Practical Technology

for practical people.

January 12, 2022
by sjvn01
0 comments

Why not a four-day workweek?

Today, many of us think of the five-day workweek as being the way things have always been done. It’s not. It only became a standard in the United States when the labor unions got the Fair Labor Standards Act (FLSA) passed in 1938. Before that, most people worked a 48-hour, six-day-per-week job—and were glad to have it.

Are we less productive now? We are not.

Indeed, when Henry Ford, of all people, introduced the five-day, 40-hour week for workers at the Ford Motor Company, one reason he did so was that he thought it would increase productivity. He was right; though workers’ time on the job decreased, productivity went up.

Why not a four-day workweek? More>

January 12, 2022
by sjvn01
0 comments

Open source isn’t the security problem – misusing it is

We’re going to be cleaning up Apache Log4j security problems for months to come, but the real problem isn’t that it was open-source software. It’s how we track and use open-source code.

When security vulnerabilities were found in the extremely popular open-source Apache Log4j logging library, we knew we were in trouble. What we didn’t know was just how much trouble we were in. We know now. Just ask the Belgian defence ministry. In this ongoing security disaster, many people blame open source for all our troubles.

In the Financial Times (FT), Richard Waters, the newspaper’s west coast editor, wrung his hands, saying it’s a “little alarming to discover that, more than two decades into the open-source era, glaring security holes sometimes surprise even the experts.”

Surprising? I think not. It’s software. It always has bugs. Sometimes they’re really bad bugs. As security maven Bruce Schneier said over 20 years ago: “Security is a process, not a product.” There’s no surprise here.

Open source isn't the security problem – misusing it is. More>

January 12, 2022
by sjvn01
0 comments

LitmusChaos Becomes a CNCF Incubator Project

Do you want to bring chaos engineering into your cloud and Kubernetes development? In short, do you want to beat up your applications in development before the real world of production gets its chance to knock them around? If so, you’ll be glad to know that the Cloud Native Computing Foundation (CNCF) Technical Oversight Committee (TOC) has pushed LitmusChaos from the CNCF Sandbox to the Incubation level.

LitmusChaos Becomes a CNCF Incubator Project. More>

January 11, 2022
by sjvn01
0 comments

Stop Making Old Code Mistakes with Bridgecrew’s Smart Fixes

When Palo Alto Networks (PANW) acquired Bridgecrew, the aim was to enable “shift left” security, with Prisma Cloud becoming the first cloud security platform to deliver security across the full application lifecycle. Now, with the release of Smart Fixes, it’s easier to see why PANW paid about $156 million for Bridgecrew.

Bridgecrew’s main product is the open source, static code analysis Infrastructure as Code (IaC) scanner, Checkov. With it, you scan cloud infrastructure provisioned by Terraform, Terraform plan, CloudformationAWS SAMKubernetesDockerfileServerless, or ARM Templates. It then detects security and compliance misconfigurations using a graph-based approach.

Smart Fixes takes this forward to the next step by integrating with the Bridgecrew cloud security platform. There, it looks for IaC policy violations in your cloud code. It then offers suggestions for fixes.

Stop Making Old Code Mistakes with Bridgecrew’s Smart Fixes. More>

January 11, 2022
by sjvn01
0 comments

Still the top: Linux Mint 20.3 is the best Linux desktop

I’ve been using Linux desktop distros for almost 30 years. Recently, I looked at many of the top Linux desktop distros both for beginners and for experts. Then, I spent the last few days looking at the latest version of Linux Mint 20.3, “Una.” And, once more, Linux Mint is the best desktop distro for both newcomers and veteran users.

Still the top: Linux Mint 20.3 is the best Linux desktop. More>

January 10, 2022
by sjvn01
0 comments

FTC Says Fix Log4j Security Vulnerability or Face Its Wrath

It’s not like the four — count ’em, four — Log4j security vulnerabilities aren’t more than just trouble in and of themselves. Just check in with the Belgian defense ministry to see what they have to say about it. Now, the U.S. Federal Trade Commission (FTC) has issued a warning that it will punish companies that don’t fix the Java logging package Log4j security problems.

Specifically, if the Log4j (CVE-2021-44228) security hole leads to a “loss or breach of personal information, financial loss, and other irreversible harms,” the FTC may take legal action against your company. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”

No pressure!

FTC Says Fix Log4j Security Vulnerability or Face Its Wrath. More>