Suggested Reads

We tested the top detection tools for AI-generated content. Here's what they are good and bad at, plus what to expect when using them.

ETHOS is the OT-centric, open-source platform for sharing anonymous early warning threat information.

The biggest companies working in industrial cybersecurity are building an early-warning platform called ETHOS to share threat intelligence.

Apple's Lockdown Mode has shown that it can do what it was designed to do by notifying users about an NSO exploit.

Code-execution flaw was patched in March but doesn't seem to be widely installed.

I think I talked about this a couple of times before, but I usually work by SSH-ing from my mac into a Linux machine (a rather chunky one, might I add). While it allows me to work faster when I’m not home and with a poor internet connection, it has some drawbacks too. Two of them are the lack of clipboard integration and the fact that open (or xdg-open) won’t work.

Software didn't eat the world and AI won't either.

Authors : Cailyn Edwards (Shopify), Mahé Tardy (Isovalent), Pushkar Joglekar Since launching the Auto-refreshing Official CVE feed as an alpha feature in the 1.25 release, we have made significant improvements and updates. We are excited to announce the release of the beta version of the feed. This blog post will outline the feedback received, the changes made, and talk about how you can help as we prepare to make this a stable feature in a future Kubernetes Release. Feedback from end-users SIG Security received some feedback from end-users: The JSON CVE Feed did not comply with the JSON Feed specification as its name would suggest. The feed could also support RSS in addition to JSON Feed format. Some metadata could be added to indicate the freshness of the feed overall, or specific CVEs . Another suggestion was to indicate which Prow job recently updated the feed. See more ideas directly on the the umbrella issue . The feed Markdown table on the website should be ordered from the most recent to the least recently announced CVE. Summary of changes In response, the SIG did a rework of the script generating the JSON feed to comply with the JSON Feed specification from generation and add a last_updated root field to indicate overall freshness. This redesign needed a corresponding fix on the Kubernetes website side for the CVE feed page to continue to work with the new format. After that, RSS feed support could be added transparently so that end-users can consume the feed in their preferred format. Overall, the redesign based on the JSON Feed specification, which this time broke backward compatibility, will allow updates in the future to address the rest of the issue while being more transparent and less disruptive to end-users. Updates Title Issue Status CVE Feed: JSON feed should pass jsonfeed spec validator kubernetes/webite#36808 closed, addressed by kubernetes/sig-security#76 CVE Feed: Add lastUpdatedAt as a metadata field kubernetes/sig-security#72 closed, addressed by kubernetes/sig-security#76 Support RSS feeds by generating data in Atom format kubernetes/sig-security#77 closed, addressed by kubernetes/website#39513 CVE Feed: Sort Markdown Table from most recent to least recently announced CVE kubernetes/sig-security#73 closed, addressed by kubernetes/sig-security#76 CVE Feed: Include a timestamp field for each CVE indicating when it was last updated kubernetes/sig-security#63 closed, addressed by kubernetes/sig-security#76 CVE Feed: Add Prow job link as a metadata field kubernetes/sig-security#71 closed, addressed by kubernetes/sig-security#83 What's next? In preparation to graduate the feed to stable i.e. General Availability stage, SIG Security is still gathering feedback from end users who are using the updated beta feed. To help us continue to improve the feed in future Kubernetes Releases please share feedback by adding a comment to this tracking issue or let us know on #sig-security-tooling Kubernetes Slack channel, join Kubernetes Slack here .

SpaceX Starship explosion leaves researchers looking for answers about health and environmental impacts from debris and particulate emissions.

We all have the right to have private conversations. They’re vital for free and informed self-government. When we want to have private conversations online, encryption makes it possible. Yet Congress is debating, for a third time, the EARN IT Act (S. 1207)—a bill that would threaten encryption, and instead seek to impose universal scanning of our messages, photos, and files. The EARN IT Act invites all 50 states to regulate internet services, hoping state legislatures will follow a set of “best practices” set by a federal commission stacked with law enforcement agencies. The bill’s supporters want to wipe true end-to-end encryption from the internet, and replace it with scanning software that puts us all in a permanent criminal lineup.

import a twitter archive into bsky. Contribute to ianklatzco/twitter-to-bsky development by creating an account on GitHub.

But court leaves injunction against "anti-steering" payment language in place.

Fedora 39 this autumn is looking at boosting its vm.max_map_count default to better match the behavior of SteamOS / Steam Deck and allowing more Windows games to run out-of-the-box with Steam Play.

Amazon CodeWhisperer is an AI code service that provides real-time code suggestions in your Integrated Development Environment (IDE) to…

The Cybersecurity and Infrastructure Security Agency (CISA) added an issue affecting a popular print management software tool to its list of exploited vulnerabilities on Friday.

The tech layoffs have now reached Red Hat with 'hundreds of jobs' being cut and the initial round of layoffs being announced today.

The text-based SQL learning game for data scientists and marketers

Learn about a new, privacy-preserving in-app telemetry system that 1Password is trialing with its employees.

"We will reduce the associate base of Red Hat over the next few weeks," CEO Matt Hicks wrote in the email. He said the layoffs would be "just under 4% in total."

After years of getting a free ride from open source projects, the company is developing its own obsession with contributing.

Author : Jeffrey Ying (Google), Antoine Pelisse (Google) Before Kubernetes v1.8 (!), typos, mis-indentations or minor errors in YAMLs could have catastrophic consequences (e.g. a typo like forgetting the trailing s in replica: 1000 could cause an outage, because the value would be ignored and missing, forcing a reset of replicas back to 1). This was solved back then by fetching the OpenAPI v2 in kubectl and using it to verify that fields were correct and present before applying. Unfortunately, at that time, Custom Resource Definitions didn’t exist, and the code was written under that assumption. When CRDs were later introduced, the lack of flexibility in the validation code forced some hard decisions in the way CRDs exposed their schema, leaving us in a cycle of bad validation causing bad OpenAPI and vice-versa. With the new OpenAPI v3 and Server Field Validation being GA in 1.27, we’ve now solved both of these problems. Server Side Field Validation offers resource validation on create, update and patch requests to the apiserver and was added to Kubernetes in v1.25, beta in v1.26 and is now GA in v1.27. It provides all the functionality of kubectl validate on the server side. OpenAPI is a standard, language agnostic interface for discovering the set of operations and types that a Kubernetes cluster supports. OpenAPI V3 is the latest standard of the OpenAPI and is an improvement upon OpenAPI V2 which has been supported since Kubernetes 1.5. OpenAPI V3 support was added in Kubernetes in v1.23, moved to beta in v1.24 and is now GA in v1.27. OpenAPI V3 What does OpenAPI V3 offer over V2 Built-in types Kubernetes offers certain annotations on fields that are not representable in OpenAPI V2, or sometimes not represented in the OpenAPI v2 that Kubernetes generate. Most notably, the "default" field is published in OpenAPI V3 while omitted in OpenAPI V2. A single type that can represent multiple types is also expressed correctly in OpenAPI V3 with the oneOf field. This includes proper representations for IntOrString and Quantity. Custom Resource Definitions In Kubernetes, Custom Resource Definitions use a structural OpenAPI V3 schema that cannot be represented as OpenAPI V2 without a loss of certain fields. Some of these include nullable, default, anyOf, oneOf, not, etc. OpenAPI V3 is a completely lossless representation of the CustomResourceDefinition structural schema. How do I use it? The OpenAPI V3 root discovery can be found at the /openapi/v3 endpoint of a Kubernetes API server. OpenAPI V3 documents are grouped by group-version to reduce the size of the data transported, the separate documents can be accessed at /openapi/v3/apis/group/version and /openapi/v3/api/v1 representing the legacy group version. Please refer to the Kubernetes API Documentation for more information around this endpoint. Various consumers of the OpenAPI have already been updated to consume v3, including the entirety of kubectl, and server side apply. An OpenAPI V3 Golang client is available in client-go . Server Side Field Validation The query parameter fieldValidation may be used to indicate the level of field validation the server should perform. If the parameter is not passed, server side field validation is in Warn mode by default. Strict: Strict field validation, errors on validation failure Warn: Field validation is performed, but errors are exposed as warnings rather than failing the request Ignore: No server side field validation is performed kubectl will skip client side validation and will automatically use server side field validation in Strict mode. Controllers by default use server side field validation in Warn mode. With client side validation, we had to be extra lenient because some fields were missing from OpenAPI V2 and we didn’t want to reject possibly valid objects. This is all fixed in server side validation. Additional documentation may be found here What's next? With Server Side Field Validation and OpenAPI V3 released as GA, we introduce more accurate representations of Kubernetes resources. It is recommended to use server side field validation over client side, but with OpenAPI V3, clients are free to implement their own validation if necessary (to “shift things left”) and we guarantee a full lossless schema published by OpenAPI. Some existing efforts will further improve the information available through OpenAPI including CEL validation and admission , along with OpenAPI annotations on built-in types. Many other tools can be built for authoring and transforming resources using the type information found in the OpenAPI v3. How to get involved? These two features are driven by the SIG API Machinery community, available on the slack channel #sig-api-machinery, through the mailing list and we meet every other Wednesday at 11:00 AM PT on Zoom. We offer a huge thanks to all the contributors who helped design, implement, and review these two features. Alexander Zielenski Antoine Pelisse Daniel Smith David Eads Jeffrey Ying Jordan Liggitt Kevin Delgado Sean Sullivan

Software Agentur aus Süddeutschland. 9 Jahre Erfahrung in der Cloud- und Webentwicklung mit Golang, Kubernetes und Javascript.

Older adults use voice assistant devices more often with training and flyers with instructions to complement their daily routine, according to a new University of Michigan study that looked at long-term usage.

For the first time evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors.