News

Runc and CVE-2019-5736

This morning a container escape vulnerability in runc was announced. We wanted to provide some guidance to Kubernetes users to ensure everyone is safe and secure. What Is Runc? Very briefly, runc is the low-level tool which does the heavy lifting of spawning a Linux container. Other tools like...
Read 0 Comments

Building Trust in Open Source: A Look Inside the OpenChain Project

Open source software provides businesses with a number of benefits including cost, flexibility and freedom. This freely distributed software can also be easily altered by any business that is familiar with its source code.  However, licensing issues do arise which could present a major hurdle for...
Read 0 Comments

Microsoft Joins OpenChain Open-Source Compliance Group

OpenChain, I would argue, is the most important open-source project you've never heard of before. This Linux Foundationconsortium provides an industry standard for open-source supply chain license compliance. And now, Microsoft has joined the the OpenChain Project. OpenChain's important because the...
Read 0 Comments

Kubernetes, Docker, ContainerD Impacted by RunC Container Runtime Bug

The Linux community is dealing with another security flaw, with the latest bug impacting the runC container runtime that underpins Docker, cri-o, containerd, and Kubernetes. The bug, dubbed CVE-2019-5736, allows an infected container to overwrite the host runC binary and gain root-level code access...
Read 0 Comments

Performance Monitoring with OpenTracing, OpenCensus, and OpenMetrics

If you are familiar with instrumenting applications, you may have heard of OpenMetrics, OpenTracing, and OpenCensus. These projects aim to create standards for application performance monitoring and collecting metric data. Although the projects do overlap in terms of their goals, they each take a...
Read 0 Comments

Disk Encryption for Low-End Hardware

Eric Biggers and Paul Crowley were unhappy with the disk encryption options available for Android on low-end phones and watches. For them, it was an ethical issue. Eric said: We believe encryption is for everyone, not just those who can afford it. And while it's unknown how long CPUs without AES...
Read 0 Comments

Testing, One Two Three: How These OPNFV Tools Can Help Any Open Infrastructure Project

As the number of open-source projects booms, so does the need for resiliency and interoperability testing. The Open Platform for NFV (OPNFV) community spent about four years of collective brainpower developing testing tools that can come in handy for open-source projects. Here’s a brief overview of...
Read 0 Comments

Open Sourcing ClusterFuzz

Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding memory corruption bugs, which often have serious security implications. Manually finding these issues is both difficult and time consuming, and bugs...
Read 0 Comments

What Open Source Really Means Today

The state of open source over the course of the past few decades has certainly changed. IBM last year purchased Red Hat, for example. But the original open source spirit of sharing remains intact — though the extent to which that is the case remains a subject of debate. What open source really...
Read 0 Comments

Learn to Use curl Command with Examples

Curl command is used to transfer files to and from a server, it supports a number of protocols like HTTP, HTTPS, FTP, FTPS, IMAP, IMAPS, DICT, FILE, GOPHER, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP etc. Curl also supports a lot of features like proxy...
Read 0 Comments

Pages

Click Here!