Language Selection

English French German Italian Portuguese Spanish

Proprietary Microsoft Stuff and Security Issues

Filed under
Microsoft
Security
  • What deserves firing? Asking for Excel, or ignoring the alternatives?

    The Idaho Statesman (IS) is a USA local newspaper, that is owned by a company called McClatchy. A few years ago, McClatchy decided to cut costs by, among other things, “doing away with subscriptions to Microsoft Office for new employees”. Consequentely, in late January 2021 McClatchy denied a request by a new IS reporter to have “access to Microsoft Excel”. Faced with resistance to get a software program as basic as a spreadsheet for a member of her staff, the IS top editor, Mrs Christina Lords, complained about this on Twitter.

    Eventually, it seems, the reporter was “granted access to Excel on her company laptop”. But Lords was fired, for violating McClatchy’s social media policy.

    [...]

    As far as I am concerned, I find nothing wrong in McClatchy’s decision to not pay anymore for Microsoft Office. What I find hard to accept is just their refusal to buy the most expensive variety of a software essential for daily tasks… without concretely encouraging all of their staff to use license-free alternatives, or at least allowing them. It is almost like saying “we won’t buy gold-plated Mont Blanc pens for new employees anymore, but even those employees must write only with gold-plated Mont Blanc pens”. Please tell me that there is more to this story.

  • Report: Microsoft recently sought to acquire Pinterest

    Microsoft Corp. at one point considered acquiring the social network Pinterest Inc., according to a report today in the Financial Times.

    Pinterest had a market capitalization of about $51 billion prior to the publication of the report. The company’s stock price jumped more than 5% following the Financial Times’ scoop, after previously rising more than 600% since the start of the coronavirus pandemic.

    The paper, citing people familiar with the matter, said that Microsoft had approached Pinterest about an acquisition “in recent months.” One of the tipsters was citing as saying that the negotiations are currently not active. It’s unclear whether the talks were shelved completely or simply paused.

  • Arrests in Ukraine hit Windows Egregor ransomware gang

    Law enforcement authorities in France and Ukraine have joined forces to arrest a number of people in Ukraine who were using the Windows Egregor ransomware to make money.

  • NVD - CVE-2020-24074
  • CVE - CVE-2020-24074
  • Singtel affected by cyber attack on Accellion file-sharing software

    Singapore's multinational telecommunications conglomerate Singtel has been breached by an attack on a file-sharing system from Accellion that is nearing its end-of-life, with the breach ocurring on 20 January, the telco says.

  • Open-Source Kernel Security Technologies

    Lockdown is a relatively new security feature designed specifically for the Linux kernel. Part of the Linux kernel 5.4 branch, it is a feature that must be activated. Its default mode is off, simply because it can negatively affect existing systems. However, the primary function of lockdown is to prevent root account interactions with kernel code. By strengthening this divide, Lockdown counters potentially dangerous interactions that have been possible since the launch of the Linux OS. Once lockdown has been activated, there will be limitations on kernel functionality, but these will make it significantly more difficult for root accounts that have been compromised to affect the rest of the OS.

  • Here’s why you should be wary of installing anything that sets SELinux to permissive

    In the world of Android modding, people tend to regard root access as the cornerstone of all things. It allows users to take complete control of their devices and add features that aren’t always available in the stock configuration. But as they say — “with great power comes great responsibility” — it’s not wise to bypass Android’s security model unless you know what you’re getting into. For veteran Android enthusiasts on our forums, you are probably aware of the potential for backdoors to exist on your device, and you are more likely to be running a trusted root-enabled mod on top of the latest Android version with the latest security patches. Having said that, you might know a few people who don’t really care about what root tweaks they install so long as they seemingly work for them. This is why you can still find a truckload of mods that only work when SELinux is set to permissive, which, in turn, leave their users extremely susceptible to security threats.

    [...]

    For a user to get full root access on their own device running Android 10 (or higher) with SELinux set to permissive is shockingly easy to do: All you have to do is press install, and “Magica” will automatically gain root access in a service and install Magisk to the boot image. This is something far wider in scope than just tweaking your device. According to XDA Senior Recognized Developer and Magisk maintainer topjohnwu, any arbitrary app, including malware, can permanently root your device without your consent and permission by utilizing the PoC.

More in Tux Machines

digiKam 7.7.0 is released

After three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. Read more

Dilution and Misuse of the "Linux" Brand

Samsung, Red Hat to Work on Linux Drivers for Future Tech

The metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. Read more

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.