Stack-Clash vulnerability - Reboot to enable new patched kernel

Once again, thanks to community member John Carver for highlighting a new Linux vulnerability. Qualys Security Labs discovered and demonstrated the vulnerability, and have named it "Stack-Clash".

Blog Tags: 

v14.2 Release Update #2 - 25 more apps, new OpenStack, OVA & VMDK

What!?! Another month (actually a month and a half) has gone by and we're only just announcing the next batch?! Well, I better get on with it then!

v14.2 Release Update #1 - 27 more appliances

Wow, has it really been almost a month since I announced v14.2 Core?! Looks like it has! Time flies when you're having fun I guess... :)

v14.2 Core Release - Improvements to Confconsole, including easy Let's Encrypt SSL certs

Just shy of a year since our v14.1 release I am relieved to announce that Core v14.2 is finally ready for prime time!

It's been a while in the making, but v14.2 Core is now available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too, although no ETA at present. (Almost) all of the other builds (e.g. ISO, OVA, Xen, Proxmox etc.) can also be downloaded from the Core appliance page.

New BitKey 14.1 release should make Jason Bourne happy

A new version of our Bitcoin side-project BitKey is finally finally out after I found the time to give it some love. Specially designed to make Jason Bourne happy.

BitKey is a self-contained Live CD/USB key with everything you need to perform highly secure air-gapped Bitcoin transactions. Offline cold storage made (slightly more) practical.

Get the new version while it's hot at https://bitkey.io/

Changes in 14.1:

TurnKey Consultants & Customizers: Wanted and for Hire

Here at TurnKey, we like to think that our products and services are pretty awesome. And we have feedback that suggests many of you agree! But we are under no illusions; we know it's not perfect.

CVE-2016-5195: Dirty COW - Privilege escalation kernel vulnerability

Thanks to TurnKey community member John Carver it has come to our attention that all existing deployments of TurnKey Linux are potentially vulnerable to CVE-2016-5195. As reported by Andrej Nemec last week on the Red Hat bugtracker "An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system."

Blog Tags: 

Comparing Debian vs Alpine for container & Docker apps

Background: For TurnKey 15 (codenamed TKLX) we're evaluating a change of architecture from the current generation of monolithic systems to systems as collections of container based micro-services. Essentially the service container replaces the package as the highest level system abstraction.

There are several layers to the new architecture, but the first step is to figure out the best way to create the service containers. Alon has been quietly working on this for the last couple of months and managed to slim down Debian to 12MB compressed for the base image:

Blog Tags: 

Heroku is dead – no-one uses it anymore. You need to use Docker now

Because it's the future!

https://circleci.com/blog/its-the-future/

TL;DR:

  • modern devops is complicated 6 levels deep
  • curse of knowledge
  • one size does not fit all
  • new and shiny doesn't always make for good engineering

Pages

Subscribe to Blog