Archive for the ‘linux’ Category
ZFS on Linux 0.8 (ZoL) brought tons of new features and performance improvements when it was released on May 23. They came after Delphix announced that it was migrating its own product to Linux back in March 2018. We'll go over some of the most exciting May features (like ZFS native encryption) here today.
For the full list—including both new features and performance improvements not covered here—you can visit the ZoL 0.8.0 release on Github. (Note that ZoL 0.8.1 was released last week, but since ZFS on Linux follows semantic versioning, it's a bugfix release only.)
Unfortunately for Ubuntu fans, these new features won't show up in Canonical's repositories for quite some time—October 2019's forthcoming interim release, Eoan Ermine, is still showing 0.7.12 in its repos. We can hope that Ubuntu 20.04 LTS (which has yet to be named) will incorporate the 0.8.x branch, but there's no official word so far; if you're running Ubuntu 18.04 (or later) and absolutely cannot wait, the widely-used Jonathon F PPA has 0.8.1 available. Debian has 0.8.0 in its experimental repo, Arch Linux has 0.8.1 in its zfs-dkms AUR package, and Gentoo has 0.8.1 in testing at sys-fs/zfs. Users of other Linux distributions can find instructions for building packages directly from master at https://zfsonlinux.org/.
The Linux and FreeBSD operating systems contain newly discovered vulnerabilities that make it easy for hackers to remotely crash servers and disrupt communications, researchers have warned. OS distributors are advising users to install patches when available or to make system settings that lower the chances of successful exploits.
The most severe of the vulnerabilities, dubbed SACK Panic, can be exploited by sending a specially crafted sequence of TCP Selective ACKnowledgements to a vulnerable computer or server. The system will respond by crashing, or in the parlance of engineers, entering a kernel panic. Successful exploitation of this vulnerability, tracked as CVE-2019-11477, results in a remote denial of service (DoS).
A second vulnerability also works by sending a series of malicious SACKs that consumes computing resources of the vulnerable system. Exploits most commonly work by fragmenting a queue reserved for retransmitting TCP packets. In some OS versions, attackers can cause what’s known as an “expensive linked-list walk for subsequent SACKs.” This can result in additional fragmentation, which has been dubbed “SACK slowness.” Exploitation of this vulnerability, tracked as CVE-2019-11478, drastically degrades system performance and may eventually cause a complete DoS.
A recently patched vulnerability in text editors preinstalled in a variety of Linux distributions allows hackers to take control of computers when users open a malicious text file. The latest version of Apple’s macOS is continuing to use a vulnerable version, although attacks only work when users have changed a default setting that enables a feature called modelines.
Vim and its forked derivative, NeoVim, contained a flaw that resided in modelines. This feature lets users specify window dimensions and other custom options near the start or end of a text file. While modelines restricts the commands available and runs them inside a sandbox that’s cordoned off from the operating system, researcher Armin Razmjou noticed the source! command (including the bang on the end) bypassed that protection.
“It reads and executes commands from a given file as if typed manually, running them after the sandbox has been left,” the researcher wrote in a post earlier this month.
Researchers say they’ve discovered an advanced piece of Linux malware that has escaped detection by antivirus products and appears to be actively used in targeted attacks.
HiddenWasp, as the malware has been dubbed, is a fully developed suite of malware that includes a trojan, rootkit, and initial deployment script, researchers at security firm Intezer reported on Wednesday. At the time Intezer’s post went live, the VirusTotal malware service indicated Hidden Wasp wasn’t detected by any of the 59 antivirus engines it tracks, although some have now begun to flag it. Time stamps in one of the 10 files Intezer analyzed indicated it was created last month. The command and control server that infected computers report to remained operational at the time this article was being prepared.
Some of the evidence analyzed—including code showing that the computers it infects are already compromised by the same attackers—indicated that HiddenWasp is likely a later stage of malware that gets served to targets of interest who have already been infected by an earlier stage. It’s not clear how many computers have been infected or how any earlier related stages get installed. With the ability to download and execute code, upload files, and perform a variety of other commands, the purpose of the malware appears to be to remotely control the computers it infects. That's different from most Linux malware, which exists to perform denial of service attacks or mine cryptocurrencies.
Just under a year ago, there were signs that Google was modifying the firmware of its Pixelbook laptop to enable dual booting into Windows 10. The firmware was updated to give the Pixelbook the ability to boot into an "Alternative OS" ("AltOS" mode). The work included references to the Windows Hardware Certification Kit (WHCK) and the Windows Hardware Lab Kit (HLK), Microsoft's testing frameworks for Windows 8.1 and Windows 10 respectively.
The dual boot work was being done under the name Project Campfire. There appears to have been little development work on Project Campfire since last December. This suggests that Google actually decided not to bother with dual booting many months ago.
Canonical recently released Ubuntu 19.04, the latest version of its flagship GNOME-based Linux desktop. But if you're a desktop user, you might be feeling a little left out.
The big points of emphasis in this latest release are on Ubuntu as a tool for infrastructure development, server deployment, and the good old Internet of Things. For the server version of Ubuntu, the OS ships with all the latest cloud computing tools. In fact, that's already available in optimized builds on the major cloud services.
Elsewhere, the latest version of the venerable Ubuntu desktop packs quite a few additional, tempting reasons to upgrade for Linux gamers. Ubuntu 19.04 makes the leap to the Linux kernel 5.x series, for instance, which offers much improved graphics support.
The news from Microsoft's Build developer conference that surprised me most was that Microsoft will ship a genuine Linux kernel—GPLed, with all patches published—with Windows. That announcement was made with the announcement of Windows Terminal, a new front-end for command-line programs on Windows that will, among other things, support tabs.
Microsoft's increased involvement with open source software isn't new, as projects such as Visual Studio Code and the .NET runtime have operated as open source, community-driven projects. But this week's announcements felt a bit different.
The Linux kernel will be powering Microsoft's second generation Windows Subsystem for Linux (WSL). The first generation WSL contains a partial re-implementation of the Linux kernel API that uses the Windows NT kernel to perform its functionality. In choosing this approach, Microsoft avoided using any actual Linux code, and hence the company avoided the GPL license with its "viral" stipulations that would have arguably forced Microsoft to open source WSL and perhaps even parts of Windows itself.