Tech News - Servers

Unsecured IPMI (Intelligent Platform Management Interface) cards are preparing a gateway for the JungleSec ransomware that affected multiple Linux servers. The ransomware attack was originally reported in early November 2018. Victims were seen using the Windows, Linux, and Mac; however, there were no traces of how they were being infected. The Black Hat hackers have been using the IPMI cards to breach access and install the JungleSec ransomware, which encrypts data and demands a 0.3 bitcoin payment (about $1,100) for the unlock key. IPMI, a management interface, is built into server motherboards or installed as an add-on card. This enables administrators to remotely manage the computer, power on and off the computer, get system information, and get access to a KVM that gives one remote console access. The IPMI is also useful for managing servers, especially when renting servers from another company at a remote collocation center. However, if the IPMI interface is not properly configured, it could allow attackers to remotely connect to and take control of servers using default credentials. Bleeping Computers said they have “spoken to multiple victims whose Linux servers were infected with the JungleSec Ransomware and they all stated the same thing; they were infected through unsecured IPMI devices”. Bleeping Computers first reported this story on Dec 26 indicating that the hack only affected Linux servers. The attackers installed the JungleSec ransomware through the server's IPMI interface. In the conversations that Bleeping computers had with two of the victims, one victim said, “that the IPMI interface was using the default manufacturer passwords.” The other victim stated that “the Admin user was disabled, but the attacker was still able to gain access through possible vulnerabilities.” Once the attackers were successful in gaining access to the servers, the attackers would reboot the computer into single user mode in order to gain root access. Once in single user mode, they downloaded and compiled the ‘ccrypt’ encryption program. In order to secure the IPMI interface, the first step is to change the default password as most of these cards come with default passwords Admin/Admin. “Administrators should also configure ACLs that allow only certain IP addresses to access the IPMI interface. In addition, IPMI interfaces should be configured to only listen on an internal IP address so that it is only accessible by local admins or through a VPN connection”, Bleeping computer reports. The report also includes a tip from Negulescu--not specific to IPMI interfaces--which suggests adding a password to the GRUB bootloader. Doing so will make it more difficult, if not impossible, to reboot into single user mode from the IPMI remote console. To know more about this news in detail head over to Bleeping Computers’ complete coverage. Go Phish! What do thieves get from stealing our data? Hackers are our society’s immune system – Keren Elazari on the future of Cybersecurity Sennheiser opens up about its major blunder that let hackers easily carry out man-in-the-middle attacks

Last week, Jolla announced the release of Sailfish OS 3.0.2. This release goes by the name Oulanka, which is a national park in Lapland and Northern Ostrobothnia regions of Finland. Along with 44 fixed issues, this release brings in a battery saving mode, better connectivity, new device management APIs, and more. Improved power management Sailfish OS Oulanka comes with a battery saving mode, which is enabled by default when the battery goes lower than 20%. Additionally, users can also specify the battery saving threshold themselves by going to the “Battery” section in the settings menu. Better connectivity Improvements are made in this release so that Sailfish OS better handles scenarios when a large number of Bluetooth and WLAN devices are connected to the network. Now, Bluetooth and WLAN network scan will not slow down your devices. Also, many updates have been made in the Firewall introduced in the previous release, Sipoonkorpi, for better robustness. Updates in Corporate API This release comes with several improvements in the Corporate API. New device management APIs are added including data counters, call statistics, location data sources, proxy settings, app auto start, roaming status, and cellular settings. Sailfish X Beta for Xperia XA2 Sailfish X, the downloadable version of Sailfish OS for select devices, continues to be in Beta for XA2 with the Oulanka update. With this release, the team has improved several aspects of Android 8.1 Support Beta for XA2 devices. Now, Android apps will be able to connect to the internet more reliably via mobile data. To know more in detail about Sailfish OS Oulanka, check out the official announcement. An early access to Sailfish 3 is here! Linux 5.1 will come with Intel graphics, virtual memory support, and more The Linux Foundation announces the CHIPS Alliance project for deeper open source hardware integration

Microsoft started re-releasing the Windows October update last week. The update was halted earlier due to a bug that was deleting user files and folders. After data deletion was reported by multiple users, Microsoft pulled the Windows 10 October update. Microsoft investigated all of the data loss reports and fixed all known issues in the update. It also conducted internal validation and is providing free customer service for affected users. Microsoft is currently rolling out the update to a few called the Windows Insider community. They will carefully study the diagnostics data, the feedback from the tests and from the insiders before general public release. What caused the issue? In the Windows 10 April 2018 Update, users with KFR reported an extra copy of Known Folders on their computer. Code was introduced in the October 2018 Update to remove these empty folders. That change, with another change to the update construction sequence, resulted in the deletion of the original “old” folder locations and their content. The PCs were left only with the new “active” folder. The file deletion issue happened if Known Folder Redirection (KFR) was enabled before the update. KFR is the process of redirecting the known Windows folders like Desktop, Documents, Pictures, Screenshots, Videos etc. from the default folder location to a new folder location. The files were deleted since they remained in the original “old” folder location instead of being moved to the new, redirected location. Further actions The team apologized for any impact these issues had on the users. In the blog John Cable, Director of Program Management, Windows Servicing and Delivery stated: “We will continue to closely monitor the update and all related feedback and diagnostic data from our Windows Insider community with the utmost vigilance. Once we have confirmation that there is no further impact we will move towards an official re-release of the Windows 10 October 2018 Update.” For more details visit the official Microsoft Blog. Microsoft pulls Windows 10 October update after it deletes user files Microsoft Your Phone: Mirror your Android phone apps on Windows .NET Core 2.0 reaches end of life, no longer supported by Microsoft

Microsoft keeps rolling out with updates. After Windows 10 SDK Preview Build 17115 which included Machine learning APIs, Microsoft has now released Windows 10 SDK Preview Build 17704, two days ago. The new preview SDK build can be used with Windows 10 insider preview build 17704 or greater. It includes bug fixes, MSIX support, and other development changes to the API surface area. In case you want to download the latest Windows 10 SDK Preview Build 17704, visit the developer section on Windows Insider. Key Updates Here’s what’s new in this latest SDK preview Build: MSIX Support Windows 10 SDK Preview Build 17704 has finally got MSIX support enabled. You can install and run these apps with MSIX support on devices having 17682 build or greater. Using the MakeAppx tool, you can package your applications with MSIX. Just click on the MSIX file to install the application. If you wish to know more about MSIX, check out the video below: https://www.youtube.com/watch?v=FKCX4Rzfysk Source: Microsoft Developer  MC.EXE Changes are made to the C/C++ETW code generation of mc.exe which is a message compiler. “-mof” parameter has been deprecated. The “-mof” parameter instructs MC.exe to generate the ETW code which is compatible with Windows XP and earlier. If “-mof” parameter is not used, the generated C/C++ header is compatible with both kernel-mode and user-mode, regardless of whether “-km” or “-um” was specified on the command line. The generated header supports several customization macros. If you need the generated macros to call something other than EventWriteTransfer, you can set the MCGEN_EVENTWRITETRANSFER macro. The manifest supports new attributes such as Event “names”, event “attributes”, event “tags”, etc. The “provider traits” can be now defined in the manifest (e.g. provider group). The EventRegister[ProviderName] macro will automatically register the provider traits, if they are used in the manifest. MC has the capability to generate Unicode (utf-8 or utf-16) output MC now with the “-cp utf-8” or “-cp utf-16” parameters. API Spot Light There is a new LauncherOptions.GroupingPreference property in the Windows 10 SDK  Preview Build 17704. This helps assist your app in tailoring its behavior for Sets. Apart from these changes in the release, APIs have also been updated, added, and removed. More information about other known issues and improvements is available on the Windows Blog. Microsoft releases Windows 10 Insider build 17682! Microsoft Cloud Services get GDPR Enhancements  

After releasing Fedora 29 beta last month, the Fedora community announced the stable release of Fedora 29. This is the first release to include Fedora Modularity across all Fedora variants, that is, Workstation, Server, and AtomicHost. Other updates include upgrading to GNOME 3.30, ZRAM for ARM images, and a Vagrant image for Fedora Scientific. Additionally, Node.js is now updated to Node.js 10.x as its default Node.js interpreter, Python 3.6 is updated to Python 3.7, and Ruby on Rails is updated to 5.2. Fedora Modularity Modularity gives you the option to install additional versions of software on independent life cycles. You no longer have to make your whole OS upgrade decisions based on individual package versions. It will allow you to keep your OS up-to-date while keeping the right version of an application, even when the default version in the distribution changes. These are the advantages it comes with: Moving fast and slow Different users have different needs, for instance, while developers want the latest versions possible, system administrators prefer stability for a longer period of time. With Fedora Modularity, as per your use case, you can make some parts to move slowly, and other parts to move faster by choosing between latest release or stability. Automatically rebuild containers Many containers are built manually and are not actively maintained. Also, very often they are not patched with security fixes but are still used by many people. To allow maintaining and building multiple versions, Modularity comes with an environment for packagers. These containers get automatically rebuilt every time the packages get updated. Automating packager workflow Often, Fedora contributors have to maintain their packages in multiple branches. As a result, they have to perform a series of manual steps during the build process. Modularity allows packagers to maintain a single source for multiple outputs and brings an additional automation to the package build process. Fedora Silverblue This release introduces the newly named Fedora Silverblue, formerly known as Fedora Atomic Workstation. It provides atomic upgrades, easy rollbacks, and workflows that are familiar from OSTree-based servers. Additionally, it delivers desktop applications as Flatpaks. This gives better isolations and solves longstanding issues with using yum/dnf for desktop applications. GNOME 3.30 The default desktop environment of Fedora 29 is based on GNOME 3.30. This version of GNOME comes with improved desktop performance and screen sharing. It supports automatic updates for Flatpak, a next-generation technology for building and distributing applications on Linux. Read the full announcement of Fedora 29 release on its official website. Swift is now available on Fedora 28 Fedora 29 beta brings Modularity, GNOME 3.30 support and other changes GNOME 3.30 released with improved Desktop performance, Screen Sharing, and more

The Windows 10 October update was available for download around the time of the Surface event last week. While the update brought features like Your Phone App and Windows Timeline, users also experienced massive file deleting from their systems. Microsoft had excluded the update from some devices due to compatibility issues with newer processors. The issue was reported by users in the early stages before mass rollout. Users could manually download and install the Windows October 2018 Update from October 2. Rollout was to be pushed October 9 for Patch Tuesday. Microsoft recommends contacting their customer support if the update has deleted your files. The support site advices: “If you have manually downloaded the Windows 10 October 2018 Update installation media, please don’t install it and wait until new media is available.” As of now, it is not known how many users faced this issue. Windows updates are not known to be smooth, causing some issues and errors. But it is unusual that an issue of this magnitude was not detected in Microsoft’s testing of the Windows update. Earlier this year, Microsoft had delayed the Windows 10 April 2018 because of Blue Screen of Death issues. But the issues in that update were rectified before the update reached regular users. Fortunately, this update wasn’t mass rolled out and the issue was detected in an early stage. This serves as a reminder to users to create a backup of important files before an OS update. When Microsoft continues mass rollout of this update, the issue will be fixed, but it is safe to backup your data in any case. The official support page states: “We have paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigate isolated reports of users missing some files after updating.” There are comments on the support page, where users are stating the problem. For more details visit the Microsoft support website. Microsoft Your Phone: Mirror your Android phone apps on Windows What’s new in the Windows 10 SDK Preview Build 17704 Microsoft Cloud Services get GDPR Enhancements

Couchbase has just released Couchbase Mobile 2.0. And the organization is pretty excited; it claims that it's going to revolutionize the way businesses process and handle edge analytics. In many ways, Couchbase Mobile 2.0 extends many of the features of the main Couchbase server to its mobile version. Ultimately, it demonstrates Couchbase responding to some of the core demands of business - minimizing the friction between cloud solutions and mobile devices at the edge of networks. The challenges Couchbase Mobile 2.0 is trying to solve According to the Couchbase website, Couchbase Mobile 2.0 is being marketed as solving 3 key challenges: Deployment flexibility Performance at scale Security The combination of these 3 is really the holy grail for many software solutions companies. It's an attempt to resolve that tension between the need for security and stability while remaining adaptable and responsive to change. Learn more about Couchbase Mobile 2.0 here. Ravi Mayuram, Senior VP of Engineering and CTO of Couchbase said said: "With Couchbase Mobile 2.0, we are bringing some very exciting new capabilities to the edge that parallels what we have on Couchbase Server. For the first time, SQL queries and Full-Text Search are available on a NoSQL database running on the edge. Additionally, we’ve made programming much easier through thread and type safe database APIs, as well as automatic conflict resolution." Key features of Couchbase Mobile 2.0 Here are some of the key features of the Couchbase Mobile 2.0: Full text query and SQL search. Data change events will allow developers to build applications that respond more quickly. That's only going to be good for user experience. Using WebSocket for replication will make replication more efficient. That's because "it eliminates continuously polling servers". Data conflicts can now be resolved much more quickly. This new release will help to cement Couchbase's position as a data platform. And with an impressive list of customers, including Wells Fargo, Tommy Hilfiger, eBay and DreamWorks, it will be interesting to see to what extent it can grow that list. Source: Globe Newswire

Yesterday, the FreeBSD release engineering team announced the availability of FreeBSD 12.0, which marks the first release of the stable/12 branch. This version is available for the amd64, i386, powerpc, powerpc64, powerpcspe, sparc64, armv6, armv7, and aarch64 architectures. FreeBSD is an open source, Unix-like operating system for x86, ARM, AArch64, RISC-V, MIPS, POWER, PowerPC, and Sun UltraSPARC computers. It is based on the 4.4BSD-Lite release from Computer Systems Research Group (CSRG) at the University of California at Berkeley. It comes with features like preemptive multitasking, memory protection, virtual memory, multi-user facilities, and SMP support. Following are some of the updates introduced in FreeBSD 12.0: The bsdinstall installer and zfsboot are updated to allow a UEFI+GELI installation option. GOST is removed, and LDNS now enables DANE-TA. sshd now comes with additional support for capsicum. Also, capsicum is enabled on armv6 and armv7 by default. The VIMAGE kernel configuration option is enabled by default. The NUMA option is enabled by default in the amd64 GENERIC and MINIMAL kernel configurations. The netdump driver is added for transmitting kernel crash dumps to a remote host after a system panic. The vt driver now comes with better performance, drawing text at rates ranging from 2- to 6-times faster. The UFS/FFS filesystem is updated to consolidate TRIM/BIO_DELETE commands, resulting in fewer read/write requests. This is enabled by default in the UFS/FFS filesystem and can be disabled by setting the vfs.ffs.dotrimcons sysctl to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf. The pf packet filter can now be used within a jail using vnet. The bhyve utility is updated to add NVMe device emulation and it is now also able to be run within a jail. Various Lua loader improvements such as detecting a list of installed kernels to boot and support for module blacklists. Upgraded components Clang, LLVM, LLD, LLDB, compiler-rt, and libc++ is updated to 6.0.1. OpenSSL is updated to 1.1.1a (LTS). Unbound is updated to 1.8.1 OpenSSH is updated to 7.8p1. The vt(4) Terminus BSD Console font is updated to 4.46. KDE has been updated to version 5.12.5. The NFS version 4.1 server is updated to include pNFS server support. You can install FreeBSD 12.0 from a bootable ISO image or over the network. Some architectures also support installing from a USB memory stick. To read the entire list of update in FreeBSD 12.0, check out its release notes. LibrePCB 0.1.0 released with major changes in library editor and file format Systems programming with Go in UNIX and Linux AMD ROCm GPUs now support TensorFlow v1.8, a major milestone for AMD’s deep learning plans  

IBM with its partners, Rocket Software and CA Technologies, have announced the launch of Zowe at the ongoing Open Source Summit in Vancouver, Canada. It is the first z/OS open source project, which is part of the Linux Foundation’s Open Mainframe Project community. Why is Zowe introduced? The rapid technology advancements and rising expectations in user experience demands  more productive and better integrated capabilities for z/OS, an operating system for IBM mainframes. Zowe enables delivery of such an environment through an extensible open source framework. It aims to create an ecosystem of Independent Software Vendors (ISVs), System Integrators, clients, and end users. By using it, development and operations teams can securely manage, control, script and develop on the mainframe like any other cloud platform. What are its components? The four main components of Zowe are: the Explorer server, API Mediation Layer, zLUX, and Zowe CLI. Source: Zowe Zowe APIs and Explorers z/OS Management Facility (z/OSMF) supports the use of REST APIs, which are public APIs that your application can use to work with system resources and can also extract system data. With the help of these REST APIs, Zowe submits jobs, works with the Job Entry Subsystem (JES) queue, and manipulates UNIX System Services (USS) or Multiple Virtual Storage (MVS) datasets. Explorers are visual representations of these APIs that are wrapped in the Zowe web UI application. They create an extensible z/OS framework that provides new z/OS REST services to transform enterprise tools and DevOps processes to incorporate new technology, languages, and modern workflows. Zowe API Mediation Layer The following are the key components of API Mediation Layer: API Gateway: It is built using Netflix Zuul and Spring Boot technology. Its purpose is to forward API requests to the appropriate corresponding service through the microservice endpoint UI. Discovery Service: It is built on Eureka and Spring Boot technology. It acts as the central point in the API Gateway that accepts announcements of REST services, and is a repository for active services. API Catalog: It is used to view the services running in API Mediation Layer. You can also view the corresponding API documentation to a service. Zowe Web UI Web UI named zLUX, modernizes and simplifies working on the mainframe.The UI works with the underlying REST APIs for data, jobs, and subsystems, and presents the information in a full-screen mode. It gives users a unifying experience where various applications can work together. Zowe Command Line Interface (CLI) Zowe CLI is used to allow user interactions from different platforms with z/OS. The platforms which can be cloud or distributed systems are able to submit jobs, issue TSO and z/OS console commands, integrate z/OS actions into scripts, and produce responses as JSON documents with the help of Zowe CLI. Currently, the Zowe is available in beta and is not intended for production use. The Zowe Leadership Committee is targeting to have a stable release by the end of the year. To know more about the launch of Zowe, refer to IBM’s announcement on their official website. IBM Files Patent for “Managing a Database Management System using a Blockchain Database” Google, IBM, RedHat and others launch Istio 1.0 service mesh for microservices IBM launches Nabla containers: A sandbox more secure than Docker containers

In order to prepare for the Linux 4.20 release, there are multiple performance improvements made to the Btrfs file-system. These changes are to be shipped in the next Linux kernel release. Btrfs is a modern ‘copy on write’ filesystem for Linux. It offers a lot of features not readily available in other in-tree Linux file-systems such as fault tolerance, repair, and easy administration.  However, its performance has been degrading for some time (partially because copy-on-write by default damages some workloads). However, with performance improvements for the Linux 4.20 release, there should be multiple speed-ups to Btrfs. Improvements include more files/sec in fsmark, better perf on multi-threaded workloads (filebench, dbench), fewer context switches and overall better memory allocation characteristics (multiple benchmarks). Apart from general performance, there's an improvement for qgroups + balance workload. Performance improvements Btrfs has deprecated the blocking mode of path; only the spinning mode is used. Blocking mode of path is eliminated because it resulted in unnecessary wakeups and updates to the path locks. Improvement for qgroups + balance workload include speedup balancing with qgroups, as well as skip quota accounting on unchanged subtrees. The overall gain is about 30+ % in runtime. A small improvement has been made to rb-tree to avoid pointer chasing. rb-tree with cached first node is now used for several structures. Btrfs now has better error reporting, after processing blockgroups and whole device. It continues trimming block groups after an error is encountered. It also has less interaction with transaction commit that improves latency on slower storage (eg. image files over NFS). Cleanups in Btrfs Unused struct members and variables are removed Function return type cleanups are performed Delayed refs code refactoring is done Protection is provided against deadlock that could be caused by crafted image that tries to allocate from a tree that's locked already These are just a select few updates. Read the full list of changes in a post by David Sterba. Linux 4.19 kernel releases with open arms and AIO-based polling interface; Linus back to managing the Linux kernel. KUnit: A new unit testing framework for Linux Kernel bpftrace, a DTrace like tool for Linux now open source

Linux 4.20 has shown major performance issues and the reason behind this regression was Single Thread Indirect Branch Predictors (STIBP), as shared by Phoronix yesterday. This support is being reverted from the upcoming releases Linux 4.19.4 and 4.14.83 kernel points. Linus Torvalds, the creator of Linux kernel, was also surprised with the performance hit on Linux 4.20 as a result of STIBP introduction. He posted to the kernel mailing list that the performance impact was not communicated before the patches were merged and believes that this should not be enabled by default: “This was marked for stable, and honestly, nowhere in the discussion did I see any mention of just *how* bad the performance impact of this was.  When performance goes down by 50% on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway.  So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?  I think we should use the same logic as for L1TF: we default to something that doesn't kill performance. Warn once about it, and let the crazy people say "I'd rather take a 50% performance hit than worry about a theoretical issue”.“ The tests done by Michael Larabel also revealed that Linux 4.20 is facing significant performance issues in many workloads, more than some of the earlier Spectre and Meltdown mitigations. This has measurably affected PHP, Python, Java, and many other workloads and even the gaming performance to some extent. The STIBP support for cross-hyperthread Spectre V2 mitigation was backported to the Linux 4.14 and 4.19 LTS series, which is now being reverted. You can find the reverts in Greg Kroah-Hartman’s linux-stable-rc tree:  Source: Phoronix On current Linux 4.20 Git, STIBP still remains in place and a better approach to handle performance issues is being reviewed. Michael Larabel expects that the new patch series will be ready for merging prior to the shipping of Linux 4.20, which is approximately one month’s time. To know more, check out Michael Larabel’s post on Phoronix: Linux Stable Updates Are Dropping The Performance-Pounding STIBP. Read Next Linux 4.20 kernel slower than its previous stable releases, Spectre flaw to be blamed, according to Phoronix Red Hat releases Red Hat Enterprise Linux 8 beta; deprecates Btrfs filesystem Soon, RHEL (Red Hat Enterprise Linux) won’t support KDE

Last week, GeoServer 2.14.2 was released., GeoServer is an open source software server based on Java, for sharing geospatial data. It allows users to display their spatial information to the world. It is free and can display data on popular mapping applications such as Google Earth, Google Maps, Microsoft Virtual Earth and Yahoo Maps. Improvements in GeoServer 2.14.2 In GeoServer 2.14.2, WMTS Restful binding is accessible to all users and works with workspace specific services which initially used to be limited to admins. gs:DownloadEstimator now returns a true value when estimating full raster downloads at native resolution. In GeoServer 2.14.2, KML ignores sortBy parameter while querying records. The NullPointerException is thrown while using env() function with LIKE operator in CSS filters. With this release, it’s possible to modify existing GWC blobstore via UI without renaming which was not possible initially. For GetLegendGraphic, this release allows expressions in ColorMapEntry labels. In this release, OpenLayers2 preview is not automatically triggered on IE8. New MongoDB extension has been added GeoServer 2.14.2. The style editor has been improved, it now includes side by side editing Nearest match support has been added for Web Map Service (WMS) dimension handling. Major fixes Rendering issue with JAI-EXT and Input/Output TransparentColor options has been resolved. The Complex MongoDB generated properties are now handled in this release. Check out the official blog post by GeoServer for full release notes. Getting Started with GeoServer ArangoDB 3.4 releases with a native search engine, full GeoJSON support, and more Uber’s kepler.gl, an open source toolbox for GeoSpatial Analysis