Language Selection

English French German Italian Portuguese Spanish

Server

Rackspace Launches Linux for Ladies Training Program

Filed under
GNU
Linux
Server

At the Women in Tech Networking event at South by Southwest Interactive last week, Rackspace Hosting launched its new training program, Linux for Ladies, aimed at helping women get top jobs in the IT industry.

Read more ►

Cyber criminals capture 25,000 Unix servers

Filed under
Server
Security

Security boffins at ESET, in collaboration with CERT-Bund, the Swedish National Infrastructure for Computing as well as other agencies, have found a cybercriminal campaign that has taken control of over 25,000 Unix servers worldwide.

Dubbed "Operation Windigo" it has resulted in infected servers sending out millions of spam emails which are designed to hijack servers, infect the computers that visit them, and steal information.

Read more ►

ownCloud @ Chemnitzer Linuxtage 2014

Filed under
Server

Last weekend Daniel, Arthur, Morris and me were in Chemnitz where the Chemnitzer Linuxtage 2014 took place. We drove a booth during the two days, the CLT host around 60 boothes of companies and FOSS projects. I like to go to the CLT because it is perfectly organized with great enthusiasm of everybody involved from the organisation team. Food, schedules, the venue, everything is perfect.

Even on saturday morning, short after opening of the event, somebody from the orga team was showing up on the booth with chocolate for the volunteers, saying hello and asking if everything is in place for a successful weekend. A small detail, which shows how much effort is put into organization of the event.

Read more ►

CASE STUDY: Kiwi fruit distributor freshens up with Linux

Filed under
GNU
Linux
Server

T&G, whose majority stakeholder is German agricultural giant BayWa, has a network of over 41,000 square metres of storage facilities, a global distribution network covering sales, marketing, and logistics, and a passionate, experienced team, who are intent on ensuring that the produce that customers receive, are as fresh as the day it was harvested.

More

Do-it-yourself corporate cloud with ownCloud 6 Enterprise Edition

Filed under
Server

OwnCloud, the company behind the open-source ownCloud Community Edition, announced on March 11 what the business claims is the "only fully self-hosted enterprise-ready file sync and share software, ownCloud 6 Enterprise Edition."

Read more ►

Linux cloud world's best kept secret DigitalOcean just bagged $37m

Filed under
GNU
Linux
Server

Cut-price virtual-server hosting biz DigitalOcean has banked a whopping $37.2m from Andreessen Horowitz and other valley investors.

The mammoth series-A funding round was announced on Thursday and will give the 50-person company the funds it needs to aggressively hire talented developers and expand globally, while keeping its Linux cloud server prices as low as $5 a month.

Read more ►

pCell is only as good as the Linux it runs on

Filed under
GNU
Linux
Server

Typically with new technologies like this the inventors haven’t thought much about security or they rely on a small installed base to keep the product or service under the radar of the bad guys. But pCell, for all it’s high tech loveliness, is a Software Defined Network proudly running in a data center on plain old Linux servers.

Read more ►

Ubuntu is the most used OS for production OpenStack deployments

Filed under
Linux
Server
Ubuntu

According to an official OpenStack User Survey Ubuntu is the most used Operating System for production deployment of OpenStack. OpenStack is an Open Source project to build a framework for the creation of cloud platforms, predominately Infrastructure as a Service (IaaS) platforms. The survey found that Ubuntu accounts for 55% of the host Operating Systems used for OpenStack deployments, CentOS accounts for 24% and Red Hat for 10%. These results are not completely surprising as Canonical invests heavily in Ubuntu’s OpenStack development, it was one of the founding members of The OpenStack Foundation and is a Platinum Sponsor of the foundation.

Read more ►

IBM's Mike Day: KVM More Visible Through Collaboration

Filed under
GNU
Linux
Server

About a year ago IBM doubled down on its commitment to the open source cloud, announcing that all of its cloud offerings would be built on OpenStack and renewing its investments in KVM, the Linux-based kernel virtual machine. Since then, both projects have undergone major changes, including the move last fall of KVM and the Open Virtualization Alliance (OVA) to become a Linux Foundation Collaborative Project.

Read more ►

IBM places billion dollar bet on BlueMix PaaS cloud

Filed under
Server

IBM believes it's making a safe bet by opening its middleware stack to its SoftLayer Platform-as-a-Service (PaaS) cloud. They'd better be. Big Blue's putting a billion dollars on the table.

Read more ►

Syndicate content

More in Tux Machines

Android Leftovers

Kernel Articles at LWN (Paywall Just Expired)

  • Filesystem sandboxing with eBPF

    Bijlani is focused on a specific type of sandbox: a filesystem sandbox. The idea is to restrict access to sensitive data when running these untrusted programs. The rules would need to be dynamic as the restrictions might need to change based on the program being run. Some examples he gave were to restrict access to the ~/.ssh/id_rsa* files or to only allow access to files of a specific type (e.g. only *.pdf for a PDF reader). He went through some of the existing solutions to show why they did not solve his problem, comparing them on five attributes: allowing dynamic policies, usable by unprivileged users, providing fine-grained control, meeting the security needs for running untrusted code, and avoiding excessive performance overhead. Unix discretionary access control (DAC)—file permissions, essentially—is available to unprivileged users, but fails most of the other measures. Most importantly, it does not suffice to keep untrusted code from accessing files owned by the user running the code. SELinux mandatory access control (MAC) does check most of the boxes (as can be seen in the talk slides [PDF]), but is not available to unprivileged users. Namespaces (or chroot()) can be used to isolate filesystems and parts of filesystems, but cannot enforce security policies, he said. Using LD_PRELOAD to intercept calls to filesystem operations (e.g. open() or write()) is a way for unprivileged users to enforce dynamic policies, but it can be bypassed fairly easily. System calls can be invoked directly, rather than going through the library calls, or files can be mapped with mmap(), which will allow I/O to the files without making system calls. Similarly, ptrace() can be used, but it suffers from time-of-check-to-time-of-use (TOCTTOU) races, which would allow the security protections to be bypassed.

  • Generalizing address-space isolation

    Linux systems have traditionally run with a single address space that is shared by user and kernel space. That changed with the advent of the Meltdown vulnerability, which forced the merging of kernel page-table isolation (KPTI) at the end of 2017. But, Mike Rapoport said during his 2019 Open Source Summit Europe talk, that may not be the end of the story for address-space isolation. There is a good case to be made for increasing the separation of address spaces, but implementing that may require some fundamental changes in how kernel memory management works. Currently, Linux systems still use a single address space, at least when they are running in kernel mode. It is efficient and convenient to have everything visible, but there are security benefits to be had from splitting the address space apart. Memory that is not actually mapped is a lot harder for an attacker to get at. The first step in that direction was KPTI. It has performance costs, especially around transitions between user and kernel space, but there was no other option that would address the Meltdown problem. For many, that's all the address-space isolation they would like to see, but that hasn't stopped Rapoport from working to expand its use.

  • Identifying buggy patches with machine learning

    The stable kernel releases are meant to contain as many important fixes as possible; to that end, the stable maintainers have been making use of a machine-learning system to identify patches that should be considered for a stable update. This exercise has had some success but, at the 2019 Open Source Summit Europe, Sasha Levin asked whether this process could be improved further. Might it be possible for a machine-learning system to identify patches that create bugs and intercept them, so that the fixes never become necessary? Any kernel patch that fixes a bug, Levin began, should include a tag marking it for the stable updates. Relying on that tag turns out to miss a lot of important fixes, though. About 3-4% of the mainline patch stream was being marked, but the number of patches that should be put into the stable releases is closer to 20% of the total. Rather than try to get developers to mark more patches, he developed his machine-learning system to identify fixes in the mainline patch stream automatically and queue them for manual review. This system uses a number of heuristics, he said. If the changelog contains language like "fixes" or "causes a panic", it's likely to be an important fix. Shorter patches tend to be candidates.

  • Next steps for kernel workflow improvement

    The kernel project's email-based development process is well established and has some strong defenders, but it is also showing its age. At the 2019 Kernel Maintainers Summit, it became clear that the kernel's processes are much in need of updating, and that the maintainers are beginning to understand that. It is one thing, though, to establish goals for an improved process; it is another to actually implement that process and convince developers to use it. At the 2019 Open Source Summit Europe, a group of 20 or so maintainers and developers met in the corner of a noisy exhibition hall to try to work out what some of the first steps in that direction might be. The meeting was organized and led by Konstantin Ryabitsev, who is in charge of kernel.org (among other responsibilities) at the Linux Foundation (LF). Developing the kernel by emailing patches is suboptimal, he said, especially when it comes to dovetailing with continuous-integration (CI) processes, but it still works well for many kernel developers. Any new processes will have to coexist with the old, or they will not be adopted. There are, it seems, some resources at the LF that can be directed toward improving the kernel's development processes, especially if it is clear that this work is something that the community wants.

Server Leftovers

  • Knative at 1: New Changes, New Opportunities

    This summer marked the one-year anniversary of Knative, an open-source project that provides the fundamental building blocks for serverless workloads in Kubernetes. In its relatively short life (so far), Knative is already delivering on its promise to boost organizations’ ability to leverage serverless and FaaS (functions as a service). Knative isn’t the only serverless offering for Kubernetes, but it has become a de-facto standard because it arguably has a richer set of features and can be integrated more smoothly than the competition. And the Knative project continues to evolve to address businesses’ changing needs. In the last year alone, the platform has seen many improvements, giving organizations looking to expand their use of Kubernetes through serverless new choices, new considerations and new opportunities.

  • Redis Labs Leverages Kubernetes to Automate Database Recovery

    Redis Labs today announced it has enhanced the Operator software for deploying its database on Kubernetes clusters to include an automatic cluster recovery that enables customers to manage a stateful service as if it were stateless. Announced at Redis Day, the latest version of Kubernetes Operator for Redis Enterprise makes it possible to spin up a new instance of a Redis database in minutes. Howard Ting, chief marketing officer for Redis Labs, says as Kubernetes has continued to gain traction, it became apparent that IT organizations need tools to provision Redis Enterprise for Kubernetes clusters. That requirement led Redis Labs to embrace Operator software for Kubernetes developed by CoreOS, which has since been acquired by Red Hat. IT teams can either opt to recover databases manually using Kubernetes Operator or configure the tool to recover databases automatically anytime a database goes offline. In either case, he says, all datasets are loaded and balanced across the cluster without any need for manual workflows.

  • Dare to Transform IT with SUSE Global Services

Audiocasts/Shows: FLOSS Weekly and Linux Headlines

  • FLOSS Weekly 555: Emissions API

    Emissions API is easy to access satellite-based emission data for everyone. The project strives to create an application interface that lowers the barrier to use the data for visualization and/or analysis.

  • 2019-11-13 | Linux Headlines

    It’s time to update your kernel again as yet more Intel security issues come to light, good news for container management and self-hosted collaboration, and Brave is finally ready for production.