GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands
While the uutils Rust-written Coreutils effort has been chugging along, the upstream GNU Coreutils effort is showing no signs of slowing down
1_r/devopsish
Can Military Veterans Alleviate Your Tech Team Hiring Woes?
Hidden skills can include adaptability, public speaking and a knack for documentation.
BeagleY-AI is a $70 Raspberry Pi-shaped PC with a 4 TOPS AI accelerator, WiFi 6 and Gigabit Ethernet - Liliputing
BeagleY-AI is a $70 Raspberry Pi-shaped PC with a 4 TOPS AI accelerator, WiFi 6 and Gigabit Ethernet
I was just able to make a commit as this person, in my own repository
BTW, I am not saying that this is what happened in the #xz backdoor case, but what does not help is, github makes it quite trivial to spoof user accounts... I was just able to make a commit as this person, in my own repository: https://t.co/h7TgTsT5J9 pic.twitter.com/EgoIdGzYKB— hasherezade (@hasherezade) March 31, 2024
DevOps Toolkit - Grand Finale - End to End Demo of the Choosen Tech (You Choose! Ch. 3 Ep. 11) - https://www.youtube.com/watch?v=7-3dVxmG9qs
Grand Finale - End to End Demo of the Choosen Tech (You Choose!, Ch. 3, Ep. 11)
Choose Your Own Adventure: The Treacherous Trek to Security - Grand Finale. In this episode, we'll go through all the choices ...
via YouTube https://www.youtube.com/watch?v=7-3dVxmG9qs
Deploying Burp Suite Enterprise Edition to Kubernetes
To deploy Burp Suite Enterprise Edition to Kubernetes: Step 1: Set up your Kubernetes cluster Step 2: Install the application Step 3: Create the admin user ...
White House orders agencies to tap chief AI officers | Semafor
A sweeping new policy from the Office of Management and Budget also instructs agencies to disclose AI tools they use and prevent discrimination, other risks.
Good! | LMSys Chatbot Arena Leaderboard - a Hugging Face Space by lmsys
Discover amazing ML apps made by the community
Intel, Microsoft discuss plans to run Copilot locally on PCs instead of in the cloud
Companies are trying to make the "AI PC" happen with new silicon and software.
The Night Sky Will Soon Get ‘a New Star.’ Here’s How to See It. (Gift Article)
A nova named T Coronae Borealis lit up the night about 80 years ago, and astronomers say it’s expected to put on another show in the coming months.
'Once-in-a-lifetime' cosmic explosion set to light up the night sky, NASA says
Those hoping to see the nova display should look for the constellation Corona Borealis, or "Northern Crown."
#1068024 - revert to version that does not contain changes by bad actor - Debian Bug report logs
All about the xz-utils backdoor | Kali Linux Blog
As of 5:00 pm ET on March 29, 2024 the following information is accurate. Should there be updates to this situation, they will be edited onto this blog post. The xz-utils package, starting from versions 5.6.0 to 5.6.1, was found to contain a backdoor (CVE-2024-3094). This backdoor could potentially allow a malicious actor to compromise sshd authentication, granting unauthorized access to the entire system remotely.
NVD - CVE-2024-3094
This is something I've always feared. A psyop on an overworked maintainer has proven to be an attack vector. Who else is doing this??? Because where there's one nation, there's usually another. | Malicious Linux backdoor inserted upstream, caught early
Poisoned Easter eggs for all: Apparent supply chain attack caught mercifully early…
Malicious backdoor spotted in Linux compression library xz
Red Hat in all caps says STOP USAGE OF ANY FEDORA RAWHIDE INSTANCES
Red Hat hires McKinsey to streamline techies' jobs
Some staff are worried – can't think why
liblzma and xz version 5.6.0 and 5.6.1 are vulnerable to arbitrary code execution compromise - Xe Iaso
Everything I know about the XZ backdoor
Please note: This is being updated in real time. The intent is to make sense of lots of simultaneous discoveries
What Boeing did to all the guys who remember how to build a plane
Why Isn’t Your Strategy Sticking?
It’s insufficient to just share the goals and objectives of your strategy and hope implementation will succeed. In this article, the author explains how to shift from an operational to a contextual mindset so that you can better identify the hidden obstacles that may be thwarting your strategy’s implementation so you can address them before they take root.
Intuit Engineering using Medium is an interesting choice | How Intuit data analysts write SQL 2x faster with internal GenAI tool
Reporting on the productivity impact of SQL generation with generative AI.
How to Write SQL Queries
Learn how to use SELECT, FROM, JOIN, WHERE, GROUP BY, HAVING, ORDER BY, OFFSET and FETCH to retrieve data with SQL.
oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise
My talk from this years’ Cloud Native Rejekts | Burnout++ - Recognizing and Managing Burnout
I’m going to be doing this myself at some point | Gitea hosted Gitea · Issue #1029 · go-gitea/gitea
For the first big stage, we would like Gitea's development could be based on a Gitea hosted and github will only a mirror. This will maybe completed in v1.x. So that this issue will list all th...
Sam bankman fried ftx sentencing crimes crypto mogul greed
DevOps Toolkit - Crossplane Composition Functions | Tutorial (Part 5) - https://www.youtube.com/watch?v=XSzKs97Ls4g
Crossplane Composition Functions | Tutorial (Part 5)
In this fifth installment of our Crossplane tutorial series, we are exploring Composition Functions. They allow us infinite flexibility to ...
via YouTube https://www.youtube.com/watch?v=XSzKs97Ls4g
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
A tale about exploiting KernelCTF Mitigation, Debian, and Ubuntu instances with a double-free in nf_tables in the Linux kernel, using novel techniques like Dirty Pagedirectory. All without even having to recompile the exploit for different kernel targets once.
Week Ending March 24 2024
Week Ending March 24, 2024
https://lwkd.info/2024/20240327
Developer News
Kubernetes Contributor Summit happened last week and was attended by more than 220 contributors. As an event the day before KubeCon EU 2024, we had multiple sessions around the Kubernetes project as well as Q&As with the CNCF team and the Kubernetes Steering committee. There also have been four unconference sessions for example, revisiting Kubernetes hardware resource model. A big thanks to the community organizers & volunteers. Pictures can be found here.
The CFPs for KubeCon + CloudNativeCon and Open Source Summit China is open at https://events.linuxfoundation.org/kubecon-cloudnativecon-open-source-summit-ai-dev-china/
Release Schedule
Next Deadline: Release Day, April 17th
Kubernetes 1.30.0-rc.0 is live!. Also, the docs freeze is now in effect!
KEP of the Week
KEP 2876: CRD Validation Expression Language
This KEP proposes adding Common Expression Language (CEL) to be integrated into CRDs so that validation can be done without the use of webhooks. It’s lightweight and can be run in the kube-apiserver. It also supports pre-parsing and typechecking of expressions, allowing syntax and type errors to be caught at CRD registration time.
This KEP graduated to stable in the v1.29 release.
Subprojects and Dependency Updates
ocicni to v0.4.2 Use ‘ifconfig -j’ to access jail network state
containerd to v1.7.14 Register imagePullThroughput and count with MiB. Move high volume event logs to Trace level also v1.6.30
nerdctl to v1.7.5 update containerd (1.7.14), slirp4netns (1.2.3), CNI plugins (1.4.1), RootlessKit (2.0.2), Kubo (0.27.0), imgcrypt (1.1.10)
etcd to v3.4.31 mvcc: print backend database size and size in use in compaction logs
prometheus to v2.51.0 Relabel rules for AlertManagerConfig; allows routing alerts to different alertmanagers
via Last Week in Kubernetes Development https://lwkd.info/
March 27, 2024 at 04:28PM