TurnKey Linux Virtual Appliance Library

Comparing Debian vs Alpine for container & Docker apps

Background: For TurnKey 15 (codenamed TKLX) we're evaluating a change of architecture from the current generation of monolithic systems to systems as collections of container based micro-services. Essentially the service container replaces the package as the highest level system abstraction.

There are several layers to the new architecture, but the first step is to figure out the best way to create the service containers. Alon has been quietly working on this for the last couple of months and managed to slim down Debian to 12MB compressed for the base image:

Heroku is dead – no-one uses it anymore. You need to use Docker now

Because it's the future!

https://circleci.com/blog/its-the-future/

TL;DR:

  • modern devops is complicated 6 levels deep
  • curse of knowledge
  • one size does not fit all
  • new and shiny doesn't always make for good engineering

ZeroNet and IPFS: uncensorable auto-scaling BitTorrent powered websites

Jeremy recently nudged me into taking a close look at IPFS and ZeroNet, two BitTorrent inspired projects aiming to help achieve a more resilient distributed web that levels the playing field and is less susceptible to centralized control.

The two killer apps seem to be:

  1. DDoS resistant high-performance content distribution at scale without scaling costs and complexity.

All your computers are belong to us: the dystopian future of security is now

Alon is contemplating replacing his laptop so I figured I would recommend he take a look at Purism, a company offering laptops that are designed for people that care about security and privacy.

Unfortunately, once I started looking a bit more closely at this little rabbit it ran deep down into its little rabbit hole and I discovered that in reality there are currently very very few hardware options for people that want a computer that is not backdoored with a sophisticated rootkit at the hardware level.

CVE-2016-4340: Privilege escalation via "impersonate" feature in existing v14.0/1 GitLab deployments

It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

This issue has been fixed with many others by the GitLab project, as detailed in the 2016-05-02 GitLab Security Advisory.

Due to the seriousness of the issue, new builds of TurnKey GitLab have been published today so new deployments are not vulnerable.

Unfortunate

TurnKey Magento NOT vulnerable to CVE-2016-4010 remote PHP code execution

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

The binary option scam: Evil Incorporated vs the "Don't Be Evil" corporation

All that is required for evil to triumph is for good men to do nothing

—Edmund Burke

Today I'm going to digress a bit from all things TurnKey related to shine a much needed light on a monster I found lurking in my backyard.

SCAM

v14.1 Release - Bugfixes, Maintenance and More

About seven months after the release of v14.0 we are proud to announce the updated v14.1 release.

turnkey 14.0 banner

All of the v14.1 appliances are available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too although no ETA at present. All the other builds (e.g. ISO, OVA, Xen, etc.) can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc). Alternatively the entire library can be downloaded via one of our mirrors.

v14.0 Optimized Builds - Part 3: Xen and OpenStack

Following the release of Optimized Builds part 1 and part 2; it is with great pleasure (and quite a bit of relief) that I announce the third and final instalment of the optimized builds: Xen and OpenStack. As per all our other builds, individual 14.0 Xen and OpenStack optimized builds can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc).