March 22, 2013
Let's face it, sometimes slides are painful There are some common issues when I gave presentations: Will my slides file be recognized by the shared computer at the venue? How to share slides with all audiences using different OS? Most important one, how to make my slides smooth and attractive? For the first two questions, PDF might be an acceptable answer. I can upload it to slideshare.net and give out a link to audiences. But everyone knows that's not good...
March 8, 2013
The next secure development video is out! Come check out a quick video on the impact of numeric errors during your development process. The video covers such problems as Integer Overflows, and Array Index Errors (like Bounds Checking and Index Checking). You can also find more information about overflows and security in general at The Open Web Application Security Project (OWASP). Please leave us your feedback or suggestions for other secure development topics you would like to see covered.
March 7, 2013
As I stare at this blank screen to start writing my first blog entry I have that same feeling that so many developers have when starting with an unfamiliar programming language or application. The developers in our group realize that it is not easy starting from nothing and we strive to make it easier to productively use SystemTap to investigate performance problems. A starting point for anyone's first use of SystemTap is the SystemTap Beginners Guide on the Red Hat...
February 25, 2013
Software Developers always know they are supposed to be paying attention to security when they program. However, developers also know that without regular reminders both of the things they know and new threats, secure development practices can suffer. As a result, you might find the new series of videos from the Red Hat Product Security Team useful. The first two videos cover that age old topic, “Input Validation” with the first video a bit of an intro and covering XSS...
February 22, 2013
Unfortunately, not every application is packaged for every distribution. What do you do when you can't find it packaged for Red Hat Enterprise Linux? If you are like most people, you give up or attempt to install it from source. What happens when installing from source goes badly? If you are like most people, you definitely give up. How do you keep up with application improvements or, perhaps more importantly, security fixes? If you are like most people, you periodically...
February 14, 2013
Recently, I needed to get Django installed with Python 2.7 on Red Hat Enterprise Linux 6. As this is not a directly supported activity, I wanted to document how I went about it. As you might imagine, the generally expected method for install would be to grab the Python 2.7 source tree and then build it. Obviously, that can be a lot of work; is not particularly repeatable; and, potentially, exposes you to more security flaws. As a result, I...
February 12, 2013
This technical article covers a subtlety in C++ array allocation and how we changed the GNU C++ compiler to deal with it properly. When a programmer writes T *p = new T;the C++ compiler allocates room for at least three copies of objects of type T on the heap. These objects require 3 * sizeof(T) bytes. For this example, assume sizeof(T) is 12, then it is straightforward to allocate 36 bytes (for example, using malloc). But what happens if the...
February 4, 2013
Are you missing out on opportunities to increase your applications' performance? As an application developer building on Red Hat Enterprise Linux, you invest a lot of time and effort into making your applications compelling and useful for your users. You probably also want to see good performance. But beyond good design, careful algorithm selection and compiler optimizations, what can a developer use to boost their application performance? 1. The latest GCC release and associated tools The very first thing a...
January 31, 2013
While Red Hat Enterprise Linux is known for its stability and flexibility, you might not think of it first when looking for the latest version of your web application framework. If you're a developer working with Ruby and Ruby on Rails, you probably want to take advantage of their new features. Sure, you can use RVM, but sometimes you just want to get supported system packages. Software Collections (often abbreviated as SCL) allows you to run more recent versions of...
January 28, 2013
Did you ever wish you had newer versions of the software on your Red Hat Enterprise Linux machines? You are probably not alone. Providing new versions of software in rpm is hard, because rpm supports only one version installed on your computer at a time. Multiple versions on one machine can conflict with each other or create unpredictable behaviour in applications that you might not have considered dependencies. Last year, we developed Software Collections to allow you to install newer...