Man Erases Thousands of Websites

The rm -rf is a dangerous command. Use at your own discretion. A man who owns a server that run thousands of website learned this lesson the hard way. If there’s anything to learn from this experience, it’s probably best not to use rm -rf within your scripts. If you really have to, you need to have to be explicit with your commands by including the full path. If the relative path fails, the deletes are explicit for that particular directory and nowhere else.

Bash Shell on Windows 10

Microsoft announced today that it’s bringing in Bash shell into Windows 10. Bash or Bourne Again Shell, is the standard shell terminal for both OS X and Linux terminals. That means developers will be able to write their shell scripts in Windows 10.

How is this possible. Microsoft worked with Canonical, Ubuntu flagship company, in getting a Linux subsystem inside Windows 10 without the need for virtualization or emulation.

The native availability of a full Ubuntu environment on Windows, without virtualization or emulation, is a milestone that defies convention and a gateway to fascinatingly unfamiliar territory,” Canonical founder Mark Shuttleworth said in a statement today. “In our journey to bring free software to the widest possible audience, this is not a moment we could have predicted. Nevertheless we are delighted to stand behind Ubuntu for Windows, committed to addressing the needs of Windows developers exploring Linux in this amazing new way, and excited at the possibilities heralded by this unexpected turn of events.

Does this mean no more of the dreaded backlash on paths?

Cron Jobs Not Executing

I have a couple of BASH scripts that I run overnight via cron. The script uses the s3cmd command line tool to interact with Amazon S3 storage on the cloud. One day, the script just stopped working. I couldn’t figure out what’s changed.

Upon further investigation, it turns out to be a permission issue. Somehow, the .s3cfg files where the Amazon credentials and other things are stored have changed ownership to root. I used the chown command to change ownership back to the user.

The cron job is once again working like a charm.

Ubuntu Server Upgrade

I performed a Linux Server upgrade from 12.04 LTS to 14.04 LTS last night. Disaster. Well, the upgrade wasn’t quite as seamless than I thought. Apache died. I was getting 500 error on all my websites. I wasn’t about to spend hours trying to fix Apache, and who knows what else was not working. I have several applications running on my Linode VPS server in addition to the standard LAMP. So, I started the image recovery 20 minutes after I found out things weren’t working as well as they should be. My only other option now is to create a new server from scratch with the latest Ubuntu Server release, and then migrate all my apps and data. I think I’ll wait for 16.04 LTS to come out in a couple of months.

Linux Mint Website Hacked

Linuxmint.com got hacked today. Hackers were able to gain access to the website. They were able to direct users to download a modified ISO image that contains a backdoor. The hacked version potentially can steal user’s information. The hacked version only applies to the downloaded Linux Mint 17.3 Cinnamon edition. The Linux Mint blog say to always verify the checksum of the downloaded ISO file.

Ubuntu 14.04.4 LTS

Canonical just released Ubuntu 14.04.4 LTS. This is the 4th update to the 14.04 series which was originally released back in April 2014. It’s probably the most stable Ubuntu to date, after being baked in the oven the last 2 years. I don’t think they will release another one with this series since Ubuntu 16.04 just around the horizon.

Zero Day Flaw

Millions of Linux servers and Android devices were hit with a zero-day flaw today.

What is zero-day flaw? From pctools.com:

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

From zdnet.com. The issue today was:

A new, previously undiscovered flaw that allows an attacker to escalate local user privileges to the highest “root” level is said to hit “tens of millions” of Linux PCs and servers. Because some of the code is shared, the zero-day flaw also affects more than two-thirds of all Android devices. The flaw, said to date back to 2012, affects Linux kernel versions 3.8 and higher, which extends to devices running Android KitKat 4.4 and higher. The vulnerability is in the keyring facility, baked into the core of the Linux software. If exploited, an attacker would be able to execute code on the Linux kernel, and extract cached security data, which can include in some cases encryption and authentication keys.

Read the rest of the article from ZDNet.