today's leftovers

posted by Roy Schestowitz on Jul 17, 2025

• GNU/Linux

  • Applications

    • dnf-plugin-protected-kmods

      I don’t think I ever posted about it, but nine months ago (exactly, which I just realized as I’m writing these words), I joined CIQ as a Senior Systems Engineer. One of my early tasks was to help one of our customers put together Rocky Linux images that their customers could use, and one of the requirements from their HPC customers was that the latest Intel irdma kernel module be available.

      While packaging up the kernel module as an external kmod was easy enough, the question was asked, “What if the kernel ABI changes?” Their HPC customers wanted to use the upstream Rocky kernel, which, as a rebuild of RHEL has the same kABI guarantees that Red Hat has. There is a list of symbols that are (mostly) guaranteed not to change during a point release, but the Intel irdma driver requires symbols that aren’t in that list.

      I did some investigation, and, in the lifespan of Rocky 8.10 (roughly 15 months), there have been somewhere just under 60 kernel releases, with only 3 or 4 breaking the symbols required by the Intel irdma driver. This meant that we could build the kmod when 8.10 came out, and, using weak-updates, the kernel module would automatically be available for newer kernels as they’re released until a release came out that broke one of the symbols that the kmod depended on. At that point, we would need to bump the release and rebuild the kmod. The new kmod build would be compatible with the new kernel, and any other new kernels until the kABI broke again.

• Distributions and Operating Systems

  • Canonical/Ubuntu Family

    • Windows 10 to Ubuntu Migration

      I know that Canonical / Ubuntu people are sometimes not well received due to promotion of Canonical tooling (some might remember upstart and Mir, or more recently snap and netplan). Thus for some positive vibes consider that I could hand out the Ubuntu Desktop image on a USB flash drive to a family member, and the family member could just replace Windows 10 without any assistance. It just worked. This was made possible by the will to keep a slightly dated ThinkPad in use, which it's not supported by Windows 11.

      I've to admit that I never looked at Ubuntu Desktop before, but the user experience is on par with everything else I know. Thanks to all the folks at Canonical who made that possible! Luckily the times when you had to fiddle with modelines for XFree86, and sleepless nights about configuring lpd to get printing up and running are long gone. I believe now that Microsoft is doing Microsoft things with rolling Windows updates which force users to replace completely fine working hardware is the time to encourage more people to move to open operating systems, and Ubuntu Desktop seems to be a very suitable choice.

• Windows TCO / Windows Bot Nets

  • The Register UK ☛ Cops bust Russian hacktivist crime org, shut down servers

    Europol estimates the group has more than 4,000 supporters, who have built their own botnet made up of several hundred servers to increase the distributed denial of service (DDoS) attack load.

  • Security Week ☛ Compumedics Ransomware Attack Led to Data Breach Impacting 318,000

    An investigation showed that the attackers copied some files, including ones containing the information of the patients of nearly a dozen US healthcare providers that use Compumedics services.

  • Tech Central (South Africa) ☛ Ransomware in South Africa: the human factor behind the growing crisis

    The research found that 76% of South African IT and security professionals experienced increased pressure from senior leaders after an attack. Nearly half (47%) reported heightened anxiety about future incidents, while 42% said their workload had increased permanently.

    It’s clear: ransomware doesn’t just hit systems – it hits people.

  • Threat Source ☛ Talos IR ransomware engagements and the significance of timeliness in incident response

    As ransomware threat actors continuously decrease their dwell time — here defined as the duration between initial access and encryption — it is increasingly imperative to be mindful of timeliness in incident response engagements (Infosecurity Magazine, CyberScoop, Orca, ThreatDown). Early intervention and remediation can significantly mitigate or even wholly prevent repercussions of ransomware attacks, such as financial loss, reputational damage and legal repercussions, as exemplified by a comparison of two recent Talos IR engagements.

  • Security Week ☛ DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total 

    In 2024, Cloudflare blocked a total of 21.3 million HTTP and Layer 3/4 DDoS attacks. In the first half of 2025, it has already mitigated 27.8 million attacks. More than 20 million of them were seen in Q1, when an 18-day campaign pummelled the company’s own infrastructure as well as other critical infrastructure.