Language Selection

English French German Italian Portuguese Spanish

FOSS/Linux Events

Filed under
Linux
OSS
  • Tizen Developer Summit 2015 Bengaluru – Inaugural Keynote
  • Linaro Connect US '15

    One of the items that came out of Linux plumbers for me was discussion on the future of the Ion memory manager for Android. While not as relevant to my day to day work anymore, I still have a lot of background knowledge and input to give. Linaro Connect happened a little over a month after plumbers and I was up there for the week, mostly for Ion and other ARM talks. (Non-technically, being at Linaro Connect also meant I could avoid the chaos in my apartment from an impending move. Yay for convenient excuses!)

  • LinuxCon Europe 2015 in Dublin

    The second day was opened by Leigh Honeywell and she was talking about how to secure an Open Future. An interesting case study, she said, was Heartbleed. Researchers found that vulnerability and went through the appropriate vulnerability disclosure channels, but the information leaked although there was an embargo in place. In fact, the bug proofed to be exploited for a couple of months already. Microsoft, her former employer, had about ten years of a head start in developing a secure development life-cycle. The trick is, she said, to have plans in place in case of security vulnerabilities. You throw half of your plan away, anyway, but it’s good to have that practice of knowing who to talk to and all. She gave a few recommendations of which she thinks will enable us to write secure code. Coders should review, learn, and speak up if they feel uncomfortable with a piece of code. Managers could take up on what she called “smells” when people tend to be fearful about their code. Of course, MicroSoft’s SDL also contains many good practices. Her minimal set of practices is to have a self-assessment in place to determine if something needs security review, have an up-front threat modelling that is kept up to date as things evolve, have a security checklist like Mozilla’s or OWASP’s, and have security analysis built into CI process.

  • Second Round of systemd.conf 2015 Sponsors

More in Tux Machines