A nice writeup is here: https://www.cloudfoundry.org/blog/usn-6119-1-openssl-vulnerabilities/

I wrote before about how the Canonical TOS for Ubuntu Pro was odd. It was disappointing to see the following ad

The way to do it is to add a device to the LXC container of the form

devices:

    <localhsarename>:

          path: <hosting_server_path>

          type: disk

There are two ways to do it. 

1) From the command line. The manual states

Like many security professionals I use automation to watch for issues in systems I maintain.

I'm the IT-guy for my family and all our devices run Ubuntu. Older laptops have become various monitoring devices, or donated to organizations, etc. We have way more than 5 physical devices that I maintain for the family. (This article is not going to discuss the Ubuntu-based cloud, VM and container images I also maintain)

My typical setup was that the laptop and tablet devices were set for autoupdate and let them notify me on issues with upgrades. I could remote in and solve issues, etc....

An interesting integration issue that came up with a client with a Drupal site hosted on Plausible.io with a Gatsby module that tied into Github code which triggered a Vercel deployment into an integrated flat site with 3rd party code.

Drupal is a PHP-based content management server. 

Plausible.io is a javascript-based site-tracking module that (in this case) is managed by npm

Gastby is designed to take an entire Drupal site, flatten it into a node.js implementation. and then package it for delivery. In this case it too was managed by npm

Interesting issue with an integration between a new Salesforce application and a legacy enterprise application. The data from salesforce API was limited to 50 records at once so as a workaround the Salesforce team gave access via a SQL call which could send more records each time. Consuming the data came via GuzzleHTTP which absorbed the data from Salesforce and delivers as an object as a nested associative array. E.g.

A few tricks to optimize backups for QEMU/KVM virtual machines.

The phrase "many eyes gives better security" works in the open source world extremely well ... as long as you can make sure that all parts of the security model are available for independent review.

As soon as you hide any part of that, the "many eyes" security model no longer applies. Docker hides part of that process when they create the docker image and do not make available the vendor image from which the docker image was created.