Language Selection

English French German Italian Portuguese Spanish

Security: Firewalld, NSA, WPA, Supply-chain Attacks and Facebook

Filed under
Security
  • Firewalld: The Future is nftables

    Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

  • How SELinux helps mitigate risk while facilitating compliance

    Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStack Platform.

  • WPA3: How and why the Wi-Fi standard matters

    WPA2 has given us 14 years of secure wireless networking. WPA3 will fix a number of big problems in WPA2 and make strong security the default condition.

  • How one man could have hacked every Mac developer (73% of them, anyway)

    OK, in some ways that’s only very loosely true, when you think of all the non-Unixy stuff on top of the Darwin base layer, and we welcome your comments below to explain just how carelessly loose we have been…

    [...]

    The potential impact of a well-thought-out hack into one of the many package management ecosystems out there is a pet concern of security researcher Eric Holmes.

    Hacks against the very repositories that many of us rely upon for software updates are known in the jargon as supply-chain attacks – after all, the modern supply chain often doesn’t involve any factories, ships, trains, inventories, trucks, pallets or forklifts.

    So, Holmes decided to take a look at the supply chain for Homebrew, or Brew for short – we’re guessing he picked Brew not only because he knew it was the most popular amongst the Mac community, but also because he uses it himself.

    The results were, in a word, salutary.

  • SD Times Open-Source Project of the Week: Fizz

    In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library.

    TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning how secret keys are derived, and a zero round-trip connection setup.

    “We are excited to be open-sourcing Fizz to help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure,” Facebook wrote in a post.

More in Tux Machines

Server: HTTP Clients, IIS DDoS and 'DevOps' Hype From Red Hat

  • What are good command line HTTP clients?
    The whole is greater than the sum of its parts is a very famous quote from Aristotle, a Greek philosopher and scientist. This quote is particularly pertinent to Linux. In my view, one of Linux’s biggest strengths is its synergy. The usefulness of Linux doesn’t derive only from the huge raft of open source (command line) utilities. Instead, it’s the synergy generated by using them together, sometimes in conjunction with larger applications. The Unix philosophy spawned a “software tools” movement which focused on developing concise, basic, clear, modular and extensible code that can be used for other projects. This philosophy remains an important element for many Linux projects. Good open source developers writing utilities seek to make sure the utility does its job as well as possible, and work well with other utilities. The goal is that users have a handful of tools, each of which seeks to excel at one thing. Some utilities work well independently. This article looks at 4 open source command line HTTP clients. These clients let you download files over the internet from the command line. But they can also be used for many more interesting purposes such as testing, debugging and interacting with HTTP servers and web applications. Working with HTTP from the command-line is a worthwhile skill for HTTP architects and API designers. If you need to play around with an API, HTTPie and curl will be invaluable.
  • Microsoft publishes security alert on IIS bug that causes 100% CPU usage spikes
    The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology.
  • 5 things to master to be a DevOps engineer
    There's an increasing global demand for DevOps professionals, IT pros who are skilled in software development and operations. In fact, the Linux Foundation's Open Source Jobs Report ranked DevOps as the most in-demand skill, and DevOps career opportunities are thriving worldwide. The main focus of DevOps is bridging the gap between development and operations teams by reducing painful handoffs and increasing collaboration. This is not accomplished by making developers work on operations tasks nor by making system administrators work on development tasks. Instead, both of these roles are replaced by a single role, DevOps, that works on tasks within a cooperative team. As Dave Zwieback wrote in DevOps Hiring, "organizations that have embraced DevOps need people who would naturally resist organization silos."

Purism's Privacy and Security-Focused Librem 5 Linux Phone to Arrive in Q3 2019

Initially planned to ship in early 2019, the revolutionary Librem 5 mobile phone was delayed for April 2019, but now it suffered just one more delay due to the CPU choices the development team had to make to deliver a stable and reliable device that won't heat up or discharge too quickly. Purism had to choose between the i.MX8M Quad or the i.MX8M Mini processors for their Librem 5 Linux-powered smartphone, but after many trials and errors they decided to go with the i.MX8M Quad CPU as manufacturer NXP recently released a new software stack solving all previous power consumption and heating issues. Read more

Qt Creator 4.9 Beta released

We are happy to announce the release of Qt Creator 4.9 Beta! There are many improvements and fixes included in Qt Creator 4.9. I’ll just mention some highlights in this blog post. Please refer to our change log for a more thorough overview. Read more

Hack Week - Browsersync integration for Online

Recently my LibreOffice work is mostly focused on the Online. It's nice to see how it is growing with new features and has better UI. But when I was working on improving toolbars (eg. folding menubar or reorganization of items) I noticed one annoying thing from the developer perspective. After every small change, I had to restart the server to provide updated content for the browser. It takes few seconds for switching windows, killing old server then running new one which requires some tests to be passed. Last week during the Hack Week funded by Collabora Productivity I was able to work on my own projects. It was a good opportunity for me to try to improve the process mentioned above. I've heard previously about browsersync so I decided to try it out. It is a tool which can automatically reload used .css and .js files in all browser sessions after change detection. To make it work browsersync can start proxy server watching files on the original server and sending events to the browser clients if needed. Read more