Containerization technology has been a game-changer, powering Docker and other transformative software solutions. It's also garnered its share of criticisms about performance, security, and resiliency.
But one of the creators of Parallels, a key containerization technology on Linux, is pushing back against what he feels are pervasive myths about containers -- many of which, he argues, are rooted in misunderstandings of how to use them and what they're for.
This Public Service Announcement is a follow up to SA-CORE-2014-005 - Drupal core - SQL injection. This is not an announcement of a new vulnerability in Drupal.
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
Today we're releasing Qubes OS R2! I'm not gonna write about all the cool features in this release because you can find all this in our wiki and previous announcements (R2-beta1, R2-beta2, R2-beta3, R2-rc1, and R2-rc2). Suffice to say that we've come a long way over those 4+ years from a primitive proof of concept to a powerful desktop OS which, I believe, it is today.
One of the biggest difficulties we have been facing with Qubes since the very beginning, has been the amount of this extra, not-so-exciting, not directly security-related work, but so much needed to ensure things actually work. Yet, the line between what is, and what is not-security related, is sometimes very thin and one can easily cross it if not being careful.
For Intel Core i7 5960X Haswell-E Linux testing I originally bought an MSI X99S SLI PLUS motherboard as it was one of the most interesting, lowest-priced boards available at the time of the Intel X99 chipset debut. While I initially ran into some problems, those issues have now been confirmed to be isolated, and with a replacement X99S SLI PLUS motherboard I have been stressing it constantly for the past few weeks on Fedora and Ubuntu. The X99S SLI PLUS has now proven itself to be a reliable motherboard that's still among the least expensive X99 ATX motherboards on the market.
Kickstarter is apparently not the place to go if you’re trying to crowdfund privacy hardware. Just days after the Anonabox project, a highly criticized effort to package the Tor privacy protection service into a portable miniature Wi-Fi router, was suspended by the crowdfunding site, another similar project has met its demise—and its founder’s account has been deleted.
TorFi, which Ars mentioned in a report on October 21, was a project by Jesse Enjaian and David Xu of Berkeley, California aimed at creating home routers with turnkey Tor protection and support for OpenVPN connections—allowing users to route all their Internet traffic either through Tor's "onion router" network or a virtual private network provider of their choice. The project’s initial pitch was dependent on repurposing routers from TP-Link purchased through retail and re-flashing them with a customized version of the OpenWRT embedded operating system.
I agree that the security of a container isn’t any better than a well-secured application using sys_setcap(), a custom suite of SeLinux labels, and a roll-your-own use of Linux namespaces. However, that’s precisely what Linux containers are. Containers are not contradictory to other, existing best-practices. They’re not contradictory to VMs, but work well with them. It’s not contradictory to SeLinux or AppArmor, but works with them. In fact, when you come down to it, once you start tweaking and configuring all of the security tunables in Linux to secure your application as much as possible, you’ll realize that you’ve simply rolled your own container solution.
In the wake of former NSA contractor Edward Snowden's big reveal on government spying, there's been a concerted effort by companies big and small to try and make our lives truly private. One seemingly promising solution was Anonabox, a little plug-and-play device that routes traffic through Tor to keep our online activities anonymous. Unfortunately, we were all misled on a number of levels, prompting Kickstarter to remove the project forever. Hot on its heels is Project Sierra, a network encryption device that's supposedly the real deal.
Hypervisors present a smaller attack surface than containers. This is somewhat mitigated in containers by using seccomp, selinux and restricting capabilities in order to reduce the number of kernel entry points that untrusted code can touch, but even so there is simply a greater quantity of privileged code available to untrusted apps in a container environment when compared to a hypervisor environment.
The list of allowed smartphones, which US officials may share confidential information has become a bit longer. The National Information Assurance Partnership (NIAP) - a product tester under the supervision of the NSA - announced Tuesday the green light for the S5 Galaxy, Galaxy Note 4 and the tablet Galaxy Note 10.1 (2014 Edition).