NEWS
Samba Vulnerability Patched But Risk Is Bigger
The world barely recovered from the havoc caused by WannaCry ransomware before a new vulnerability was found in the open source Samba networking utility.
According to Samba.org, "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."
In pure open source tradition, the patch was released immediately, and most Linux distributions have pushed it into their repository.
The real-world situation is more grim than it appears. First, it's not a new bug. The bug has been lurking around for the past seven years, since version 3.5.0 was released in 2010. It exposes a serious problem in the Linux world: It doesn't have enough eyeballs to make all bugs shallow.
The second problem that makes this bug more problematic is that the open source reimplementation of Microsoft's SMB protocol, which was the culprit in the WannaCry ransomware, is used in every single product that offers any kind of file-sharing capability.
If you have a NAS device, media streaming box, or any device that offers file storage and sharing capability, then it's more than likely running Samba server on it. Despite running a Linux-based distribution, these devices are not designed for automatic updates and don't offer users an easy interface to update the packages.
At the same time, in most cases, vendors have no incentive to keep the devices patched, which leaves them vulnerable. If you are aware of this bug and you are running one of these devices, there is literally nothing you can do to fix it, other than unplugging it from the server. The best course of action is to keep an eye on the support site of the product and look for any updates. If updates are available, install them immediately.
Red Hat Announces OpenShift.io
Red Hat has created a cloud native developer tool called OpenShift.io, announced at Red Hat Summit, Boston.
The platform is based on Kubernetes, a Linux Foundation-hosted open source project. Built from Eclipse Che, fabric8, and Jenkins technologies, OpenShift.io provides developers with application development tools and the environments they need.
According to Red Hat, "OpenShift.io, combined with OpenShift Online, provides an integrated approach to DevOps, including all the tools a team needs to analyze, plan, create and deploy services."
The platform was created for team collaboration and offers real-time stack analysis, which helps development teams better detect critical vulnerabilities and uncommon usage patterns.
OpenShift.io enables developers to use the entire platform without a requirement to install anything locally, and their applications are built into Linux containers by default.
OpenShift.io also includes a free subscription to the Red Hat Developer Program, a no-cost Red Hat Enterprise Linux developer subscription, Red Hat JBoss Enterprise Middleware, and other Red Hat technologies. OpenShift.io is available in a limited developer preview.
Microsoft Bakes Linux into Windows Server
Microsoft is graduating to become a Linux vendor. It started with Microsoft introducing WSL (Windows Subsystem for Linux) for Windows 10, which was the company's attempt to help developers using Windows 10 manage their Linux machines on Azure cloud.
The company then worked with Docker not only to create Docker for Windows, but also to bring Docker containers to Linux servers, allowing customers to run more than 900,000 Linux containers on Windows Servers.
Now Microsoft is baking WSL into Windows Server. According to a Microsoft blog, "This unique combination allows developers and application administrators to use the same scripts, tools, procedures and container images they have been using for Linux containers on their Windows Server container host."
With Bash on Ubuntu for Windows Servers, IT professionals can now use *nix utilities on their Windows servers to manage Linux containers.
With this move, Microsoft is moving closer toward becoming a Linux provider. It must be noted that Microsoft already uses Linux as a core piece in its Azure cloud. The operating system for Azure Networking Switch runs on a Linux kernel.
MORE ONLINE
ADMIN HPC
http://hpc.admin-magazine.com/
SquashFS * Jeff Layton
In my life experience, I have found that people like to keep pretty much every piece of data that's ever crossed their hard drive.
Parallel I/O for HPC * Jeff Layton
Amdahl's law says that your application will only go as fast as its serial portion. As the application is run over more processors, the decrease in run time gets smaller.
ADMIN Online
http://www.admin-magazine.com/
Highly Available Hyper-V in Windows Server 2016 * Marc Grote
Most of the new features in Windows Server 2016 relate to Hyper-V. Microsoft has introduced numerous changes to make the product even more interesting to companies that have not used virtualization or are running an older version of Hyper-V.
Digital Signatures in Package Management * Tim Schürmann
Many distributions develop, test, build, and distribute their software via a heterogeneous zoo of servers, mirrors, and workstations that make central management and protection of the end product almost impossible.
Installing .NET on Linux * Thorsten Scherf
To understand .NET fully, it is a good idea to look at past events. Development on the NGWS included work on a framework that was officially released in 2002 as .NET 1.0.
« Previous 1 2
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
New Slimbook EVO with Raw AMD Ryzen Power
If you're looking for serious power in a 14" ultrabook that is powered by Linux, Slimbook has just the thing for you.
-
The Gnome Foundation Struggling to Stay Afloat
The foundation behind the Gnome desktop environment is having to go through some serious belt-tightening due to continued financial problems.
-
Thousands of Linux Servers Infected with Stealth Malware Since 2021
Perfctl is capable of remaining undetected, which makes it dangerous and hard to mitigate.
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.