BT

Microsoft Recommits to Providing SSH for Windows

by Jeff Martin on  Jun 04, 2015 1

The third time may be the charm as Microsoft has announced intentions to produce native SSH client and server tools for the Windows platform. Using OpenSSH as a starting point, Microsoft says their goals for the new toolset includes easier system management of both Windows and Linux systems.

Meeting Regulatory Demands with Agile Software Development

by Ben Linders on  Jun 04, 2015 1

InfoQ interviewed Jan van Moll about regulatory demands for software in healthcare, satisfying these demands with waterfall project or with a mix of waterfall and agile, and introducing agile in an R&D organization that needs to fulfill regulatory demands.

Google Introduces Smart Lock for Passwords

by Abel Avram on  Jun 02, 2015

Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.

Security Vulnerabilities in Docker Hub Images

by Chris Swan on  May 29, 2015 2

BanyanOps have published a report stating that ‘Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities’, which include some of the sensational 2014 issues such as ShellShock and Heartbleed. The analysis also looks at user generated ‘general’ repositories and finds an even greater level of vulnerability.

Delivering Value on Time by Using #NoEstimates

by Ben Linders on  May 21, 2015 2

Vasco Duarte suggests that people should experiment with #NoEstimates to learn and find ways in which it can help them to deliver value on time and under budget. He is writing a book on #NoEstimates in which he explains why estimation does not work and how you can use #NoEstimates to manage projects.

Netflix's FIDO Guards Against Security Incidents

by James Chesters on  May 19, 2015

The Netflix team has released FIDO -- an open source system for automatically analysing security events. Not to be confused with FIDO Alliance, Netflix's platform stands for Fully Integrated Defense Operation, the platform's Github describes FIDO as "an orchestration layer used to automate the incident response process by evaluating, assessing and responding to malware."

VENOM Vulnerability Threatens Several Major VM Hosts

by Jeff Martin on  May 19, 2015

Users of the popular virtual machine tools Xen, KVM, VirtualBox, and QEMU are urged to patch their systems as soon as possible due to a newly found bug that exposes flaws in the code providing virtual floppy disk support. The VENOM vulnerability affects all operating systems that are hosting these environments.

Docker Security Benchmark

by Chris Swan on  May 08, 2015

Docker Inc have worked with the Center for Internet Security (CIS) to produce a benchmark document containing numerous recommendations for the security of Docker deployments. The benchmark was announced in a blog post ‘Understanding Docker Security and Best Practices’ by Diogo Mónica who was recently hired along with Nathan McCauley to lead the Docker Security team.

Spring Security 4.0: WebSocket, Spring Data and Test Support

by Matt Raible on  Apr 21, 2015

The Spring Security team released Spring Security 4.0.0, adding several new features as well as more default security. Major themes include WebSocket Security, Spring Data integration, better testing support and the introduction of Spring Session as a new (Apache licensed) open source project.

Atlassian’s Stash Data Center Offers High Availability and Scalability for Git

by Steffen Opel on  Apr 15, 2015 1

Atlassian recently released Stash Data Center, a highly available and horizontally scalable deployment option for its on-premises source code and Git repository management solution Stash. New nodes can be added without downtime to provide active-active clustering and instant scalability.

Chrome 42 Disables NPAPI and Related Plug-ins: Java, Unity, Silverlight

by Abel Avram on  Apr 15, 2015 5

As outlined in the NPAPI Deprecation Guide, Chrome 42, which was due this month and was recently released to the stable channel, has disabled support for the Netscape Plug-in API. The reason is that NPAPI “has become a leading cause of hangs, crashes, security incidents, and code complexity” and the intent was first announced in 2013.

Firefox 37 Brings Native Playback of HTML5 Video

by James Chesters on  Apr 13, 2015

Mozilla has released Firefox 37, bringing native playback of HTML5 video for Windows, and many security changes.

ZeroDB Internals and End-To-End Database Encryption

by Alex Giamas on  Apr 09, 2015

In an article published in their blog, ZeroDB team explains how it works. ZeroDB is an end-to-end encrypted database, which means that the database server does not need to be secure for the data to be safe. The way this works is that query logic is being pushed down to the client. The client also holds the decryption keys for data. The client encrypts data with a symmetric key at time of creation

Android Apps Are Now Reviewed by Tools and Humans

by Abel Avram on  Mar 17, 2015

Google has quietly introduced an app reviewing process that monitors new apps or updates for policy violations. This process uses automatic tools and sometimes human reviewers that add a few hours of delay in the publishing process.

Lenovo Responds to Superfish Vulnerability

by Alex Blewitt on  Feb 20, 2015

Lenovo has responded to the criticism of the Superfish software pre-loaded onto its computers with advice on how to remove the offending tool. But what was the issue, and why was it pre-loaded in the first place? InfoQ investigates. Meanwhile, Microsoft has pushed out a definition of Microsoft Defender to remove Superfish and its root certificate.

General Feedback
Bugs
Advertising
Editorial
Marketing
InfoQ.com and all content copyright © 2006-2015 C4Media Inc. InfoQ.com hosted at Contegix, the best ISP we've ever worked with.
Privacy policy
BT