darthcamaro - Slashdot User

Submission + - As Linux Turns 25: Torvalds Credits GPL for Sucess (eweek.com)

Submitted by darthcamaro on Wednesday August 24, 2016 @11:43AM

darthcamaro writes: There are a lot of things that make Linux work and today at the LinuxCon conference in Toronto, 25 years after he first announced Linux, Linus Torvalds talked about the highlight and the low-lights of Linux (so far). For low lights he talked about the process challenges during the Linux 2.4 timeframe. When asked why Linux hasn't ended up fragmented like UNIX — Torvalds had an easy answer — the GPL.
I love the GPL and see it as a defining factor in the success of Linux," Torvalds said.

Submission + - Stagefright One Year Later - Not One Bug, but 115 (eweek.com)

Submitted by darthcamaro on Thursday July 28, 2016 @09:45AM

darthcamaro writes: A year ago, on July 27, 2016 news about the Android Stagefright flaw was first revealed with the initial reports claiming widespread impact with a billion users at risk. As it runs out, the impact of stagefright has been more pervasive than a single point in time flaw. In fact over the course of the last 12 months, Google has patched no less than 115 flaws in stagefright and related Android media libraries. Joshua Drake, the researcher the first discovered the stagefright flaw never expected it to go this far.
"I expected shoring up the larger problem to take an extended and large effort, but I didn't expect it to be ongoing a year later," Drake said.

Submission + - Lennart Poettering Admits he Doesn't Understand SELinux (serverwatch.com)

Submitted by darthcamaro on Thursday May 12, 2016 @05:00PM

darthcamaro writes: No surprise, but Lennart Poettering, the father of (love it or hate it..) systemd prefers it over other systems that can be used to secure Linux, including Red Hat (his employer) and its SELinux.
"My recommendation is that, systemd settings are easy and are just boolean expressions that most people will easily understand, that's why I created them and that's why I think they are more useful to more people than an SELinux policy," Poettering said during a keynote at the CoreOS Fest in Berlin. "There are probably only 50 people in the world that understand SELinux policies, but I really hope there are more than 50 people that understand systemd."

Submission + - All Linux Kernel Bugs are Potential Security Risks: Greg Kroah-Hartman (eweek.com)

Submitted by darthcamaro on Wednesday May 11, 2016 @12:06AM

darthcamaro writes: At the CoreOS Fest event in Berlin this week, Linux stable kernel maintainer Greg Kroah-Hartman provided some impressive stats on Linux kernel development. From April 2015 to March 2016, there were 10,800 new lines of code added, 5,300 lines removed and 1,875 lines modified in Linux every day. All that change however represents a non-trivial security risk.
"When we push out the fixes, you better take advantage of it," Kroah-Hartman said. "If you are not using a stable, long-term kernel, your machine is insecure.

Submission + - CoreOS Ramps up Funding & Tech to Take on Docker (eweek.com)

Submitted by darthcamaro on Monday May 09, 2016 @12:08PM

darthcamaro writes: In a day full of activities at CoreOS Fest in Berlin (and simulcast in San Francisco) CoreOS announced a new $28 Million round of funding, new featuring in the etcd key value store (that is part of Kubernetes) a new microservice authentication technology, bittorrent download of container images and a new Cloud Native Computing Foundation project called Prometheus to help with container monitoring. While CoreOS started out just as a Docker ecosystem vendor, it's now clear they're ramping up to take Docker Inc on, head-on.

Submission + - Shuttleworth Pledges to Never Weaken Encryption in Ubuntu (eweek.com)

Submitted by darthcamaro on Monday May 02, 2016 @01:10PM

darthcamaro writes: As works kicks off this week to build the Ubuntu 16.10 distribution (which may or may not include Mir), there is one item that is certain and that's security. In a video interview Shuttleworth doubles-down on security emphatically stating that he will never allow weak encryption in Ubuntu.
"We don't do encryption to hide things, we do encryption so we can choose what to share," Shuttleworth said. "That's a profound choice we should all be able to make."

Submission + - Google Admits that Google.com is Dangerous (eweek.com)

Submitted by darthcamaro on Tuesday April 19, 2016 @09:55PM

darthcamaro writes: For over a decade, Google's Safe Browsing technology has helped to alert users to dangerous site, where malware and phishing exploits can be found. Apparently one of those unsafe sites is none other than Google.com itself.
Google's automatic spidering of the Web will catch some malicious sites, and by Google's own admission, there are sites in its index that will redirect users to locations that will attempt to install malware on their computers. Google also admits and warns that by way of Google.com (and the sites linked in its index), "Attackers on this site might try to trick you to download software or steal your information (for example passwords, messages, or credit card information)."

Comment Red Hat has a different view - and it's not hype (Score 3, Informative) 21

by darthcamaro on Tuesday April 12, 2016 @05:06PM (#51895033) Attached to: Badlock Vulnerability Falls Flat Against Hype

I don't know much about Windows and there there are 12 other advisories more impactful that Badlock this month - but Red Hat is and has taken the Linux related vulnerabilities *very* seriously - which is a good thing, it means no shellshocked/heartbleed repeat, patches on time and no real risk.

"Working closely with the community over many months, Red Hat engineers have been heavily involved in the process of analyzing and developing Samba patches for Badlock-associated issues," Josh Bressers, security strategist at Red Hat sad.

Submission + - Heartbleed Turns Two -Has Anything Changed? (eweek.com)

Submitted by darthcamaro on Thursday April 07, 2016 @11:25PM

darthcamaro writes: Two years ago on April 7 2014, the Heartbleed vulnerability on OpenSSL was first disclosed, arguably changing the open-source security world in many ways. For one there is now an unfortunate trend of security vendors branding vulnerabilities. On a more positive note though is the emergence of more rigor in open-source code auditing, thanks in part to the effort of the Linux Foundation's Core Infrastructure Initiative (CII).
"OpenSSL now has a well-known and published approach for how it will appropriately inform all interested parties of security advisories," Emily Ratliff, senior director of infrastructure security at The Linux Foundation, told eWEEK. "Even trivial patches must follow the review process."

Submission + - OpenStack Mitaka Debuts (eweek.com)

Submitted by darthcamaro on Thursday April 07, 2016 @01:15PM

darthcamaro writes: The 13th release of OpenStack, codenamed Mitaka is now generally available, with updates across all major projects. Among the biggest new capabilities in OpenStack Mitaka however isn't a new project or a new featue in a single existing project, but rather the official debut of the OpenStack Client, which creates for the first time a unified command line interface to control the cloud.
"The OpenStack client is a command line client that unifies access across all the main projects," Jonathan Bryce, executive director of the OpenStack Foundation, said.
So if an administrator wants to create a user, a block storage device or a virtual server, or attach to a network, all those functions are now enabled in the single tool that is the OpenStack client. The OpenStack client provides a standardized set of commands, whereas previously, each project had its own command line client, Bryce said. He added that the OpenStack client can be run locally or in the cloud, and can be configured to control multiple OpenStack clouds.

Submission + - Comodo CEO Not Afraid of Google Project Zero (eweek.com)

Submitted by darthcamaro on Friday March 18, 2016 @09:13PM

darthcamaro writes: Google Project Zero researchers have aggressively been going after Comodo anti-virus and security tech in recent week. Now Comodo's CEO is shooting back saying that his company believes in responsible disclosure. He also noted that Comodo is set to debut its own bug bounty program at some point soon.

Submission + - Mozilla Takes Tab Candy Away from Firefox Users (eweek.com)

Submitted by darthcamaro on Tuesday March 08, 2016 @11:20PM

darthcamaro writes: While most modern web browsers are busy adding news features for users, Mozilla is taking them away. In the new Firefox 45 milestone, Mozilla has decided to remove the Tab Groups features, previously known as Panorama and originally started as the Mozilla Labs Tab Candy project.
"The primary reason for discontinuing the feature is low usage," Nick Nguyen, vice president of Firefox Product at Mozilla said.

Submission + - Pwn2Own 2016 Won't Attack Firefox (cause it's too easy!) (eweek.com) 1

Submitted by darthcamaro on Thursday February 11, 2016 @04:15PM

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security.
"We wanted to focus on the browsers that have made serious security improvements in the last year," Brian Gorenc, manager of Vulnerability Research at HPE said.

Submission + - CoreOS Launches Rkt 1.0 (eweek.com)

Submitted by darthcamaro on Thursday February 04, 2016 @04:34PM

darthcamaro writes: Docker is about to get some real competition in the container runtime space, thanks to the official launch of rkt 1.0. CoreOS started building rkt in 2014 and after more than a year of security, performance and feature improvement are now ready to declare it 'production-ready.' While rkt is a docker runtime rival, docker apps will run in rkt, giving using a new runtime choice.
rkt will remain compatible with the Docker-specific image format, as well as its own native App Container Image (ACI). That means developers can build containers with Docker and run those containers with rkt. In addition, CoreOS will support the growing ecosystem of tools based around the ACI format.

Submission + - Docker 1.10 Brings Linux SECCOMP Security to Containers (eweek.com)

Submitted by darthcamaro on Wednesday February 03, 2016 @12:24AM

darthcamaro writes: Starting this week, there is a new tool in the toolbox to secure Docker containers. In addition to SELinux (or AppArmor) and Namespaces — Docker 1.10 will now include a default SECCOMP profile. So what's the difference between SECCOMP and SELinux?
SELinux is the list of people you can talk to, while seccomp is the list of what words you can say, McCarty said. As an example, if a person could communicate with another person using only three or five words, it would very much limit what could be expressed and prevent most types of illicit activities, and applies in much the same way to Linux containers, he added.

Slashdot Top Deals