Details

Written by Administrator

Published: 29 September 2014

Hits: 2930

Keep Calm and Patch On

The BASH vulnerability has taken everyone by surprise -- much like finding the wheels of your 20-year old bike can easily fall off. For Red Had based distributions, you can follow the progress at Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169). There were two updates to BASH for Red Hat Based systems over the last few days. It is safe to say the extent of the vulnerability is still not fully known and exploitation vectors are still being investigated. While web servers can immediately benefit from the work of the community, home and small office routers may also be at risk. Obviously fixing BASH is the best approach to reduce the risk. The current, least vulnerable, version is:

bash.x86_64 0:4.1.2-15.el6_5.2

and should be available at most repositories by now. A good discussion and latest un-official patch of the previous and new issues can be found on Google security researcher Michal "lcamtuf" Zalewski blog. A test to check for the latest vulnerabilities is the following line:

foo='() { echo not patched; }' bash -c foo

If you run this on your systems, and get "echo not patched," then you are at risk. If it shows "command not found", you have the latest patch. Of course other measures such as making sure cgi_module is not loaded by Apache are a good idea in any case (Unless you are using cgi scripts, which is not a good idea!). Other mitigation strategies are offered by Red Hat.

Update: This site is a list of new exploits to try. The current version of Bash, mentioned above, seems to hold up against these issues.

Details

Written by Douglas Eadline

Published: 19 August 2014

Hits: 5008

From the numbers are nice department

HPC users have always want to be "close to the metal." A recent report by IBM has tested the popular Docker project against native performance (bare metal) and KVM (Kernel-based Virtual Machine). The tests include Linpack, STREAM memory benchmark, nuttcp for network bandwidth, netperf for network latency, fio and Redis for block I/O speeds, and the SysBench oltp benchmark for testing MySQL. The scripts used for testing are available for download.

The paper entitled An Updated Performance Comparison of Virtual Machines and Linux Containers (PDF) provides some solid numbers that may help in designing future HPC systems. As on might suspect, Docker containers were found to perform similar to native bare metal tests. For instance, Docker matched the bare metal Linpack tests while KVM was slower by more than half. Of course, you can have flexibility and bare metal performance using something like Warewulf.

Details

Written by Douglas Eadline

Published: 22 May 2014

Hits: 3666

From the "It had to be said department"

Do yourself a favor and take a few moments and view the video Computers are Sadness: I am the Cure by James Mickens. It is the best state-of-the-art analysis of MapReduce, the Cloud, and Security. And it is hilarious!

Details

Written by Douglas Eadline

Published: 24 January 2014

Hits: 3718

There is a new HPC Podcast worth your time. This Week in HPC is presented by HPC analyst firm www.intersect360.com. The presenters are Addison Snell and Michael Feldman. Some advice; pay attention to these guys, they know what they are talking about. The full press release can be found below.

In addition, if you are interested in a discussions about more technical HPC issues, check out Brock Palen's RCE an HPC Podcast. There are also other videos and podcasts at HPC news site insideHPC. Have at it.