New Java Security Settings: More Proof That Oracle Hates You

I began the day yesterday updating to Java 7u51, after which absolutely none of my enterprise Java applications worked anymore. I could not reach the consoles of my Rackspace cloud servers. I could not open the iDRAC console on my Dell PowerEdge. They all exited with some error about the Permissions attribute not being set. Being the guy that I am I decided to search for the error. Turns out that 7u51 sneaks a major change in a point release: on the default Java security slider setting of “high” no applet may run if it’s self-signed, unsigned, or is missing the Permissions attribute. Unfortunately, that describes all enterprise software, at least all the current versions of things I’m using. This isn’t …

Read More

SELinux & Return On Time Invested

I’m a little behind on my reading, but I wanted to address Major Hayden’s blog posts about disabling Security-Enhanced Linux, or SELinux, which brings mandatory access control to Linux. Mandatory access control is a completely different permission model for UNIX-based hosts, and Mr. Hayden feels it is underutilized: After many discussions with fellow Linux users, I’ve come to realize that most seem to disable SELinux rather than understand why it’s denying access. In an effort to turn the tide, I’ve created a new site as a public service to SELinux cowards everywhere: stopdisablingselinux.com. It’s pretty rare for me to argue against a security technology but in my eyes SELinux isn’t a solution to very many problems. I know how SELinux works, what …

Read More

Uptime Is Not Something To Be Revered

Slashdot has a link to a tribute video to a Sun that was up continuously for 3737 days. That’s 10.23 years. It’s like a sequoia tree seeing the passage of civilization around it: My thoughts on this: The data center and infrastructure powering this machine was built in such a way as to keep this thing powered continuously for 10 years. Whoever built and ran that infrastructure was doing a good job. It’s a generalization but I bet there are very few cloud providers that can boast anything like that. That version of Sun Solaris is reliable enough to keep operating for years without disruption. Most OSes are, by the way, even Microsoft Windows. That particular hardware is reliable enough …

Read More

Four Things VMware Engineering Can Give Me For Christmas

I hope everybody out there in the virtualization world is having a great holiday season this year! My religion celebrates Christmas, and these are four things I’d love to see under my Christmas tree this year. 1. IPv6 support at all levels of the VMware stack. For a cloud vendor that fancies themselves as forward-looking, not to mention trying to be the “VMware of Networking,” the lack of IPv6 is pretty embarrassing. I know, I know, the tired argument is that nobody is really looking at IPv6. Well, it’s hard to look at when your vendor doesn’t support it much. 🙂 Chicken, meet egg. This would also help ameliorate the fact that VMware products need an awful lot of IPs …

Read More

Critical Dell BMC Firmware Update

If you’re running a Dell PowerEdge 1900, 1950, 2900, 2950, 2970, 6950, R300, T300, R605, R805, or R905 there are urgent & critical security updates that have been released by Dell on October 15, 2012. Similarly, there’s an urgent update to the Dell-supplied ESXi 4.0 U4 software. Dell describes the fixes as “Critical Security Update –Urgent BMC Release.” To me that says Dell fixed something that’s remotely exploitable and doesn’t want to say what it was out of fear of tipping off troublemakers. I always like to know what the problem is, figuring that the bad guys probably already know, and it helps me determine my priority for the fix. Moral of the story is that if your older Dell server …

Read More