Introducing Docker Secrets Management

Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware – it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps.

A critical element of building safer apps is having a secure way of communicating with other apps and systems, something that often requires credentials, tokens, passwords and other types of confidential information—usually referred to as application secrets. We are excited to introduce Docker Secrets, a container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform.

With containers, applications are now dynamic and portable across multiple environments. This  made existing secrets distribution solutions inadequate because they were largely designed for static environments. Unfortunately, this led to an increase in mismanagement of application secrets, making it common to find insecure, home-grown solutions, such as embedding secrets into version control systems like GitHub, or other equally bad—bolted on point solutions as an afterthought.

Introducing Docker Secrets Management

We fundamentally believe that apps are safer if Continue reading

Introducing Docker Datacenter on 1.13 with Secrets, Security Scanning, Content Cache and more

It’s another exciting day with a new release of Docker Datacenter (DDC) on 1.13. This release includes loads of new features around app services, security, image distribution and usability.  

Check out the upcoming webinar on Feb 16th for a demo of all the latest features.

Let’s dig into some of the new features:

Integrated Secrets Management

This release of Docker Datacenter includes integrated support for secrets management from development all the way to production.

This feature allows users to store confidential data (e.g. passwords, certificates) securely on the cluster and inject these secrets to a service. Developers can reference the secrets needed by different services in the familiar Compose file format and handoff to IT for deployment in production. Check out the blog post on Docker secrets management for more details on implementation. DDC integrates secrets and adds several enterprise-grade enhancements, including lifecycle management and deployment of secrets in the UI, label-based granular access control for enhanced security, and auditing users’ access to secrets via syslog.

Image Security Scanning and Vulnerability Monitoring

Another element of delivering safer apps is around the ability to ensure trusted delivery of the code that makes up that app. In addition to Continue reading

Cisco grows cloud menu, brings Microsoft Azure Stack into UCS

Cisco today said it would expand its hybrid cloud offerings by integrating Microsoft Azure Stack into its Unified Computing System. The turnkey package, officially known as the Cisco Integrated Solution for Microsoft Azure Stack, grows Cisco’s Microsoft portfolio and let application developers and IT managers more easily deploy, manage and grow enterprise applications. Azure Stack expands Cisco’s hybrid cloud offerings for customers who want the advantages of a single API for private and public cloud applications. +More on Network World: Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances+To read this article in full or to leave a comment, please click here

Cisco grows cloud menu, brings Microsoft Azure Stack into UCS

Cisco today said it would expand its hybrid cloud offerings by integrating Microsoft Azure Stack into its Unified Computing System. The turnkey package, officially known as the Cisco Integrated Solution for Microsoft Azure Stack, grows Cisco’s Microsoft portfolio and let application developers and IT managers more easily deploy, manage and grow enterprise applications. Azure Stack expands Cisco’s hybrid cloud offerings for customers who want the advantages of a single API for private and public cloud applications. +More on Network World: Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances+To read this article in full or to leave a comment, please click here

Microsoft readies Vista for retirement

Microsoft will stop all support for Windows Vista in two months, ending the problem-plagued operating system's usefulness when it issues final patches on April 11.The OS won't be missed: According to analytics vendor Net Applications, which estimated user share by counting unique visitors to tens of thousands of websites, Vista ran on less than 1% of all personal computers powered by Windows last month. Still, even that small percentage translated into approximately 14 million PCs when using Microsoft's claim that 1.5 billion devices run Windows.Vista was never a break-out hit for Microsoft, as were both its Windows XP predecessor and its successor, Windows 7.To read this article in full or to leave a comment, please click here

Facebook shareholders would have uphill climb ousting Zuckerberg from board

A move by a watchdog group and a small group of shareholders to oust Facebook CEO Mark Zuckerberg from his post as chairman would be an uphill battle that would be unlikely to succeed and could hurt the company, analysts said.It would completely destabilize Facebook," said Patrick Moorhead, an analyst with Moor Insights & Strategy. "Zuckerberg still makes most of the key decisions and without him it would be a major risk… I don't see a single piece of upside in removing Zuckerberg from the board."It's also unclear whether Zuckerberg could even be removed as chairman, since any shareholder vote would be advisory only.The proposal is being led by Facebook shareholders who are members of SumOfUs, an international consumer watchdog group focused on "curbing the growing power of corporations."To read this article in full or to leave a comment, please click here

Kim Stevenson’s exit from Intel hints at problems in the PC business

Kim Stevenson, who served as the second-in-command at Intel’s PC chip division, has left the company after just six months in her new role.Stevenson tweeted last week that she had left the company after serving more than seven years at Intel, and she would move “on to new adventures.”  She served as the chief operating officer for its Client and Internet of Things Business and Systems Architecture group—a catchall for Intel’s consumer-focused products, including its traditional PC business. Stevenson reported to Murthy Renduchintala, the group’s president. LinkedIn Kim Stevenson has left Intel for "new adventures."ent.To read this article in full or to leave a comment, please click here

Samsung Galaxy S8: What we know so far

Samsung is expected to announce its next flagship smartphone, the Galaxy S8, in April, but it looks like we won't have to wait that long to see the final product. Evan Blass from VentureBeat, who has a reputation for reporting legitimate smartphone leaks, published images last week showing the designs of the two forthcoming Samsung Galaxy S8 models.Based on the images, it looks like past reports from The Guardian were correct: The new Galaxy S8 will be available in two sizes, featuring thin bezels allowing for more screen real-estate than the Galaxy Note 7 in a smaller form factor.To read this article in full or to leave a comment, please click here

PHP vs. Node.js: An epic battle for developer mind share

It’s a classic Hollywood plot: the battle between two old friends who went separate ways. Often the friction begins when one pal sparks an interest in what had always been the other pal’s unspoken domain. In the programming language version of this movie, it’s the introduction of Node.js that turns the buddy flick into a grudge match: PHP and JavaScript, two partners who once ruled the internet together but now duke it out for the mind share of developers.In the old days, the partnership was simple. JavaScript handled little details on the browser, while PHP managed all the server-side tasks between port 80 and MySQL. It was a happy union that continues to support many crucial parts of the internet. Between WordPress, Drupal, and Facebook, people can hardly go a minute on the web without running into PHP.To read this article in full or to leave a comment, please click here

What cyberinsurance gotchas companies must be ready for

Insurance challengesImage by ThinkstockBusinesses shelled out $2 billion in cyber insurance premiums in 2015 but current projections show that astronomical growth rates will result in a market of over $20 billion by 2025. The single biggest challenge faced by insurance companies today is the lack of actuarial data on cyber attacks which makes pricing these cyber insurance policies very difficult. As a result, insurance companies are increasingly resorting to other methods to assist them in more accurately pricing these policies which is good news for them but which will result in a number of challenges for businesses.To read this article in full or to leave a comment, please click here

What cyberinsurance gotchas companies must be ready for

Insurance challengesImage by ThinkstockBusinesses shelled out $2 billion in cyber insurance premiums in 2015 but current projections show that astronomical growth rates will result in a market of over $20 billion by 2025. The single biggest challenge faced by insurance companies today is the lack of actuarial data on cyber attacks which makes pricing these cyber insurance policies very difficult. As a result, insurance companies are increasingly resorting to other methods to assist them in more accurately pricing these policies which is good news for them but which will result in a number of challenges for businesses.To read this article in full or to leave a comment, please click here

Can the FTC save the IoT?

Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here

Can the FTC save the IoT?

Nobody in the IT industry would argue that the Internet of Things (IoT) is becoming more secure. Pretty much the opposite.But not for lack of effort. There have been multiple, ongoing initiatives over the past decade, both public and private. There have been dire warnings, publication of various standards and best practices, technology improvements, legislation to encourage threat information sharing and exhortations from government agencies, congressional committees, security firms and conference speakers.Unfortunately, none of them has worked very well so far.In spite of some of the best minds and technology improvements in the world focused on it, most of the IoT’s billions and billions of connected devices remain catastrophically insecure, lacking what experts call the most basic “security hygiene.” The flaws include hard-coded credentials, simple and default user names and passwords and the lack of any way to patch or update exploitable vulnerabilities.To read this article in full or to leave a comment, please click here

Integration of a Go service with systemd

Unlike other programming languages, Go’s runtime doesn’t provide a way to reliably daemonize a service. A system daemon has to supply this functionality. Most distributions ship systemd which would fit the bill. A correct integration with systemd is quite straightforward. There are two interesting aspects: readiness & liveness.

As an example, we will daemonize this service whose goal is to answer requests with nifty 404 errors:

package main

import (
    "log"
    "net"
    "net/http"
)

func main() {
    l, err := net.Listen("tcp", ":8081")
    if err != nil {
        log.Panicf("cannot listen: %s", err)
    }
    http.Serve(l, nil)
}

You can build it with go build 404.go.

Here is the service file, 404.service1:

[Unit]
Description=404 micro-service

[Service]
Type=notify
ExecStart=/usr/bin/404
WatchdogSec=30s
Restart=on-failure

[Install]
WantedBy=multi-user.target

Readiness

The classic way for an Unix daemon to signal its readiness is to daemonize. Technically, this is done by calling fork(2) twice (which also serves other intents). This is a very common task and the BSD systems, as well as some other C libraries, supply a daemon(3) Continue reading

Oracle settling with ex-worker over alleged fiddling of cloud accounts

Oracle has informed a federal court that it is settling a lawsuit in which a former employee had charged that she had been terminated from her job for refusing to go along with accounting principles that she did not consider lawful.In a joint submission Wednesday to the U.S. District Court for the Northern District of California, lawyers for Oracle and the former employee Svetlana Blackburn asked for the vacation of a case management conference scheduled for Thursday, while submitting a notice of settlement to notify the court “that the lawsuit has been settled in principle, and to request thirty (30) days in which to file a dismissal.”The lawsuit had drawn interest amid concern that companies could be dressing up their cloud revenue in a highly competitive environment. Gartner, for example, warned in December 2015, that “assessing vendor cloud revenue claims has become more challenging, with many vendors' IT-related businesses being complicated and nuanced.”To read this article in full or to leave a comment, please click here

Zingbox launches IoT protection for business

Zingbox, a cloud-based, internet-of-things security startup, is coming out with its first product that it says can tell good IoT behavior from bad and sends alerts when it finds activity outside the norm. Called Guardian, the solution consists of a virtual appliance that gathers and processes network traffic data and sends it to the Zingbox cloud, where it is analyzed for anomalies. When they are found, it can send alerts to security staff or intervene automatically via integration with firewalls, says May Wang, a founder of the company and its CTO.To read this article in full or to leave a comment, please click here