A remote exploit (CVE-2014-6271) has been in bash discovered that potentially affects any application that uses environment variables to pass data from unsanitised content, such as CGI scripts. After the release went public, other exploits were discovered (CVE-2014-7169). Official patches have been released to fix them. (Originally posted 24 September, updated 25, 26 and 29 September)
The recent vulnerabilities in the Bash shell initially stemmed from a remote execution exploit, which was patched and made available through responsible disclosure before being announced. However, since the initial release there have been other flaws detected which became zero day threats. What exactly was the problem with Shellshock, and is it truly fixed? InfoQ explains what happened.
Flocker is a volume and container management system for Docker based on ZFS. It allows for stateful containers, such as databases, to be moved between virtual or physical hosts. This provides a capability that is analogous to the live migration features of some virtual machine hypervisors. Version 0.1 has been released by ClusterHQ as an Apache 2.0 open source project.
CenturyLink has launched Panamax, a tool that they describe as ‘Docker Management for Humans’. Panamax distinguishes itself from other composition tools for Docker by offering a web based user interface, which can be used to compose multiple Docker containers into templates that can then be shared on GitHub.
CoreOS has announced the first CoreOS stable release, CoreOS 367.1.0, including Linux 3.15.2 and Docker 1.0.1, and supported across several platforms through the CoreOS Managed Linux product.
Cloud 9 has recently launched a new version of their online IDE. Usually, online developer tools are simpler than their native counterparts, some even refusing to call them IDEs. But Cloud 9 does not want to be just a rich editor, incorporating more and more features of a traditional integrated development environment.
Codio is a browser-based IDE supporting a large number of languages and including its own Ubuntu instance to test the code.
Docker 1.1.0 was recently released, within a month of the 1.0 release, with several features such as .dockerignore, pausing of containers when a commit is made to them, tailing logs and several other improvements.
Red Hat announced the general availability of Red Hat Enterprise Linux 7, the latest release of the company Linux distribution. This release provides the Docker application as a main management tool for Linux containers
Google has open sourced Chrome PDF engine, which allows to view and print PDF files, and fill PDF forms. The announcement came earlier this month from Foxit Software, the original maker of Foxit PDF SDK, which Google chose as the base for its Chrome PDF engine. Formerly closed-source, Chrome PDF code is now hosted on Google Source as the PDFium open source project.
After the launch of Docker 1.0 there was more to come. The conference t-shirts said ‘Containers everywhere!’, with plenty of evidence of that from the large Bay area service providers. There were also some additional launches - libswarm ‘a minimalist toolkit to compose network services’, libchan ‘an ultra-lightweight networking library’, and more partners getting involved with libcontainer.
Docker.io have used their inaugural DockerCon event to launch version 1.0 of their container management tools. It comes just days after the release of 0.12.0, which was focussed on stability, performance and usability rather than introducing significant new features. Production readiness means that Docker.io is now providing support services for Docker.
Microsoft continues to invest in PowerShell, its command-line shell and associated scripting language. PowerShell Desired State Configuration (DSC) can now manage Linux boxes in the same vein as it does for Windows. Microsoft open source DSC for Linux and is hosting the project at GitHub.
Docker version 0.11 has been released, which is the first release candidate for 1.0. The release doesn’t just focus on stability, and includes a number of new networking, security and administration features.
TechEmpower has been running benchmarks for the last year, attempting to measure and compare the performance of web frameworks. For these benchmarks the term “framework” is used loosely including platforms and micro-frameworks.