The Security Benefits of RPM Packaging

RPM Package Manager (RPM) was created to deliver software to workstations and servers. Besides being an efficient software delivery mechanism, RPM also provides security features that assist system administrators with managing their software and trusting the code that is going into their infrastructure.

What is an RPM?

RPM is a package management system that bundles software source code or binaries together for easy installation on a computer. These files are tracked and allow for easy installation, upgrading, and removal. Since the RPMs have been built specifically for the operating system and platform they are installed on, the software is expected to operate in a predictable and consistent manner.

RPMs not only make it easy for the user to install software on their computer but also for the developer to deliver the software. RPMs makes it easy to pull in dependencies, other bits of code needed by the software to function properly, and to provide updates to the software in question. The ability to apply patches for security fixes makes RPMs an especially good tool for maintaining secure computer environments as code fixes can easily be verified by system administrators prior to installation.

Continue reading “The Security Benefits of RPM Packaging”


Red Hat Developer Program

With Red Hat’s many successful product level developer programs for JBoss, OpenShift, Red Hat Enterprise Linux, etc., plus a bunch more available with upstream communities, we’re working on complementing these offerings with an all-Red Hat developer program that introduces developers, ISV and SaaS players, and others to Red Hat’s robust developer portfolio.

Continue reading Red Hat Developer Program


Secure Development Series: Security Mentality

A new video focused on the “Security Mentality” in the secure programming series has been released. Some interesting things are covered about how developers think about security and why they accidentally introduce security flaws into their systems. As a corollary to Bruce Schneier’s law, Josh offers “Any developer can build an application so secure that he or she cannot exploit it.” Please watch the videos for some ideas about cheating and about how to avoid the biases in your own thinking. As a bonus, you can find out a number of ways to hide 100 digits of Pi :). Also, there is a surprise quiz in this video, remember to think “outside the box!” Part 1 and Part 2.


Unleashing Power of WebSockets on RHEL 6

WebSockets are a rising technology that solves one of the great needs of web development – full duplex communication between a browser (or a different client) and a server.

Let’s imagine a simple scenario – live web chat. In the past, you’d probably use AJAX and polling to make new posts appear in realtime. The downside is that implementing all that is not entirely easy and it tends to put a lot of strain on the server.

This article will show you how to implement a simple web chat using WebSockets, thus eliminating the above problems. We will be using the Tornado web server with the Flask framework, producing a pure Python solution. To get the maximum out of Python 2.x, we will utilize the python27 Software Collection (SCL). We will also need a newer version of Firefox that supports WebSocket technology, so that we can test from the RHEL 6 machine that we’re developing on.

Continue reading “Unleashing Power of WebSockets on RHEL 6”


Secure Development Series: Numeric Errors

The next secure development video is out! Come check out a quick video on the impact of numeric errors during your development process. The video covers such problems as Integer Overflows, and Array Index Errors (like Bounds Checking and Index Checking). You can also find more information about overflows and security in general at The Open Web Application Security Project (OWASP).

Continue reading Secure Development Series: Numeric Errors


Starting with SystemTap

As I stare at this blank screen to start writing my first blog entry I have that same feeling that so many developers have when starting with an unfamiliar programming language or application.  The developers in our group realize that it is not easy starting from nothing and we strive to make it easier to productively use SystemTap to investigate performance problems.

Continue reading Starting with SystemTap