EMC partners with Canonical, Mirantis, and Red Hat for OpenStack
Do you want to use OpenStack, but you're afraid of the headaches of getting its architecture just right? Well, EMC is here to help with OpenStack reference architectures for three leading OpenStack vendors: Canonical, Mirantis, and Red Hat.
Proprietary OOXML document format makes you more vulnerable to attacks
Using the proprietary OOXML document format, i.e. docx, pptx and xlsx, makes you more vulnerable to phishing and other attacks. Earlier this month, the Japanese anti-virus company Trend Micro published a blog post describing how the attack group "Operation Pawn Storm" uses spear-phishing mail messages with malicious Office documents to target the military, governments, defense industries and the media.
Four years ago, Thomas Caspers and Oliver Zendel from the German Federal Office for Information Security (BSI) already presented research results stating that most spear-phishing attacks targeting specific persons or a small group of victims are using "launch actions" in Office and PDF documents to have their malicious code executed.
4MPlayer is new interesting Linux distribution that has been built with a single use in mind, to play any kind of video files, including CDs and DVDs, without having to boot an entire distro and its desktop environment.
A few days ago, Erik released a new version of his Annoy library -- a small, fast, and lightweight C++ template header library for approximate nearest neighbours -- which now no longer requires Boost. While I don't mind Boost (actually, quite the opposite), it appears to have been a blocker in getting the Python part of Annoy over to the world of python3.
After a bogus Calligra 2.9.3 release, the developers of the number one open source office suite for the KDE desktop environment released Calligra 2.9.4, which brings multiple improvements to the popular Krita digital painting software.
On May 4, the Kubuntu developers had the pleasure of informing their users about the immediate availability of the recently announced KDE Applications 15.04 software suite for the Kubuntu 15.04 (Vivid Vervet) operating system.
Elasticsearch has offered Hadoop InputFormat and OutputFormat implementations for quite some time. These made it possible to process Elasticsearch indices with Spark just as you would any other Hadoop data source. Here’s an example of this in action, taken from Elastic’s documentation:
Tony Northrup is an Award-winning author and photographer who has published more than 30 how-to books and sold more than a million copies around the world. He has created a video tutorial, that is over an hour long, for beginners and more advanced users that aims at getting you familiar with your Samsung NX1 Compact Systems Camera (CSC).
Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. The sandbox is lightweight, the overhead is low. There are no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer.
8 Linux Security Improvements In 8 Years
At a time when faith in open source code has been rocked by an outbreak of attacks based on the Shellshock and Heartbleed vulnerabilities, it's time to revisit what we know about Linux security. Linux is so widely used in enterprise IT, and deep inside Internet apps and operations, that any surprises related to Linux security would have painful ramifications.
In 2007, Andrew Morton, a no-nonsense colleague of Linus Torvalds known as the "colonel of the kernel," called for developers to spend time removing defects and vulnerabilities. "I would like to see people spend more time fixing bugs and less time on new features. That's my personal opinion," he said in an interview at the time.
Linux from Square One
Despite the fact I have a different view of which distros are best for kids — Qimo (pronounced “kim-o,” as in the last part of eskimo, not “chemo”) tops the list, as it should, but the French distro Doudou (add your own joke here) is unfortunately left out — the link there is informative. So for those who are just getting their proverbial feet wet in Linux, this is a godsend.
Explaining Security Lingo
This post is aimed to clarify certain terms often used in the security community. Let’s start with the easiest one: vulnerability. A vulnerability is a flaw in a selected system that allows an attacker to compromise the security of that particular system. The consequence of such a compromise can impact the confidentiality, integrity, or availability of the attacked system (these three aspects are also the base metrics of the CVSS v2 scoring system that are used to rate vulnerabilities). ISO/IEC 27000, IETF RFC 2828, NIST, and others have very specific definitions of the term vulnerability, each differing slightly. A vulnerability’s attack vector is the actual method of using the discovered flaw to cause harm to the affected software; it can be thought of as the entry point to the system or application. A vulnerability without an attack vector is normally not assigned a CVE number.