Linux Stressed in Fedora, Red Hat/IBM and Security
Fedora Developers Discuss Ways To Improve Linux Interactivity In Low-Memory Situations
While hopefully the upstream Linux kernel code can be improved to benefit all distributions for low-memory Linux desktops, Fedora developers at least are discussing their options for in the near-term improving the experience. With various easy "tests", it's possible to easily illustrate just how poorly the Linux desktop responds when under memory pressure. Besides the desktop interactivity becoming awful under memory pressure, some argue that an unprivileged task shouldn't be able to cause such behavior to the system in the first place.
How open source can help banks combat fraud and money laundering
Jump ahead a few years to the Fourth EU AML Directive - a regulation which required compliance by June 2017 - demanding enhanced Customer Due Diligence procedures must be adhered to when cash transactions reach an aggregated amount of more than $11,000 U.S. dollars (USD). (The Fifth EU AML Directive is on the way, with a June 2020 deadline.) In New Zealand’s Anti-Money Laundering and Countering Financing of Terrorism Amendment Act of 2017 it is stated that banks and other financial entities must provide authorities with information about clients making cash transactions over $6,500 USD and international monetary wire transfers from New Zealand exceeding $650 USD. In 2018, the updated open banking European Directive on Payment Services (PSD2) that requires fraud monitoring also went into effect. And the Monetary Authority of Singapore is developing regulations regarding the use of cryptocurrencies for terrorist funding and money laundering, too.
Automate security in increasingly complex hybrid environments
As new technologies and infrastructure such as virtualization, cloud, and containers are introduced into enterprise networks to make them more efficient, these hybrid environments are becoming more complex—potentially adding risks and security vulnerabilities.
According to the Information Security Forum’s Global Security Threat Outlook for 2019, one of the biggest IT trends to watch this year is the increasing sophistication of cybercrime and ransomware. And even as the volume of ransomware attacks is dropping, cybercriminals are finding new, more potent ways to be disruptive. An article in TechRepublic points to cryptojacking malware, which enables someone to hijack another's hardware without permission to mine cryptocurrency, as a growing threat for enterprise networks.
To more effectively mitigate these risks, organizations could invest in automation as a component of their security plans. That’s because it takes time to investigate and resolve issues, in addition to applying controlled remediations across bare metal, virtualized systems, and cloud environments -- both private and public -- all while documenting changes.
Josh Bressers: Appsec isn’t people
The best way to think about this is to ask a different but related question. Why don’t we have training for developers to write code with fewer bugs? Even the suggestion of this would be ridiculed by every single person in the software world. I can only imagine the university course “CS 107: Error free development”. Everyone would fail the course. It would probably be a blast to teach, you could spend the whole semester yelling at the students for being stupid and not just writing code with fewer bugs. You don’t even have to grade anything, just fail them all because you know the projects have bugs.
Humans are never going to write bug free code, this isn’t a controversial subject. Pretending we can somehow teach people to write bug free code would be a monumental waste of time and energy so we don’t even try.
Now it’s time for a logic puzzle. We know that we can’t train humans to write bug free code. All security vulnerabilities are bugs. So we know we can’t train humans to write vulnerability free code. Well, we don’t really know it, we think we can if you look at history. The last twenty years has had an unhealthy obsession with getting humans to change their behaviors to be “more secure”. The only things that have come out of these efforts are 1) nobody likes security people anymore 2) we had to create our own conferences and parties because we don’t get invited to theirs 3) they probably never liked us in the first place.
Linux-driven i.MX6 gateway offers 4G plus isolated serial and CANBus
Forlinx announced a compact “FCU1201” IoT gateway that runs Linux on an i.MX6 DualLite and offers 4G, WiFi/BT, LAN, CAN, HDMI, USB, serial, DIDO, and CANBus. Chinese embedded vendor Forlinx has unveiled a power-efficient FCU1201 IoT gateway equipped with NXP’s 1GHz, dual-core Cortex-A9 i.MX6 DualLite. Like the company’s i.MX6 UL-equipped FCU1101, the system combines extensive serial interfaces with wireless connectivity.
Vulkan: SIGGRAPH 2019 News and NVIDIA Focus
Kernel: Linux, Mir, and the Linux Foundation's Hyperledger
Leaving Windows 7? Here are some non-Windows options.
Then there’s my own favorite: the Linux desktop. But while I love it, I’m well aware of the Linux desktop’s many problems. But recently the Linux community looks to be finally getting its act together. So now might be a good time to kick Linux’s tires. Personally, when it comes to the many distros, I favor Linux Mint. It’s good, secure and fast. It also has the advantage, from your perspective, of looking a good deal like Windows 7. That makes switching over to it easier than you might expect. But if you need corporate support, you’ll be better off with Red Hat Enterprise Linux Workstation or Canonical’s Ubuntu for desktop. You can, by the by, use Linux desktops with your existing Active Directory domains if that’s what’s stopping you from considering Linux. Which is best for you? Only you can answer that question. What I can say, though, is that these days you don’t have to just grit your teeth and shift over to the next version of Windows. Thanks in large part to the move to a SaaS model for nearly all applications, you have real desktop OS choices.
