UK Government declares Linux the most secure option…

While only achieving a 9 out of twelve score in the study of the following areas:

  • VPN
  • Disk Encryption
  • Authentication
  • Secure Boot
  • Platform Integrity and Sandboxing
  • Application Whitelisting
  • Malicious Code Detection and Prevention
  • Security Policy Enforcement
  • External Interface Protection
  • Device Update Policy
  • Event Collection for Enterprise Analysis
  • Incident Response

Linux still beat Windows 7 of 12 and Mac OSX’s 8 of 12.  A full synopsis can be found here from TechRepublic.  Remember though no OS scored a perfect score and 9 out of 12 is still only a C.  So there is plenty of room for everyone to improve.

Cool Presentation on capacity planning…

Have you ever wondered how people plan for the capacity of a system?  This presentation tries to explain how to do it.  It is definitely an art, but the tools used here will help you learn how to do it with logic and reason rather than hopeful optimism.  That should help you keep from under or over sizing the systems you build in the future.

Is cron really meeting your scheduling needs?

The folks over at Airbnb were frustrated with how good old cron was not really managing their scheduled jobs.  To limit the frustration they built Chronos.  This week they decided to open source it.  It’s built on a Java project from the Apache Project Incubator called Mesos and Maven as the backend.

For those who haven’t used it cron is about the simplest scheduling you can do.  Cron works great for kicking off things like backups and basic reporting.  Where cron starts to fail is when you want to do complex jobs that know to start things on a previous jobs success or manage the number of jobs that are running.  The logging and reporting of cron failures is generally pretty rough.  So facing these issues the team decided to write their own replacement.  They additionally needed it to be able to run on multiple machines. 

They started building the system, simple and with functional GUI to make management and reporting easier.  To be redundant a server is chosen to be the “Leader” which keeps track and hands out work to through their API.  If you do connect to a machine that isn’t the “Leader” your request is redirected to the “Leader”.  If the “Leader” goes down a new “Leader” is elected.  The jobs can have defences and can be run in parallel.  The jobs themselves are written in interrupted BASH Shell commands.  It tries it’s best to be flexible and not overly complicated.

If you are looking for a package to manage distributed schedules this one is defiantly worth a look.  Here you can find a good demo talk about how they got to where they are. There are closed source options but they tend to be very complex.  So this is a really nice addition to the open source world.

Turnkey Linux turns everything up to 12 on their 4th B-Day…

The guys over at Turnkey Linux have released version 12 of their awesome server appliance core platform.  They also added 60+ new appliances.  If you haven’t given them a shot I highly suggest it especially if you are new to Linux.  Heck I am an old time Linux user and love the ability to just download an appliance like the one they that comes setup with the Redmine project management server and Git, Bazaar, Mercurial and Subversion SCM.  Everyone of them is setup and ready for you to use.  Just download the appliance in any of 7 formats from ISO images to OpenVZ VMs and so much in between.  The best feature I have come to love and rely on is their server back and migration tool.  They call it TKLBAM – AKA the TurnKey Linux Backup and Migration system.  It allows you to take any currently existing system and back it up to S3.  Then restore the backup to a new machine leaving you in the same state but on updated software.  All the benefits but none of the pain.  It’s an awesome idea and works well.  Watch for a full review and description of my experience coming soon. 

One really import change is their migration away from Ubuntu to Debian.  Check out the article for a very clear description and explanation of why.  The reasons are sound and hopefully the right people are listening.

Most of all though we would like to wish them a Happy 4th B-Day.  Let’s hope there are plenty more in their future.

Java Zero Day Attach and it affects Linux…

This comes from our guest host Greg Martin on Google+:

Java 0-day being exploited in the wild. There have been confirmed infections on Windows-based computers but it’s possible to compromise a Mac or Linux system as well. Currently the only recommendation for mitigation is to completely disable Java.

Links for thought:

Ars Technica article: http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/

In-depth breakdown of the exploit (technical with mildly poor English): http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html

Proof-of-concept for the exploit (actual source code): http://pastie.org/pastes/4594319/text

There are also some claims that Oracle have known about the vulnerabilities for some time. https://www.pcworld.com/businesscenter/article/261612/oracle_knew_about_currently_exploited_java_vulnerabilities_for_months_researcher_says.html

I’m currently testing this out on my system (Linux) to see if I can get it to work.