For years I’ve hit Slashdot as a morning ritual; what’s going on in the world of IT. It’s been one of my staples for an (almost) accurate snapshot of the zeitgeist.
Recently I’ve been using Digg and Memeorandum – often in addition to Slashdot.
I saw an interesting post on TechCrunch pointing out that Digg has grown almost as large as Slashdot in just one year (in terms of traffic).
Wow.
It’s another big patch week – and SANS are reporting that Microsoft SUS is having problems:
Microsoft SUS not playing well (NEW)
Published: 2005-11-09,
Last Updated: 2005-11-09 16:45:28 UTC by Tony Carothers (Version: 2(click to highlight changes))Matthew Bailey just provided this input in regards to the SUS problems that are occuring
“I found this posting at http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.softwareupdatesvcs
The SUS 1.0 update cab is delayed today but will be published at ~ 5:00pm PDT today.
The WSUS cab has no delays and has been published.”
We’ve had a busy last ~12 hours. Reports are coming in that Microsoft’s SUS is not updating correctly, causing a lot of readers to have to manually roll out patches. If anybody has found this to not be the case, or found a way to kick SUS into gear, please send us a note, and I’ll get it out to the rest of the world 🙂
Most enterprises who are relying on SUS/WSUS for deployment of patches are still on SUS (the older technology). This is a pretty important process for enterprises – patching, and the race to patch on time, is causing a lot of IT administrator headaches.
For SUS to fail and administrators to have to manually roll out patches is a disaster; I am sure that after this many CIOs will mandate a close look at other options; maybe this will cause them to switch platforms, or at least look at a more robust patch solution.
ZDNet and others are flagging a new Linux worm.
The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed.
There are some well understood methods to minimise this risk.
Practice good security. A good robust perimeter firewall – I use IPcop; along with a good patch regime is vital. I (naturally) use ZENworks Linux Management to keep my Linux servers up to date.
One other addition is application hardening – I blogged a while ago about Novell AppArmor – I run this on my outward facing and internal Linux servers. If anything untoward happens – AppArmor is my final line of defence keeping my servers in good health.
[Edit – also to note – keep your applications themselves up to date; if they are RPM based – ZENworks Linux Management can deliver the updates. My blogging software is WordPress – they posted a note saying the updated versions are not affected.]
There has been a lot of discussion recently about Novell dropping KDE in favour of Gnome on its corporate desktop offering Novell Linux Desktop.
[Note – I really don’t think this matters on a server – clean up your servers; reduce the bloat; reduce the risk – remove X and a desktop from your servers 🙂 Believe me – ssh is your friend]
I’ve posted before on this – my personal opinion is that the real battle is not over KDE vs. Gnome. It’s about making a more productive, good looking, consistent desktop; one that you can “Just Use” (TM). It would be great to see components of KDE running nicely on Gnome, Gnome pieces running on KDE, common themes – can you see my paradise here?
This should not be a religious argument. There has been much work between the two communities – even as far back as the 1.0 versions (common menuing for example).
There have been some notable efforts in this space more recently. freedesktop.org tries to drive interoperability for all GUI/WM environments on X – with some success; even more recently last month the Tango Project was launched to try and deliver a common user experience.
These are all good efforts. I believe Novell has supported several of these initiatives; as well as promoting choice within (over 50% of Novell employees are using NLD as their primary production OS).
I seem to have won the task of writing a short paper on ‘how to update and patch Novell systems in the enterprise’.
I’m working on this in conjunction with my ZENworks 7 Linux Management white paper – which is still being written. (Sorry it’s late – I’m on the road again!)
My summary so far is:
NetWare – use ZENworks Server Management. Deploy CPKs of the Consolidated Support Pack
SLES 8 – use ZENworks Linux Management. Mirror content from a YaST Online Update mirror.
SLES 9 – use ZENworks Linux Management. Mirror content from update.novell.com. Note: Make sure you have migrated your SUSE portal account!
NLD 9 – as SLES 9
RHEL – use ZENworks Linux Management. I know it’s not a Novell product – but mirror content from Red Hat Network using your RHN credentials.
There are probably some other platforms I need to add here – small biz server and some applications spring to mind – but I’ll be working off this list.
Comments welcome.
A busy one:
Microsoft Patch Disclosure – October 2005
Nine Microsoft patches: three Critical, four Important, and two Moderate.
Internet Explorer is the target of another Critical update. All nine of these updates are available via ZENworks Patch Management today.
Recent Comments