This week, the U.S. government added multiple companies to its blacklist. Among those companies, the most notable ones are Loongson and Inspur. Also, WordPress solved a major issue that causes a violation of GDPR by including fonts locally in legacy default themes. Also this week GitHub released a new feature to help users stay safe by secret scanning alerts that scan code, description, and other parts. GitHub secret scanning will alert its partners if any of their secrets have been leaked.
Garuda Linux “Raptor” is ready to download
Garuda‘s developer team announced the arrival of Garuda “Raptor” this month. Garuda “Raptor” comes with an improved garuda-update and Dracut as the initramfs tool of choice as well as a clean Qt interface for the setup assistant. The setup assistant has been redesigned in C++/Qt to better user experience, with the introduction of actual tabs in place of several prompts. There are also new packages to install, and support for detecting Nvidia cards has been added.
The U.S. government blacklists Loongson and Inspur
The U.S. Department of Commerce announced that Insput and Loongson were added to the Entity List along with 35 more entities. The department alleged that 37 entities acquired U.S.-origin items to support China’s military modernization efforts. Blacklist will limit these companies’ access to technologies originating from the U.S. The document doesn’t disclose how these companies are tied to the Chinese military, however, all Chinese companies are obliged to adhere to Chinese government decisions.
WordPress legacy default themes now include Google fonts locally
WordPress’ legacy default themes are now updated to include the Google Fonts locally, in the theme folder. Prior to this, the fonts were being downloaded from the Google CDN and it was the fastest method so far. However, a website was fined due to a violation of the GDPR rules by using Google-hosted fonts, and it became a major concern. The default themes from Twenty Twelve to Twenty Seventeen are now updated. The team started the process nine months ago.
GitHub releases secret scanning alerts for security
Back in December, the GitHub team launched the beta version of the free secret scanning alerts across public repositories and now it is generally available and free for all public repositories. When you enable secret scanning alerts across all of your repositories, including code, problems, descriptions, and comments, they will warn you of any secrets that have been compromised. The goal of secret scanning is to prevent unintentional exposure of sensitive information in public repositories by identifying and alerting if potential secrets are found.
Fortinet pinpoints a critical RCE vulnerability
Fortinet warned users about a buffer underwrite vulnerability affecting FortiOS and FortiProxy administrative interface. Fortinet published a security advisory to warn users about a vulnerability, tracked as CVE-2023-25610, that has a CVSSv3 score of 9.3. Currently, the vulnerability is not under attack but Fortinet urged users to update their installations and also provided a workaround to users. The buffer underwrite vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the device and/or perform a DoS on the GUI, via specifically crafted requests.
EndeavourOS Cassini Nova arrives with fixes
EndeavourOS “Cassini Nova” arrives less than a month after the release of “Cassini Neo”, with much needed bug fixes and updates to its software packages. Cassini Nova comes with a couple of bug fixes in addition to the usual package updates. The latest release of EndeavourOS uses Linux kernel 6.2.2.arch1-1, a very recent kernel version. Existing EndeavourOS users do not need to download anything since it is a rolling release. Existing users can simply perform the usual updates to obtain the latest version.
Gcore launches Cloud IPU Virtual vPODs
Gcore AI infrastructure improves deployment time with Cloud IPU Virtual vPOD integration, which enhance the functionality of Gcore’s AI infrastructure. Gcore’s IPU-based AI Cloud is built to support every stage of their AI adoption journey, from building proof of concepts to training and deployment. Gcore has joined forces with Graphcore, implementing their state-of-the-art IPU to meet the rapidly growing demand for powerful, efficient, secure artificial intelligence computing in the cloud. Gcore is now expanding the capabilities of its AI Cloud. Cloud IPU Virtual vPOD is a flavor of an AI cluster in which a server is deployed on a virtual machine instead of a dedicated vPOD.