NEWS
Samba Vulnerability Patched But Risk Is Bigger
The world barely recovered from the havoc caused by WannaCry ransomware before a new vulnerability was found in the open source Samba networking utility.
According to Samba.org, "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."
In pure open source tradition, the patch was released immediately, and most Linux distributions have pushed it into their repository.
The real-world situation is more grim than it appears. First, it's not a new bug. The bug has been lurking around for the past seven years, since version 3.5.0 was released in 2010. It exposes a serious problem in the Linux world: It doesn't have enough eyeballs to make all bugs shallow.
The second problem that makes this bug more problematic is that the open source reimplementation of Microsoft's SMB protocol, which was the culprit in the WannaCry ransomware, is used in every single product that offers any kind of file-sharing capability.
If you have a NAS device, media streaming box, or any device that offers file storage and sharing capability, then it's more than likely running Samba server on it. Despite running a Linux-based distribution, these devices are not designed for automatic updates and don't offer users an easy interface to update the packages.
At the same time, in most cases, vendors have no incentive to keep the devices patched, which leaves them vulnerable. If you are aware of this bug and you are running one of these devices, there is literally nothing you can do to fix it, other than unplugging it from the server. The best course of action is to keep an eye on the support site of the product and look for any updates. If updates are available, install them immediately.
Red Hat Announces OpenShift.io
Red Hat has created a cloud native developer tool called OpenShift.io, announced at Red Hat Summit, Boston.
The platform is based on Kubernetes, a Linux Foundation-hosted open source project. Built from Eclipse Che, fabric8, and Jenkins technologies, OpenShift.io provides developers with application development tools and the environments they need.
According to Red Hat, "OpenShift.io, combined with OpenShift Online, provides an integrated approach to DevOps, including all the tools a team needs to analyze, plan, create and deploy services."
The platform was created for team collaboration and offers real-time stack analysis, which helps development teams better detect critical vulnerabilities and uncommon usage patterns.
OpenShift.io enables developers to use the entire platform without a requirement to install anything locally, and their applications are built into Linux containers by default.
OpenShift.io also includes a free subscription to the Red Hat Developer Program, a no-cost Red Hat Enterprise Linux developer subscription, Red Hat JBoss Enterprise Middleware, and other Red Hat technologies. OpenShift.io is available in a limited developer preview.
Microsoft Bakes Linux into Windows Server
Microsoft is graduating to become a Linux vendor. It started with Microsoft introducing WSL (Windows Subsystem for Linux) for Windows 10, which was the company's attempt to help developers using Windows 10 manage their Linux machines on Azure cloud.
The company then worked with Docker not only to create Docker for Windows, but also to bring Docker containers to Linux servers, allowing customers to run more than 900,000 Linux containers on Windows Servers.
Now Microsoft is baking WSL into Windows Server. According to a Microsoft blog, "This unique combination allows developers and application administrators to use the same scripts, tools, procedures and container images they have been using for Linux containers on their Windows Server container host."
With Bash on Ubuntu for Windows Servers, IT professionals can now use *nix utilities on their Windows servers to manage Linux containers.
With this move, Microsoft is moving closer toward becoming a Linux provider. It must be noted that Microsoft already uses Linux as a core piece in its Azure cloud. The operating system for Azure Networking Switch runs on a Linux kernel.
MORE ONLINE
ADMIN HPC
http://hpc.admin-magazine.com/
SquashFS * Jeff Layton
In my life experience, I have found that people like to keep pretty much every piece of data that's ever crossed their hard drive.
Parallel I/O for HPC * Jeff Layton
Amdahl's law says that your application will only go as fast as its serial portion. As the application is run over more processors, the decrease in run time gets smaller.
ADMIN Online
http://www.admin-magazine.com/
Highly Available Hyper-V in Windows Server 2016 * Marc Grote
Most of the new features in Windows Server 2016 relate to Hyper-V. Microsoft has introduced numerous changes to make the product even more interesting to companies that have not used virtualization or are running an older version of Hyper-V.
Digital Signatures in Package Management * Tim Schürmann
Many distributions develop, test, build, and distribute their software via a heterogeneous zoo of servers, mirrors, and workstations that make central management and protection of the end product almost impossible.
Installing .NET on Linux * Thorsten Scherf
To understand .NET fully, it is a good idea to look at past events. Development on the NGWS included work on a framework that was officially released in 2002 as .NET 1.0.
« Previous 1 2
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Red Hat Adds New Deployment Option for Enterprise Linux Platforms
Red Hat has re-imagined enterprise Linux for an AI future with Image Mode.
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.