Posts

Showing posts from 2014

Shellshock / bash vulnerability

There's been a lot written about this already so not going to say too much more but posting so I can keep a collection of links together and point people to it. It does warrant you changing your schedule and go patch things quickly.

The original vulnerability can be found at CVE-2014-6271.

Unfortunately the vulnerability and fix wasn't complete so if you patched you may need to go and patch again. Details of this updated vulnerability can be found at CVE-2014-7169

Here is Ubuntu Linux advisory. You need to be on bash 4.3-7ubuntu1.3 or higher

Here is Amazon Linux advisory. You need to be on bash 4.1.2-15.21 or higher

Here is Red Hat advisory. The version you need depends on your version of RHEL. See more details here.

The link for AWS for what needs doing is here.

Some good discussion on the issue is at lwn.net

Getting Apple USB Ethernet adapter working with Windows 8.1 (or Windows 10)

At work I'm now alternating between Windows 8.1 on a Dell and an Apple Macbook Air. As part of this I just want to switch one USB cable between machines when I switch, that is connected to a USB hub.

One of the things I've attached to my USB hub is a USB to Ethernet converter. The one I had was a no-name brand one which didn't work by default on Apple. Rather than trying to get it working on Apple (and being unstable from past experience) I just plugged in an Apple USB to Ethernet converter (part A1277). Worked fine on the Mac, no joy on the Dell.

Having a poke around the Dell could see what the hardware was fine, just couldn't find drivers. Now if you Google around you'll quickly see that it is an Asix chipset and people tell you to download their drivers and update drivers. Tried this, didn't work and more Googling said you can shoehorn them in by resigning, altering INF files etc. I've done this before but this just didn't seem right to me consideri…

Google Compute Engine vs AWS

I've had a few people ask me what I think of Google Compute Engine vs AWS.
My take on Google Compute Engine is that it is now a viable alternative to AWS, as is Microsoft Azure for some firms. It is less mature than AWS in many ways and has had a few glitches - like AWS had in it's early days.
Areas that are particularly strong for Google Compute Engine are:
automatic price discounting (sustained use discounts) when machines run for a while (you have to reserve instances with AWS)data querying. You pay for what you use versus AWS Redshift which charge you continuouslyGoogle App Engine can be connected to it and is a true PaaS. I feel AWS Elastic Beanstalk is IaaS shoehorned into PaaS. AWS remains stronger for the maturity, the ecosystem around it and the sheer depth of products Amazon offer.

For me the pain to migrate from AWS to GCE wouldn't be worth any (theoretical) gain right now, especially given it would probably cause a few months delay to business. Google are keen t…