Monthly Archives: March 2019

LVFS Served Up 500k Firmware Files To Linux Users This Month


Back in February the Linux Vendor Firmware Service (LVFS) was celebrating having served more than five million firmware files over the duration of this service for providing BIOS/firmware files to Linux users for different hardware components from different vendors ranging from mice/peripheral firmware to new system/motherboard BIOS from major hardware vendors. That count is quickly shooting up these days and they are now serving 500k files per month.

Richard Hughes, the lead developer of LVFS/Fwupd at Red Hat, shared they hit a new record of serving 0.5 million firmware files over the past month.

Hughes attributes that new 500,000 downloads per month milestone in part due to LVFS recently becoming a Linux Foundation project to gain broader recognition than being just a “Red Hat” backed initiative.

Beyond the positive impact of LVFS joining the Linux Foundation, this number will likely continue to rise given they are now working on more enterprise features for Fwupd/LVFS and more hardware vendors getting onboard with the idea of shipping firmware/BIOS updates to Linux customers via this platform.

JIT Is Approved For PHP 8 To Open Up Faster CPU Performance


It was widely expected that PHP 8 would introduce JIT (Just In Time) compiler functionality while now that experimental work has been approved.

PHP JIT support has been in development for a while via a separate tree while now a vote among PHP core developers has made it official that PHP 8 will introduce the JIT support.

This PHP JIT support has the potential of further enhancing PHP’s performance on top of the significant performance strides made already during the PHP 7 cycles, but the JIT performance benefits will primarily be for CPU-bound code paths. The JIT compiler is seen as the next major advancement for opening up better performance out of PHP.

More details as to the state of PHP JIT can be found via this blog post.

Before getting too excited about PHP JIT, this year will bring the PHP 7.4 release and there is some speculation that PHP 8.0 will not debut until late 2021.

Same Trick, New Dog: Securing Multi-cloud from the Start | IT Infrastructure Advice, Discussion, Community

There has been a palpable shift in multi-cloud excitement over the past 12 months. Where enterprise IT seemed to be still grappling with cloud strategies a couple of years ago, the focus has moved from how to get to cloud, to where to go with cloud. With varying enterprise needs and the surge in open technologies, it’s becoming clearer that multi-cloud is the endgame.

As the focus shifts from cloud to multi-cloud, a new layer of complexity emerges. Operating in a single context brings challenges, operating across multiple contexts magnifies them. And chief among those challenges? Multi-cloud security.

 Multi-cloud vs. Multiple Clouds

Before delving into multi-cloud security, it is important to make the distinction between multi-cloud and multiple clouds. The path to multi-cloud starts organically for most enterprises. In these early days of multi-cloud adoption, it’s not typically a deliberate strategy but rather the natural outcome of disparate cloud initiatives within a company. 

The premise of multi-cloud is that resources—regardless of where they reside—are managed as a single, cohesive infrastructure. It allows for diversity in the way applications are serviced while maintaining operational uniformity. Contrast that with multiple clouds, where each cloud (or application) is managed in an operational silo. 

 Operational Uniformity

The notion of operational uniformity is critical for maintaining security. 

Consider the current enterprise IT security climate. There are literally dozens of security solutions deployed in enterprises of even moderate size and complexity. The challenge is not only in deploying all these solutions but also in administering them in a way that is both cost-effective and consistently applied across the vast infrastructure sprawl that sits underneath.

As a company moves from one cloud to multi-cloud, the operational burden, and therefore the risk, increases. Maintaining a strong security posture is dependent on the consistent application of policy across each environment; adding more environments increases the level of complexity.

This means enterprises with multi-cloud strategies need to make security an upfront consideration. But perhaps more importantly, enterprises without multi-cloud strategies need to think about how their security practices will evolve alongside cloud adoption. Decisions made early that preclude multi-cloud operations will likely come back to haunt, and correcting course when operating under constraints or duress will be exponentially more difficult. 

 Alongside the Application

Coinciding with the cloud movement has been the move to microservices-oriented architectures. By breaking applications into smaller pieces and relying on distributed communications, enterprise IT has unlocked huge benefits that come with scale-out architectures – but this has also increased attack surfaces.

As infrastructure gets increasingly componentized, security must evolve. Having agents alongside applications to provide additional micro-segmentation is a useful means of adding to a layered security approach. In a multi-cloud world, this means layering security not just within a cloud but also across clouds. 

Of course, this creates additional operational overhead and requires thoughtful approaches to operational control so security mechanisms can be uniformly administered, regardless of underlying infrastructure. Essentially, security policy and control should sit above the enforcement points so that policy can be specified one time and applied everywhere.

Attackers do not care whether an application is in a virtual machine or container, in AWS or Azure. Candidly, neither should operators. 

Winter is Coming

During economic boom times, enterprises will float their IT spend higher to cope with growth. To some extent, this has enabled the security sprawl existing today. So long as budgets are flush, this is perhaps a sustainable approach.

But at some point, budgets will be constrained. At that moment, enterprises will be forced to choose between the CFO and the CISO. Do budget constraints dominate? Or do security concerns win?

In many ways, this is all true regardless of any move to cloud, but multi-cloud certainly exacerbates the situation. Enterprises will do well to consider the impacts of multi-cloud operations on security early. As any architect is painfully aware, designing for success is a much simpler path than course-correcting midway through. 

Source link

Wine 4.5 Released With Support For Vulkan 1.1, More Media Foundation APIs


Wine 4.5 is out today as the latest bi-weekly development release of this program for running Windows games/applications on Linux and other non-native platforms.

Notable to Wine 4.5 is support for Vulkan 1.1 now that its various enablement patches have landed. Previously this Vulkan 1.1 support was carried by the Valve Steam Play / Proton patches.

Wine 4.5 also presents better support for kernel objects in device drivers, more Media Foundation APIs have been implemented, support for SVG elements within MSHTML, and various bug fixes.

A total of 30 known bug fixes are in this latest release affecting SIMATIC WinCC, League of Legends, Solidworks 2016, Star Citizen, and other Windows software.

More details on today’s release via

Every Cloud Has a Silver Lining | IT Infrastructure Advice, Discussion, Community

Back in 1634 the optimist’s favorite saying was born out of a quote in John Milton’s Comus. His eloquent phrasing has become known to most of us as “every cloud has a silver lining.”

The proverbial optimism expressed in this idiom is one is almost ironic in today’s digital world when considering the role cloud plays today with respect to data privacy and integrity.

Consider how easy cloud has made it to collect, process, and store large amounts of data. Capacity and processing power alone have made cloud the de facto choice for applications targeting consumer interactions. This has been great for business, but terrible for privacy because “the business” extends from management to developers and then stops.

Unfortunately, cloud deployments have been absent traditional network, system and security operations that would have fought for architectures and controls that would have prevented every cloud breach our team of researchers at F5 Labs examined. How you wonder?  Because systems deployed in the cloud are being breached through the most basic failures. My favorite is the absence of operational security controls otherwise known as “open access”. No credentials are required to access an operational console; anyone can play if they know where the system lives.

Another favorite is the deliberate elimination of security controls on cloud-native storage systems. Typically, these controls are removed early on to facilitate faster development and testing. Sadly, the controls are never returned to a secure state, leaving buckets of data wide open for anyone with the ability to find them.

So, where’s the ‘silver lining’ in all this? On the consumer side, we are being given great visibility into the massive amounts of data about each of us being collected, who it’s used by, and for what purpose it’s used. If it wasn’t for cloud and the often-poor security practices that go along with them, we might never have known about middlemen like validators.

If you haven’t received a notification about the breach, you might be new to the Internet. Over 750 million (and they think there’s more) unique email addresses were exposed in February 2019 by the email address validation service. You probably didn’t realize they had access to your data, because they operate behind the scenes on behalf of other businesses. But every time you get an email to ‘verify your email address’ upon signing up for a service, it’s likely sent it. And apparently, they collected it – and data used to verify it – on their own systems. 

As consumers, we can shout and write letters and demand this situation be addressed. Aside from living off-grid, there isn’t much more we can do about it.

But business can and should do more about it. Not just to protect our privacy, but to ensure data integrity.

See, if the data is accessible by anyone that doesn’t just imply read access. It implies potential write access. Most folks are out there scooping our data to turn a quick buck, but eventually someone is going to turn that around and dirty up your data – or just delete it. That risk is real and because of the growing dependence of business on data to make decisions, the risk has increasingly damaging repercussions.

In the near future the majority of businesses will be data-driven. Their business and operational decisions will increasingly be made automatically by machines based on the zettabytes of data they hoard like dragons. Imagine losing it all in one simple command, executed by an unknown actor who had access because security practices were ignored or forgotten in the rush to release to market.

Operational and security ‘gates’ (checkpoints) exist to protect data from infiltration, infection, and exfiltration. Skipping them to gain speed is dangerous not only to your customers but to the business. At a minimum, you need to enforce two simple steps:

Lock the door: This is real-life translated to the digital world. Leaving a door unlocked in some neighborhoods is an invitation to come inside. In the cloud, that’s just as true. Make sure that every web, app, database, middleware, container orchestration, and storage system or service requires credentials to access administrative consoles.

Hide the key: You might hide a spare key somewhere outside just in case you lose your own keys. But you don’t leave it on top of the doormat or hanging in plain slight next to the door. So don’t hardcode credentials and other secrets (like keys and certs) and store them publicly. If you use a repository remember it’s not a key management store. Put into place best practices with respect to managing credentials and keys lest you end up on a list with Uber. 

Every cloud does have a silver lining. In the case of cloud-deployed systems that have exposed our data, that silver lining is that we know more about where and how these breaches occur. It’s an opportunity for the business to stand back and re-evaluate not just its own security practices, but that of its partners and suppliers of digital services.

But above all, make sure your cloud security practices exist and put them into place if they don’t.  


Source link