Like a lot of the things that I write here, this is a question that came up in a ticket that I worked on recently. A customer recently received a message like this:

Samba is a freely available file- and printer-sharing application maintained and developed by the Samba Development Team. Samba allows users to share files and printers between operating systems on UNIX and Windows platforms. Samba is prone to a security-bypass vulnerability because it fails to properly enforce SMB signing when certain configuration options is enabled. Successfully exploiting this issue may allow attackers to bypass security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The following versions are vulnerable: Samba 3.0.25 through 4.4.15 Samba 4.5.x versions prior to 4.5.14 Samba 4.6.x versions prior to 4.6.8.

A while back I wrote a post on why you should patch your servers. I think it surprised some people. I got at least one comment from twitter saying, “I’m surprised you get so many tickets on this topic since security is so important in enterprise server environments.” And yet, we do. At any current time, we have multiple tickets asking for RCA (Root Cause Analysis) for a server crash or hang when the server has not been patched in month, years, or even ever. Sometimes they never register the server to receive patched and so never patch their server beyond what is in the base version that we ship in the beginning.

I came across an email yesterday before I went home in our internal Docker mailing list. The author was looking for a Tomcat container written using SLES as a base-image. I didn’t remember coming across anything like that so I checked dockerhub. There were several there, but most of them, including the official one from Apache, were build on Debian or Ubuntu. I found one that uses a binary package in a tarball created by Apache. I created a plain container shell:

I received an email this morning. I’m actually expecting a package that has been held for some time and when I saw it, it seems potentially legit at first. But then I realized that I don’t use my work email for personal things like that. When I saw that it came from someone who didn’t have a UPS email address, and there is a .zip attachment. I don’t know for sure that this attachment has a virus or any kind of malware, but I won’t take the chance on company hardware.

Wait, what?

Why should I patch my server?

Because you won’t get bug fixes.

But my server works just fine, if it’s not broken don’t fix it, right?

What about security fixes?

My server isn’t accessible from the internet. I’m not worried about it getting hacked.

But it’s still possible, right? Do you really want to take that chance?

Yeah, patching requires time and money. It could even require downtime. It’s more important for us to keep the server going than to worry about that stuff. We’re safe.

Did you know that SUSE provides free documentation for all of our products to the general public in multiple languages and in multiple formats? Not only that, it is released under the GNU Free Documentation or under a Creative Commons license. As a big fan of the work that the Creative Commons folks do, this makes me proud to work for a company that actually cares about giving back to the community. Not only is our documentation freely available, so are our knowledgebase articles. Unlike other companies, we don’t give just a few lines of the article and then prompt the user to buy our products in order to fix a problem. Also, now that SLE* and OpenSUSE share the same direct codebase, a problem solved in one product can easily be used to fix the other.

Every since my days on dial-up internet and telnet MUD’s, I’ve always been interested in low-bandwidth utilities. After all, not every user get’s to live in an area that provides unlimited high-speed broadband. Some, like those who depend on cellular or satellite internet, have to choose between work and watching a few YouTube videos.

This post will introduce some tools that will help you make the most out of a limited or high-latency Internet connection.

Linux distributions are generally full of packages that have specific uses that most people don’t need or maybe they just don’t know that they need. In my previous post I wrote about QPhotoRec which I had never used before my little accident that actually saved me a huge headache. I didn’t know that this application existed until I started researching how to undelete applications in Linux and I was pleasantly surprised that it was already included in OpenSUSE. The application below is one of many that I’ve found that make life easier for me and maybe it will for you too.

I goofed.

I’m an avid hobbyist photographer and I happen to live in one of the most beautiful cities in the world. Needless to say, I take a lot of pictures. Recently I upgraded the drive in my home desktop from a slow HDD to 256G SSD. My workflow is like this: I take pictures, I copy the RAW files from my SD Card to my 1.5TB external drive and then copy the ones that aren’t blurry or terrible to my local hard drive for editing and the best ones that are edited get promoted to Flickr. The SSD would make this a lot easier and faster because RAW image files tend to be relatively huge and time consuming to process.

Ben Heck is sponsoring a contest for a Raspberry Pi Laptop.

https://youtu.be/ckRiXECkXIA

Here’s my entry.

Privacy, security, and information.

These are three things that any responsible internet user should be aware of. This includes the privacy of personal information ranging from personal tastes to financial information; security for everything from phone photos to government spying; and the ability to share information that we want with whom we want without restriction. Linux and open source are the prime means by which these things happen; but that’s not all. It also requires a grassroots efforts to educate and convince people to use new technologies and not simply follow the path of least resistance.