The IBM i operating system is proprietary; its Licensed Internal Code (LIC) is private, and good luck getting into the innards of DB2 for i. But for all the top-secret code running in an IBM i server, there's a surprising amount of open source technology available for the platform, too. Here are the top seven open source products every IBM i shop should have, or at least be aware of.
These products are in no particular order. But we would be remiss if we didn't start with the big one from IBM itself.
Docker aims to directly integrate storage capabilities into its container engine, while still leaving room for organizations to choose other storage technologies.
Docker Inc. announced on December 6 that it is acquiring privately-held distributed storage vendor Infinit. Financial terms of the deal are not being publicly disclosed.
For almost three months, Internet-of-things botnets built by software called Mirai have been a driving force behind a new breed of attacks so powerful they threaten the Internet as we know it. Now, a new botnet is emerging that could soon magnify or even rival that threat.
The as-yet unnamed botnet was first detected on November 23, the day before the US Thanksgiving holiday. For exactly 8.5 hours, it delivered a non-stop stream of junk traffic to undisclosed targets, according to this post published Friday by content delivery network CloudFlare. Every day for the next six days at roughly the same time, the same network pumped out an almost identical barrage, which is aimed at a small number of targets mostly on the US West Coast. More recently, the attacks have run for 24 hours at a time.
The developers of open source webmail package Roundcube want sysadmins to push in a patch, because a bug in versions prior to 1.2.3 let an attacker crash it remotely – by sending what looks like valid e-mail data.
The authors overlooked sanitising the fifth argument (the _from parameter) in mail() – and that meant someone only needed to compose an e-mail with malicious info in that argument to attack Roundcube.
Roundcube posted a patch to GitHub at the end of November, and issued a version 1.2.3 here.
Yet another industry survey has flagged open source software that according to one estimate accounts for half of the global code base as a growing security threat. Moreover, a review released by Flexera Software also found that the very security products designed to protect IT infrastructure are themselves riddled with vulnerabilities embedded in open source software.
"That was one of the reasons why we chose an open-source model. We want be open, want people to trust us, want to overcome that barrier they have in mind, those strong beliefs that there's nothing but Microsoft Office, that nothing better could be created. We won't change our mind about open source."
Bannov says he ultimately sees OnlyOffice becoming a firm that provides consulting, technical support and remote managed services to companies using its open-source products.
Today, December 7, 2016, Collabora Productivity, through Michael Meeks, is proud to inform Softpedia about the general availability of the long anticipated Collabora Online 2.0 office suite based on the LibreOffice, Nextcloud, and ownCloud technologies.
After being in development for the past six months, Collabora Online 2.0 is finally here as the powerful cloud-based office suite that promises to protect users' privacy and freedom of expression while editing various documents formats online. Collabora Online is mainly targeted at the enterprise world, hosting and cloud businesses.
Ubuntu OTA-14, the latest over the air update to Ubuntu phone and tablet, has begun to roll out to supported devices. “This time not so many changes released in overall but with the goal of introducing less regressions,” says Canonical’s Lukasz Zemczak in the release announcement mailing list post.
The MacBook Pro introduction in October caused unusually negative reactions among professional users due to the realization that Apple no longer caters equally to casual and professional customers as it had in the past [YouTube video]. Instead, the company appears to be following an iOS-focused, margin-driven strategy that essentially relegates professionals to a fringe group. This has well-known developers such as Salvatore Sanfilippo (of the Redis project) consider a move back to Linux. Perhaps that's a good moment to look at the current state of Mac hardware support in the kernel. While Macs are x86 systems, they possess various custom chips and undocumented quirks that the community needs to painstakingly reverse-engineer.
There is an interesting subset of Linux users that prefer to run it on a Mac. Yes, a Mac. That might seem odd given how Apple is known for its closed ecosystems and high cost hardware, but the Linux on Mac folks really do exist out there.
But how well does the Linux kernel support Mac hardware? LWN.net has a “state of the union” article for Linux on the Mac that could be quite helpful if you are thinking about installing Linux on your Mac.
There is yet another new Linux kernel vulnerability being disclosed today that allows for unprivileged processes to gain kernel code execution abilities.
This new vulnerability is CVE-2016-8655 but it doesn't seem to be getting too much attention yet. CVE-2016-8655 comes down to a race condition within the af_packet.c code for gaining local root access. The researcher that found it was able to write an exploit to gain root shell on an Ubuntu 16.04 LTS system and defeats SMEP/SMAP protection too.
Just a quick note: on recent versions of systemd it is relatively easy to block the vulnerability described in CVE-2016-8655 for individual services.
Since systemd release v211 there's an option RestrictAddressFamilies= for service unit files which takes away the right to create sockets of specific address families for processes of the service. In your unit file, add RestrictAddressFamilies=~AF_PACKET to the [Service] section to make AF_PACKET unavailable to it (i.e. a blacklist), which is sufficient to close the attack path. Safer of course is a whitelist of address families whch you can define by dropping the ~ character from the assignment. Here's a trivial example: