Language Selection

English French German Italian Portuguese Spanish

Application-wise network filtering on Linux?

Filed under

Recently I was asked if Linux supports application-wise network filters. Despite the debatable sense behind such a function I was interested in the technical possibilities and current implementations. It turned out that there is no currently active project atm.

Application-wise network filtering is a controversial topic: in Windows such frameworks are quite common (ZoneAlarm, Norton Internet Security) and are the nightmare of every Help Desk. Additionally they are designed to interact with the user who most often has no idea - and they tend to spread fear among the users to show how “effective” they are while there is nothing to fear.

So I searched a bit for existing implementations. It turned out there are three projects which once tried to implement this task together with a handy GUI: Systrace, Tuxguardian and Program Guard.

More Here.

More in Tux Machines

A few thoughts on OpenBSD 5.8

I've been using OpenBSD since way back at release 2.3 in 1998, so I've gone through upgrades that took a fair amount of work due to incompatible changes, like the switch from ipf to pf for host firewalling or the change to ELF binaries. The upgrade from 5.7 to 5.8 was a pretty smooth and easy one, for the most part. The two most painful changes for me were the replacement of sudo with doas and the dropping of support in the rc.conf for the pf_rules variable. While sudo is still available as a package, I like the idea of reducing attack surface with a simpler program, so I made the switch. The two things I miss most about sudo are the ability to authenticate for a period of time and the ability to have a single config file across a whole set of servers. The former I'm just living with, the latter I've adjusted to by having a single config file that has lines commented out depending on which server it's on. I did have one moment of concern about the quality of doas when it incorrectly reported the line number on which I had a syntax error in the config file--fortunately, this was just a failure to increment the line count on continuation lines (ending with a "\") which is fixed in the -current release. Read more

10 recently open-sourced products from big tech companies

Releasing internal products to the open-source community is the hip new thing for technology giants to do Read more

Phoronix on Graphics

  • Intel Pentium G4400: Benchmarking A ~$60 Skylake Processor
    This CPU certainly isn't meant for any really demanding workloads, but could serve as a potential Linux desktop with basic accelerated graphics via the HD Graphics 510. The Pentium G4400 is still rated to drive up to three displays and can handle 4K via HDMI/DP. Like the other Skylake processors with HD Graphics 530, the hardware can support up to OpenGL 4.4 / DirectX 12 but under Linux the current Mesa driver still only has full OpenGL 3.3 support with the GL 4.x support being a work-in-progress.
  • AMDGPU With PowerPlay Compared To AMD's Catalyst Linux Driver
    With earlier today showing new OpenGL performance numbers for how the Nouveau driver with working re-clocking compared to NVIDIA's proprietary driver, here are some benchmarks to show how the AMDGPU kernel DRM driver with PowerPlay patches compare to AMD's Catalyst driver for the R9 285 (Tonga) and R9 Fury (Fiji) graphics cards.
  • NVIDIA Developer Still Working On PRIME Synchronization
    NVIDIA continues to be working on PRIME synchronization support to fix tearing when using this multi-GPU method. There will be support for this functionality within the proprietary NVIDIA Linux driver.
  • Playing With Intel Skylake OpenCL On Ubuntu 15.10
    As it's been a while since last playing with Intel's Beignet project, the open-source effort to allow OpenCL compute capabilities on HD/Iris Graphics under Linux, I decided to try it out on an Ubuntu 15.10 system this weekend with a Skylake processor.