Ubuntu multi-purpose

With Ubuntu, Canonical has tried to get a foothold in many markets: home desktops, mobile devices, servers, and (most recently) the cloud. Some pundits have accused the company of behaving somewhat erratically over the years, jumping onto the latest bandwagon but never fully committing to a specific market. Others suggest this was the right approach – dabbling in new territories to see where money could be made.

REF: http://www.linux-magazine.com/Issues/2017/201/Distrospective

TrendLabs: SambaCry

Figure 1. Samples of the malware files on a public shared folder

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/

container I/O separation

For lxc:

lsblk to get device:

└─sda3 8:3 0 3.7T 0 part
├─pve-root 251:0 0 10G 0 lvm /
├─pve-swap 251:1 0 2G 0 lvm [SWAP]
├─pve-data_tmeta 251:2 0 116M 0 lvm
│ └─pve-data-tpool 251:4 0 3.6T 0 lvm
│ ├─pve-data 251:5 0 3.6T 0 lvm
│ ├─pve-dir 251:6 0 50G 0 lvm
│ ├─pve-vm--60200--disk--1 251:7 0 600G 0 lvm

then
limit read to 10KB/s for container 60200
echo "251:7 10000" > /sys/fs/cgroup/blkio/lxc/60200/blkio.throttle.read_bps_device

for iops use blkio.throttle.read_iops_device

REF: https://forum.proxmox.com/threads/i-o-disk-limit.28591/

2017 open source forum

• fetch new updates
• merge with understanding
• commit to action
• push to the world

Proxmox: NFS access denied

on CT / LXC NFS client side:
mount.nfs: access denied by server while mounting...

The problem was on proxmox side. Proxmox have apparmor and that thing is blocking everything.

To stop apparmor and make him not work, do this steps

# /etc/init.d/apparmor stop
# /etc/init.d/apparmor teardown
# update-rc.d apparmor disable

REF: https://askubuntu.com/questions/897411/nfs-access-denied-by-server-while-mounting-client-side-is-a-lxc-proxmox

TrendLabs: New Apache Struts Vulnerability

When one looks at the solution provided by the vendor, it clearly mentions to always use resource keys instead of passing a raw message to the ActionMessage, as shown below:

messages.add(“msg”, new ActionMessage(“struts1.gangsterAdded”, gform.getName()));

A raw value should never be passed, as in the example below:

messages.add(“msg”, new ActionMessage(“Gangster ” + gform.getName() + ” was added”));

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/examining-cve-2017-9791-new-apache-struts-remote-code-execution-vulnerability/

TrendLabs: Android Backdoor GhostCtrl

There’s actually a red flag that shows how the malicious APK is an OmniRAT spinoff. Given that it’s a RAT as a service, this can be modified (or removed) during compilation.

Figure 1: Snapshot of GhostCtrl version 3’s resources.arsc file indicating it’s an OmniRAT variant (highlighted)

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/android-backdoor-ghostctrl-can-silently-record-your-audio-video-and-more/

Low Latency Streaming Media Impacts UX

Today’s consumer has a shorter average attention span than a goldfish. When you also consider the increasing oversaturation of the app market, that means streaming media content providers have to work harder than ever to win customers. In this competitive landscape, one factor most differentiates streaming platforms across industries: offering a high-quality user experience (UX).

The UX of streaming media content is heavily impacted by three metrics:

• End-to-end latency: The time between video or audio being captured at the source and when it plays back on an end-user’s device.
• Time to first frame (TTFF): The time it takes for content to initially load on an end-user’s device.
• Perceived quality: The quality of streaming content, as perceived by an end user—including the video resolution; audio clarity; and performance and stability of the platform.

“If a video doesn't play immediately, users don't think of terms like ‘latency’; they think of terms like ‘broken.’ I've had bugs reported for delays of less than a second. In today's instant world, low-latency videos aren't a feature—they're an expectation.”

—Brandon Gregory, technical architect at Intouch Solutions

REF: https://www.wowza.com/blog/report-low-latency-streaming-media-impacts-ux

Why Rethinking Rejection Can Increase Productivity

Setting a challenging rejection goal means you don’t have time to wallow. To get 100 rejections in a year like Liao, you need to be sending something out almost daily. You need to generate new ideas quickly, and even resubmit rejected ones to a new outlet as soon as possible.

Learning to roll with rejection may even encourage healthy business growth. You may have to research more potential clients or markets so you don’t overwhelm your current list of contacts.

REF: https://blog.trello.com/rethink-rejection-to-increase-productivity

TrendLabs: Spam Campaign Delivery

Notorious as a multiplatform do-it-yourself RAT, Adwind has many aliases: jRAT, Universal Remote Control Multi-Platform (UNRECOM), AlienSpy, Frutas, and JSocket. In 2014 we found an Android version of Adwind/jRAT modified to add a cryptocurrency-mining capability. The fact that it’s sold as a service means this threat can be deployed by more cybercriminals who can customize their own builds and equip them with diverse functionalities.

Figure 1: JAVA_ADWIND detections from January to June, 2017

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/spam-remote-access-trojan-adwind-jrat/

Bitnami: credentials

Please check our documentation at https://docs.bitnami.com/aws/faq/#how-to-find-application-credentials to learn how to get your password. You may change this username and password within the application settings. You can also access your instance via SSH using the username 'bitnami' and your Amazon private key.

Also check the instructions in AWS marketplace, and disable the banner:
# /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1

MuPDF lightweight viewer.

The viewer is small, fast, yet complete. It supports many document formats, such as PDF, XPS, OpenXPS, CBZ, EPUB, and FictionBook 2. You can annotate PDF documents and fill out forms with the mobile viewers (this feature is coming soon to the desktop viewer as well).

REF: https://mupdf.com/

Proxmox: PTY allocation request failed

...edit /etc/rc.sysinit and look for this line: /sbin/start_udev
Remove that line and restart the container and you might be good to go!
...This does work but as soon as you run yum if it updates any networking it puts it back in guys: /sbin/start_udev

REF: https://forum.proxmox.com/threads/pty-issue-with-ve-4-containers-converted-from-3.23485/

Hybrid IT with mixed clouds

• DC: the new KPIs for a leading digital business
• Digital transformation is hard for traditional business since mindset is too different.
• before 2016, data helps internal efficiency.
• after 2016, data creates revenue.
• AWS region > 2 AZ > 2 DC (data center). 
• 1 DC > 50,000 machines.

"family remote support" with VNC

1) vnc.myname.domain — I have static IPs, but you could use DynDNS to have a DNS name point to. . .
2) a static nat rule that takes the IP assigned to vnc.myname.domain and forwards port 5500 (the default listening VNC port) to. .
3) a listening VNC viewer I run when I talk to my family members.

REF: http://marc.info/?l=openbsd-misc&m=149982622520689&w=2

BCP for OpenBSD

> same thing that happens for any open source volunteer project, or any
> sole proprietorship...or any corporation.  Someone(s) may step up, they
> may not.  They may succeed in keeping the team together, they may not.
> The project may improve, it may "lessen".

What a bunch of worrying balony.

I have asexually reproduced a few times, and put the other copies of
myself in stasis.

In the event that I fall off a mountain or get attacked by group of
dogs in central Turkey, a copy is automatically brought out of statis
to continue to effort.

The process is so transparent, that you won't even know if it has
happened before...

REF: http://marc.info/?l=openbsd-misc&m=137609553004700&w=2

It’s not just SDN

If I were to more accurately describe SDN based on my experiences in the networking industry, I would define it more broadly. Instead of defining SDN as a specific solution (such as OpenFlow), I define SDN as a highly automatable and programmable network infrastructure.

What SDN providers exist today?

• OpenFlow: Many companies and communities drive OpenFlow solutions, but today there is no guarantee any one solution can interoperate with any other.
• Proprietary or vendor-specific: Solutions such as Cisco’s ACI and Juniper Contrails are closed solutions that are positioned as SDN. Arguably, certain OpenFlow solutions can fall under here as well since they don’t all adhere to an OpenFlow standard.
• Network virtualization with technologies like VXLAN. Cumulus Networks believes that network virtualization (VMware NSX, Midokura MidoNet, Cumulus Networks EVPN, and even Open Contrail) is the way forward for this type of SDN. To learn more about network virtualization, refer to our documentation on the subject.

REF: https://cumulusnetworks.com/blog/linux-sdn-networking/

Unseen.is going non-profit

Unseen, ehf is converting to a non-profit company (project) structure, it's just not possible to run an honest service without severe interference from various entities. It will be a project staffed by volunteers and everyone is welcomed to contribute or donate.

REF: https://www.surveymonkey.com/r/TW7R9BN

TrendLabs: Android Continuing Mediaserver and Qualcomm Issues

This bulletin continues the tackle the vulnerabilities in Mediaserver we’ve been discussing for the past few months. In March we mentioned that an attacker can use specifically crafted files –H.264 and H.265 videos—to cause memory corruption during file processing. These vulnerabilities could also potentially allow attackers to execute remote code using Mediaserver processes. Patches for these and related media codec vulnerabilities continued to be released in April, May and June as well.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/julys-android-security-bulletin-addresses-continuing-mediaserver-qualcomm-issues/

Cumulus SDN: Netfilter - ACLs

The chains and their uses are:

• PREROUTING: Touches packets before they are routed
• INPUT: Touches packets once they are determined to be destined for the local system but before they are received by the control plane software
• FORWARD: Touches transit traffic as it moves through the box
• OUTPUT: Touches packets that are sourced by the control plane software before they are put on the wire
• POSTROUTING: Touches packets immediately before they are put on the wire but after the routing decision has been made

REF: https://docs.cumulusnetworks.com/m/view-rendered-page.action?abstractPageId=5866550

TrendLabs: SLocker Mimicking WannaCry

Figure 1. Timeline for this ransomware sample

The original sample captured by Trend Micro was named “王者荣耀辅助” (King of Glory Auxiliary), which was disguised as a cheating tool for the game King of Glory. When installed, it has a similar appearance to WannaCry, which has already inspired a few imitators.

REF: http://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/

Proxmox VE 5.0 released

Proxmox VE 5.0

• is based on Debian 9 "Stretch"
• has a modified Linux Kernel 4.10
• introduces a completely new open-source storage replication stack, fully integrated into the GUI
• has fantastic Ceph preview
• allows simplified import of disk images from VMware, Hyper-V, etc.
• brings many GUI improvements: new live migration with local storage via QEMU, USB und Host PCI address, bulk actions, filtering options, and much more...

For all details, the release notes, and the FAQ please read the forum announcement:

REF: http://www.proxmox.com/index.php?subid=15299&option=com_acymailing&ctrl=url&urlid=2503&mailid=131

ResourceSpace: CARE International

"ResourceSpace is a great tool to have. You can keep control of quality, and it's made people's lives easier in terms of sharing content and facilitating communication."

CARE International runs poverty-fighting projects and responds to humanitarian emergencies around the world. With staff and offices based in 94 developing countries, it needs systems that can cope with its highly-connected approach to sharing key information and communications, instantly.

Speed and co-ordination is critical for CARE International, particularly in situations such as largescale emergency appeals. Previously, members of the organisation in different countries had their own systems for saving and storing files, which made document sharing challenging and disparate.

REF: http://www.resourcespace.com/feed?47

Trello Automation

Training Your Board’s Mr. Belvedere

The great thing about Butler is that commands are written in natural language, meaning you don’t need to have any coding skills to get the most out of your butler on their first day on the job. Creating tasks for Butler is like playing productivity Mad Libs, and they can have as many steps as you like.

REF: https://blog.trello.com/butler-power-up-trello-automation

Stream paulse for stream monitoring

After months of research I have found only one way it can be done.

1. You will need a program called Steam Pulse: http://streampulse.net. Try the 30 day trial. Install it according to there directions. (Do not install it on the wowza server. It should be on some other box that can access the wowza stream.) I will call this your Monitoring machine. You will have to open up your firewall so that your prtg server can access the Monitoring machine.

2. Test the monitoring machine using any web browser. Enter your stream pulse command. It will look something like this:

http://MonitoringMachineIP:5052/check?url=rtmp://YourWowzaServer.com:1935/live/streamename.stream&time=30

After about 30 seconds it should return a value similar to this:

[200] OK - Flash media is still playing OK. BufferLength: [0.001]; BufferTime: [0]; BytesLoaded: [0]; BytesTotal: [0]; CanSeek: [true]; CurrentTime: [25.85]; Duration: [NaN]; DynamicStreamSwitching: [false]; HasAudio: [true]; HasDRM: [false]; IsDynamicStream: [false]; Loop: [false]; MediaHeight: [368]; MediaWidth: [640]; NumDynamicStreams: [0]; State: [playing];

3. Next we setup the PRTG Sensor. The type of sensor you need is the HTTP Content Sensor. For best results set the timeout to 120. Insert the stream pulse test command in the script url. I recommend that you set the interval for at least 15 minutes. Under number of channels I put 5. It returns 16 or 17 values but PRTG will ignore the text values anyway, so I just picked up the first 5.

There you have it. You can similarly use StreamChecker (another product by the same company) to monitor Windows Media Streams.

Note: The guys over at StreamPulse worked with me to get this working. They even modified the output of the StreamChecker and StreamPulse in order for it to work. So, Kudos to them!

REF: https://kb.paessler.com/en/topic/8733-how-do-i-monitor-a-video-stream-rtmp-via-wowza

The Cuckoo sandboxing malware analysis tool

REF: http://www.admin-magazine.com/Archive/2017/38/The-Cuckoo-sandboxing-malware-analysis-tool