Home Blog Page 560

Secure Web Apps with JavaEE and Apache Fortress

By
Pam Baker
-

ApacheCon is just a couple weeks away — coming up May 16-18 in Miami. We asked Shawn McKinney, Software Architect at Symas Corporation,  to share some details about his talk at ApacheCon. His presentation, “The Anatomy of a Secure Web Application Using Java EE, Spring Security, and Apache Fortress” will focus on an end-to-end application security architecture for an Apache Wicket Web app running in Tomcat. McKinney explains more in this interview.

Linux.com: Tell us about your inspiration for this talk.

Shawn McKinney: The idea for this talk started several years back, when I first began working full-time with Symas. I was working on a project that spanned multiple companies with my friend and colleague, John Field, who’s a security architect at EMC, now Pivotal.

At the time, we were working on a process to migrate legacy Cobalt apps from running on their native IBM z Series mainframe platform to run on top of open systems architectures, i.e. Linux.

These were massive programs with millions of lines of code, built over decades. Their conversion processes required mimicking the mainframe’s legendary security controls onto Linux platforms, using what was available to us via native and non-native security controls.

This meant dealing with a multitude of security concerns across every tier of the system and into many of its sub-layers as well. Mandatory access controls were enforced on every node in the system.

Linux systems had to be hardened to the nth degree and at the same time, multiple grades of authorization were required within the platform layers. Fortunately, everything we needed to do all this was already readily available and usable, and easily found within the public domain.

Only open, established, and timeworn practices were being targeted. That is, technologies released under permissible licenses, like the Apache software license, and these things were allowed into the final design. Our problem wasn’t with how to design the security system, per se, nor how to build it. Strangely, those were the easy parts.

The hard part for us was how do we convey the contents of its complex design to others in a way that is understandable? Because, many of us are not, shall we say, security afflicted, so despite recommending only best practices, their concepts remain arcane, complicated, and generally not known to the masses.

To break through this complexity barrier, John and I borrowed an idea remembered from our youth, and that is those science textbooks that depict the human anatomy. You remember the ones that use translucent pages, each with a particular organ, all overlaying together comprising the comprehensive image of the human body, complete with all of its sub-systems?

We thought this a good way to communicate our complicated security system design to others. We adapted this idea for our end-to-end security design layout. Each image corresponds with an individual security component contained within a typical web app from it’s outer to innermost layers.

What’s unique about this particular talk is that it started with those initial visual images of a typical web security system architecture.

Next, a test application was created to go along with those anatomy images. The test app mimicked a typical web system, complete with test pages, links, buttons, database tables, et cetera, all of which are under tight security controls of various types.

The goal of the test app was to create a comprehensive tutorial demonstrating all of the pertinent security controls that were contained within the anatomy diagram. Finally, we added instructions to install, deploy, and run the test app and published it all to GitHub.

The project is called The Apache Fortress Demo, and we used it in our live demos and it could also be used by anyone else who wants to try it out at home. During our live demos, we would simultaneously dissect and discuss the web system security functionality, switching between the Power Point slides visually depicting the images and into the concrete demo to show how it all worked in a live system.

Linux.com: Who should attend this talk?

McKinney: It is a Java security demonstration, so anyone who’s working in Java platform that’s in security would be particularly interested. The demo’s going to cover security protocol interplays, including TLS in its various forms and flavors, so LDAPS, for example, HPS. So, I’m going to say anyone who’s interested in security-related topics should get something from it.

Linux.com: What technical background will you assume the audience has?

McKinney: I’m going to assume basic conceptual understanding of security concepts like authentication, authorization, and encryption of data. So, understand those abstract concepts, and then we will then make them concrete for this specific platform in the demo.

Learn first-hand from the largest collection of global Apache communities at ApacheCon 2017 May 16-18 in Miami, Florida. ApacheCon features 120+ sessions including five sub-conferences: Apache: IoT, Apache Traffic Server Control Summit, CloudStack Collaboration Conference, FlexJS Summit and TomcatCon. Secure your spot now! Linux.com readers get $30 off their pass to ApacheCon. Select “attendee” and enter code LINUXRD5. Register now >>

Introducing the Open Source Entrepreneur Network

By
John Mark Walker
-

I’m happy to announce that Linux.com will syndicate content from the Open Source Entrepreneur Network. Wait. What? Who? Where? Read on for more…

I’ve been an open source guy for many years now – since 1998. Over the years I’ve been a proud open source user, sometime developer, and overall advocate. Seeing the success of open source has been a real joy, but I’ve also been mystified by the myths that permeate the industry when it comes to business models and product development and where they intersect with open source software. Now that open source has “won” the focus now shifts to opimization. As in, how do you optimize your processes to fully participate in and get maximum benefits from all the things happening right now in open source ecosystems?

Frankly, I’m amazed – and not in a good way – at how much bad advice and “thought leadership” exists out there pertaining to open source business things. I followed the open source way of scratching an itch, and I decided to finally do something about it: I created the Open Source Entrepreneur Network or OSEN. The OSEN is where you learn how to make, market and sell products and services based on open source software. In our brave new open source world, this is a skillset needed by startup founders (and their investors), product managers, IT managers, CIOs/CTOs, devops pros and more. The fact that so much of modern software supply chains originates with upstream communities adds several layers of complexity to product development, which was already complex to begin with.

So join us on this journey and let me know what you think!

 

Blockchain’s Weak Spots Pose a Hidden Danger to Users

By
MIT Technology Review
-

Technologists, entrepreneurs, and some big companies are busy dreaming up new ways of using the core of Bitcoin—a distributed cryptographic ledger, or blockchain—to reinvent everything from business contracts and health records to carbon credits and new trading platforms (see “Why Bitcoin Could Be Much More Than a Currency”).

However, one expert warns that they may be building their dreams on top of a precarious foundation. Emin Gün Sirer, an associate professor at Cornell University, has been researching ways in which Bitcoin and blockchains can fail.

“The Bitcoin client is about 30,000 lines of code,” Gün Sirer said Tuesday at Business of Blockchain, a conference organized by MIT Technology Review and the MIT Media Lab. 

Read more at Technology Review

Docker Brings Containerization to Legacy Apps

By
TechCrunch
-

At the DockerCon conference today in Austin, Docker announced a new service called the Modernize Traditional Applications (MTA) Program that enables customers to move certain legacy apps into Docker containers, put them under management of Docker Enterprise Edition and prepare them for use on more modern infrastructure.

What’s more, the company is so confident in their ability to move these applications, that they are willing to guarantee the outcome, so long as the applications meet certain criteria.

What Docker found over the last six months while they built this offering was that customers were hungry to try containerization. While they didn’t necessarily have the skill or the will to go to all the way to microservices…

Read more at TechCrunch

IBM Brings Anaconda Open Data Science Platform to its Cognitive Systems

By
SDx Central
-

IBM is working with Continuum Analytics to offer the latter’s Anaconda open data science platform as part of IBM’s Cognitive Systems. Anaconda will also integrate with IBM’s PowerAI software for machine learning and deep learning.

IBM Cognitive Systems are based on the company’s own Power8 processors, which uses Nvidia’s high-speed NVLink interface to work in conjunction with Nvidia’s Tesla Pascal P100 GPU accelerators. The combination is designed to give a performance boost to deep learning and analytics applications.

Read more at SDx Central

Docker Debuts Containerized Kit for Building Linux Distros

By
InfoWorld
-

Today Docker unveiled LinuxKit and the Moby Project, a pair of projects that are intended to allow operating system vendors, do-it-yourselfers, and cutting-edge software creators to create container-native OSes and container-based systems.

The do-it-yourself kit

LinuxKit, which Docker has been using internally to create Docker Desktop and Cloud, uses containers as a building block for assembling custom Linux distributions. It provides a minimal system image—35MB at its absolute smallest—with all its system daemons containerized. Both system components and the software it ships with are delivered in containers.

Read more at InfoWorld

GStreamer 1.12: Intel Media SDK Support and More

By
Mark Filion
-

With GStreamer 1.12’s first release candidate out for testing and the final release expected soon, here’s a brief preview of some of the (many) new features, bugfixes and improvements that will be arriving with this release. Of course, keep an eye out for the official release notes as they’ll provide considerably more information around these changes.

Written by Olivier Crete, Multimedia Lead at Collabora.

As usual, this latest stable release will come loaded with new features, notably support for the EGL extension used by the i.MX6 Vivante proprietary driver, support for waylandsink DMABuf importation (which means you can get zerocopy media display under Wayland) and support for the Fraunhofer FDK AAC encoder and decoder. However, one of the higlights will undoubtedly be the addition of support for Intel’s Media SDK*, the cross-platform API to access Intel’s hardware accelerated video encoder and decoder functions on Windows and Embedded Linux.

Along with a large cleanup of OpenCV elements, more controls and voice activity information for webrtcdsp, and more support for 10bits and 12bits pixel formats, one of the key new features is videoconvert now supporting the multi-threaded scaling and conversion, a big plus for real-time software manipulation of 4K and 8K streams.

Python programmers will rejoice as more features are natively accessible, in particular, GstCaps describing format can now be fully programmatically modified, thanks to new handwritten overrides.

Continue reading on Collabora’s blog.

 

The Evolution of Container Usage at Netflix

By
Netflix Blog
-

Containers are already adding value to our proven globally available cloud platform based on Amazon EC2 virtual machines.  We’ve shared pieces of Netflix’s container story in the past (video, slides), but this blog post will discuss containers at Netflix in depth.  As part of this story, we will cover Titus: Netflix’s infrastructural foundation for container based applications.  Titus provides Netflix scale cluster and resource management as well as container execution with deep Amazon EC2 integration and common Netflix infrastructure enablement.

This month marks two major milestones for containers at Netflix.  First, we have achieved a new level of scale, crossing one million containers launched per week.  Second, Titus now supports services that are part of our streaming service customer experience.  We will dive deeper into what we have done with Docker containers as well as what makes our container runtime unique.

Read more at Netflix Blog

Hadoop: The Rise of the Modern Data Lake Platform

By
Information Age
-

Hadoop, while it may be synonymous with big data, and while it may be free to access and work with, engineering teams globally will admit that behind every Hadoop undertaking is a major technical delivery project.

Failures are so commonplace that even the experts don’t have great expectations of 2017: at the recent Gartner Data & Analytics Summit in Sydney, research director Nick Heudecker claimed that 70% of Hadoop deployments in 2017 will either fail to deliver their estimated cost savings or their predicted revenue.

It shouldn’t come as a surprise. Hadoop was designed for big data storage, but it wasn’t designed as an actual big data application. Hadoop and Spark are incredible enabling technologies.

Read more at Information Age

Dive Into Connected Car and Open Source at Automotive Linux Summit 2017

By
The Linux Foundation
-

Next month, the world’s leading automotive experts and engineers will gather at Automotive Linux Summit in Japan to discuss the future of connected cars and collaborate on the open source technologies driving innovation in the automotive arena.  

Automotive Linux Summit, taking place May 31-June 2 in Tokyo, gathers automotive systems engineers, Linux experts, R&D managers, business executives, open-source licensing and compliance specialists and community developers, among others. The goal is to connect the developer community which is leading automotive innovation with the vendors and users providing and using the code. Together they will drive the future of embedded devices in the auto industry.

The full agenda for Automotive Linux Summit 2017 is now available. Session highlights include:

  • Introducing Wi-Fi and Bluetooth Application in AGL Charming Chinook, Sri Maldia Hari Asti, Alps Electric Co., Ltd

  • Vehicle to Cloud: Connecting Cars to Non Automotive Internet Services, Fulup Ar Foll, IoT.bzh

  • Power Management for Car Infotainment, Takahiko Gomi, Renesas

  • Securing Vehicle-to-Cloud Data and Privacy with Digital Identity, Ashley Stevenson, ForgeRock

  • Cockpit System: Collaboration with Applications in AGL Ecosystem, Nobuhiko Tanibata, DENSO

  • Multi-Screen UX: New GUI Architecture for Next Generation Cockpit System, Takashi Tsubone, Panasonic

Keynote speakers will be revealed in the coming weeks. View the full agenda.

Automotive Linux Summit is co-located with Open Source Summit Japan, and attendees may add on registration to that event at no additional charge. Register now! Linux.com readers can save 5% on the “attendee” pass with discount code LINUXRD5.

Applications for diversity and needs-based scholarships are also being accepted.

1...559560561...10,743Page 560 of 10,743