Severe OpenSSL security vulnerability announced

Web server administrators should take notice of a “severe” vulnerability that computer scientists have discovered in OpenSSL, the free and open source encryption software package for Linux and Unix-like systems.

The bug is in OpenSSL’s cryptographic library and vulnerability allows attackers to retrieve a server’s cryptographic key, leaving any secure transactions, such as banking and sales, exposed to the attacker. Hundreds of thousands (perhaps even millions) of businesses, banks, and other enterprise-level institutions depend on SSL encryption security, particularly that of OpenSSL.

Those who discovered it said that the attack is difficult to execute, but administrators should still be cautious. An OpenSSL spokesperson said that they are already working on a solution and will release a patch for the software. Furthermore, an attack requires access to the power source of the device, making it unlikely that an attacker could exploit a server, since most attack remotely.

Source: The Register
Photo: Ivan Petrov

What is BSD?

Question: I have heard of Unix and Linux, but what is BSD?

Answer: BSD commonly refers to the the UNIX-like operating system developed at the University of California, Berkley in 1977. It predates Linux and has been used in Unix server environments for decades, in response to the licensing issues of the original and much more expensive AT&T Unix.

Since the original release, several derivatives have emerged, including FreeBSD, NetBSD, OpenBSD, and to some extent, Darwin, which is the underlying backend of Mac OS X. All BSD variants are licensed under a permissive license, which allows for integration with proprietary software. As such it has become useful to both small businesses and large corporations.

Many web hosting companies use BSD-powered servers, and it offers the same security and stability that is expected from UNIX. Most Linux-based software has been ported to BSD, making it virtually indistinguishable to the casual observer. Moreover, BSD systems are known for their long uptimes, and some web hosting experts prefer them over other UNIX variants.

Photo Source: Flickr

VMware buys SpringSource for US$420M

VMware announced today that it plans to purchase SpringSource, a leader in cloud computing application management. VMware specializes in virtualization and intends to extend their reach naturally into cloud computing. The deal will reportedly involve US$362 million in cash and equity, as well as US$58 million in stock options.

The goal of the alliance is to solidify VMware’s offering of platform-as-a-service, providing customers with integrated SpringSource Software and VMware’s vSphere cloud operating system. SpringSource also offers open source products and has a strong open source developer community base that VMware intends to honor and continue to support.

In a blog post, CEO Rod Johnson explained the opportunities as IT transforms itself. He wrote:
“The way in which people think about software stacks is changing. Virtualization is reshaping the data center, and cloud computing is set to drive far-reaching changes. Significantly, cloud computing blurs the division between development and operations, bringing new power (and responsibility) to developers…

SpringSource specializes in enterprise Java applications, including development support for Apache Tomcat, the open source Java application server. They also provide support for Apache HTTP Server, a web server application used by more web hosting companies than any other. VMware expects to finalize the deal in the third quarter of this year.

Source: ZDNet Asia
Photo: Flickr

Asia, Europe will ride the cloud faster, says Microsoft

According to Allison Watson, corporate vice president for Microsoft’s worldwide partner group — there is a mouthful — businesses in Asia and Europe seem to be more willing to adopt their Business Productivity Online Suite (BPOS) — another mouthful — faster than those in the U.S. This international market, Watson believes, is more conducive to a “digitally-connected environment”.

In recent months, cloud computing has raised some serious question marks with a number of high-profile outages by Amazon and Google. Nevertheless, the hype or reality, depending on your perspective, is growing unabated. Microsoft has added its hat into the pile with the announcement of Windows Azure, a cloud computing services platform.

Microsoft’s technology will essentially allow businesses to grow their own clouds and offer those services to their customers. Naturally, the company seems confident that this is a good thing and that companies in Europe and Asia are prime candidates for being their guinea pigs. Watson promises that SaaS (software-as-a-service) will bring Microsoft customers big revenue. Time will tell if that big revenue is accompanied with big headaches.

Source: ZDNet Asia
Photo: Flickr

Sun's dying declarations

As the setting of Sun Microsystems nears and the company prepares to be absorbed into Oracle, Sun is wheeling and dealing to make sure its server hardware survives the acquisition. IBM and HP have been busy offering Sun customers deals to leave their hardware and Unix-like operating system, Solaris for their “more reliable” alternatives.

Sun is firing back with its own series of deals. Sun is offering up deals for servers running Sparc64-VII processors. If you buy one of these quad-core servers, they throw in the chassis for free and a 20 percent trade-in allowance. According to them, this could save you $600,000, although there are no public prices available for these “big iron” servers. They are also offering deals on many of their smaller servers, including ones running on Opteron Instanbul processors.

Sun Microsystems is known for its Sparc hardware as well as software ranging from the MySQL database server to Java. Recently, Sun’s shareholders voted to approve a deal that will hand over the company to Oracle. The media and Web have circulated with speculation about the future of both its hardware and software.

Source: The Register
Photo: Flickr

Researchers virtualize 1 million Linux kernels

Villains beware. Researchers at Sandia National Laboratories have created the mother of all supercomputers that could be used in the fight against botnets and other massive computer attacks. Their supercomputer, called Thunderbird is made up of a 4,480-node high performance cluster. Each cluster ran 250 virtual machines, each running the Linux kernel, for a total of 1.12 million.

Prior to this feat, the best they could manage was a measly 20,000 kernels. Aside from the huge Enemy Territory bot army you could create, the virtualized kernels could be used for more real-world uses like modeling climate change, developing new medicine, and monitoring large cyberattacks.

“Eventually, we would like to be able to emulate the computer network of a small nation, or even one as large as the U.S., in order to ‘virtualize’ and monitor a cyberattack,” [Ron] Minnich said in a statement.

A botnet is an automated malware program that is unknowingly installed on user computers throughout the world, sometimes numbering in the thousands. The bots collectively strike at a predetermined time, wreaking havoc on computer networks, even large ones. Running virtualized clusters will allow researchers to study the botnet behavior in a closed environment.

Source: ZDnetAsia
Photo: Sandia.gov

Urgent exploit found in BIND

A DoS (denial of service) security bug has been found in BIND, and the Internet Systems Consortium (ISC) is recommending that users upgrade immediately. BIND, which stands for Berkeley Internet Name Domain is the most widely used and accepted DNS server. Most Linux and other Unix-like server run BIND, and therefore, most web hosting servers are potentially at risk.

An attacker would need to send a “specially-crafted” update message to a DNS zone, causing the entire server to crash. There are no workarounds for the bug, according o ISC, and the only way to fix the problem is to upgrade from the affected version (Bind 9) to one of the versions listed on their site.

Web hosting servers running Linux distributions normally receive security updates directly from their distributions’ repositories. It will be up to major server-based Linux vendors like Redhat and Novell to distribute the security patches in a timely fashion. ISC is the organization responsible for maintaining BIND. It is a non-profit organization.

Source: ISC
Photo: Flickr

HP reduces number of data centers from 85 to 6

In the increasingly competitive IT industry, companies are always looking for ways to cut costs. Three years ago, HP embarked on a plan that is has recently completed to reduce its data center locations from 85 to 6.

No doubt a lot of system admins lost their jobs as a result of the change. HP reports it cut its IT expenditures in half from 4% to 2% of their annual budget. For a company that earned £71.4 billion ($118 billion USD) in revenue last year, that’s a lot of money. Whereas before 70% of the technology budget was used for maintaining old systems, 80% now goes towards implementing new innovations.

The tech giant is currently working with other companies to implement similar cost-cutting schemes, all of which involve HP hardware, of course. It would be great if these huge savings were passed on to customers, but I’m not holding my breath for anything.

Source | eWeek.com

Microsoft embraces the GPL

For years Microsoft has moaned about the evils and dangers of Linux, the GPL, and free and open source software in general. CEO Steve Ballmer notably once called Linux a “cancer”. That was in 2001. Since then, Linux’s share of the server market has grown, chipping away at the old Unix dominance and leaving Microsoft scrambling for solutions.

Microsoft could not make Linux go away. Instead they have begun to make deals with companies like Novell and Redhat. In an age where virtualization is commonplace in data centers, and the number of servers a company can afford to run shrinks, Microsoft has done the unthinkable. They released 20,000 lines of code under the GPL, in the form of drivers that are expected to be added to the Linux kernel.

Their motives are clear. They need interoperability between Linux and their Hyper-V server virtualization technology. They would much rather prefer people run Windows servers and then run Linux in virtual machines than the reverse, relying on Xen or KVM technology built into Linux or VMWare. Nevertheless, it is a hug step, one that will surely have the open source community talking, and perhaps laughing at the old days when Microsoft thought Linux would die quietly.

Source: ZDnet
Photo: SXC

Wind Powered Data Center

A Texas-based company called Baryonyx will soon create a wind-powered data center. They were awarded three energy leases for a total of 46,000 acres. It seems many companies are more willing to consider renewable energy sources and green technology as it becomes more practical and affordable. Those who have struggled to convince them of that should rejoice at this news.

Although Baryonyx will primarily rely on wind energy, they also intend to use hydrogen fuel cells and solar power whenever wind energy is low or unavailable. The data center will be 28,000 square feet and will be powered by 100 wind turbines, which will generate 3.3 megawats of power to power their servers. Part of their lease money will go to help support Texas schools, an added bonus for Texas residents.

“With these leases, we’re turning green power into green cash for the state’s Permanent School Fund,” said Jerry Patterson, Commissioner of the Texas General Land Office. “It’s not just sustainable energy to power our businesses, it’s sustainable funding for public education.”

Baryonyx’ management team features energy industry veterans, most of whom hail from the UK.

Source: Data Center Knowledge
Photo: Flickr