Language Selection

English French German Italian Portuguese Spanish

Security: Secure Shell, MasterPeace, “Dark Web Scan” and Reproducible Builds

Filed under
Security
  • Secure Shell: What is SSH?

    So, here is my ode to Secure Shell for those that are unaware of SSH (It will not be any kind of artistic prose.) Many outside of the technology world may not realize how oft-utilized and important SSH and, indeed, shelling is in our everyday technological lives. This article will examine SSH and shelling, in general, and go over some of the technical aspects that encompass SSH and secure shell.

  • A Columbia cyber firm’s open source project is looking to improve IoT security

    Columbia-based MasterPeace Solutions is working on an open source project to address security vulnerabilities in Internet of Things devices.

    osMUD is aimed at protecting internet-connected devices used at homes and small businesses. The project was shared with the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence, which is based in Rockville, according to MasterPeace.

    Now, the cybersecurity firm will participate in a consortium that was formed around the effort that looks to bring together bring together device manufacturers, network security companies, and network administrators. Participating organizations include Cable Labs, Cisco, CTIA, Digicert, ForeScout, Global Cyber Alliance, Patton, and Symantec. Each organization will provide code and expertise to the effort. MasterPeace is providing network security engineering and defense operations expertise. The longtime government contractor has previously shown willingness to gather the community in recent years with efforts like an in-house accelerator.

  • What is a “Dark Web Scan” and Should You Use One?

    The “dark web” consists of hidden websites that you can’t access without special software. These websites won’t appear when you use Google or another search engine, and you can’t even access them unless you go out of your way to use the appropriate tools.

    For example, the Tor software can be used for anonymous browsing of the normal web, but it also hides special sites known as “.onion sites” or “Tor hidden services.” These websites use Tor to cloak their location, and you only access them through the Tor network.

  • Reproducible Builds Joins Conservancy

    We are very excited to announce the Reproducible Builds project as our newest member project. Reproducible builds is a set of software development practices that create an independently-verifiable path from the source code to the binary code used by computers. This ensures that the builds you are installing are exactly the ones you were expecting, which is critical for freedom, security and compatibility and exposes injections of backdoors introduced by compromising build servers or coercing developers to do so via political or violent means.

    The Reproducible Builds project, which began as a project within the Debian community, joins our other adjacent work around this distribution, such as the Debian Copyright Aggregation Project. Reproducible Builds is also critical to Conservancy's own compliance work: a build that cannot be verified may contain code that triggers different license compliance responsibilities than those which the recipient is expecting. Unaccounted-for code makes it hard for anyone who distributes software to guarantee that they are doing so responsibly and with care for those who receive the software.

More in Tux Machines

Canonical Extends Ubuntu 18.04 LTS Linux Support to 10 Years

BERLIN — In a keynote at the OpenStack Summit here, Mark Shuttleworth, founder and CEO of Canonical Inc and Ubuntu, detailed the progress made by his Linux distribution in the cloud and announced new extended support. The Ubuntu 18.04 LTS (Long Term Support) debuted back on April 26, providing new server and cloud capabilities. An LTS release comes with five year of support, but during his keynote Shuttleworth announced that 18.04 would have support that is available for up to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," Shuttleworth said. "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IOT where manufacturing lines for example are being deployed that will be in production for at least a decade ." Read more

Benchmarking Packet.com's Bare Metal Intel Xeon / AMD EPYC Cloud

With the tests earlier this week of the 16-way AMD EPYC cloud comparison the real standout of those tests across Amazon EC2, Packet, and SkySilk was Packet's bare metal cloud. For just $1.00 USD per hour it's possible to have bare metal access to an AMD EPYC 7401P 24-core / 48-thread server that offers incredible value compared to the other public cloud options for on-demand pricing. That led me to running some more benchmarks of Packet.com's other bare metal cloud options to see how the Intel Xeon and AMD EPYC options compare. Packet's on-demand server options for their "bare metal cloud" offerings range from an Intel Atom C2550 quad-core server with 8GB of RAM at just 7 cents per hour up to a dual Xeon Gold 6120 server with 28 cores at two dollars per hour with 384GB of RAM and 3.2TB of NVMe storage. There are also higher-end instances including NVIDIA GPUs but those are on a dynamic spot pricing basis. Read more

Microsoft Spies on Customers, Red Hat Connections to Government

  • Microsoft covertly collects personal data from enterprise Office ProPlus users
    Privacy Company released the results of a data protection impact assessment showing privacy risks in the enterprise version of Microsoft Office.
  • DLT Named Red Hat Public Sector Partner for 2019; Brian Strosser Quoted
    Red Hat has selected DLT Solutions as its Public Sector Partner of the Year in recognition of the Herndon, Va.-based tech firm’s contributions to the former’s business efforts. DLT said Tuesday it provides government agencies with resale access to open-source technologies such as Red Hat’s cloud, middleware and Linux software offerings. The company has provided services in support of Red Hat’s products through contracts under the General Services Administration‘s GSA Schedule, NASA‘s SEWP V, the Defense Department‘s Enterprise Software Initiative and the National Institutes of Health‘s Chief Information Officer – Commodities and Solutions vehicles.

Programming: WebRender, Healthcare Design Studio GoInvo, PHP Boost and Google Cloud Platform (GCP)

  • Mozilla GFX: WebRender newsletter #30
    Hi! This is the 30th issue of WebRender’s most famous newsletter. At the top of each newsletter I try to dedicate a few paragraphs to some historical/technical details of the project. Today I’ll write about blob images. WebRender currently doesn’t support the full set of graphics primitives required to render all web pages. The focus so far has been on doing a good job of rendering the most common elements and providing a fall-back for the rest. We call this fall-back mechanism “blob images”. The general idea is that when we encounter unsupported primitives during displaylist building we create an image object and instead of backing it with pixel data or a texture handle, we assign it a serialized list of drawing commands (the blob). For WebRender, blobs are just opaque buffers of bytes and a handler object is provided by the embedder (Gecko in our case) to turn this opaque buffer into actual pixels that can be used as regular images by the rest of the rendering pipeline.
  • Healthcare Design Studio GoInvo Releases Open Source Research on Loneliness [Ed: Very odd if not 'creative' use of the term Open Source]
  • PHP Lands Preload Feature, Boosting Performance In Some Cases 30~50%
    PHP developers unanimously approved and already merged support for the new "preloading" concept for this web server language. PHP preloading basically allows loading PHP code that persists as long as the web server is running and that code will always be ready for each subsequent web request, which in some cases will dramatically speed-up the PHP performance on web servers. While PHP has long supported caching to avoid PHP code recompilation on each new web request, with each request PHP has still had to check to see if any of the source file(s) were modified, re-link class dependencies, and similar work. PHP preloading allows for given functions/classes to be "preloaded" that will survive as long as the web server is active. It effectively allows loading of functions or entire/partial frameworks that will then be present for each new web request just as if it were a built-in function.
  • Google Announces a Managed Cron Service: Google Cloud Scheduler
    Google announced a new Service on the Google Cloud Platform (GCP) - Cloud Scheduler, a fully managed cron job service that allows any application to invoke batch, big data and cloud infrastructure operations. The service is currently available in beta. With Google Cloud Scheduler customers can use the cron service with no need to manage the underlying infrastructure. There is also no need to manually intervene in the event of transient failure, as the services retries failed jobs. Furthermore, customers will only pay for the operations they run -- GCP takes care of all resource provisioning, replication and scaling required to operate Cloud Scheduler. Also, customers can, according to Vinod Ramachandran, product manager at Google, benefit from: