Announced last 14th September with a TechNet blog post, Project Honolulu is the free, Web-based HTML5 platform for centralized management of hosts and clusters that allows to control, manage and troubleshoot Windows Server environments from a single panel. Today is available as a “technical preview”.
Typically, the administration Windows server environments relies upon MMC (Microsoft Management Console) and other graphic tools, in addition to PowerShell, which guarantees a powerful and complete scripting system capable of an high level of automation.
Project Honolulu can be compared to VMware vCenter’s Web Client (albeit some differences), is a centralized management solution for Windows Server hosts and clusters, conceived not as a replacement for System Center and the Operations Management Suite, but as a complementary tool.
Projet Honolulu is the natural evolution of Server Management Tools (SMT is the analog tools retired a few months ago because as it ran on Azure, it required a constant Internet connection that sometimes it can’t be guaranteed) and represents its local, on-prem version. It’s not a substitute for MMC.
During last Ignite, Microsoft introduced the project with two demo sessions (one and the other), and covered the topic with a blog post.
Read more Project Honolulu: a web-based management control for Windows Server by Microsoft
HyTrust published its VMworld 2017 Cloud Adoption Survey
HyTrust, an IT company in the security sector, published a report on the enterprise cloud world made during last VMworld 2017.
323 companies were surveyed, and these are the results. 21% of them are concerned about GDPR and have a plan in place and 52% are not concerned about GDPR or are unaware of its relevance for their business and 27% are concerned about GDPR, yet have no plan in place.
Among the other results of the survey, although the hybrid cloud infrastructures are more and more used, 22% don’t use a public cloud, 44% don’t have an hybrid cloud and 28% entrust a single hybrid cloud vendor. The percentage of those who don’t use any form of encryption in a public cloud thankfully lowers from 28% of last year to 10% of this year. The biggest fears in terms of security are about uncontrolled or unmonitored access by admins (32%) and a malicious or accidental exposure of workload data (30%).
Containers are an appealing topic but it’s seldom used in production: just 12% of participants use it a production environment.
CMS
Joomla 3.8.3 is now available
Joomla 3.8.3 is now available; this is a security release that doesn’t introduce any new feature, rather it fixes security issues and improves performances.
In particular, this release adds support for PHP 7.2 multiple download sources on update servers (AKA download mirrors), TinyMCE has been updated to version 4.5.8, improvements for multilingual support and search performances for big sites. A complete list of fixes is available at this address.
This version is available within the admin console or at this address.
Meanwhile, the Alpha 1 version of the upcoming Joomla 4.0 is available. The preview include new Bootstrap 4 templates, removal of obsolete functions, a new installation wizards, integration of Joomla Framework packages and a renewed Application for Consoles.
WordPress 4.9 is now available
WordPress 4.9, nicknamed “Tipton”, is now available. This version introduces several new features, including a Customizer with new features, improvements to the system code, new widgets and several new features for developers like improved JavaScript API customizer, CodeMirror (a new library for code revision), MediaElement.js update to version 4.2.6 and other improvements to plugin and translation files management.
This version is available in the administration console or at this address.
Version 4.9.1 is available as well. This is a security release that doesn’t introduce any new feature, rather it fixes security issues. Improvements of this release include a properly generated hash for the newbloguser key instead of a determinate substring, addition of escaping to the language attributes used on html elements, ensuring the attributes of enclosures are correctly escaped in RSS and Atom feeds and removal of the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Eleven additional bugs have been fixed, including issues relating to the caching of theme template files, a MediaElement JavaScript error preventing users of certain languages from being able to upload media files and the inability to edit theme and plugin files on Windows based servers.
Further information about this version are available at this address.
Read more CMS Bulletin January 2018You have heard about it for sure, it’s one of the hottest technologies of the moment and it’s gaining momentum quickly: the numbers illustrated at DockerConf 2017 are about 14 million Docker hosts, 900 thousands apps, 3300 project contributors, 170 thousands community members and 12 billion images downloaded.
In this series of articles we’d like to introduce the basic concepts in Docker, so to have solid basis before exploring the ample related ecosystem.
The Docker project was born as an internal dotCloud project, a PaaS company, and based on the LXC container runtime. It was introduced to the world in 2013 with an historic demo at PyCon, then released as an open-source project. The following year the support to LXC ceased as its development was slow and not at pace with Docker; Docker started to develop libcontainer (then runc), completely written in Go, with better performances and an improved security level and degree of isolation (between containers). Then it has been a crescendo of sponsorships, investments and general interest that elevated Docker to a de-facto standard.
It’s part of the Open Container Project Foundation, a foundation of the Linux Foundation that regulates the open standards of the container world and includes members like AT&T, AWS, DELL EMC, Cisco, IBM Intel and the likes.
Docker is based on a client-server architecture; the client communicates with the dockerd daemon which generates, runs and distributes containers. They can run on the same host or on different systems, in this case the client communicates with the daemon by means of REST APIs, Unix socket or network interface. A registry contains images; Docker Hub is a public Cloud registry, Docker Registry is a private, on-premises registry.
Read more An introduction to Docker
In the next issue you will find an article dedicated to the recent Meltdown and Spectre vulnerabilities, which are not covered in this bulletin.
DDoS attacks and Botnets
Necurs botnet now distributes ransomware
Necurs is alive and kickin’ and is distributing malware with, at least, three different campaigns as MyOnlineSecurity reports.
The first campaign is about the Scarab ransomware and is spread through emails. A bogus email has copier@victim-domain as sender, “Scanned from HP” (or other brand) as object, the email body is blank but there’s an attachment which, obviously is the ransomware itself. Such email pretends to deliver documents scanned with a network printer.
The second campaign too is conveyed via email and is about another ransomware, Globeimposter. The sender is invoicing@random-company, a random alphanumeric string as object (ie, FL-610025 11.30.2017), and as the previous one it has no body content but an attachment.
The third campaign is similar and pretends to deliver an invoice from Amazon as an attachment. It’s not a ransomware, but a banking trojan indeed.
ProxyM botnet attacks websites
Dr.Web identified a botnet, called ProxyM, which is based on the Linux.ProxyM.1 malware and previously used for email spam campaigns (up to 400 messages per device per day).
The malware being distributed attacks Linux devices and creates a SOCKS proxy server; the attack mode has changed recently, and today ProxyM hacks websites. Infected hosts perform SQL Injection, XSS (Cross-Sie Scriptingt) and LFI (Local File Inclusion) attacks on websites like forums, game servers and generic sites, without a precise scheme. Dr.Web observed 10 to 40 thousands attacks per day.
GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!
MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.
Read More