Language Selection

English French German Italian Portuguese Spanish

Security: Firewalld, NSA, WPA, Supply-chain Attacks and Facebook

Filed under
Security
  • Firewalld: The Future is nftables

    Firewalld, the default firewall management tool in Red Hat Enterprise Linux and Fedora, has gained long sought support for nftables. This was announced in detail on firewalld’s project blog. The feature landed in the firewalld 0.6.0 release as the new default firewall backend.

  • How SELinux helps mitigate risk while facilitating compliance

    Many of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform and Red Hat OpenStack Platform.

  • WPA3: How and why the Wi-Fi standard matters

    WPA2 has given us 14 years of secure wireless networking. WPA3 will fix a number of big problems in WPA2 and make strong security the default condition.

  • How one man could have hacked every Mac developer (73% of them, anyway)

    OK, in some ways that’s only very loosely true, when you think of all the non-Unixy stuff on top of the Darwin base layer, and we welcome your comments below to explain just how carelessly loose we have been…

    [...]

    The potential impact of a well-thought-out hack into one of the many package management ecosystems out there is a pet concern of security researcher Eric Holmes.

    Hacks against the very repositories that many of us rely upon for software updates are known in the jargon as supply-chain attacks – after all, the modern supply chain often doesn’t involve any factories, ships, trains, inventories, trucks, pallets or forklifts.

    So, Holmes decided to take a look at the supply chain for Homebrew, or Brew for short – we’re guessing he picked Brew not only because he knew it was the most popular amongst the Mac community, but also because he uses it himself.

    The results were, in a word, salutary.

  • SD Times Open-Source Project of the Week: Fizz

    In order to implement the new generation of Transport Layer Security, TLS 1.3, at Facebook, the company built a TLS library in C++ 14 called Fizz. Earlier this week, Facebook announced it was open sourcing that library.

    TLS 1.3 added several new features to make Internet traffic more secure, such as encrypting handshake methods, redesigning how secret keys are derived, and a zero round-trip connection setup.

    “We are excited to be open-sourcing Fizz to help speed up deployment of TLS 1.3 across the internet and help others make their apps and services faster and more secure,” Facebook wrote in a post.

More in Tux Machines

OSS Leftover

  • How an affordable open source eye tracker is helping thousands communicate
    In 2015, while sat in a meeting at his full-time job, Julius Sweetland posted to Reddit about a project he had quietly been working on for years, that would help people with motor neurone disease communicate using just their eyes and an application. He forgot about the post for a couple of hours before friends messaged him to say he'd made the front page. Now three years on Optikey, the open source eye-tracking communication tool, is being used by thousands of people, largely through word of mouth recommendations. Sweetland was speaking at GitHub Universe at the Palace of Fine Art in San Francisco, and he took some time to speak with Techworld about the project. [...] Originally, Sweetland's exposure to open source had largely been through the consumption of tools such as the GIMP. "I knew of the concept, I didn't really know how the nuts and bolts worked, I was always a little blase about how do you make money from something like that... but flipping it around again I'm still coming from the point of view that there's no money in my product, so I still don't understand how people make money in open source...
  • Fission open source serverless framework gets updated
    Platform9 just released updates to Fission.io - the open source, Kubernetes-native Serverless framework, with new features enabling developers and IT Operations to improve the quality and reliability of serverless applications. Other new features include Automated Canary Deployments to reduce the risk of failed releases, Prometheus integration for automated monitoring and alerts, and fine-grained cost and performance optimization capabilities. With this latest release, Fission offers the most complete set of features to allow Dev and Ops teams to safely adopt Serverless and benefit from the speed, cost savings and scalability of this cloud native development pattern on any environment - either in the public cloud or on-premises.
  • Alphabet’s DeepMind open-sources key building blocks from its AI projects
  • United States: It's Ten O'Clock: Do You Know Where Your Software Developers Are? [Ed: Smith Gambrell & Russell LLP are liars. Dana Hustins says FSF "purport to convert others' proprietary software into open source software" in there. They paint GPL as a conspiracy of some kind to entrap proprietary s/w developers.]
  • Transatomic Power To Open Source IP Regarding Advanced Molten Salt Reactors [Ed: There's no such thing as "IP", Duane Morris LLP. There are copyrights, trademarks, patents etc. and Transatomic basically made code free.]
  • Code Review--an Excerpt from VM Brasseur's New Book Forge Your Future with Open Source
    Even new programmers can provide a lot of value with their code reviews. You don't have to be a Rockstar Ninja 10x Unicorn Diva programmer with years and years of experience to have valuable insights. In fact, you don't even have to be a programmer at all. You just have to be knowledgable enough to spot patterns. While you won't be able to do a complete review without programming knowledge, you may still spot things that could use some work or clarification. If you're not a Rockstar Ninja 10x Unicorn Diva programmer, not only is your code review feedback still valuable, but you can also learn a great deal in the process: Code layout, programming style, domain knowledge, best practices, neat little programming tricks you'd not have seen otherwise, and sometimes antipatterns (or "how not to do things"). So don't let the fact that you're unfamiliar with the code, the project, or the language hold you back from reviewing code contributions. Give it a go and see what there is to learn and discover.

Security Leftovers

Android Leftovers

Ubuntu 18.10 (Cosmic Cuttlefish) Is Now Available to Download

After six months in development, Ubuntu 18.10 (Cosmic Cuttlefish) is now finally here, and you can download the ISO images right now for all official flavors, including Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu Budgie, Ubuntu Kylin, and Ubuntu Studio, for 64-bit and 32-bit architectures (only Lubuntu and Xubuntu). The Ubuntu Server edition is also out and it's supported on more hardware architectures than Ubuntu Desktop, including 64-bit (amd64), ARM64 (AArch64), IBM System z (s390x), PPC64el (Power PC 64-bit Little Endian), and Raspberry Pi 2/ARMhf. A live Ubuntu Server flavor is also available only for 64-bit computers. Read more Also: Ubuntu Linux 18.10 arrives