»ALPACA is an Application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session.«
Example step-by-step guide for introducing data model changes.
In this 10-minute video, one of the authors summarizes the issues with silent silicon data corruption presented in their »Cores that don't count paper«.
Paper on SeKVM, a modified version of KVM, that guarantees data confidentiality and integrity.
The encrypted device company ANOM, developed and operated by the FBI, was used to route messages to an FBI-owned server and decrypted with a master key.
Incident Report on Fastly's service disruption this week.
Animated version control visualization tool.
Drop-in replacement to run your make targets inside a container.
»GNU poke is an interactive, extensible editor for binary data.«
gpg-tui is a GPG key management interface.
Alibaba's PolarDB extends PostgreSQL to become a share-nothing distributed database.
CentOS 8 (2105), based on the Red Hat Enterprise Linux 8.4 source code, was released.
SUSE released openSUSE Leap 15.3. The first release that shares sources and binaries with SUSE Linux Enterprise (SLE) and comes with new features and stability improvements.
Open Source Insights is an experimental service by Google to better understand the dependencies of open-source software packages. Currently, supported are Cargo (Rust), Go's module system, Maven (Java), and npm (Node.js).
This article gives insight into the workflows and tools Facebook is using to detect and address PCIe faults.
Christine Patton, Back End Engineer at SoundCloud, shares best practices for on-call work in this blog post.
Post on how the integration of password managers into other applications, especially web browsers, increases the attack surface significantly.
»Let's say you're building some form of appliance on top of general purpose x86 hardware. You want to be able to verify the software it's running hasn't been tampered with. What's the best approach with existing technology?«