Twistlock 2.3 Advances Container Security with Serverless Support

Container security vendor Twistlock released version 2.3 of its container security platform on Jan. 3, including new features to help protect container workloads. Among the new features in the Twistlock 2.3 release in an improved Cloud Native App Firewall (CNAF), per-layer vulnerability analysis functionality, application aware system call defense and new serverless security capabilities.

Amazon launches its own open-source OS 'Linux 2' for enterprise clients

In a deviation from its earlier policy of not permitting its cloud services users to run operating systems on its clients’ servers, Amazon has since launched its own version of the Linux OS, according to a report in VCCircle. This move by Amazon Web Services is seen as a response to rivals Oracle and Microsoft who have been offering what is known as Hybrid technology to their clients in which the open platform OS Linux can be used by the clients availing cloud services to run many other programs, on their own severs as well as on the cloud. Up to now, Amazon did not provide this facility to its clients directly. Only the Amazon-owned data centers were permitted to run these OSs.

Hyperledger 3 years later: That's the sound of the devs... working on the chain ga-a-ang

The Linux Foundation’s Hyperledger project was announced in December 2015. When Apache Web server daddy Brian Behlendorf took the helm five months later, the Foundation’s blockchain baby was still embryonic. He called it “day zero.” Driving Hyperledger was the notion of a blockchain, a distributed ledger whose roots are in digital currency Bitcoin, for the Linux ecosystem - a reference technology stack that those comfortable with a command line could experiment with and build their own blockchain systems and applications. Behlendorf, the project’s executive director, said upon assuming command in May 2016: “There are lots of things that we want to see built on top.”

7 Best Linux Distributions for Desktop/Laptop 2018

This would be our first article in 2018 and happy to present you a list of the best Linux distributions to add to your favorite list in 2018 for your Desktop/Laptop, it is important to note that there is no such thing as “best” Linux distribution. People have different tastes which vary from UI experience to the feature set provided by a Linux distribution. As an example, a newbie will have a different preference from an advanced Linux administrator who has worked with a distribution like Gentoo and is obsessed with Linux CLI administration. If you're not sure about a Linux distribution to use, It's best to test them on VirtualBox or VMware Workstation, you'll definitely fall for one that suits your needs and preferences.

Dell XPS 13 with Ubuntu -- The Ultimate Developer Laptop of 2018!

I'm the proud owner of a new Dell XPS 13 Developer Edition (9630) laptop, pre-loaded from the Dell factory with Ubuntu 16.04 LTS Desktop. Kudos to the Dell and the Canonical teams that have engineered a truly remarkable developer desktop experience.  You should also check out the post from Dell's senior architect behind the XPS 13, Barton George.

Dell releases Ubuntu Linux-based XPS 13 Developer Edition (9370) laptop

If you want a computer pre-loaded with a Linux-based operating system, you can never go wrong with System76. After all, that company focuses entirely on Linux -- it does not sell Windows machines at all. Hell, System76 even maintains its own Ubuntu-based operating system called Pop!_OS. By supporting that company, you are also supporting the overall Linux community. System76 is not the only company selling Linux-powered computers, however. Despite being a major Microsoft partner with Windows, Dell also sells desktops and laptops pre-loaded with Ubuntu. One of the company's most impressive computers is the svelte XPS 13 laptop. Dell sells a version with Ubuntu that it dubs "Developer Edition," but non-developers can, of course, use it too. Today, the company announces the the 7th-generation version of this notebook. The 9370, as it is called, can be purchased immediately.

Intel facing class-action lawsuits over Meltdown and Spectre bugs

Intel has been hit with at least three class-action lawsuits over the major processor vulnerabilities revealed this week. The flaws, called Meltdown and Spectre, exist within virtually all modern processors and could allow hackers to steal sensitive data although no data breaches have been reported yet. While Spectre affects processors made by a variety of firms, Meltdown appears to primarily affect Intel processors made since 1995. Three separate class-action lawsuits have been filed by plaintiffs in California, Oregon and Indiana seeking compensation, with more expected. All three cite the security vulnerability and Intel’s delay in public disclosure from when it was first notified by researchers of the flaws in June. They also cite the alleged computer slowdown that will be caused by the fixes needed to address the security concerns, which Intel disputes is a major factor.

More about Spectre and the PowerPC (or why you may want to dust that G3 off)

Most of the reports on the Spectre speculative execution exploit have concentrated on the two dominant architectures, x86 (in both its AMD and Meltdown-afflicted Intel forms) and ARM. In our last blog entry I said that PowerPC is vulnerable to the Spectre attack, and in broad strokes it is. However, I also still think that the attack is generally impractical on Power Macs due to the time needed to meaningfully exfiltrate information on machines that are now over a decade old, especially with JavaScript-based attacks even with the TenFourFox PowerPC JIT (to say nothing of various complicating microarchitectural details). But let's say that those practical issues are irrelevant or handwaved away. Is PowerPC unusually vulnerable, or on the flip side unusually resistant, to Spectre-based attacks compared to x86 or ARM?

Measuring the Intel Management Engine to Create a More Secure Computer

A modern computer has many different avenues for attack—ranging from local user-level exploits to root and kernel exploits, all the way down to exploits that compromise the boot loader or even the BIOS—but for over ten years the Intel Management Engine—with its full persistent access to all computer hardware combined with its secretive code base—has offered the theoretical worst-case scenario for a persistent invisible attack. The recent exploit from the talented group of researchers at Positive Technologies moves that worst-case scenario from “theoretical” to reality. While the proof-of-concept exploit is currently limited to local access, it is only a matter of time before that same style of stack smash attack turns remote by taking advantage of systems with AMT (Advanced Management Technology) enabled.

Linus Torvalds Latest Meltdown: “Is Intel Selling Sh*t And Never Willing To Fix Anything?”

It’s not surprising to hear that the creator of the open-source Linux kernel couldn’t hold his temper after learning that Intel processors are affected by vulnerabilities that date back more than a decade ago. And why not? He has enough power to criticize Intel as the active development of the 26-year-old Linux kernel can’t go forward without him.

Linux Kernel 4.14.12 Released to Disable x86 PTI for AMD Radeon Processors

It was bound to happen sooner or later, so Greg Kroah-Hartman just announced today the release of the Linux 4.14.12 kernel, which disables the x86 KPTI patches for AMD Radeon processors. Submitted over the Christmas holidays by AMD engineer Tom Lendacky, the "x86/cpu, x86/pti: Do not enable PTI on AMD processors" patch has landed today in the Linux 4.14.12 kernel, disabling the kernel page table isolation (KPTI) for all AMD Radeon processors, which were treated as "insecure" until now.

More Linux Kernel & GCC Patches Come Out In The Wake Of Spectre+Meltdown

Besides the already-merged Kernel Page Table Isolation (KPTI) patches, other Linux kernel patches are coming out now in light of the recent Spectre and Meltdown vulnerabilities. Paul Turner of Google has posted some "request for comments" patches on a "Retpoline" implementation for the Linux kernel. The Retpoline patches are intended for fending off Spectre, the attack that breaks isolation between different applications. Unfortunately the Retpoline patching does add an additional cost to the kernel performance with the overall overhead being reported up to a 1.5% range.

KPTI Intel Chip Flaw Exposes Security Risks

Operating system vendors are rushing to put out a fix for an alleged Intel chip flaw that could be used to exploit systems. Intel has not officially disclosed details on the flaw yet, though a patch already exists in the Linux kernel, with patches for Microsoft Windows and Apple macOS expected by Jan. 9. The Intel flaw doesn't have a branded name at this point, though security researchers have referred to it as both KPTI (Kernel Page Table Isolation) and KAISER (Kernel Address Isolation to have Side-channels Efficiently Removed).

Reading privileged memory with a side-channel

We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Learn to use Wget command with 12 examples

Using split ssh in QubesOS 4.0

How to assign static ip address in Ubuntu 17.10 (Artful Aardvark)

TLP – Quickly Increase and Optimize Linux Laptop Battery Life

How to Get the Pixel 2’s Portrait Mode on Your Nexus or Pixel Phone

How To Display Asterisks When You Type Password In terminal

How to add EBS disk on AWS Linux server

Tlog - A Tool to Record / Play Terminal IO and Sessions

How to Install Icinga 2 and Icinga Web 2 on Debian 9.3

How to write pylint checker plugins

Ansible: the Automation Framework That Thinks Like a Sysadmin

How to Download Packages without Installing on RPM Distros

HTTP errors in WordPress

WordPress 500 Internal Server Error