Just checked USAJOBS.gov . There is not a single CISA based job listed. If they are understaffed as bad as this indicates why are there no job postings at their official site for hiring? None, Zero, Zip. Seems to be this article is fake news based on a stolen, uncheckable, email.
Not really news. There has been no Cyber talent in the government for a while because it won't PAY them. When you can make 2X more going contractor, or private industry, the only people in the government are people who need the ability not to get fired to have a small chance of holding a job. There is no innovation or dedication in or civil servants. Until the government is willing to meet the wages on the outside they will be unable to attract top talent.
If you think Government workers are a meritocracy and we are losing top talent, you obviously have never looked into Federal hiring practices. They self select for the worst candidate.
If you are a Govie reading this, yes I mean you.
So this move probably improved efficiency, not hurt it.
Nope. That's why I changed all my players to BlueOS.
I replaced all my SONOS connects with BlueSound node Nano devices. A pricey replacement, but worth it.
As a bonus I was now able to turn off SMB1 on my home Samba server !
This seems like such an obvious improvement that I was curious about the one commissioner who voted against it. It turns out he, Andrew Ferguson, is expected to be nominated and confirmed to be the head of the FTC under the upcoming administration. Some info about the anticipated new head of the FTC:
* UVA undergrad and law degrees
* worked for private firms defending against anti-trust enforcement
* clerked for Clarence Thomas
* worked for Republican senators on judicial confirmations
* solicitor general for Virginia
* appointed to FTC in 2023
We will see how things change under his leadership.
> Every large NAS vendor (Synology, QNAP, etc) has their own SMB server they wrote themserlves
That's untrue. Both Synology and QNAP use Samba. QNAP contributes code and bugfixes back to samba.org (Hi Jones !).
When there are 42 AGs listed, I wondered which states didn't sign on. Here they are:
That adds up to more than 50 owing to DC and some territorial AGs.
The upstream Linux kernel doesn't differentiate between security bugs and "normal" bug fixes. So the new kernel.org CNA just assigns CVE's to all fixes. They don't score them.
Look at the numbers from the whitepaper:
"In March 2024 there were 270 new CVEs created for the stable Linux kernel. So far in April 2024 there are 342 new CVEs:"
Yes ! That's exactly the point. Trying to curate and select patches for a "frozen" kernel fails due to the firehose of fixes going in upstream.
And in the kernel many of these could be security bugs. No one is doing evaluation on that, there are simply too many fixes in such a complex code base to check.
Oh that's really sad. I hope they use a more up to date version of Samba
I don't see that argument in the blog or paper.
Did you read them ?
There are many more unfixed bugs in vendor kernels than in upstream. That's what the data shows.
You're missing something.
New bugs are discovered upstream, but the vendor kernel maintainers either aren't tracking, or are being discouraged from putting these back into the "frozen" kernel.
We even discovered one case where a RHEL maintainer fixed a bug upstream, but then neglected to apply it to the vulnerable vendor kernel. So it isn't like they didn't know about the bug. Maybe they just didn't check the vendor kernel was vulnerable.
I'm guessing management policy discouraged such things. It's easier to just ignore such bugs if customer haven't noticed.
Gordon, Gordon, don't you ever get tired of your obsession ?
"Towards thee I roll, thou all-destroying but unconquering whale; to the last I grapple with thee; from hellâ(TM)s heart I stab at thee; for hateâ(TM)s sake I spit my last breath at thee."
The system was down for backups from 5am to 10am last Saturday.
