LWN.net's Journal
 
 [Most Recent Entries] [Calendar View]

Wednesday, December 4th, 2019

    Time Event
    1:58p
    Two malicious Python libraries caught stealing SSH and GPG keys (ZDNet)
    ZDNet reports
    that two more malicious modules have been removed from the Python Package
    Index. "The two libraries were created by the same developer and mimicked other more popular libraries -- using a technique called typosquatting to register similarly-looking names.

    The first is 'python3-dateutil,' which imitated the popular 'dateutil'
    library. The second is 'jeIlyfish' (the first L is an I), which mimicked
    the 'jellyfish' library.    " The latter of the two had been in PyPI
    for nearly a year.
    4:26p
    Security updates for Wednesday
    Security updates have been issued by CentOS (389-ds-base, ghostscript, kernel, and tcpdump), Debian (libonig), Fedora (clamav, firefox, and oniguruma), openSUSE (calamares, cloud-init, haproxy, libarchive, libidn2, libxml2, and ucode-intel), Scientific Linux (SDL and tcpdump), Slackware (mozilla), and Ubuntu (haproxy, intel-microcode, and postgresql-common).
    7:00p
    [$] Creating Kubernetes distributions
    Making a comparison between Linux and Kubernetes is often one of apples to
    oranges. There are, however, some similarities and there is an effort
    within the Kubernetes community to make Kubernetes more like a Linux
    distribution. The idea was outlined in a session about Kubernetes
    release
    engineering at KubeCon
    + CloudNativeCon North America 2019    . "You might have heard that
    Kubernetes is the Linux of the cloud
    and that's like super easy to say, but what does it mean? Cloud is pretty
    fuzzy on its own," Tim Pepper, the Kubernetes release special interest group
    (SIG Release)
    co-chair said. He proceeded to provide some clarity on how the two
    projects are similar.
    10:04p
    [$] A static-analysis framework for GCC
    One of the features of the Clang/LLVM compiler that has been rather lacking
    for GCC may finally be getting filled in. In a mid-November post
    to the gcc-patches mailing list, David Malcolm described a new
    static-analysis framework for GCC that he wrote. It could be the starting point for a
    whole range of code analysis for the compiler.

    << Previous Day 2019/12/04
    [Calendar]     		Next Day >>

LWN.net   About LJ.Rossia.org