Practical Technology

for practical people.

February 4, 2022
by sjvn01
0 comments

The Alpha and Omega of software supply chain security

What is the Alpha-Omega Project? Its purpose is to “improve global open source software supply chain security by working with project maintainers to systematically look for new, as-yet-undiscovered vulnerabilities in open-source code” and then fix them. This is vital to improving open-source security.

To make this happen, the Linux Foundation‘s partner group — Open Source Security Foundation (OpenSSF), Google, and Microsoft — are joining forces to work with security experts and use automated security testing to improve open-source security. Microsoft and Google are bringing an initial investment of $5 million to the Alpha-Omega Project.

Software supply chain security has become essential. One major security problem after another — including the SolarWinds software supply chain attack, the Log4j vulnerability, and the npm bad code injection episode — can be traced back to software supply chain vulnerabilities.

The Alpha and Omega of software supply chain security. More>

February 4, 2022
by sjvn01
0 comments

How to watch Super Bowl 2022: All your streaming options

Almost no one saw this Super Bowl coming: The Los Angeles Rams and the Cincinnati Bengals will go head-to-head on Sunday, Feb. 13 at SoFi Stadium in Inglewood, Calif. Curiously, even though it’s the Rams’ home field, they’ll be Super Bowl LVI‘s away team.

But whether you live only a few miles away or you’re flying to LAX from Cincinnati, you may not be able to see the game in person. At an average price of $10,237, Super Bowl LVI is already almost double the amount of last year’s average ticket price. The cheapest — and maybe the best — way to watch the game is with a streaming service.

How to watch Super Bowl 2022: All your streaming options More>

February 3, 2022
by sjvn01
0 comments

Is npm a Hotbed of Malware?

According to WhiteSource, a leading open source security provider, npm, one of the most widely used JavaScript package managers, is a playground for malicious actors. Is it really that bad?

First, JavaScript is wildly popular. Love it or hate it, Javascript by Stack Overflow’s count remains today’s most commonly used programming language. With more than 16 million developers worldwide relying on its speed, strong documentation, and interoperability with other programming languages that won’t be changing soon.

But its popularity is a mixed blessing. Hackers are increasingly targeting JavaScript’s open-source package managers and package registries. The most widely used of which is npm, with more than 1.8 million active packages.

Is npm a Hotbed of Malware? More>

February 1, 2022
by sjvn01
0 comments

Bitcoin: Delusions of money

Bitcoin is more popular than ever. Businesses such as AT&T, Microsoft, Visa, and PayPal all accept payment by Bitcoin and even small companies are getting into cryptocurrency. According to an HSB survey, one-third of US small and medium-sized businesses accept cryptocurrency as payment. If you invest in Bitcoin, I’m sure this is great news. To me, it’s more proof that a sucker’s born every minute.

Why the Bitcoin hate? Because it’s a con — always has been, always will be. Oh, it sounds good enough. Bitcoin is a decentralized digital currency that you can buy, sell, and exchange directly via blockchain-secured ledgers, instead of relying on an intermediary such as a bank with fiat currency. It uses cryptographic proof instead of trust in a government. Like fiat money, though, at day’s end, its value is in the eyes of its owners.

Bitcoin: Delusions of money. More>

February 1, 2022
by sjvn01
0 comments

Let’s pull back on virtual meetings, shall we?

On Tuesday, a week ago, I had three Zoom meetings, two Google Meets, and a Microsoft Teams get-together. With six hours of my day tied up in “meetings,” I didn’t get one bit of real work done.

Enough.

Back before I worked from home, I often had days like this. They were bad days. But once I stopped working in an office, I became largely free of meeting days from hell. Then COVID-19 came along; everyone’s office suddenly became their kitchen, den, living room, or anywhere else they could work from a desk—and videoconferencing apps became all the rage.

Remember when you couldn’t buy a webcam for love or money?

At first, it was kind of fun. After being stuck at home for a few months, I liked seeing people. I actually did purely social meetings.

Two years later, and it’s another story. As a system administrator on the Reddit Sysadmin forum said, “Virtual meetings are the new norm, and I’m seriously getting tired of loads of meetings in my calendar, as well as endless, ‘Can I give you a quick call?’ chats that are the farthest from ‘quick’ at all.”

Let’s pull back on virtual meetings, shall we? More>

February 1, 2022
by sjvn01
0 comments

Securing the open source ecosystem: SBOMs are no longer optional

In the last year and a half, one cybersecurity mess after another — the SolarWinds software supply chain attack, the log4j vulnerability, the npm bad code injection — have made it clear that we must clean up our software supply chain. That’s impossible to do with proprietary software, since its creators won’t let you know what’s inside a program. But with open-source programs, it can be done.

Here’s the progress we’ve made so far, according to the Linux Foundation in its new The State of Software Bill of Materials and Cybersecurity Readiness report.

Securing the open source ecosystem: SBOMs are no longer optional. More>