Fleet and flexible cgroups and Linux Containers
The big virtualization tools like KVM and Xen can’t compete on a small scale with resource-spare cgroups and Linux Containers.
Normally when I talk about virtualization in Linux, I go straight to system virtualization using tools like KVM or Xen, to name two. But some interesting options aren’t quite as well known. One such example is cgroups  and Linux Containers  (LXC), which sits on top of cgroups. In a nutshell, LXC uses cgroups to create a restricted view of the host operating system. Within the LXC guest environment, you can only see what the admin allows you to see of the host system; you can have a separate process space, for example and also create a separate filesystem for the guest.
So why would you want to use a technology like LXC instead of a full system virtualization platform like KVM or Xen? LXC has several advantages: For one thing, it has virtually no overhead, and it provides a degree of flexibility because of its ability to share resources between
different LXC guests. (I know, these seem counterintuitive because the goal is to segregate them from each other,) Also, LXC supports not only virtualizing a running instance of an operating system (more on this later) but also individual applications, for which devoting an entire virtual machine is overkill. To see a good example of this, you can read more about what Google is doing with ChromeOS .
Buy this article as PDF
Mozilla’s product think tank sinks silently into history.
TODO group will focus on open source tools in large-scale environments.
New tool will look like GParted but support a wider range of storage technologies.
New public key pinning feature will help prevent man-in-the-middle attacks.
Carnegie Mellon researchers say 3 million pages could fall down the phishing hole in the next year.
The US government rolls new best-practice rules for protecting SSH.
Klaus Knopper announces the latest version of his iconic Live Linux system.
All websites that use these popular CMS tools could be vulnerable to denial of service attacks if users don't install the updates.
According to a report, many potential victims of the Heartbleed attack have patched their systems, but few have cleaned up the crime scene to protect themselves from the effects of a previous intrusion.
DARPA and NICTA release the code for the ultra-secure microkernel system used in aerial drones.