether you’re a project owner or a consumer of open source software, the Scorecard API is an essential tool for ensuring the security and reliability of your code.

When you’ve made progress in improving your score, don’t forget to add a badge to showcase your hard work.

Currently, the OpenSSF Scorecard is becoming widely adopted, and as one of its developers, I’m excited about the future. If you try it out, don’t hesitate to contact us through the contact section of the repository and share your feedback.

Join the Scorecard crowd

The Scorecard crowd is growing, and many users are already benefiting from the tool. According to Chris Aniszczyk, CTO of the Cloud Native Computing Foundation, “CNCF uses Scorecards in a variety of its projects to improve security practices across the cloud native ecosystem.”

OpenSSF Scorecard is an automated and practical tool that enables you to assess the security of open source software and take steps to improve your software supply chain security. It’s an essential tool for ensuring that the software you’re using is safe and reliable.

OpenSSF Scorecard helps to ensure your open source software is safe and reliable.

Image by:

Opensource.com

SCaLE Security and privacy What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

Trisquel GNU/Linux 11.0 LTS Released with GNU Linux-Libre 5.15 Kernel, MATE 1.26  9to5Linux

The post 4 Useful Tools to Troubleshoot DNS Name Resolution Problems first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

DNS (Domain Name System) is the phonebook of the internet. A Domain name is a unique alphanumeric address that users type in the URL bar in the browser in order to access a website.

The post 4 Useful Tools to Troubleshoot DNS Name Resolution Problems first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

App modernization, mainframe, microservices: IBM event recap  TechTarget

MonoVM Offers Affordable VPS Hosting Services for Linux and ...  Digital Journal

36+ More ASUS Motherboards Will Enjoy Sensor Monitoring ...  Phoronix

In addition to the ASUS Z590 motherboards seeing sensor monitoring support with patches queued for Linux 6.4 that were talked about earlier this month on Phoronix, the latest nct6775 driver activity now queued in the hardware monitoring subsystem's hwmon-next branch is allowing support for another three dozen ASUS motherboards...

How to Host a Quake LAN Party on a Raspberry Pi  MUO - MakeUseOf

GNU Coreutils 9.2 is out today as the newest feature update to this widely relied upon collection of cure utilities commonly found on Linux systems as well as other platforms...