1. The Fedora Weekly News Issue 114 (dated Dec. 31, 2007) describes three “SELinux Rants” along with the response from the Fedora community. Choice quote: “…suggested that rather than blame SELinux for complexity it was better to realize that it was describing the complex interactions between different pieces of software.” Personally, I disagree with this sentiment. I think that our tools should abstract away some of the complexity rather than reflecting the complexity up to the user. I understand that details get lost during abstraction which can be detrimental to security, but if there cannot be some level of secure abstraction, then the tool is not going to be usable by the average user/administrator. Thanks to Oisin Feeley for this excellent synopsis of the threads.

  2. The guru speaks to the Linux community: Interview with Bruce Schneier called Bruce Almighty: Schneier preaches security to Linux faithful (dated Dec. 27, 2007). Choice quotes: “Do you think that technologists sometimes forget about the human element generally when designing, developing, testing, implementing and/or maintaining systems? Sometimes? I think they forget almost all the time.” and “What will be the biggest security issues in the future? Crime. Crime, crime, crime. Everything else pales in comparison.”

  3. 11 open-source projects certified as secure: You can see my previous blog posting about quibbles with the way that the story is written, but ultimately this is great news for open source and well worth mentioning again. Here’s a good story about the same announcement (best story on the topic that I have seen in this round): Weeding Out Flaws in Open-Source Apps

  4. Data center robbery leads to new thinking on security is an interesting look at the data center break-in that occurred last October. Key quote: “‘The second someone crosses the line to armed robbery – [risking] a 25- to 50-year prison sentence -to steal some servers, we’re in different realm of security now,’ he said.”

  5. Top 10 security headlines from 2007. I would have thought that the British data loss on most families with children under the age of 16 would have made this list but it is not here.

  6. Yahoo tests support for OpenID. Key quote: “‘I expect Yahoo’s implementation to be a major influence in encouraging OpenID 2 adoption,’ wrote Simon Willison”.

In other news:

  1. KernelTrap’s story on Decoding Oops and the referenced emails from Linus Torvalds and Al Viro are worth studying closely.

  2. The Linux Foundation’s new podcast series Open Voices is off to a great start.

  3. Linux guru offers sneak peak at Kernel Report – Computerworld interviews Jonathan Corbet. Key quote: “I am confident that, five years from now, we will say that we were able to accept unprecedented amounts of new code at a sustained rate for years while improving the quality of the final product.”

  4. LWN.net: a ten-year timeline (part 1) LWN’s 10 year anniversary retrospective. (Subscriber only for 5 more days.) Interesting quote: “When Intel put money into Red Hat, it became clear to all that both Linux and Red Hat were headed toward success. This was, in some real sense, the point where Linux entered the dotcom bubble, though the real action was still a year away.”