IBM/Red Hat Leftovers
-
Disrupted CVE Assignment Process
Due to an invalid TLS certificate on MITRE’s CVE request form, I have — ironically — been unable to request a new CVE for a TLS certificate verification vulnerability for a couple weeks now. (Note: this vulnerability does not affect WebKit and I’m only aware of one vulnerable application, so impact is limited; follow the link if you’re curious.) MITRE, if you’re reading my blog, your website’s contact form promises a two-day response, but it’s been almost three weeks now, still waiting.
[....]
We could have a debate on TLS certificate verification and the various benefits or costs of the Firefox vs. Chrome approach, but in the end it’s an obvious misconfiguration and there will be no further CVE requests from me until it’s fixed. No, I’m not bypassing the browser security warning, even though I know exactly what’s wrong. We can’t expect users to take these seriously if we skip them ourselves.
-
June 10 webinar: Cloud-native development for continuous integration with IBM Wazi
IBM Wazi for Red Hat CodeReady workspaces simplifies hybrid application development. Developers can leverage open and familiar development tools, deliver a CI/CD pipeline that integrates z/OS into a multi-cloud architecture, and transform testing on mainframes by shifting left transaction-level testing. Be sure to catch the June 10 webinar, Cloud Native Development for Continuous Integration with IBM Wazi, to learn about this new technology. Rosalind Radcliffe, IBM Distinguished Engineer in System Enterprise DevOps, and Mitch Ashley, CEO and Managing Analyst of Accelerated Strategies Group, Inc., give you all the details.
-
Using container technology to make a more secure pipeline
In our last post we talked about using Multi-Category Security (MCS) instead of Multi-Level Security (MLS) to provide isolation on systems with different levels of sensitivity. In this post we'll cover creating a more secure pipeline via containers.
A common pattern in MLS environments is to have a series of processes to guarantee the flow of information between networks at different levels, but to guarantee that no information gets accidentally leaked. These pipelines are sometimes called dirty word filters.
Imagine an MLS environment, where you have two networks connected to a machine. One of the networks is at Top Secret and the other network is at Secret. Now you might have a process downloading content from the Top Secret Network, another process, the filter process, examining the downloaded content and moving approved data from the Top Secret content to the Secret content. Finally you have a third process that is taking the Secret content and sending it out the Secret network.
-
The advantages of microservices for financial industries
Forces ranging from technological disruption, to demographic shifts, will change the way banking is done, according to the 2020 Banking and Capital Markets Outlook from Deloitte Insights. The report says that banking will increasingly be more open and transparent, more intelligent and tailored, and more secure and seamless.
Achieving this state of financial services - one in which there is greater internal collaboration and is synchronized to market demands - won’t be without challenges, the report says, pointing to "technical debt, or the lack of technology system modernization, which is a huge impediment to transformation."
-
Red Hat Shares ― Special edition: Red Hat Summit 2020 Virtual Experience recap
Red Hat Summit 2020, like most things this year, looked a little different than in the past. This year's theme was "From here, anywhere." But the shift from an in-person to a virtual event resulted in a Summit perhaps better characterized as "From anywhere, here." While we weren’t able to gather in San Francisco as originally planned, the virtual event gave us the privilege of connecting with so many more open source enthusiasts (56,063* so far, to be exact) worldwide.
-
How to be prepared for changes in Red Hat Smart Management and Satellite
In my work as a Red Hat Technical Account Manager (TAM), one of my responsibilities is ensuring my customers are aware of the roadmap for various Red Hat products. This includes informing customers of upcoming changes to products, such as features being deprecated, and helping them plan for these changes.
The Satellite 6.7 release notes listed that several items are deprecated and would be removed in a future release of Satellite. This post will cover several of these items, and what customers can do to prepare for these changes. I would recommend reviewing the release notes to see if any of the other items might affect your Satellite environment.
-
Python Programming
Fedora 32 Elections
mesa 20.1.0
Hi all, I'd like to announce Mesa 20.1.0, the first release for the 20.1 branch. Being the first release of this new branch, there can be issues that will be discovered now that the new code will be widely used, so you may want to stay on the 20.0.x releases until the 20.1.1 release, scheduled for 14 days from now on 2020-06-10. One already known issue that I want to point out is that Unreal Engine 4 has a bug in its usage of glDrawRangeElements() causing it to be called with a number of vertices in place of the `end` parameter, that was recently revealed. This is an annoying bug that we haven't worked around yet. For more details: https://gitlab.freedesktop.org/mesa/mesa/-/issues/2917 Eric --- Andrii Simiklit (1): i965/vec4: Ignore swizzle of VGRF for use by var_range_end() Bas Nieuwenhuizen (4): radv/winsys: Remove extra sizeof multiply. radv: Handle failing to create .cache dir. radv: Do not close fd -1 when NULL-winsys creation fails. radv: Implement vkGetSwapchainGrallocUsage2ANDROID. D Scott Phillips (1): anv/gen11+: Disable object level preemption Danylo Piliaiev (3): meson: Disable GCC's dead store elimination for memory zeroing custom new mesa: Fix double-lock of Shared->FrameBuffers and usage of wrong mutex intel/fs: Work around dual-source blending hangs in combination with SIMD16 Dave Airlie (1): llvmpipe: compute shaders work better with all the threads. Eric Engestrom (4): .pick_status.json: Update to a91306677c613ba7511b764b3decc9db42b24de1 tree-wide: fix deprecated GitLab URLs docs: Add release notes for 20.1.0 VERSION: bump to 20.1.0 release Erik Faye-Lund (1): zink: use general-layout when blitting to/from same resource Gert Wollny (1): r600: Fix duplicated subexpression in r600_asm.c Hanno Böck (1): Properly check mmap return value Icecream95 (1): panfrost: Fix background showing when using discard Jason Ekstrand (3): nir/lower_double_ops: Rework the if (progress) tree nir/opt_deref: Report progress if we remove a deref nir/copy_prop_vars: Record progress in more places Kristian Høgsberg (1): freedreno: Use the right amount of &'s Nataraj Deshpande (1): dri_util: Update internal_format to GL_RGB8 for MESA_FORMAT_R8G8B8X8_UNORM Pierre-Eric Pelloux-Prayer (1): amd/addrlib: fix forgotten char -> enum conversions Rhys Perry (1): nir: fix lowering to scratch with boolean access Rob Clark (1): freedreno: clear last_fence after resource tracking Samuel Pitoiset (2): radv: handle different Vulkan API versions correctly radv: update the list of allowed Android extensions Timothy Arceri (2): glsl: stop cascading errors if process_parameters() fails glsl: fix slow linking of uniforms in the nir linker Vinson Lee (3): r600/sfn: Initialize VertexStageExportForGS m_num_clip_dist member variable. r600/sfn: Use correct setter method. freedreno: Add missing va_end. git tag: mesa-20.1.0Also: Mesa 20.1 Released With Numerous Linux Graphics Driver Improvements
Android Mirroring App ‘Scrcpy’ Just Added a Bunch of New Features
If you read this blog regularly enough you’ll be familiar with scrcpy, an ace root-free way to mirror your Android smartphone on your Ubuntu desktop and interact with it. Scrcpy is free, it’s open source, it’s awesome. Oh yeah, and it’s updated regularly! Which is what this post is about: telling you what’s new and notable in the latest release, scrcpy 1.14 — so let’s get to it!
