As a general trend, we’re not getting faster software with more features. We’re getting faster hardware that runs slower software with the same features.
Source: Software disenchantment @ tonsky.me
16Gb Android phone was perfectly fine 3 years ago. Today with Android 8.1 it’s barely usable because each app has become at least twice as big for no apparent reason. There are no additional functions. They are not faster or more optimized. They don’t look different. They just…grow?
With the removal of old architecture and other bits of tidying up, with v4.17 RC1 there were more lines of code removed than added: something described as “probably a first. Ever. In the history of the universe. Or at least kernel releases.”
Source: Linus Torvalds says Linux kernel v5.0 ‘should be meaningless’
The attack worked first by getting Bogner’s malicious file quarantined by the AV program running on the targeted computer. The pentester then exploited vulnerabilities in the AV programs that allowed unprivileged users to restore the quarantined files. He further abused a Windows feature known as NTFS file junction point to force the restore operation to put his malicious file into a privileged directory of Bogner’s choosing. The technique took advantage of another Windows feature known as Dynamic Link Library search order. With that, Bogner’s malware ran with full privileges.
Source: How AV can open you to attacks that otherwise wouldn’t be possible | Ars Technica
Security is a massive topic, even if we reduce the scope to only browser-based web applications. These articles will be closer to a “best-of” than a comprehensive catalog of everything you need to know, but we hope it will provide a directed first step for developers who are trying to ramp up fast.
Source: The Basics of Web Application Security
It isn’t really as if the operating system ceases to exist. More to the point, it ceases to be a separate entity from the compiled application. A unikernel, therefore, is an indivisible unit of computing logic. As a microservice, it carries the promise of unlimited scalability. And as a virtual machine, it is designed to run under the Xen Type 1 (hardware-level) hypervisor.
Source: Docker’s Unikernel Purchase and the Changing Role of the OS
“Well, the problem with hammers is that there are so many different kinds. Sledge hammers, claw hammers, ball-peen hammers. What if you bought one kind of hammer and then realized that you needed a different kind of hammer later? You’d have to buy a separate hammer for your next task. As it turns out, most people really want a single hammer that can handle all of the different kinds of hammering tasks you might encounter in your life.”
Source: The Joel on Software Discussion Group (CLOSED) – Why I Hate Frameworks
How do you recognize a good API? It’s tough, but one thing is sure, a good interface allows easy swapping of components. If it doesn’t allow easy swapping of components, it’s not a good interface.
Source: 9 – systemD: Interfaces last longer than code – Slashdot
Throughout systemd there is a lack of understanding of proper interfaces. Making the GUI depend on a particular init system is a particularly obvious example of poor design, but the code was written from a ‘code first’ perspective rather than an ‘interface first’ perspective.
Cryptographic backdoors will not work. As a matter of technology, they are deeply incompatible with modern software platforms. And as a matter of policy and law, addressing those incompatibilities would require intolerable regulation of the technology sector. Any attempt to mandate backdoors will merely escalate an arms race, where usable and secure software stays a step ahead of the government.
The easiest way to understand the argument is to walk through a hypothetical. I’m going to use Android; much of the same analysis would apply to iOS or any other mobile platform.
Source: You Can’t Backdoor a Platform | Web Policy
What is Rocket?
Rocket is an alternative to the Docker runtime, designed for server environments with the most rigorous security and production requirements. Rocket is oriented around the App Container specification, a new set of simple and open specifications for a portable container format.
via CoreOS is building a container runtime, Rocket.