In the first of this series on Docker security, I wrote "containers do not contain." In this second article, I'll cover why and what we're doing about it.
Docker, Red Hat, and the open source community are working together to make Docker more secure. When I look at security containers, I am looking to protect the host from the processes within the container, and I'm also looking to protect containers from each other. With Docker we are using the layered security approach, which is "the practice of combining multiple mitigating security controls to protect resources and data."
Basically, we want to put in as many security barriers as possible to prevent a break out. If a privileged process can break out of one containment mechanism, we want to block them with the next. With Docker, we want to take advantage of as many security mechanisms of Linux as possible.
Luckily, with Red Hat Enterprise Linux (RHEL) 7, we get a plethora of security features.
Open source technologies are "more secure" than software that is developed in a proprietary way, Red Hat's JBoss middleware business unit general manager, Mike Piech, said in a meeting with journalists.
On the one hand, open source software code is freely available, which means that hackers will see how to hack it. But, on the other, there is also a vast community of people working to maintain open source software security.
My internship at Red Hat has not only advanced my knowledge and skills of Linux but also about the concept of open source. When I first started experimenting with Linux, I downloaded a copy of a Debian ISO to share a partition on my Windows machine. While researching Linux, the phrase "open source" would often appear on blogs, articles, and on quick "how-to" YouTube tutorials. I would soon come to realize what that term really meant.
systemd0 is a replacement for the sysvinit daemon used in GNU/Linux and Unix systems, originally authored by Lennart Poettering of Red Hat. It represents a monumental increase in complexity, an abhorrent and violent slap in the face to the Unix philosophy, and its inherent domineering and viral nature turns it into something akin to a "second kernel" that is spreading all across the Linux ecosystem.
This site aims to serve as a rundown and a wake-up call to take a stand against the widespread proliferation of systemd, to detail why it is harmful, and to persuade users to reject its use.
I’ve been talking to my fellow Fedora user, James [who happens to be my boss] and he’s told me a few extensions that are available for gnome 3 that make things a little better, and to be honest I like them lots.
First of all you need to go here – https://extensions.gnome.org/ [use firefox]
The first couple I have install is
No Topleft Hot Corner
He went on to say that some within Red Hat speculate that tensions between Stevens and Paul Cormier, Red Hat’s president of products and technologies, might be responsible, although there doesn’t appear to have been any current argument between the two. Cormier will take over Stevens’ duties until a replacement is found.
Vaughan-Nichols also said that others at Red Hat had opined that Stevens might’ve left because he’d risen as high as he could within the company and with no new advancement opportunities open to him, he’d decided to move on. If this was the case, why did he leave so abruptly?
Stevens had been at Red Hat for nearly ten years. If he was leaving merely because “I’ve done all I can here and it’s time to seek my fortune elsewhere,” we’d expect him to work out some kind of notice and stay on the job long enough for Red Hat to find a suitable replacement. Turning in a resignation that’s effective immediately is not the ideal way to walk out the door for the last time. It smells of burning bridges.
No one's saying why long-time Red Hat CTO Brian Stevens left the company, but it seems clear he left from his own desire for a bigger, better job elsewhere.
DNF 0.6.1 was released today and this updated open-source package manager picked up a few more features as it's still in pursuit of replacing Yum on Fedora systems.
The DNF 0.6.1 release adds full support for the history redo command with integration for the repository-packages commands. DNF 0.6.1 also adds new configuration options pertaining to GPG keys/checking and there's many bug-fixes.