TurnKey Magento NOT vulnerable to CVE-2016-4010 remote PHP code execution

Thanks to vondrt4 for bringing CVE-2016-4010 to our attention. This was a potentially critical vulnerability in Magento that turns out not to apply to TurnKey Magento, because it only effects Magento versions 2.0 - 2.0.5. The current version of TurnKey Magento is based on Magento 1.9.X.

The binary option scam: Evil Incorporated vs the "Don't Be Evil" corporation

All that is required for evil to triumph is for good men to do nothing

—Edmund Burke

Today I'm going to digress a bit from all things TurnKey related to shine a much needed light on a monster I found lurking in my backyard.

SCAM

v14.1 Release - Bugfixes, Maintenance and More

About seven months after the release of v14.0 we are proud to announce the updated v14.1 release.

turnkey 14.0 banner

All of the v14.1 appliances are available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too although no ETA at present. All the other builds (e.g. ISO, OVA, Xen, etc.) can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc). Alternatively the entire library can be downloaded via one of our mirrors.

v14.0 Optimized Builds - Part 3: Xen and OpenStack

Following the release of Optimized Builds part 1 and part 2; it is with great pleasure (and quite a bit of relief) that I announce the third and final instalment of the optimized builds: Xen and OpenStack. As per all our other builds, individual 14.0 Xen and OpenStack optimized builds can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc).

New Community Built Appliance: TurnKey Odoo

I am excited to announce TurnKey's latest addition; Odoo (formerly OpenERP) appliance. Odoo is a comprehensive ERP (Enterprise Resource Management) system built with Python. Get it now via the Odoo appliance page.

Odoo Official Logo

systemd sysv init compatibility mode: how it works and troubleshooting when it breaks

systemd sysv init compatibility mode is magical. That is in the sense that it tries to handle compatibility with sysv init scripts while you are distracted looking somewhere else.

When it works it works well, but when things break it makes troubleshooting more difficult. Especially if you don't understand what's going on behind the curtain.

The first thing you need to understand is that this probably doesn't do what you expect:

CVE-2015-8103: Critical remotely exploitable security hole in existing TurnKey Jenkins deployments

Thanks to ElColmo it has come to our attention that existing deployments of TurnKey Jenkins are still vulnerable to CVE-2015-8103, a critical issue that allows remote code execution by unauthenticated users.

This issue has been fixed with many others by the Jenkins project, as detailed in the  2015-11-11 Jenkins Security Advisory.

TurnKey needs a Drupal Expert Consultant

We are recruiting for someone to take on our website. I'm sure that there are plenty of talented members of our community that might like to apply! So here it is:
Now Hiring sign

Drupal Expert / Consultant

We're looking for a trustworthy, experienced Drupal expert we can put in charge of maintenance and development for the TurnKey GNU/Linux website.

v14.0 Optimized Builds - Part 2: Containers

Proxmox, OpenNode & Docker

Following close behind the Optimized Builds Part 1 announcement, I am happy to present Part 2: Container builds. Part 2 includes optimized container builds for:

v14.0 Optimized Builds - Part 1: OVA & VMDK

I am happy to announce the release of our OVA and VMDK VM builds. 14.0 optimized VM builds can be downloaded from their respective appliance pages (eg. LAMP, WordPress Node.js etc). Alternatively you can download the entire library via one of our mirrors.

Pages