Security Leftovers and Programming

posted by Roy Schestowitz on May 14, 2023

• OpenSSF: Making SBOMs more dynamic to reduce software security risks [Ed: Not a good approach, but this is what monopolists and the states that they control are after. This article is also sponsored by the so-called 'Linux' Foundation, sponsored by Microsoft et al]

  Since 41% of organizations are still not confident about their open-source software security, more innovations are needed to change this narrative.

• KSOC Publishes SBOM Specification for Kubernetes

  Kubernetes Security Operations Center (KSOC) this week published a Kubernetes Bill of Materials (KBOM) specification that promises to make it simpler to discover vulnerabilities. KBOM, available via an open source command line interface (CLI) tool, provides a quick view of workload count, cost and type of hosting service, vulnerabilities for

• As cloud computing gets more complex, so does protecting it. Here’s what companies need to do [Ed: Clown computing means complexity and outsourcing. Both lessen security.]

  Whether companies are repatriating their cloud workloads back on-premises or to colocated servers, they still need to protect them, and the market for that protection is suddenly undergoing some major changes.

• Prince Harry vs Mirror hacking trial week one: Publisher apology and Piers Morgan denial

  The key points from the opening days in Prince Harry's hacking trial against MGN.

• Release candidate: Godot 4.0.3 RC 2

  Another round of cherry-picks for the upcoming Godot 4.0.3, fixing a few regressions reported against RC 1 and backporting more important fixes.

• Responsive Layouts in Qt

  Qt has (almost) been here since the dawn of graphical user interfaces, being released just 5 years after Windows 3.0. Needless to say, technologies, expectations and duties for an UI toolkit evolved substantially over the years. Organizing and layouting of visual elements like buttons is one of those duties that changed significantly: From small screens with few pixels and fixed size embedded apps we came a long way to high resolution screens and handheld devices of all form factors. The changes in design philosophy are even more dramatic. Applications need to look and feel good on many devices as well as in different configurations, landscape and portrait, windowed and full screen. More than that, they need to be able to switch seamlessly between those modes.>

• Introducing {ggflowchart}

  Back in April 2022, I participated in the
  #30DayChartChallenge and for the Storytelling prompt on day 29 in the Uncertainty category, I created the Goldilocks Decision Tree.

• Mike Blumenkrantz: Friday Updates

  A number of members of my team at Valve don’t blog, and I like to bring visibility to their work when I can. Here’s a quick roundup of what some of them have been doing, in no particular order.

  Or maybe from most important work to least important work.

  You decide.

  Konstantin

  After another week of heroic work, his implementation of VK_EXT_descriptor_indexing for Lavapipe has finally passed CI. This means it will probably be merged within the next week or two.

  Given that Dave Airlie is practically done with his VK_EXT_mesh_shader (it draws multiple triangles now), this means the only thing remaining for full VKD3D-PROTON functionality on Lavapipe is sparse binding. I think.

  Which begs the question: will Lavapipe get sparse binding support before Intel?

  It’s depressing, it seems impossible given how many years we’ve all been waiting, and we don’t want to admit it to ourselves, but we already know the answer.