Article from Issue 173/2015

Updates on technologies, trends, and tools

Red Hat Announces EnterpriseOpenStack Platform 6

Red Hat has announced the availability of Red Hat Enterprise Linux OpenStack Platform 6. The Red Hat OpenStack Platform is intended to provide a foundation for operating in OpenStack-based cloud environments. The platform is designed as a production-ready cloud solution for any environment, but Red Hat is especially targeting customers who have existing Red Hat networks and would like a seamless, well-integrated way to include more cloud technologies.

New features in Version 6 include IPv6 support, support for multi-LDAP back ends, and deeper integration with Ceph storage technology. According to the press release, "Interoperability and ease of use continue to be at the forefront, starting with updates to Red Hat's intuitive graphical installer and management tools that create greater efficiency and reduce the complexities of a cloud deployment." Red Hat says it has more than 275 certified OpenStack partners, with more than 1,000 solutions certified for use with the Enterprise OpenStack platform.

See the Red Hat Enterprise OpenStack Platform 6 release notes for more information.

Linux Gets Live Kernel Patching

Linux developer Jiri Kosina announced on the Linux Kernel mailing list that the code for a unified Live kernel patching feature is available for final review and possible inclusion in the Linux kernel. Live patching allows the kernel to receive patches without rebooting. This technology is especially useful for commercial web servers and other highly available systems in environments where downtime is particularly disruptive. The new feature results from a collaboration between Red Hat and SUSE.

An open source tool known as Ksplice was previously the tool of choice for providing live patching for Linux systems. Ksplice was acquired by Oracle in 2011, and since then, Oracle has implemented Ksplice as a service and used it for supporting its own Oracle Linux distribution – with little or no effort to offer access to other Linux versions.

According to the blog post, Red Hat and SUSE started working on their own alternatives independently, and both SUSE's kGraft and Red Hat's Kpatch appeared in 2013. The two companies decided in 2014 to join forces and submit their code directly to the Linux kernel team, rather than applying it after the fact as "out-of-tree" code.

The new live-patch kernel code is available for review from top kernel maintainer Linus Torvalds, who must rule on the quality and suitability of the code before including it in future versions of the Linux kernel. The new feature is thought to be on track for integration in Linux kernel version 3.20, which, according to some reports, might actually be renamed Linux 4.0.

Microsoft Frees CoreCLR

Microsoft took the next step in the gradual open sourcing of its .NET platform with the announcement that they are releasing the CoreCLR execution engine under the MIT license. The announcement follows the previous release of some of the core .NET libraries. According to a blog post from the .NET team, ".NET Core is a modular implementation of .NET that can be used as the base stack for a wide variety of scenarios … from console utilities to web apps in the cloud." The developers described their strategy for the Core .NET release in a previous blog post, pointing out some differences between the Core .NET released to open source and the classic .NET framework.

The announcement states, "You can check out the CoreCLR sources, fork, clone, and build. We have released the complete CoreCLR implementation."

New Trojan Attacks Linux Servers

The Dr. Web security group has announced the discovery of a multipurpose trojan that targets Linux server systems. The trojan, which is known as Xnote, is designed to implement several botnet-style attacks. Xnote does not break into a system by itself but is, instead, delivered to the victim's computer after the attackers have already established a root SSL connection by other means.

Once in place, Xnote takes several steps to conceal itself, such as making a copy of itself and deleting the original. Once it settles in, Xnote then sends information about the victim's system to a remote command and control server and waits for further instructions. If instructed to do so, Xnote can launch a SYN Flood, UDP Flood, HTTP Flood, or NTP Amplification attack. Xnote can also create and rename files and directories, accept files from the command and control server, start a SOCKS proxy, and communicate with the remote server through a hidden shell.

Researchers suspect Xnote was created by the Chinese hacker group ChinaZ.

Cisco Releases Annual Security Report

Cisco has released its annual report on the state of IT security. This year's report details some interesting new developments, such as a trend among spammers to opt for lower volume "snowshoe" attacks, which use more compromised hosts to send fewer spam messages. Spam is increasingly being sent through botnets of compromised home PCs, rather than commandeered high-volume mail servers.

The report states that only 10% of all IE browsers are adequately patched. (Chrome and Firefox fared much better but are still associated with a large number of unpatched browsers.)

The heyday of Java exploits appears to be over, at least for now, with no known zero-day Java exploits appearing last year. Flash and IE were favorite targets, but Cisco also warns about increasing attention to Apache Struts web app framework and Silverlight.

In an interview with the Register, Cisco security expert Anthony Stitt states that one of the lessons of this year's study is that chief security officers are often "overconfident" about their level of protection.

Stitt also notes that some old problems well known to the community still go unpatched. "Heartbleed is still out there … with something like 56% of SSL instances that we saw hadn't been patched … 56% of OpenSSL versions are over 4.5 years old."

Zero Day Exploits Target Flash

Adobe engineers worked overtime the past two weeks to restore security (and public confidence) in the ubiquitous Adobe Flash, which has been in the news recently with some high-profile zero-day exploits.

Adobe announced a patch on January 22 for a recent vulnerability (CVE-2015-0310) based on faulty memory protection. The patch applies to Windows, Mac OS, and Linux systems. According to security expert Kafeine, the exploit has already been integrated into the latest versions of the Angler exploit kit, a universal tool used by attackers. The attack was apparently used to install versions of the Bedep, a malware tool used for ad fraud.

The version of the attack detected in the wild appeared to focus on IE and Windows systems and could even compromise a fully updated version of Windows 8.1. However, researchers could not rule out the possibility of the attack being used with Mac and Linux systems as well. A later version of Angler appears to have been adapted to attack Firefox as well.

A related exploit (CVE-2015-0311) was also discovered in the wild and patched through a second emergency fix a week later.

Users are advised to install the patches as soon as possible.

Most Malware Alerts are Erroneous

A study by Ponemon Institute concludes that inaccurate malware alerts burn up valuable IT time and prevent the investigation of more serious threats. According to the report, which was commissioned by the security company Damballa, a large enterprise company can receive up to 17,000 malware alerts in a single week. These companies spent an average of 395 person-hours per week "chasing erroneous alerts."

This huge allotment of time for investigating non-problems means that an average of only 198.8 hours per week remained for investigating real threats. The report estimates only about 19% of all malware threats are reliable, and the cost of investigating erroneous threats can average $1.27 million annually.

The time and expense necessary for chasing unreliable alerts means that only 4% of all alerts are adequately investigated.

glibc Vulnerability Puts CertainLinux Systems at Risk

Security experts at Qualys announced the discovery of a vulnerability in the glibc library that affects the library's gethostbyname functions. Because glibc is built into so many open source applications, the number of vulnerable systems and applications is unknown. The problem, dubbed GHOST, is based on a buffer overflow and is immune from many built-in defenses, including malloc hardening and no-execute safeguards.

Qualys expressed alarm about the attack but pointed out that not all glibc-based applications are affected. Tests show that Apache, CUPS, GnuPG, ISC-DHCP, MariaDB, MySQL, OpenLDAP, Samba, and many other common tools are not vulnerable – either because they don't use the vulnerable functions or because they have developed their own solutions.

The most alarming discovery so far is that the Exim mail server, which is the default mail transfer agent for Debian, actually IS vulnerable.

Interestingly, a glibc patch released in May 2013 fixed the problem, but it was not billed as a security update and thus was not incorporated in many major distros, including Debian.

After the initial announcement of the GHOST vulnerability, other security experts have said the problem isn't as widespread as first imagined. Although they recommend patching as soon as possible, some commentators have observed that GHOST requires the functions to be used in a specific way within the application, and they point out that the afflicted functions within the library were already considered out of date by many programmers. Cisco has announced that its systems aren't vulnerable because the gethostbyname functions do not support IPv6 and thus have been deprecated for Cisco routers for around 15 years.

Qualys worked with Linux vendors to develop security patches before the public announcement. Linux users are advised to update their systems.

LibreOffice 4.4 Arrives

The Document Foundation has announced the release of LibreOffice 4.4.

The free LibreOffice project began as a fork of OpenOffice and has since become the default productivity suite for many Linux systems, as well a leading contender for enterprise companies that would rather avoid the licensing fees associated with Microsoft Office. The latest release comes with several features that enhance interoperability with Microsoft products, including improved import filters for Visio, Microsoft Publisher, and Microsoft Works files. The new release also adds support for Windows OpenGL transitions.

LibreOffice also gets new support for digitally signing PDF files, new editing features for the Impress presentation tool, and enhanced change tracking.

LibreOffice design leader Jan "Kendy" Holesovsky calls the latest release "the most beautiful ever." According to Holesovsky, the design team has "completed the dialog conversion, redesigned menu bars, context menus, toolbars, status bars to make them much more useful."

LibreOffice 4.4 is available right now at the LibreOffice website. Linux users can also wait for the new release to arrive soon at their distro's package repository system.

Deflategate Reaches HPC

The deflated football scandal that has enthralled US sports fans for the past several weeks is also starting to enthrall the HPC community. The scandal transpired after the AFC championship football game on January 18 between the New England Patriots and the Indianapolis Colts, when it was determined that the footballs used by the Patriots were below the league minimum inflation. In a recent post at the ANSYS website, ANSYS Director of Product Management Barry Christenson describes a study performed by the ANSYS AIM simulation environment to determine whether a change of pressure form 12.5 to 10.5 psi will make the ball easier to throw or catch.

According to the report, "… we modeled the pressure points of a human hand on the exterior of a football that represents a throwing configuration and force. This allowed us to simulate the difference in deformation that a 2psi pressure would create. The result? Not much. The difference in deformation between the two pressures was less that 1mm, keeping the quarterback's 'squeeze' imprint at roughly 5mm. The same applied to a receiver's catch. In a world of players wearing tacky rubberized football gloves, the 'softness' difference is negligible."

While they had the model up and running, the ANSYS team also looked at the aerodynamics of a football spiraling in flight and determined that a wobbly football thrown at just 10 degrees off its axis has 20% more drag.

Some of the comments after the post indicate that more work needs to be done, or at least, more needs to be written, asking, "What is the Reynold's number? And is it a RANS, LES, DES, or DNS calculation? And how is the texture of the ball modeled?"

Lest they be accused of bias, the ANSYS teams points out their office is based outside of Pittsburgh, so they don't favor the Patriots and are, instead, Pittsburgh Steelers fans.

More Online

Linux Pro Magazine

Off the Beat * Bruce Byfield

The Long Twilight of 32-Bit Computing

Stephen Smoogen has withdrawn his proposal that Fedora release only a 64 bit version, apologizing and claiming that it "was meant to be absurd." Still, the change is only a matter of time in all distributions. The only surprising thing is that the transition from 32- to 64-bit computing has taken so long.

The Wikipedia Backlash

So that's what a backlash looks like. Understanding the politics of Wikipedia is hard for an outsider. However, that's my first reaction to the news that Wikimedia's arbitration committee has banned five feminist editors from working on articles about gender while leaving their opponents mostly untouched.

Why Projects Need Task-Based Documentation

Documentation in free software has improved immensely in the last 15 years. However, far too much of it stops with descriptions of menus and dialog windows instead of being structured by tasks and user workflow.

Paw Prints * Jon "maddog" Hall

What Makes a Man? What I Studied for a Career in Computer Science

I was recently asked by a 15-year-old Brazilian friend what courses I took in school that influenced my profession. This is a very good question for a young man to ask, so I thought I would take the time to answer him in my blog.

Productivity Sauce * Dmitri Popov

Check Bash Shell Scripts for Errors with ShellCheck

Before you run a Bash shell script, it's always a good idea to check it for possible errors and inconsistencies, and the handy ShellCheck tool can help you to identify the most common culprits.

Use Shaarli as a No-Frills Microblogging Platform

Shaarli is first and foremost a tool for managing bookmarks, but this application has a rather clever trick up its sleeve: It allows you to create bookmarks without URLs.


Stat-like Command-Line Tools for Admins * Jeff Layton

ASCII tools can be life savers when they provide the only access you have to a misbehaving server. However, once you're on the node what do you do? In this article, we look at stat-like tools: vmstat, dstat, and mpstat.

ADMIN Online

Coordinating Distributed Systems with ZooKeeper * Konrad Giæver Beiske

Anyone who manages many clusters should be meticulous in ensuring that organized processes prevail in the distributed server zoo.

Up Close with SLES 12 * Martin Loschwitz

The latest new version of SUSE Linux Enterprise Server offers some promising new features for admins.

Security After Heartbleed -- OpenSSL and Its Alternatives * Martin Loschwitz and Markus Feilner

The Heartbleed bug shocked the security community and seriously damaged the reputation of OpenSSL. Luckily, alternatives such as LibreSSL, PolarSSL, and GnuTLS are waiting in the wings.

Creating SmartOS Zones Using UCARP * Alessio Ciregia

Learn how to create highly available SmartOS zones using UCARP.

Zentyal Server 3.5 * Erik Bärwaldt

Some users may struggle when setting up various services, such as web servers, email servers, firewalls, and the like. Zentyal simplifies configuration of all those things, thanks to its intuitive user interface.

Lean on Logwatch * Chris Binnie

Logging is of such importance in security monitoring and troubleshooting that easy access to the information buried in logfiles is essential. The Logwatch tool monitors logs and analyzes and reports on activities of interest as specified in configuration files.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More