Leftovers: Certifications, KDE, Ubuntu and Security
Top 5 options for Linux certifications
Linux certifications present an interesting mix of distribution- and brand-agnostic credentials, as well as vendor-specific ones. Many of these offerings provide data center professionals with defined pathways to learn, use and master Linux OS management, features and potential Linux use cases.
Other programs are more ad hoc and specific to certain IT roles, such as systems engineers or IT administrators, but they go beyond self-taught curriculums and forums. Each program includes coursework and an exam. Depending on the certification, admins can buy everything as a bundle or pay separately for study materials and exams.
On my last post I talked about the new async simplemail-qt API that I wanted to add, yesterday I finished the work required to have that.
SMTP (Simple Mail Transfer Protocol) as the name says it’s a very simple but strict protocol, you send a command and MUST wait for the reply, which is rather inefficient but it’s the way it is, having it async means I don’t need an extra thread (+some locking) just to send an email, no more GUI freezes or an HTTP server that is stalled.
The new Server class has a state machine that knows what reply we are waiting, and which status code is the successful one. Modern SMTP servers have PIPELING support, but it’s rather different from HTTP PIPELING, because you still have to wait for several commands before you send another command, in fact it only allows you to send the FROM the RECIPIENTS email list and DATA commands at once, parse each reply and then send the mail data, if you send the email data before you are allowed by the DATA command the server will just close the connection.
Plasma 5 for Slackware – November ktown release
Dear all, today I released KDE-5_19.11 and it comes with some upgrades to official Slackware packages. Don’t worry – Pat Volkerding kindly added the shared libraries of the official Slackware packages to aaa_elflibs, so if you have been updating your Slackware-current installation properly then nothing will break when you update Slackware’s exiv2 and LibRaw packages to the newer versions contained in the November release of ‘ktown‘.
Official Slackware package updates for exiv2 and LibRaw will come sometime soon, but it will require Pat to recompile several other packages as well that depend on exiv2 and/or LibRaw. I needed the new exiv2 to compile the latest digikam, so I was pleased with Pat’s cooperation to make this a smooth ‘ktown‘ upgrade for you.
Ubuntu Weekly Newsletter Issue 604
Ubuntu-ready Apollo Lake mini-PC features Myriad X AI accelerator
IEI’s rugged, “ITG-100AI” DIN-rail PC runs on an Apollo Lake SoC and a new “Mustang-MPCIE-MX2” mini-PCIe card with dual Myriad X VPUs. The system ships with 8GB RAM and a 128GB SATA SSD plus GbE, serial, USB, and M.2.
IEI has launched a compact, Intel Apollo Lake based “ITG-100AI” computer for industrial AI that showcases its Mustang-MPCIE-MX2 AI acceleration card. The fanless, 137 x 102.8 x 49.4mm ITG-100AI supports DIN-rail or desktop mounting and offers a 0 to 50°C range with airflow, as well as 5G shock resistance compliant with IEC68-2-27 and vibration resistance per MIL-STD-810G 514.6C-1.
Vulnerability Values Fluctuate Between White, Grey and Black Hats
A black hat selling vulnerabilities can make as much money as a white hat researcher using bug bounty programs, or a grey hat working for a nation state doing reverse engineering.
Speaking at a Tenable conference in London last week, director of research Oliver Rochford said that to have people do vulnerability research is expensive, and all of the white, black and grey markets are symbiotic, as despite the difference between being legal and illegal, the different factors “mirror each other as it starts with vulnerability discovery.”
Rochford said that this “shows how professional cybercrime has become,” pointing to the fact that the main difference between criminal and legal sides are ethics. In one slide, Rochford pointed out vulnerability discovery, exploit research and development are the same for both offense and defensive sides, while the differences fall at the "operationalization" side, where offensive sides look at espionage, sabotage and fraud, while defense sides look at threat intelligence and compensating control adaptation.
In his research, Rochford showed that in some cases you can earn more as a white hat vulnerability manager than as a black hat, with a black hat able to earn around $75,000 in this sort of work. Rochford said this “is achievable and attractive” and while it was more lucrative to do it legally, if it is not “it is a way to make a living.”
Name That Toon: Endpoint Protection