Language Selection

English French German Italian Portuguese Spanish

Security: Updates, WordPress 5.1.1 in Debian, Threats in Devices and Facebook Downtime

Filed under
Security
  • Security updates for Thursday
  • WordPress 5.1.1

    The Debian packages for WordPress version 5.1.1 are being updated as I write this. This is a security fix for WordPress that stops comments causing a cross-site scripting bug. It’s an important one to update.

  • 25 Most Common IoT Security Threats in an Increasingly Connected World

    The Internet of Things (IoT) is growing rapidly. IoT is the connectivity of devices over the internet. It’s like a social network or an email service, but instead of connecting people, IoT actually connects smart devices which include, but not limited to your computers, smartphones, smart home appliances, automation tools, and more.

    However, similar to all types of technologies out there, IoT is a double-edged sword as well. It has its upsides, but there are serious threats that accompany this technology. As manufacturers are racing against each other to bring the latest device in the market, not many of them are thinking about the security issues associated with their IoT devices.

  • Facebook Suffers Global Outage, Claims DDoS Not the Cause

    Facebook users around the world had a singular question for much of March 13: Is Facebook down?

    As it turns out, the global social media giant and its related Instagram and WhatsApp services were in fact unavailable and down for much of the day. Some service was restored by March 14, though full global availability across all Facebook services is still intermittent. With Facebook down, the company ironically had to resort to using rival social media service Twitter to keep many of its users informed.

    "We’re aware that some people are currently having trouble accessing the Facebook family of apps," Facebook wrote in a Twitter message. "We’re working to resolve the issue as soon as possible."

    Facebook also provided minimal updates via its platform status dashboard for developers, with the first indication of trouble reported at 10:32 a.m. PT on March 13.

    "We are currently experiencing issues that may cause some API requests to take longer or fail unexpectedly," the status page reports. "We are investigating the issue and working on a resolution."

More in Tux Machines

today's howtos

Programming: CI/CD and 'DevRel'

  • CloudBees and Google Cloud Partner to Accelerate Application Development on Anthos

    Respective leaders in DevOps and cloud computing are partnering to provide end-to-end application development automation from source to production...

  • Codefresh’s More Robust, Open Source Marketplace Makes Coding Easier, Faster, More Secure

    First deployed in December 2018, the Codefresh Marketplace makes it easier for code developers to find commands without having to learn a proprietary API – every step, browsable in the pipeline builder, is a simple Docker image. The Marketplace contains a more robust set of pipeline steps provided both by Codefresh and partners, such as Blue-Green and Canary deployment steps for Kubernetes, Aqua security scanning, and Helm package and deployment. All plugins are open source and users can contribute to the collection by creating a new plugin.

  • Codefresh freshens produce at the Kubernetes code marketplace

    Codefresh is the first Kubernetes-native CI/CD technology, with CI denoting Continuous Integration and CD denoting Continuous Delivery, obviously. The organisation has this month worked to improve its open source marketplace with features that focus on faster code deployment. First deployed in December 2018, the Codefresh Marketplace [kind of like an app store] allows developers to find commands without having to learn a proprietary API — this is because every step, which is browsable in the pipeline builder, is a simple Docker image.

  • DevOps World | Jenkins World: CircleCI orbs, DevOps Institute’s Ambassador Program, and Codefresh Marketplace

    DevOps and Jenkins is on full display this week at CloudBees’ DevOps World | Jenkins World taking place in San Francisco. In addition to the DevOps thought leaders and community members coming together to learn, explore and help shape the next generation of Jenkins and DevOps, a number of organizations took the opportunity to reveal new products. [...] SmartBear revealed TestEngine, a new solution designed to automate test execution in CI/CD environments. In addition, the company announced ReadyAPI 2.8 to accelerate functional, security and load testing of RESTful, SOAP, GraphQL and other web services. The new tools are aimed at accelerating API delivery. Users can now execute ReadyAPI, SoapUI Pro and SoapUI Open Source tests simultaneously on a central source that’s integrated into their development processes. This tackles the challenges that Agile and DevOps teams have such as complex deployments, large regression suites, and global development teams, according to SmartBear in a post.

  • What Is Developer Relations?

    Matthew Broberg, Advocate and Editor at opensource.com says that in practice the implementation of DevRel has been far from consistent. "DevRel, in theory, is the intersection of three disciplines: engineering, marketing, and community management," he says. "In practice, DevRel applies to a wildly popular set of job titles with wildly different expectations across different organizations." [...] Rebecca Fitzhugh, Principal Technologist at Rubrik agrees. "While there is certainly a marketing component when representing the company to the customer and community, it's equally about representing the customer to the company," she says. "Our DevRel team brings feedback from our customers to the product and engineering team in order to drive a better developer experience against our product's APIs."

Network transparency with Wayland: Final report.

The goal of this 2019 Google Summer of Code project is to develop a tool with which to transparently proxy applications that use the Wayland protocol to be displayed by compositors. Unlike the original X protocol, only part of the data needed to display an application is transferred over the application's connection to the compositor; instead, large information transfers are made by sharing file descriptors over the (Unix socket) connection, and updating the resources associated with the file descriptors. Converting this side channel information to something that can be sent over a single data stream is the core of this work. The proxy program I have developed for the project is called Waypipe. It can currently be found at gitlab.freedesktop.org/mstoeckl/waypipe. (I am currently looking for a better stable path at which to place the project; the preceding URL will be updated once this is done.) A few distributions have already packaged the program; see here; alternatively, to build and run the project, follow the instructions in the README and the man page. My work is clearly identified by the commit logs, and amounts to roughly ten thousand lines of C code, and a few hundred of Python. Read more Also: Vulkan 1.1.120 Released As The Newest Maintenance Release

The ClockworkPi GameShell is a super fun DIY spin on portable gaming

Portable consoles are hardly new, and thanks to the Switch, they’re basically the most popular gaming devices in the world. But ClockworkPi’s GameShell is something totally unique, and entirely refreshing when it comes to gaming on the go. This clever DIY console kit provides everything you need to assemble your own pocket gaming machine at home, running Linux-based open-source software and using an open-source hardware design that welcomes future customization. The GameShell is the result of a successful Kickstarter campaign, which began shipping to its backers last year and is now available to buy either direct from the company or from Amazon. The $159.99 ( on sale for $139.99 as of this writing) includes everything you need to build the console, like the ClockworkPi quad-core Cortex A7 motherboard with integrated Wi-Fi, Bluetooth and 1GB of DDR3 RAM — but it comes unassembled. Read more