Kernel prepatch 6.11-rc5

Post Syndicated from corbet original https://lwn.net/Articles/987164/

The 6.11-rc5 kernel prepatch is out for
testing. “Other than the timing, there’s not a whole lot unusual
here. The diffstat looks fairly flat, which means ‘mostly pretty small
changes’.” Linus Torvalds added a
note that today marks the 33rd anniversary of the first Linux
announcement; “A third of a century. And it *still* isn’t ready“.

Нюанси относно Телеграм и ареста на Дуров

Post Syndicated from Bozho original https://blog.bozho.net/blog/4349

Франция арестува Павел Дуров, изпълнителен директор на Телеграм, чат-приложение за криптирана комуникация, защото системно е допускал незаконна дейност да бъде организирана чрез приложението. Немалка част от реакциите на ареста са, че Франция нарушава свободата на словото, защото Дуров е отказвал да цензурира мнения в платформата. Това не е така, а темата е доста по-сложна, и тъй като следя развитието на Телеграм отдавна, и разбирам от киберсигурност, киберпрестъпления и криптография, нека да споделя някои нюанси и детайли.

Първо, доколкото става ясно от медийните публикации, арестът е за системно допускане на организиране на престъпна дейност чрез приложението. В Телеграм, за разлика от много други криптирани чат-приложения, има т.нар. „канали“ – нещо като фейсбук групите. Там може да се обсъждат всякакви теми от разнообразен кръг лица. Има публични канали, има скрити канали. Каналите са различни от междуличностната кореспонденция, в която потребител 1 пише на потребител 2 и не иска никой: правителства, служби или някой друг да му чете кореспонденцията. Каналите са инструменти за разпространение на информация и организиране на работата на широк кръг хора.

За каналите, в правото на Европейския съюз (а и не само – и на САЩ напр.), действа т.нар. safe harbor – никой онлайн доставчик не носи отговорност за съдържанието, което потребители публикуват, дори то да е незаконно и свързано с престъпна дейност, докато не получи заявка за неговото сваляне. Ако някой качи във Фейсбук, Телеграм или на друго място изтекли пароли, които да се ползват за хакерски атаки, или за разпространение на документи с лични данни, които да се ползват за т.нар. doxing (тормоз на хора чрез детайли от личния им живот), детска порнография, информация за прилагане на криптовируси (ransomware), DDoS-като-услуга, то съответната платформа не носи отговорност, докато някое МВР не ѝ каже, често след разрешение от съд: „това представлява престъпление и трябва да бъде свалено“. Тогава чак платформата го сваля (след преценка дали действително е такова или е злоупотреба от съответното МВР), и евентуално предоставя данни, ако има такива, на лицата, замесени в престъплението, в рамките на приложимия режим на международна правна помощ.

Моята информация е, че именно чрез канали в Телеграм се извършват доста от гореописаните престъпни дейности. И че Телеграм системно отказва както свалянето на такава информация, така и разкриването на данни за извършителите. Ако френският наказателен кодекс предвижда лична отговорност за представляващите съответната платформа (каквато се явява Телеграм), тогава съдът да прецени, на база на изнесените доказателства, доколко Телеграм системно е допускал незаконни дейности, въпреки, че е бил известяван от органите на реда, и доколко е отказвал да разкрие информация за престъпници, съгласно правилата за международна правна помощ.

Това в никакъв случай не значи, че криптираните чат-приложения трябва да се ограничат, забранят, да се въведе задължителна модерация на лична комуникация и т.н. Телеграм и други подобни приложения не разполагат изобщо с достъп до съдържанието, което се споделя чрез тях при директната комуникация, тъй като то е криптирано „от край до край“. И това трябва да остане така. Всеки опит това да бъде отслабено трябва да бъде спиран.

Нещо такова се случва в момента с проект на регламент на ЕС, в който с оглед борбата с насилието над деца, се предвижда чат-приложенията да сканират снимки преди тяхното изпращане, за засичане на незаконно съдържание (напр. детска порнография). Моята позиция, изразено вкл. писмено в няколко парламентарни въпроса до МВР е, че този текст в проекта на регламент не може да бъде подкрепян, защото с правилната цел за ограничаване на споделянето на незаконно съдържание, се отваря кутията на пандора – всяка снимка да бъде проверявана, което значи потенциално да бъде изпращана на някой централен сървър, който подлежи на подслушване и контрол, което елиминира гаранциите на криптирането „от край до край“ и съответно неприкосновеността на кореспонденцията. Такава беше и позицията на Европейския парламент, и на много държави членки, поради което тази част на регламента не намира подкрепа и вероятно няма да бъде приета.

В обобщение на тази част, ако обвиненията на френските власти са за липса на намеса в директната криптирана комуникация, то те ще се разпаднат. Ако е, както подозирам, за отказ от реакция във връзка с телеграм каналите, тогава не става дума за засягане на неприкосновеността на личната кореспонденция.

Няколко детайла от историята на Телеграм. В първите години, комуникацията не е криптирана „от край до край“ по подразбиране, а само ако изрично някоя страна пожелае. Това означаваше, че хората си мислеха, че комуникират тайно, а всъщност Телеграм (и съответно – правоохранителните органи) имат достъп до съдържанието. Друг проблем на Телеграм беше, че алгоритъмът за криптиране, който използват, беше необичаен – без причина беше избран режим на международния стандарт (AES), който почти никой не използва. Притесненията тогава в криптографската общност бяха, че това е направено, защото нечии служби имат „задна врата“ за подслушване на комуникацията.

А чии може да се тази служби? Въпреки, че Дуров бяга от Русия, заради натиск от Кремъл, разграничава се от режима на Путин и се обявява за свобода на словото, от журналистически разследвания става ясно, че част от приложението се разработва от разработчици, намиращи се в в Санкт Петербург, в съседство с офиса на Вконтакте, притежавана от близък до Путин руски олигарх. От страна на Телеграм тогава липсват разумни обяснения както за избора на криптиращ алгоритъм, така и за разработчиците в Петербург. Впечатление прави и че руските държавни институции популяризират Телеграм, като го ползват за основен канал за комуникация с граждани, а в момента руското посолство вдига шум в защита на Дуров. Поради тези причини, по моя информация, руската опозиция не ползваше Телеграм.

Какви са отношенията на Телеграм с руската държава няма пряко отношение към дискусията за свободата на словото, но косвено смятам, че е важно, преди да провъзгласим някого за герой на свободното слово.

И накрая (защото знам, че сега ще тръгнат коментари как съм бил искал държавен контрол върху кореспонденцията) – ползвайте Signal. Ако Франция задържи напр. Мокси Марлинспайк, крипрограф и създател на Signal, както и на сигурния и публично проверен криптиращ протокол, ползван от Signal, тогава ще имаме сериозен проблем. Ако Signal не ви харесва, има достатъчно други опции за сигурна комуникация, която никой не може да подслушва – Threema, Wire и др. Особено в държави, в които властта злоупотребява с правомощията си, като България. Нямаме гаранция, че ДАТО, по разпореждане на някой политик, без разумно правно основание, не подслушва откритата комуникация и няма да я използва в удобен момент вбъдеще (помните подслушването на протестиращи).

Телеграм действително се ползва за чисто престъпна дейност, нямаща нищо общо със свободата на личната кореспонденция и не трябва да смесваме двете неща – т.е. трябва да разграничим телеграм каналите, където се случва безнаказано престъпна дейност, от личната кореспонденция онлайн, с чиято неприкосновеност не може да има компромис по много причини.

Материалът Нюанси относно Телеграм и ареста на Дуров е публикуван за пръв път на БЛОГодаря.

This is Ampere AmpereOne A192-32X a 196 Core Arm Server CPU

Post Syndicated from Patrick Kennedy original https://www.servethehome.com/this-is-ampere-ampereone-a192-32x-a-196-core-arm-server-cpu-arm/

This is the Ampere AmpereOne A192-32X a 192 core 3.2GHz custom Arm core CPU. We look at the LGA5964 socket and how these chips are cooled

The post This is Ampere AmpereOne A192-32X a 196 Core Arm Server CPU appeared first on ServeTheHome.

Publish packages to AWS CodeArtifact using Amazon CodeCatalyst Actions

Post Syndicated from Muhammad Shahzad original https://aws.amazon.com/blogs/devops/publish-packages-to-aws-codeartifact-using-amazon-codecatalyst-actions/

Amazon CodeCatalyst is a unified software development service for development teams to quickly build, deliver and scale applications on AWS while adhering to organization-specific best practices. Developers can automate development tasks and innovate faster with generative AI capabilities, and spend less time setting up project tools, managing CI/CD pipelines, provisioning and configuring various development environments or coordinating with team members.

It can integrate with services like AWS CodeArtifact, which is a managed artifact repository service that lets you securely store, publish, and share software packages. In this blog post we will show you how to use Publish to AWS CodeArtifact action in a CodeCatalyst workflow to publish packages to AWS Code Artifact.

In Amazon CodeCatalyst, an action is the main building block of a workflow, and defines a logical unit of work to perform during a workflow run. Typically, a workflow includes multiple actions that run sequentially or in parallel depending on how you’ve configured them. Amazon CodeCatalyst provides a library of pre-built actions that you can use in your workflows, such as for building, testing, deploying applications, as well as the ability to create custom actions for specific tasks not covered by the pre-built options.

Following are the instructions on using Publish to AWS CodeArtifact action in Amazon CodeCatalyst workflow.

Prerequisites

To follow along with this walkthrough, you will need:

{
  "Version": "2012-10-17",
  "Statement": [
     {
        "Effect": "Allow",
        "Action": [
           "codeartifact:GetAuthorizationToken",
           "codeartifact:GetRepositoryEndpoint",
           "codeartifact:PublishPackageVersion",
           "codeartifact:PutPackageMetadata",
           "sts:GetServiceBearerToken"
        ],
        "Resource": "*"   
     }
  ]
}

And the following custom trust policy.

{
  "Version": "2012-10-17",
  "Statement": [
     { 
        "Effect": "Allow",
        "Principal": {
          "Service":  [
            "codecatalyst-runner.amazonaws.com",
            "codecatalyst.amazonaws.com"     
           ]  
        },
        "Action": "sts:AssumeRole"   
     }
  ]
}

In the trust policy, we have specified two AWS services in the Principal element. Service principals are defined by the service. The following service principals are defined for CodeCatalyst:

  • amazonaws.com – This service principal is used for a role that will grant CodeCatalyst access to AWS.
  • codecatalyst-runner.amazonaws.com – This service principal is used for a role that will grant CodeCatalyst access to AWS resources in deployments for CodeCatalyst workflows.

Walkthrough

In this example, we are going to publish a npm package to a CodeArtifact repository called ‘myapp-frontend in the domain ‘myapp-artifacts. Amazon CodeCatalyst is available in two regions at the moment i.e. Europe (Ireland) and US West (Oregon). We will use ‘us-west-2’ for all the resources in this walkthrough.

Here are the steps to create your workflow.

  1. In the navigation pane, choose CI/CD, and then choose Workflows.
  2. Choose Create workflow.

The workflow definition file appears in the CodeCatalyst console’s YAML editor.

To configure your workflow 

You can configure your workflow in the Visual editor, or the YAML editor. Let’s start with the YAML editor and then switch to the visual editor.

  1. Choose + Actions to see a list of workflow actions that you can add to your workflow.
  2. In the Build action, choose + to add the action’s YAML to your workflow definition file. Your workflow now looks similar to the following. You can follow the below code by editing in YAML editor.

This image shows the build action from the action drop down list in Amazon CodeCatalyst Workflow.

The following code shows the newly created workflow.

Name: CodeArtifactWorkflow
SchemaVersion: "1.0"

# Optional - Set automatic triggers.
Triggers:
  - Type: Push
    Branches:
      - main

# Required - Define action configurations.
Actions:
  Build:
    # Identifies the action. Do not modify this value.
    Identifier: aws/[email protected]
    # Specifies the source and/or artifacts to pass to the action as input.
    Inputs:
      # Optional
      Sources:
        - WorkflowSource # This specifies that the action requires this Workflow as a source
    Outputs:
      Artifacts:
        - Name: ARTIFACT
          Files:
            - "**/*"
    # Defines the action's properties.
    Configuration:
      # Required - Steps are sequential instructions that run shell commands
      Steps:
        - Run: cd integration/npm/npm-package-example-main
        - Run: npm pack
        - Run: ls
    Compute:
      Type: EC2
    Environment:
      Connections:
        - Role: CodeCatalystWorkflowDevelopmentRole-action-workshop
          Name: codecatalystconnection
      Name: action-builder

In this build action, we are using ‘npm pack’ command to create a compressed tarball (.tgz) file of our package’s source code and configuration files. We are creating an output artifact named ‘ARTIFACT’ and our files are in this directory integration/npm/npm-package-example-master.

Now, we are going to select publish-to-code-artifact action from the action’s dropdown list.

This image shows the Publish to AWS CodeArtifact action from the action drop down list in Amazon CodeCatalyst Workflow.

The following code shows the newly added action in the workflow file.

Publish-to-code-artifact:
    Identifier: .
    
    Environment:
      Connections:
        - Role: CodeCatalystWorkflowDevelopmentRole-action-workshop
          Name: mushhz
      Name: action-builder
      
    Inputs:
      Sources:
        - WorkflowSource
      Artifacts:
        - ARTIFACT
        
    Compute:
      Type: EC2
      
    Configuration:
      PackagePath: /artifacts/Validatepublish-to-code-artifact/ARTIFACT/integration/npm/npm-package-example-main/ktsn-npm-package-example-1.0.1.tgz
      PackageFormat: npm
      RepositoryName: action-builder
      AWSRegion: us-west-2
      DomainName: action-builder

In the above code, you can see we specified the PackageFormat, RepositoryName, DomainName and AWSRegion.These are all required fields.

For Package Path, it is the build artifact output path + the folder path.

You can find the complete workflow file in this GitHub repository.

If you chose ‘Visual’ option to view the workflow definition file in the visual editor. This is going to look as shown in the image below. The fields in the visual editor let you configure the YAML properties shown in the YAML editor.

If you chose ‘Visual’ option to view the workflow definition file in the visual editor. This is going to look as shown in the image below.

How the “Publish to AWS CodeArtifact” action works:

The “Publish to AWS CodeArtifact” action works as follows at runtime:

  • Checks if the PackageFormat, PackagePath, RepositoryName, DomainNameand AWSRegionis specified, validates the configuration, and configures AWS credentials based on the Environment, Connection, and Role specified.
  • Looks for package files to publish in the path configured in the PackagePathfield in the WorkflowSource If no source is configured in Sources, but an artifact is configured in Arifacts, then the action looks for the files in the configured artifact folder.
  • Publishes the package to AWS CodeArtifact.

Cleanup

If you have been following along with this workflow, you should delete the resources you deployed so that you do not continue to incur charges.

  • Delete the published package in AWS CodeArtifact by following these instructions.
  • Delete the repository in AWS CodeArtifact by following these instructions.
  • Delete the domain in AWS CodeArtifact by following these instructions.
  • For Amazon CodeCatalyst, if you created a new project for this tutorial, delete it. For instructions, see Deleting a project. Deleting the project also deletes the source repository and workflow.

Conclusion

In this post, we demonstrated how to use an Amazon CodeCatalyst workflow to publish packages to AWS CodeArtifact by utilizing the Publish to AWS CodeArtifact action. By following the steps outlined in this blog post, you can ensure that your packages are readily available for your projects while maintaining version control and security.

For further reading, see Working with actions in the CodeCatalyst documentation.

About the Authors

Muhammad Shahzad is a Solutions Architect at AWS. He is passionate about helping customers achieve success on their cloud journeys, enjoys designing solutions and helping them implement DevSecOps by explaining principles, creating automated solutions and integrating best practices in their journey to the cloud. Outside of work, Muhammad plays badminton regularly, enjoys various other sports, and has a passion for hiking scenic trails.

Alexander Schueren is a Senior Specialist Solutions Architect at AWS, dedicated to modernizing legacy applications and building event-driven serverless solutions. With a focus on simplifying complexity and bringing clarity to technical challenges, Alexander is on a mission to empower developers with the tools they need for success. As the maintainer of the open-source project “Powertools for AWS Lambda (TypeScript),” he is committed to driving innovation in serverless technologies. In his free time, Alexander channels his creativity through street photography, capturing decisive moments in the urban landscape.

Metasploit Weekly Wrap-Up 08/23/2024

Post Syndicated from Alan David Foster original https://blog.rapid7.com/2024/08/23/metasploit-weekly-wrap-up-08-23-2024/

New module content (3)

Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)

Metasploit Weekly Wrap-Up 08/23/2024

Authors: Michael Heinzl and Tenable
Type: Auxiliary
Pull request: #19373 contributed by h4x-x0r
Path: admin/http/fortra_filecatalyst_workflow_sqli
AttackerKB reference: CVE-2024-5276

Description: This adds an auxiliary module to exploit the CVE-2024-5276, a SQL injection vulnerability that allows for adding an arbitrary administration user in the application.

SPIP Unauthenticated RCE via porte_plume Plugin

Authors: Julien Voisin, Laluka, and Valentin Lobstein
Type: Exploit
Pull request: #19394 contributed by Chocapikk
Path: multi/http/spip_porte_plume_previsu_rce

Description: Adds a new exploit/multi/http/spip_porte_plume_previsu_rce SPIP unauthenticated remote code execution (RCE) module targeting SPIP versions up to and including 4.2.12.

DIAEnergie SQL Injection (CVE-2024-4548)

Authors: Michael Heinzl and Tenable
Type: Exploit
Pull request: #19351 contributed by h4x-x0r
Path: windows/scada/diaenergie_sqli
AttackerKB reference: CVE-2024-4548

Description: This adds an exploit module for CVE-2024-4548, an unauthenticated SQL injection vulnerability that allows remote code execution as NT AUTHORITY\SYSTEM.

Bugs fixed (1)

  • #19366 from adeherdt-r7 – Updates the Jenkins login scanner to correctly determine whether authentication is required.

Documentation

You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
commercial edition Metasploit Pro

Metasploit Weekly Wrap-Up 08/23/2024

Exploring Internet and security trends during the 2024 U.S. Democratic National Convention

Post Syndicated from João Tomé original https://blog.cloudflare.com/internet-security-trends-2024-us-democratic-convention


The 2024 Democratic National Convention (DNC) wrapped up on Thursday, August 22, in Chicago, Illinois. Since our blog post about Internet trends during the first presidential debate between President Joe Biden and former President Donald Trump on June 27, the presidential race has fundamentally changed. We experienced the attempted assassination of Trump, the Republican National Convention (RNC), Biden’s late July withdrawal from the race, and Vice President Kamala Harris being selected as the Democratic nominee and participating in her party’s convention this week. Here, we’ll examine trends more focused on DNS traffic to news and candidate-related sites, cyberattacks targeting politically-related organizations, and spam and malicious emails mentioning the candidates’ names.

Over 60 more national elections are scheduled to take place across the world this year, and we have been monitoring them as they occur. Our goal is to provide a neutral analysis of their impact on Internet behavior, which often mirrors human activities. Significant events, such as the total eclipse in Mexico, the United States, and Canada, and the Paris 2024 Olympics, have had an impact on Internet traffic. Our ongoing election report on Cloudflare Radar includes updates from recent elections in the European Union, France, and the United Kingdom.

Let’s start with an Internet traffic perspective on the Chicago area, where the Democratic National Convention took place from August 19 through August 22, 2024.

Internet traffic trends in Chicago

Internet traffic shifts during major events like elections – and there have been several this year – are typically more impactful than those from a single political party’s event. During the DNC in Chicago, Illinois, we didn’t observe an obvious pattern change, similar to the RNC that took place in Milwaukee, Wisconsin in June.

Throughout the convention, although we didn’t notice any significant drops or spikes in Chicago’s Internet traffic, there was a rise in traffic starting on August 15 and continuing through the first three days of the convention. Notably, traffic was 10% to 20% higher after midnight compared to the previous week.

DNS trends: Kamala Harris-related sites see accelerated growth

Shifting our focus to domain trends, our 1.1.1.1 resolver data highlights a more targeted impact from the DNC and preceding weeks. This analysis now includes Kamala Harris-related insights, as our earlier reports on the Biden-Trump debate and the Republican National Convention predated her selection as the Democratic nominee.

Kamala Harris’s official website, initially redirecting to Joe Biden’s website, became an independent dedicated site after July 21, following Biden’s announcement of his withdrawal and endorsement of Harris. Since then, aggregated daily DNS traffic to Kamala Harris-related domains has seen significant growth, particularly after June 29.

On August 6, the day Kamala Harris selected Minnesota Governor Tim Walz as her running mate, DNS traffic for Kamala Harris-related domains increased by 99% compared to the previous week. Following this announcement, as Harris and Walz campaigned together in various cities, DNS traffic initially peaked on August 8-9, showing increases of 896% and 845%, respectively. Another significant spike occurred on August 15, which persisted through the DNC, peaking on its fourth day, August 23, with a 21% growth in DNS traffic compared to the previous week.

From an hourly perspective, the impact of the convention on Kamala Harris-related sites is evident, with increased DNS traffic in the evenings coinciding with the convention’s key speakers. Traffic grew each day compared to the day before.

Here’s a summary of peak hourly DNS traffic to Kamala Harris’s-related domains on each day of the DNC, coinciding with key moments of the event:​

  • Day 1, August 19: Peak at 23:00 EDT with a 313% increase in traffic compared to the previous week. This spike occurred around the time President Joe Biden appeared on stage.

  • Day 2, August 20: Peak at 00:00 EDT (August 21) with a 466% increase, following former President Barack Obama’s speech that closed the second day of the DNC.

  • Day 3, August 21: Peak at 22:00 EDT with a 70% increase just before Governor Tim Walz took the stage. Although this peak was higher than previous days, the percentage increase was lower due to higher traffic at the same time the previous week.

  • Day 4, August 22: Peak at 23:00 EDT with a 71% increase around the time of Vice President Kamala Harris’s speech.

Increase in DNS traffic to fundraising domains on day 4 of the DNC

During the DNC, we observed a rise in DNS traffic for Harris/Democrats fundraising domains. The main spike occurred on day 4 of the DNC, August 22, at around 21:00 EDT, with a 493% increase compared to the previous week. On that day, daily traffic increased by 92% compared to the previous week.​

News: increased traffic during the DNC

Like the RNC before it, the DNC sparked significant interest in US news organizations, resulting in an uptick in aggregated DNS traffic to general US news sites. This increase typically occurred just after the final speaker of the evening.

On day 1 of the DNC, traffic to US news organizations was 11% higher compared to the previous week at 23:00 EDT, coinciding with President Biden’s appearance. On day 2, when President Obama concluded the evening, DNS traffic to US news sites increased by 10%, continuing to rise thereafter. On day 3, during the hour when Vice Presidential candidate Tim Walz spoke, DNS traffic to US news sites spiked by 21% at 23:00 EDT. The final day (day 4) saw a 28% increase at 23:00 EDT, around Vice President Kamala Harris’s speech.

Attacks targeting politically-related websites

Attacks on political parties have remained a significant threat in an election-filled 2024. In Europe, we’ve seen political parties and associated websites targeted around elections. We previously reported on DDoS attacks around the Republican National Convention, and these types of attacks continued during the weeks ahead of the Democratic National Convention.

Since July 21, 2024, Cloudflare has blocked DDoS attacks targeting three US politically-related organizations. A site associated with one of the major parties (represented by the blue line on the chart) was attacked on July 23, and again just before the DNC.

The largest DDoS attack recorded (indicated in green) targeted another US politically-related website on July 26, peaking at 180,000 requests per second (rps) and lasting about 10 minutes. There were other smaller attacks, earlier on the same day, and on July 28.

Another site, focused on political fundraising, experienced a smaller attack on August 1, also lasting 10 minutes and peaking at 103,000 rps.

The most recent attacks we’ve observed occurred on August 17-18 (UTC time), targeting a politically-related website (blue line) and another politically-related website (green line). The former peaked at 62,000 rps on August 18, while the latter reached 24,000 rps on August 17.

As highlighted in our Q2 DDoS report, most DDoS attacks are short-lived, as exemplified by the two mentioned attacks. Also, 81% of HTTP DDoS attacks peak at under 50,000 requests per second (rps), and only 7% reach between 100,000 and 250,000 rps. While a 24,000 rps attack might seem minor to Cloudflare, it can be devastating for websites not equipped to handle such high levels of traffic.

Email trends: candidate-related spam and malicious messages

From another cybersecurity angle, trending events, topics and individuals often attract malicious, phishing, and spam messages, and also more emails in general. Our earlier analysis covered email trends involving “Joe Biden” or “Donald Trump” since January, concluding just after the Biden-Trump debate in late June. From June 1, 2024, through August 21, Cloudflare’s Cloud Email Security service processed around 14 million emails that included the names “Donald Trump”, “Joe Biden”, or “Kamala Harris” in the subject, with 7.4 million referencing Trump.

The next chart highlights a surge in emails mentioning Trump in mid-July, contrasting with a drop of emails mentioning Biden in the subject, who saw a brief uptick on July 22-23 following his withdrawal from the race, and on August 20, the day after his DNC speech.

Focusing on the period since July 21 – when changes in the presumptive Democratic candidate occurred – over 3.2 million emails mentioned “Donald Trump”, around 1.2 million mentioned “Joe Biden”, and over 2 million mentioned “Kamala Harris” in the subject. Examining spam and phishing messages, 34% of emails with Trump’s name were spam, and 3% were malicious. For Kamala Harris, 0.8% were spam and 0.2% were malicious, while Biden’s figures were 1.1% for spam and 0.1% for malicious.

To better understand the elevated percentages of spam and malicious emails mentioning “Donald Trump,” it’s important to look at the trend over time. Notably, after July 15, there was a significant rise in all emails mentioning Trump in the subject, as the previous line chart also shows, and that also included a higher percentage of emails classified as spam.

Additionally, Republican Vice Presidential Candidate JD Vance and Democratic Vice Presidential Candidate Tim Walz also influenced email trends. JD Vance was announced as Donald Trump’s running mate on July 15, so we start there – Tim Walz’s announcement came later, on August 6. Emails with “Tim Walz” mentioned in the subject (over 530,000) outnumbered those with “JD Vance” (over 241,000). Spam made up 1% of emails with Vance’s name and 0.1% were malicious, and for Walz, 0.7% were spam and 0.03% malicious.

Conclusion: high intensity election year

In this analysis of the Democratic National Convention, we’ve observed trends similar to those seen during the Republican National Convention. However, with Kamala Harris becoming the Democratic presidential candidate recently, there has been a noticeable increase in DNS traffic to both Kamala Harris-related domains and Democrats’ fundraising domains.

We have also noted that DDoS attacks targeting US politically-related organizations continue, and emails mentioning the candidates in the subject (including spam and malicious emails) have increased.

If you’re interested in more trends and insights about the Internet and elections, check out Cloudflare Radar, specifically our 2024 Elections Insights report. It will be updated throughout the year as elections (or election-related events) occur.

[$] The history, status, and plans for reproducible builds

Post Syndicated from jake original https://lwn.net/Articles/985739/

On the second day of DebConf24
in Busan, South Korea, Holger Levsen provided a history lesson on the
“first 11 years” of the Reproducible Builds project.
He has been involved in the project for most of that time and has been a
Debian user since the mid-1990s, contributor since 2001, and a Debian
member since 2007; “I love Debian”. Meanwhile, his aim is to make all free
software be reproducible, so that anyone can check that a binary program
comes from the source code it purports to.

Forgejo changes license to GPLv3+

Post Syndicated from daroc original https://lwn.net/Articles/986998/

The

Forgejo project has announced that, starting from version 9.0, Forgejo will be released under the GPLv3 license (or a later version). Older versions of the software forge remain MIT-licensed.

A copyleft license makes reusing other copyleft software easier. Recently, we discovered that

some of the dependencies we used were incompatible with the license Forgejo was distributed with, and they had to be removed for now. Choosing copyleft licenses enables us to reuse more work, and saves us precious time to focus on improving Forgejo itself.

The collective thoughts of the interwebz