Linux Action News 146

Microsoft Defender for Linux is in preview, Mozilla's VPN has a secret advantage, and why the community is calling out NPM Inc.

Plus a new report about open source security, and more.

Links:

• Microsoft: Linux Defender antivirus now in public preview — We're aiming to protect the modern workplace environment across everything that it is, being Microsoft or non-Microsoft.
• Microsoft Threat Protection stops attack sprawl and auto-heals enterprise
• Microsoft's Word, Excel and PowerPoint now live under one App
• Microsoft Works - Wikipedia
• Firefox releases an Android app for its VPN service — The Firefox Private Network VPN is powered by Mullvad VPN. Mullvad VPN claims that it won’t log and monitor user data, unlike many other VPN services.
• The Private Internet Access Android app is being open sourced
• IVPN applications are now open source
• Tom Scott video about VPNs
• Android 11 Developer Preview — All the changes we found from Android 10 so far.
• npm struggling to fund FOSS devs — Funding free software is 'still a very unsolved problem' says co-founder
• The Linux Foundation and Harvard’s Lab for Innovation Science Release Census for Open Source Software Security — New analysis identifies most widely used software and uncovers critical questions for the future of securing one of the world’s greatest shared resources
• The Linux Foundation identifies most important open-source software components and their problems — In its latest study, the Linux Foundation's Core Infrastructure Initiative discovered just how prevalent open-source components are in all software and their shared problems and vulnerabilities.
• Most-used libraries revealed
• The Linux Foundation and Harvard’s Lab for Innovation Science release census for open-source software security — Census II (run by Harvard) wanted to look at language-level packages. Their report discusses some of the challenges. One challenge of many is that the JavaScript environment strongly encourages tiny modules, with around 1/2 of all JavaScript packages having at most one function. As a result, when you start counting dependencies, there are far more dependencies in JavaScript (because each module does so little), and so JavaScript tends to dominate.