IT Operations Is the Most Predictable DevOps Differentiator Says Damon Edwards at DOES18 London
InfoQ spoke to Damon Edwards, co-founder and chief product officer, at Rundeck at DevOps Enterprise Summit London about his talk ‘Operations - The Last Mile Problem for DevOps in the Enterprise’ and the sneak preview of the new version of RunDeck, V3.0.
OpenID Loses Major Proponent, StackOverflow
OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.
DevSecOps Grows Up and Finds Itself a Community
On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.
Challenges of Moving from Projects to Products
Carmen DeArdo, former DevOps technology director at Nationwide Insurance, and Nicole Bryan, vice-president of product management at Tasktop, recently spoke at the DevOps Enterprise Summit London on the importance of moving from a project-based to a product-based organization.
AWS Config Gains Cross-Account, Cross-Region Data Aggregation
Amazon Web Services (AWS) recently added the capability to aggregate compliance data produced by AWS Config rules across multiple accounts and/or regions to enable centralized auditing and governance of AWS resources. A new aggregated dashboard view displays non-compliant rules across the organization. Users can then drill down to view details about resources that are violating any rules.
TLBleed Can Leak Cryptographic Keys from CPUs Snooping on TLBs
A new side-channel vulnerability affecting Intel processors, known as TLBleed, can leak information by snooping on Translation Look-aside Buffers (TLBs), writes VUsec security researcher Ben Gras.
Lazy FP State Restore Vulnerability Affects Most Intel Core CPUs
Intel has disclosed a new vulnerability affecting most of its Core processors and making them targets for side-channel attacks similar to Spectre and Meltdown. The vulnerability, dubbed Lazy FP state restore (CVE–2018–3665), allows a process to infer the contents of FPU/MMX/SSE/AVX registers belonging to other processes.
How Apple's Intelligent Tracking Prevention in Safari Works
The latest release of Apple’s web browser, Safari 12, will provide “Intelligent Tracking Prevention” (ITP) 2.0, which aims to reduce the ability of third-parties to track web users via cookies and other methods.
Privacy and Security a Top Priority in macOS Mojave and Safari 12
At their annual Developer Conference WWDC Apple previewed macOS Mojave, the latest version of the company’s desktop operating system, and Safari 12, the updated web browser. Apple has stated that enhanced privacy and security are a top priority with these releases.
MIT Researchers Test Oracles and Smart Contracts on Bitcoin Lightning Network
The Massachusetts Institute of Technology (MIT) has revealed the results of their tests running smart contracts on the Bitcoin Lightning Network. Running smart contracts on the Bitcoin network isn’t necessarily new, however, the approach of using trusted entities called oracles with smart contracts is what makes their approach unique on the Bitcoin blockchain.
The Lowdown on Face Recognition Technology
Facial recognition is a direct application of machine learning that is being deployed far and wide to consumers, in the industry and to law enforcement agencies with potential benefits in our daily lives as well as serious concerns for privacy. facial recognition models show above human performances but real world implementation remains problematic for some applications.
Zip Slip Directory Traversal Vulnerability Impacts Multiple Java Projects
Security monitoring company Snyk has disclosed Zip Slip, an arbitrary file overwrite vulnerability exploited using a specially crafted ZIP archive that holds path traversal filenames. The vulnerability affects thousands of projects including AWS CodePipeline, Spring Integration, LinkedIn's Pinot, Apache/Twitter Heron, Alibaba JStorm, Jenkins, Gradle, and Google Cloud Platform.
Git Vulnerability May Lead to Arbitrary Code Execution
A flaw in Git submodule name validation makes it possible for a remote attacker to execute arbitrary code on developer machines. Additionally, an attacker could get access to portion of system memory. Both vulnerabilities have been already patched in Git 2.17.1, 2.16.4, 2.15.2, and other versions.
VPNFilter Has Infected over 500,000 Routers Worldwide
Cisco security researchers have issued an advisory describing a sophisticated malware system, VPNFilter, that has targeted at least 500,000 networking devices in 54 countries.
PGP and S/MIME Encrypted Email Vulnerable to Efail Attack
A group of German and Belgian researchers found that PGP and S/MIME are vulnerable to an attack that leaks the plaintext of encrypted emails. The Electronic Frontier Foundation confirmed the vulnerability and suggested to use alternative means to exchange secure messages. Yet, the vulnerability is not in PGP itself, according to GnuPG creator Werner Koch, who also said EFF comments were overblown.
