Implementing Privacy by Design in Hyperledger Indy
Centralized identity providers, such as social media sites and consumer email services, provide convenience to users. But this approach creates data privacy and security risks. Hyperledger Indy, an open source blockchain project, is being built to address the current issues that exist in centralized identity providers by taking a 'Privacy by Design' approach to deal with these risks.
Hyperledger Releases New Version of Burrow Featuring Improved Integration and Developer Experience
In a recent blog post, the Hyperledger open source project announced the next version of Burrow v.0.21.0. Within this release, organizations can expect improved integration, key-signing, helm charts for Kubernetes and developer experience.
Confluent Platform 5.0 Supports LDAP Authorization and MQTT Proxy for IoT Integration
Confluent Platform 5.0, the enterprise streaming platform built on Apache Kafka, supports LDAP authorization, Kafka topic inspection, and Confluent MQTT Proxy for Internet of Things (IoT) integration.
Checked C Extends LLVM to Bring Spatial Memory Safety to C
Checked C is an open, collaborative project led by Microsoft Research aimed to extend the C language so programmers can write more reliable programs free of errors such as buffer overruns, out-of-bounds memory accesses, and incorrect type casts. Checked C code can coexist with code written in standard C to ease porting.
Tink is Google Cryptographic Library for the Cloud, Android, and iOS
Tink is a multi-language, cross-platform cryptographic library developed by a group of cryptographers and security engineers at Google to help developers implement cryptography correctly without being cryptographic experts. Under development for the last two years, version 1.2 adds support for Cloud, Android, and iOS platforms, and C++ and Objective-C.
Intel Discloses New Speculative Execution Vulnerability L1 Terminal Fault
Intel has disclosed a new speculative execution side channel vulnerability, dubbed L1 Terminal Fault, that could potentially leak information residing in the processor L1 data cache. Mitigations are already available, according to Intel, based on its latest Microcode Updates and corresponding updates to operating systems and hypervisor stacks.
WhiteSource Launches Free Open Source Vulnerability Checking
WhiteSource, an open source security and license compliance management solution provider, has launched Vulnerability Checker; a new, free and standalone CLI tool that provides alerts on critical open source vulnerabilities.
NetBSD 8.0 Brings Spectre V2/V4, Meltdown, and Lazy FPU Mitigations, and More
NetBSD 8.0, a major release of the BSD-based OS providing portability across many architectures, brings mitigations for the Spectre V2/V4, Meltdown, and Lazy FPU vulnerabilities, along with many new features and bug fixes.
Azure Virtual WAN and Azure Firewall Now in Public Preview
With Azure Virtual WAN and Azure Firewall, Microsoft will provide two new services to help customers modernise their network. The Azure Virtual WAN service will simplify large-scale branch connectivity, while with the Azure Firewall enterprises can enforce their security policies in the cloud. Both services are currently in public preview.
Spectre 1.1 and 1.2 Vulnerabilities Disclosed
Two new vulnerabilities exploiting flaws in CPUs speculative execution have been recently disclosed. Dubbed Spectre 1.1 and 1.2, both are variants of the original Spectre (Spectre-v1) vulnerability and leverage speculative stores to create speculative buffer overflows which can escape Spectre-v1 mitigations.
IT Operations Is the Most Predictable DevOps Differentiator Says Damon Edwards at DOES18 London
InfoQ spoke to Damon Edwards, co-founder and chief product officer, at Rundeck at DevOps Enterprise Summit London about his talk ‘Operations - The Last Mile Problem for DevOps in the Enterprise’ and the sneak preview of the new version of RunDeck, V3.0.
OpenID Loses Major Proponent, StackOverflow
OpenID has lost one of its largest proponents. Stack Exchange, the company behind StackOverflow and other Q&A websites, will be completely eliminating support for OpenID on July 25, 2018. This continues a long running trend of websites eliminating OpenID from their offerings.
DevSecOps Grows Up and Finds Itself a Community
On June 28th, the first DevSecOps Days event came to London following a similar event in San Francisco in April. It kicked off with a welcome address from event founders, Mark Miller and John Willis, who explained that the intention is to replicate the DevOpsDays model and empower communities worldwide to stand up their own events.
Challenges of Moving from Projects to Products
Carmen DeArdo, former DevOps technology director at Nationwide Insurance, and Nicole Bryan, vice-president of product management at Tasktop, recently spoke at the DevOps Enterprise Summit London on the importance of moving from a project-based to a product-based organization.
AWS Config Gains Cross-Account, Cross-Region Data Aggregation
Amazon Web Services (AWS) recently added the capability to aggregate compliance data produced by AWS Config rules across multiple accounts and/or regions to enable centralized auditing and governance of AWS resources. A new aggregated dashboard view displays non-compliant rules across the organization. Users can then drill down to view details about resources that are violating any rules.
