January 12, 2022
by sjvn01
0 comments
Do you want to bring chaos engineering into your cloud and Kubernetes development? In short, do you want to beat up your applications in development before the real world of production gets its chance to knock them around? If so, you’ll be glad to know that the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) has pushed LitmusChaos from the CNCF Sandbox to the Incubation level.
LitmusChaos Becomes a CNCF Incubator Project. More>
January 11, 2022
by sjvn01
0 comments
When Palo Alto Networks (PANW) acquired Bridgecrew, the aim was to enable “shift left” security, with Prisma Cloud becoming the first cloud security platform to deliver security across the full application lifecycle. Now, with the release of Smart Fixes, it’s easier to see why PANW paid about $156 million for Bridgecrew.
Bridgecrew’s main product is the open source, static code analysis Infrastructure as Code (IaC) scanner, Checkov. With it, you scan cloud infrastructure provisioned by Terraform, Terraform plan, Cloudformation, AWS SAM, Kubernetes, Dockerfile, Serverless, or ARM Templates. It then detects security and compliance misconfigurations using a graph-based approach.
Smart Fixes takes this forward to the next step by integrating with the Bridgecrew cloud security platform. There, it looks for IaC policy violations in your cloud code. It then offers suggestions for fixes.
Stop Making Old Code Mistakes with Bridgecrew’s Smart Fixes. More>
January 11, 2022
by sjvn01
0 comments
I’ve been using Linux desktop distros for almost 30 years. Recently, I looked at many of the top Linux desktop distros both for beginners and for experts. Then, I spent the last few days looking at the latest version of Linux Mint 20.3, “Una.” And, once more, Linux Mint is the best desktop distro for both newcomers and veteran users.
Still the top: Linux Mint 20.3 is the best Linux desktop. More>
January 10, 2022
by sjvn01
0 comments
It’s not like the four — count ’em, four — Log4j security vulnerabilities aren’t more than just trouble in and of themselves. Just check in with the Belgian defense ministry to see what they have to say about it. Now, the U.S. Federal Trade Commission (FTC) has issued a warning that it will punish companies that don’t fix the Java logging package Log4j security problems.
Specifically, if the Log4j (CVE-2021-44228) security hole leads to a “loss or breach of personal information, financial loss, and other irreversible harms,” the FTC may take legal action against your company. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”
No pressure!
FTC Says Fix Log4j Security Vulnerability or Face Its Wrath. More>
January 6, 2022
by sjvn01
0 comments
GraphQL, the open source query language for application programming interfaces (APIs), is very powerful. With great power comes great responsibility, as Spider-Man reminds us, and sometimes developers go badly wrong. And, that’s exactly what happened, according to Salt Security, a leading API security company, when their researchers found a GraphQL API authorization vulnerability in a B2B financial technology (FinTech) platform.
Whoops.
Salt Security Finds Serious GraphQL API Security Hole. More>
January 6, 2022
by sjvn01
0 comments
In 1992, the Berkeley Packet Filter (BPF) was introduced in Unix circles as a new, improved network packet filter. Nice, but not that big a deal. Then, in 2014, it was changed and brought into the Linux kernel as extended BPF (eBPF). Again, that was okay. Just okay. Soon thereafter though, developers started using it to run user-space code inside a virtual machine (VM) on the Linux kernel. And, then it was a huge deal. As Netflix computer performance expert Brendan Gregg said, with eBPF, “superpowers have finally come to Linux.”
What superpowers? eBPF gives you the power to run programs in the Linux kernel without changing the kernel source code or adding additional modules. In effect, it acts as a lightweight (VM) inside the Linux kernel space. There, programs that can run in eBPF run much faster, while taking advantage of kernel features unavailable to other higher-level Linux programs.