v14.2 Core Release - Improvements to Confconsole, including easy Let's Encrypt SSL certs

Just shy of a year since our v14.1 release I am relieved to announce that Core v14.2 is finally ready for prime time!

It's been a while in the making, but v14.2 Core is now available for immediate launch in the cloud via the Hub. Amazon MarketPlace builds are on the way too, although no ETA at present. (Almost) all of the other builds (e.g. ISO, OVA, Xen, Proxmox etc.) can also be downloaded from the Core appliance page.

New BitKey 14.1 release should make Jason Bourne happy

A new version of our Bitcoin side-project BitKey is finally finally out after I found the time to give it some love. Specially designed to make Jason Bourne happy.

BitKey is a self-contained Live CD/USB key with everything you need to perform highly secure air-gapped Bitcoin transactions. Offline cold storage made (slightly more) practical.

Get the new version while it's hot at https://bitkey.io/

Changes in 14.1:

TurnKey Consultants & Customizers: Wanted and for Hire

Here at TurnKey, we like to think that our products and services are pretty awesome. And we have feedback that suggests many of you agree! But we are under no illusions; we know it's not perfect.

Blog Tags: 

CVE-2016-5195: Dirty COW - Privilege escalation kernel vulnerability

Thanks to TurnKey community member John Carver it has come to our attention that all existing deployments of TurnKey Linux are potentially vulnerable to CVE-2016-5195. As reported by Andrej Nemec last week on the Red Hat bugtracker "An unprivileged local user could use this flaw to gain write access to otherwise read only memory mappings and thus increase their privileges on the system."

Blog Tags: 

Comparing Debian vs Alpine for container & Docker apps

Background: For TurnKey 15 (codenamed TKLX) we're evaluating a change of architecture from the current generation of monolithic systems to systems as collections of container based micro-services. Essentially the service container replaces the package as the highest level system abstraction.

There are several layers to the new architecture, but the first step is to figure out the best way to create the service containers. Alon has been quietly working on this for the last couple of months and managed to slim down Debian to 12MB compressed for the base image:

Heroku is dead – no-one uses it anymore. You need to use Docker now

Because it's the future!

https://circleci.com/blog/its-the-future/

TL;DR:

  • modern devops is complicated 6 levels deep
  • curse of knowledge
  • one size does not fit all
  • new and shiny doesn't always make for good engineering
Blog Tags: 

ZeroNet and IPFS: uncensorable auto-scaling BitTorrent powered websites

Jeremy recently nudged me into taking a close look at IPFS and ZeroNet, two BitTorrent inspired projects aiming to help achieve a more resilient distributed web that levels the playing field and is less susceptible to centralized control.

The two killer apps seem to be:

  1. DDoS resistant high-performance content distribution at scale without scaling costs and complexity.

All your computers are belong to us: the dystopian future of security is now

Alon is contemplating replacing his laptop so I figured I would recommend he take a look at Purism, a company offering laptops that are designed for people that care about security and privacy.

Unfortunately, once I started looking a bit more closely at this little rabbit it ran deep down into its little rabbit hole and I discovered that in reality there are currently very very few hardware options for people that want a computer that is not backdoored with a sophisticated rootkit at the hardware level.

Blog Tags: 

CVE-2016-4340: Privilege escalation via "impersonate" feature in existing v14.0/1 GitLab deployments

It has come to our attention that existing deployments of TurnKey GitLab (versions 14.0 & 14.1) are vulnerable to CVE-2016-4340, a critical security issue that allows authenticated users to escalate their privileges to that of an Administrator.

This issue has been fixed with many others by the GitLab project, as detailed in the 2016-05-02 GitLab Security Advisory.

Due to the seriousness of the issue, new builds of TurnKey GitLab have been published today so new deployments are not vulnerable.

Pages