Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • Leopard Flower firewall – Protect your bytes

    Several months ago, I decided to explore a somewhat obscure topic of outbound per-application firewall control in Linux. A concept that Windows users are well familiar with, it’s been around for ages, providing Windows folks with a heightened sense of – if not practical factual – protection against rogues residing in their system and trying to phone home.

    In Linux, things are a little different, but with the growing flux of Windows converts arriving at the sandy shores of open-source, the notion of need for outbound control of applications has also risen, giving birth to software designed to allay fears if not resolve problems. My first attempt to play with Leopard Flower and Douane was somewhat frustrating. Now, I’m going to revisit the test, focusing only on the former.

    [...]

    Leopard Flower firewall is an interesting concept. Misplaced, though, for most parts. It caters to a Windows need that does not exist on Linux, and to be frank, has no place in the Microsoft world either. Then, it also tries to resolve a problem of control and knowledge by requiring the user to exercise the necessary control and knowledge. But if they had those to begin with, they wouldn’t need to dabble in per-application firewalls. Furthermore, the software is still fairly immature. There are at least half a dozen little things and changes that can be implemented to make lpfw more elegant, starting with installation and followed by service and GUI model, prompts, robustness, and a few others.

  • Critical bug in libotr could open users of ChatSecure, Adium, Pidgin to compromise
  • Clair 1.0 Brings Advances in Container Security

    CoreOS pushes the open-source container security project to the 1.0 milestone and production stability.
    As container use grows, there is an increasing need to understand from a security perspective what is actually running in a container. That's the goal of CoreOS' Clair container security project, which officially hits the 1.0 milestone today, in an effort to help organizations validate container application security.

More in Tux Machines

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

OSS Leftovers

  • 20 Most Promising Open Source Solution Providers - 2017
    Open source has become an imperative part of every developer’s arsenal. The potential to gather assistance from the community and the capacity to link into a range of systems and solutions make open source incredibly powerful. As open source software becomes ubiquitous, and used by the vast majority of enterprises throughout the world, 2017 is all set for vendors of application delivery controller (ADC) to start providing improved and tighter integration packages for various open source projects, especially surrounding ADC-generated telemetry. Companies have been extensively using their analytics and machine learning capabilities for quite some time to identify actionable patterns from the collected data. With the rising demand for business intelligence, this year is foreseen to be the year of information superiority with businesses, leveraging data as a key differentiator. In the past couple of years, containers have been emerging as an imminent trend. As the business focus starkly shifts on rightsizing of resources, containers are expected to become a common phenomenon, giving businesses the ability to leverage highly portable assets and make the move into micro services much simpler. Adjacently, automation has become essential now. Mostly intensified by DevOps adoption, the automation of software delivery and infrastructure changes have freed developers to spend more time creating and less time worrying about infrastructure.
  • DevOps pros and open source: Culturally connected
    Like chocolate and peanut butter, DevOps and open source are two great tastes that taste great together. For many DevOps pros, it's the perfect cultural and technical match.
  • Interoperability: A Case For Open Source - GC@PCI Commentary
    He continues: “An open source model allows companies to see the assumptions behind the calculation and lowers the cost of entry into the cat modeling business. More importantly, the standardized and interoperable hazard, vulnerability and financial modules included in a true open source model facilitate the collaboration of data from insurers, reinsurers, entrepreneurs, scientists, computer programmers and individuals, all of which may result in a new generation of cat models.”
  • DevOps Skills Are Key to Collaboration within Organizations
    DevOps is one of the most highly sought skills employers are seeking to fill among 57 percent of respondents in the 2017 Open Source Jobs Report, from Dice and The Linux Foundation. Specifically, firms are looking for developers (73 percent) and DevOps engineers (60 percent).
  • Projects You Can Help With For Advancing Open-Source NVIDIA "Nouveau" Graphics
    Longtime Nouveau contributor Karol Herbst has been working on an updated list of project ideas for new contributors or those that may be wanting to participate in an Endless Vacation of Code / Google Summer of Code.
  • Join The Linux Foundation at Open Source Summit EU for Booth Swag, Project Updates, and More
    Going to Open Source Summit EU in Prague? While you’re there, be sure stop by The Linux Foundation training booth for fun giveaways and a chance to win one of three Raspberry Pi kits.
  • Oracle Promises To Open Source Oracle JDK And Improve Java EE
    Oracle had already announced it would be moving Java EE to the Eclipse Foundation, and the announcements at JavaOne move the language further to a more vendor-neutral future. It's worth noting that the keynote was preceded by a Safe Harbor disclaimer in which Oracle said it could not be held to plans made during the speech, so nothing is actually certain.
  • Linux Kernel Community Enforcement Statement
  • Linux Kernel Gets An "Enforcement Statement" To Deal With Copyright Trolls
    Greg Kroah-Hartman on the behalf of the Linux Foundation Technical Advisory Board has today announced the Linux Kernel Community Enforcement Statement. This statement is designed to better fend off copyright trolls. Among the copyright troll concerns is how a Netfilter developer has been trying to enforce his personal copyright claims against companies for "in secret and for large sums of money by threatening or engaging in litigation."
  • An enforcement clarification from the kernel community
    The Linux Foundation's Technical Advisory board, in response to concerns about exploitative license enforcement around the kernel, has put together this patch adding a document to the kernel describing its view of license enforcement. This document has been signed or acknowledged by a long list of kernel developers. In particular, it seeks to reduce the effect of the "GPLv2 death penalty" by stating that a violator's license to the software will be reinstated upon a timely return to compliance.

Tizen and Android Leftovers

Tizen and Android Leftovers