Simplicity is a form of art...

Securely handling libffi
by Sven Vermeulen, post on Sun 28 April 2013

I've recently came across libffi again. No, not because it was mentioned during the Gentoo Hardened online meeting, but because my /var/tmp wasn't mounted correctly, and emerge (actually python) uses libffi. Most users won't notice this, because libffi works behind the scenes. But when it fails, it fails bad …

Using strace to troubleshoot SELinux problems
by Sven Vermeulen, post on Wed 24 April 2013

When SELinux is playing tricks on you, you can just "allow" whatever it wants to do, but that is not always an option: sometimes, there is no denial in sight because the problem lays within SELinux-aware applications (applications that might change their behavior based on what the policy sais or …