Authorization and Authentication are both important aspects to secure development. Come check out our latest video in the secure development series and learn about often overlooked authorization events in your applications. The video also discusses Cross-Site Request Forgeries (CSRF), what they are and how to avoid them (e.g. OWASP CSRF Prevention Cheat Sheet).
The next secure development video is out! Come check out a quick video on the impact of numeric errors during your development process. The video covers such problems as Integer Overflows, and Array Index Errors (like Bounds Checking and Index Checking). You can also find more information about overflows and security in general at The Open Web Application Security Project (OWASP).
Continue reading Secure Development Series: Numeric Errors
As I stare at this blank screen to start writing my first blog entry I have that same feeling that so many developers have when starting with an unfamiliar programming language or application. The developers in our group realize that it is not easy starting from nothing and we strive to make it easier to productively use SystemTap to investigate performance problems.
Continue reading Starting with SystemTap
Software Developers always know they are supposed to be paying attention to security when they program. However, developers also know that without regular reminders both of the things they know and new threats, secure development practices can suffer.
Continue reading New Secure Development Video Series
Unfortunately, not every application is packaged for every distribution. What do you do when you can’t find it packaged for Red Hat Enterprise Linux? If you are like most people, you give up or attempt to install it from source. What happens when installing from source goes badly? If you are like most people, you definitely give up. How do you keep up with application improvements or, perhaps more importantly, security fixes? If you are like most people, you periodically try and check on the application status (especially when your version stops working 🙂 ), and then try and rebuild it. What is the solution to all of these issues? Proper packaging. Well, this post is meant to help you get started.
Continue reading “Getting Started with RPMs”
Recently, I needed to get Django installed with Python 2.7 on Red Hat Enterprise Linux 6. As this is not a directly supported activity, I wanted to document how I went about it. As you might imagine, the generally expected method for install would be to grab the Python 2.7 source tree and then build it. Obviously, that can be a lot of work; is not particularly repeatable; and, potentially, exposes you to more security flaws. As a result, I decided to try to leverage a “new’ish” technology developed (in the open) by Red Hat called Software Collections. An in depth discussion of Software Collections is for another post, for now we just need to know that Software Collections are rpms that contain all (or most) of their supporting libraries, install under /opt, are updatable through yum, and, the core software collections code (scl-utils) is supported by Red Hat. A number of collections have been created and released by the community at http://bit.ly/fedora-scl.
OK, getting started. I created a new VM using a RHEL 6.3 image on an instance of RHOS (Red Hat Open Stack),
Continue reading “Setting up Django and Python 2.7 on Red Hat Enterprise 6 the easy way”
This technical article covers a subtlety in C++ array allocation and how we changed the GNU C++ compiler to deal with it properly. When a programmer writes
T *p = new T;
the C++ compiler allocates room for at least three copies of objects of type T on the heap. These objects require 3 * sizeof(T) bytes. For this example, assume sizeof(T) is 12, then it is straightforward to allocate 36 bytes (for example, using malloc). But what happens if the array length is 3937053355 (or 16909515400900422315 on a 64-bit architecture)? Then 47244640260 bytes are required. This number cannot be expressed in 32-bits, so if 32-bit arithmetic is used to perform the multiplication, the result is a mere 4. Unless special care is taken, a C++ implementation will provide a pointer to a heap area that is much too small for holding the requested number of objects (4 bytes instead of 47244640260 bytes).
Continue reading “Array allocation in C++”
Are you missing out on opportunities to increase your applications’ performance? As an application developer building on Red Hat Enterprise Linux, you invest a lot of time and effort into making your applications compelling and useful for your users. You probably also want to see good performance. But beyond good design, careful algorithm selection and compiler optimizations, what can a developer use to boost their application performance?
1. The latest GCC release and associated tools
The very first thing a Red Hat Enterprise Linux developer should be aware of is the availability of Red Hat Developer Toolset. I described the content and architecture of this new offering from Red Hat in my last blog post. Developer Toolset 1.x gives you the gcc-4.7 toolchain, which, at the time of writing, is the current upstream major release.
Continue reading “7 ways to improve your application’s performance with the new Developer Toolset 1.1 release”
While Red Hat Enterprise Linux is known for its stability and flexibility, you might not think of it first when looking for the latest version of your web application framework. If you’re a developer working with Ruby and Ruby on Rails, you probably want to take advantage of their new features. Sure, you can use RVM, but sometimes you just want to get supported system packages.
Software Collections (often abbreviated as SCL) allows you to run more recent versions of software than what ships with your current version of Red Hat Enterprise Linux. This article will show you how to start development of a Rails 3.2 application running on Ruby 1.9.3 – all on RHEL 6, using only RPM packages, alongside your default Ruby installation. This tutorial assumes that you are familiar with Ruby on Rails basics, such as creating a new application and using bundler. It is also beneficial (although not necessary) to understand how Software Collections work in general.
Continue reading “Ruby on Rails 3.2 on Red Hat Enterprise Linux 6 with Software Collections”