Nesta quarta-feira, dia 28 de dezembro (quarta feira), a OWASP SP proporcionará o quarto Meetup com mais uma palestra de extrema relevância, sendo uma vez que o mundo vive uma crise no contexto de segurança da informação e uma grande transformação tecnológica. Todo dia nos deparamos com um novos vazamentos de dados. Sendo assim, a propagação de conhecimento, proporcionará softwares e sistemas seguros minimizando esta crise.

20h00 : Tema: Segurança: Pense diferente
Palestrante : Gustavo Lichti

As crises são momentos difíceis para as empresas, mas também podem ser vistas como oportunidades de aprendizado e crescimento, principalmente para as pessoas. Sobreviver a uma crise não é fácil, mas é possível. Ter um bom planejamento e pensar de forma racional e inovadora fazem parte da receita para aumentar as chances de sucesso.
Pensar de forma diferente, fora da caixa, e descobrir novas maneiras de fazer algo que ja é feito na mesma forma a muito tempo, é o que ajudará achar novas formas de resolver os problemas.

Mini Bio: Gerente de Segurança da Informação na Buser, com mais de 20 anos de experiência área de Tecnologia da Informação, tendo experiência com observabilidade, infraestrutura, arquitetura de sistemas, desenvolvimento de software, gestão de risco, segurança da informação e privacidade de dados.

Ou aqui: https://www.meetup.com/pt-BR/owasp-sao-paulo-chapter/events/290392250/

Explaining difference between download.o.o and mirrorcache.o.o

Introduction

Historically mirrorcache.opensuse.org was set up to evaluate new backend engine, and gradually the new engine became the only used by download.opensuse.org as well.

The main task of both services is to redirect requests to artifacts produced by OBS (Open build Service) to community mirrors using GeoIP information. The both services use the same database and the same backend engine, so behavior should be more or less identical.

In the best case mirrorcache.o.o could be deprecated or be just an alias, but download.o.o has complex legacy setup and also runs other heavy services, which may affect user experience in some cases.

Difference 1 - setup

download.o.o is a powerful box with Apache as forward proxy with quite complex legacy config. The machine also hosts other services, from which the most heavy is rsyncd service. It pushes and provides files to the mirrors and usually it takes more traffic than Apache.

mirrorcache.o.o is relatively small box behind http-proxy, and it is dedicated only to the Web Service.

Difference 2 - file access

mirrorcache.o.o doesn’t have easy access to the files, so it represents information from DB and it may be outdated in some cases (which does not affect normal zypper experience). In contrast, download.o.o renders files availability directly from local disk.

One example is that when folder is deleted in OBS - it is gone from download.o.o almost immediately. And it may take some time until it disappears from mirrorcache.o.o (should be several hours after somebody tries to access it).

Another important example is symbolic links. E.g. openSUSE-Tumbleweed-DVD-x86_64-Current.iso is normally symbolic link to file name with particular Build, e.g. today it is openSUSE-Tumbleweed-DVD-x86_64-Snapshot20221220-Media.iso . download.o.o will notice the change of snapshot immediately, while it may take some time until mirrorcache.o.o reacts to the change.

Conclusion

Use download.o.o for most of operations, especially for manual browsing or if you work with Current.iso. Use mirrorcache.o.o as fallback if you experience problems with download.o.o, but do not forget to report those issues to openSUSE Heroes.

Download Redirector State (download.opensuse.org) - December 2022

Introduction

The post describes changes that went live for download.opensuse.org on 22-Dec. No critical changes in functionality are expected, so most of the users can ignore the details below. The functionality was already available on mirrorcache.opensuse.org for weeks, excluding some final visual polishing.

Changes in file listing rendering

Rendering of directory listing previously was done with an Apache module. The new functionality provides three methods for rendering the content of folders:

• Dynamic loading (ajax) of JSON data into an HTML table, available at /browse route, e.g. Leap 15.4 iso on /browse.
• Plain HTML, similar to the old way, available at /download route, e.g. Leap 15.4 iso on /download.
• Raw JSON data - this needs a special URL parameter json or jsontable, e.g. json, jsontable.

Using AJAX with an HTML table allows the filtering of rows using a special box in the top right corner, as well as sorting files by name, size, or time. It also significantly reduces the download size for rendering folders with many files, which also is mentioned in this ticket.

Plain HTML can be used by tools without JavaScript support, e.g. curl and wget.

JSON rendering is used internally by JavaScript and also may be used by eventual tools which need file listings.

If no /download or /browse route is specified, then the method of rendering is chosen dynamically: the first method is used for browsers, and traditional HTML rendering is used otherwise.

Showing mirrors on the map

Mirrorlist now can show mirrors on the map, which may be useful for visual representation. (Mirrorlist is shown if you click ‘Details’ link in the file listing or add .mirrorlist to the file URL). The map appears when button ‘Toggle map’ at the bottom of mirrorlist page is pressed.

Download reports

It is possible to see download statistics for several recent days in the ‘Reports’ menu, e.g. Downloads per country with the following limitations:

• The statistics are collected after the day is over, i.e. no statistics for the current day.
• The statistics for geographical regions are available on the corresponding MirrorCache instance (see below).
• Values in column ‘Bytes Redirected’ are currently only valid on the main and US instances.

Current regional instances

• North America - mirrorcache-us.opensuse.org
• South America - mirrorcache-br-2.opensuse.org
• Oceania - mirrorcache-au.opensuse.org
• Japan - mirrorcache-jp.opensuse.org

Feedback

Open a ticket on GitHub or progress.opensuse.org or email admin at opensuse.org.

この記事は openSUSE Advent Calendar 2022 の22日目です。

ファイルマネージャーにDolphinを使ってるのですが、開いているディレクトリでコンソールを即座に使う方法を紹介します。

方法

F4を押す

以上です。

普通のDolphinはこんな感じでコンソールはありません。

F4を押すと下部に開いているディレクトリをカレントディレクトリにしたコンソールが表示されます。

もちろん、コンソールとして使えます。

ウィンドウズでアドレスバーにcmdと打つとコマンドプロンプトが立ち上がるの、地味にいいなぁと思っていて、同等機能を探していたら見つけました。

最近はPDFの表示などをDolphinからすることが多いので、その横にあるテキストファイルをcodeで開きたい、とかいう時に重宝しています。

（と思ったのですが、ファイルを右クリックで「Visual Studio Codeで開く」が出てきましたね・・・）

Ayam KUB atau Ayam Kampung Unggul Balitbangtan adalah ayam kampung galur baru hasil seleksi secara genetik oleh team peneliti Balai Penelitian Dan Pengembangan Pertanian.

Zeze Zahra memelihara ayam KUB cukup banyak, mulai dari DOC (Day Old Chicken), anakan ayam, ayam remaja, ayam dewasa hingga indukan.

Komponen terbesar dari biaya pemeliharaan ayam KUB atau ayam kampung maupun ternak lainnya adalah biaya pakan.

Setelah anakan ayam sudah lebih dari 1 bulan dan sudah mulai besar, apa saja tips yang bisa dilakukan untuk menekan biaya pakan sekaligus bisa tetap menghasilkan ayam yang pertumbuhannya bagus? Yuk simak pada video berikut ini.

QOOLA é um equipamento com função de um ar-condicionado portátil. Pode ser usado no pescoço para esfriar o corpo até 15º C. Mas nos dias de frio podemos aquecer o corpo entre os 38º e os 45º C. Como o ar não é desviado como em projetos convencionais, a refrigeração é instantânea devido ao seu sistema condutor de temperatura, pois utiliza aço inoxidável com enorme condutividade térmica e refletividade. Com isto a temperatura dissipa de modo eficiente.

Como cereja do bolo, o equipamento oferece ionização de ar oferecendo uma corrente de ar pura. O aparelho encaixa no pescoço e de fácil ajuste. A bateria dura em média de 3 a 5 horas dependendo da modalidade de uso (aquecimento ou refrigeração). O carregamento dura em torno de 2 horas.

Com um chip para o sistema condutor de temperatura e turbinas impressionantes. o semicondutor aquece e resfria o ar e logo em seguida são entregue pelas turbinas.

Onde comprar? Aqui: https://hycier.com/qoola/

Un año más se va a celebrar una nueva edición de un programa cuyo objetivo es incorporar nuevos estudiantes al gran proyecto mundial que es KDE.  Se trata de Season of KDE 2023 que a lo largo de más de una década de existencia se ha consolidado como una alternativa bastante fiable a otros programas como Google Summer of Code o Google Code In que consiguen incorporar sabia nueva al proyecto.

Season of KDE 2023 busca mentores y estudiantes

Uno de los objetivos del proyecto KDE es involucrar al mayor número de personas en él y para ello organiza todo tipo de acciones: eventos como Akademy, encuentros como los Sprints, blogs colaborativos como KDE Planet, participación en proyectos para estudiantes como el Google Code In o Google Summer of Code.

No contento con esto, una vez al año organiza Season of KDE, es decir, su programa para involucrar a nuevos estudiantes en KDE. Una especie de Google Summer of Code pero para colaborar directamente en KDE y con la posibilidad de desarrollar proyectos no vinculados necesariamente con la programación, es decir, proyectos de promoción, documentación, diseño, etc.

Además, del anuncio oficial de lanzamiento del Dot de KDE donde se dan todos los detalles en cuanto a fechas, escrito por Caio Jordão Carvalho, os dejo una especie de preguntas y respuestas sobre el proyecto, que seguro que te estás haciendo como:

• ¿Qué es Season of KDE? Bueno, eso ya lo he explicado.
• ¿Quién puede formar parte? Todo el mundo que quiera.
• ¿Qué gano con ello? Aparte de colaborar con el proyecto KDE, el proyecto más puntuado ganará un viaje a Akademy 2018 de Viena, con los gastos pagados. Además de una interesante línea en tu currículo.
• ¿Cuánto tiempo tengo? El plazo máximo para inscribirse tanto mentores como para estudiantes es del 15 de enero de 2023.
• ¿Cómo empiezo? Busca un mentor y propón tu idea.
• ¿Y si no se me ocurre nada? Pues mira en las ediciones de los años anteriores.

En fin, una buena forma de poner tu granito de arena en el proyecto KDE.

Más información: KDE

La entrada Season of KDE 2023 busca mentores y estudiantes se publicó primero en KDE Blog.

Snapshots of openSUSE Tumbleweed are rolling out this week like a postal worker delivering presents.

The snapshots are plenty, but only a few software packages are arriving in each snapshot as developers begin to take some time off during the holiday season.

Snapshot 20221219 delivered just one package. That package was cppcheck 2.9.3, which is a static analysis tool for C/C++ code. This update brought various Graphical User Interface and premium feature handling bugfixes. The package improved the lifetime analysis with this pointers, and added debug intrinsics debug valueflow and debug valuetype to show more detail including source backtraces.

The 20221218 snapshot had just two package updates. An update of bash 5.2.15 added some upstream patches in the rolling release snapshot. The patches addressed several cases where bash is too aggressive when optimizing out forks in subshells, and how bash can leak memory when referencing a non-existent associative array element. The shell and command language package also defers processing additional terminating signals when running the EXIT trap while exiting due to a terminating signal; the patch allows the new terminating signal to kill the shell immediately. The other package to update in the snapshot was XFS filesystem utility xfsdump 3.1.12. The package contains tools to create and restore backups of directory trees, which fixed on-media inventory for media unpacking, stream unpacking, stream packing and unpacking logic.

Snapshot 20221217 had a major version update of VPN client openconnect. The 9.01 version added a webview callback and support for some of Cisco’s AnyConnect sessions and verifications. An update of pipewire 0.3.63 fixed a critical bug that caused some audio distortion in some cases when using Advanced Vector Extensions AVX2. The audio and video package for linux also fixed some crash triggers and a potential starting issue with audacity A few other KDE’s Qt5 packages were updated in the snapshot, along with osinfo-db 20221130, which added some patches for supporting LeapMicro versions.

Functionality improvements for the Linux boot process were made in snapshot 20221216 as dracut had an update to check for the fipscheck validation check in /usr/libexec. VMware’s open-vm-tools package updated to version 12.1.5. The package added a containerInfo plugin and a number of Coverity, which is proprietary static code analysis tool, reported issues were addressed. Password Checking Library cracklib 2.9.8 had some translation updates and forces grep to treat the input as text when formatting word files. Text editor nano 7.1, mpc 1.3.0 and a couple other packages updated in the snapshot.

There were several packages that arrived in snapshot 20221215. The big update in the snapshot was to the GNU Compiler Collection. The gcc13 13.0.0 git + added two new headers and depends on at least LLVM 13 for GCN cross compiler. The compiler rebased a patch and included a new patch to allow for armv7l architecture. Another major version update was the GNOME Unicode character map package; the 15.0.2 update of gucharmap updated translations, unicode 15.0.0 and added screenshots and link them from the metainfo. Other packages to update were shotwell 0.31.7, which improved the handling of images that do not have a GPS altitude, rsyslog 8.2212.0, which made Python http server based tests more reliable, and several more.

Ayam KUB atau Ayam Kampung Unggul Balitbangtan adalah ayam kampung galur baru hasil seleksi secara genetik oleh team peneliti Balai Penelitian Dan Pengembangan Pertanian.

Zeze Zahra memelihara ayam KUB cukup banyak, mulai dari DOC (Day Old Chicken), anakan ayam, ayam remaja, ayam dewasa hingga indukan.

Komponen terbesar dari biaya pemeliharaan ayam KUB atau ayam kampung maupun ternak lainnya adalah biaya pakan.

Setelah anakan ayam sudah lebih dari 1 bulan dan sudah mulai besar, apa saja tips yang bisa dilakukan untuk menekan biaya pakan sekaligus bisa tetap menghasilkan ayam yang pertumbuhannya bagus?

この記事は openSUSE Advent Calendar 2022 の21日目です。

openSUSE、というかKDEを使ってる方なら、手軽に外観をがらりと変えることが出来ます。

事実、僕は月に一回変更して、都度新しいイメージを楽しんでいます。

ではさっそく方法ですが、メニューから「設定」->「KDE設定」を選んでKDE設定を開きます。

その中から、「外観」を選びます。

ここからGlobal Themeを選ぶと、がらりとイメージが変わります。アイコン、起動時の画面、ウィンドウのデザインと変わるので、別OSになった気分です。

え？これだけ？と思われるかもしれませんが、ご安心ください。有志の方が作成された多くのテーマを右下の「Get New Themes…」から選ぶことが出来ます。

ドラッグすれば結構な数のテーマが表示されていきます。中にはvistaライクな外観も・・・

なお、上に表示されているように、openSUSEがレビューしたりしているわけではない、有志の作ということを留意してください。

たまに切り替え直後にアイコンが表示されなかったり（何かの拍子に直ります）、テーマによってはLibreOfficeのアイコンがみずらくなったりしてしまうのですが、元に戻すのも簡単ですのでぜひいろいろと試して新しい風をopenSUSEデスクトップに吹かせてみてください。

なお、自分のテーマを作成してアップロードすることもできますので、「俺の考えた最強のデスクトップ」をお持ちの方はぜひアップロードしてみてください。