Category Archives: News

New Exploit Vulnerability: CVE-2014-6271

A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

An advisory from Akamai explains the problem in more depth, as does this OSS-Sec mailing list post.

How to check?

You can check if you’re vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words “busted”, then you’re at risk. If not, then either your Bash is fixed or your shell is using another interpreter.

env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

Or run this command in the default shell:

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the output includes the word “vulnerable”, okay… you’re at risk.

Patch:

This vulnerability affects Apple’s OS X – and is useful for privilege escalation – as well as Debian and other Linux distributions. Fortunately, patches are already available: http://seclists.org/oss-sec/2014/q3/650

Patch your systems ASAP!

Support List:

  1. Novel/SuSE
  2. Debian
  3. Ubuntu
  4. Mint
  5. Redhat/Fedora
  6. Mageia
  7. CentOS

After patching my system (Ubuntu 12.04 LTS):
ShellShock

树莓派摄像头开卖

最新官方消息,树莓派的摄像头已经可以购买了,可以在 RS Components 或者 Premier Farnell/Element14 上订购。
摄像效果见下图:

以下是官方对于如何装载摄像头做的视频和图文教程,简单翻译了下:

1. 开启摄像头支持
开机后登录,默认用户是 pi,默认密码为 raspberry。在终端输入以下命令升级固件到最新版本:

sudo apt-get update

sudo apt-get upgrade

输入以下命令进入配置管理:

sudo raspi-config

浏览至 camera ,选择 enable

2.如何使用树莓派摄像头软件
raspivid 是一个命令行应用,它可以捕捉视频,而 raspistill 可以帮助你捕捉图片。
-o 或 –output 指定输出文件名, -t 或 –timeout 指定播放预览的时间,以毫秒为单位。要注意的是,默认设置为5秒,且 raspistill 将会捕捉预览期间的最后一帧
-d 或 –demo 会运行demo演示,循环播放各种图像效果。

3.示例命令
以jpeg格式捕捉图像:

raspistill -o image.jpg

以h264格式捕捉5秒视频 format:

raspivid -o video.h264

捕捉10秒视频:

raspivid -o video.h264 -t 10000

在demo模式捕捉10秒视频:

raspivid -o video.h264 -t 10000 -d

查看 raspivid 或者 raspistill 的选项,你可以输入:

raspivid | less
raspistill | less

使用方向键滚动,输入q推出。

更多文档见:Extended documentation

我们建议您修改SSH密码,防止未授权的访问

转载请注明:Open Source Planet » 树莓派摄像头开卖

MAAS是什么?

What is MAAS? MAAS 是”Metal As A Service”的缩写,是Ubuntu12.04大力推广的自动化部署工具

Hardware that is provisioned through the MAAS can be provisioned dynamically, just like cloud instances – except that we’re talking about the whole physical node. “Add another node to the Hadoop cluster, and make sure it has at least 16GB RAM” is easy with the MAAS. Cloud semantics, in the non-cloud world.

Through a simple web interface or web API you add, commission, update, deploy and recycle physical servers at will. As your needs change, you can respond rapidly, by adding new nodes and dynamically re-deploying them between services. When the time comes, nodes can be retired for use outside the MAAS.

When commissioning a new node, MAAS can take care of hardware-specific tasks such as burn-in tests, firmware and RAID upgrades – and checking whether your hardware is Ubuntu certified. Together with Juju, MAAS makes it easy to turn a network of physical servers into a functioning private cloud.

英文介绍视频:

转载请注明:Open Source Planet » MAAS是什么?

安装Ubuntu 12.10后必做的10件事

1.了解有哪些新特性
我们可以通过下面的视频简要了解这次的版本有哪些新特性:

2.检查更新
安装12.10后,可能需要通过更新来弥补一些BUG,所以你可以通过打开Dash搜索Software Updater来进行更新;
命令行方式是终端输入:
sudo apt-get update&&sudo apt-get upgrade

3.安装媒体解码器
安装系统时已经有选项可以选择安装,如果你没有安装,只需点击安装如下的包即可:

Install Third-Party Codecs

4.添加在线账户
Ubuntu12.10下设置聊天和社交应用变得更加容易,不需要在不同的App中输入相同的账户信息,而你只要添加一次在线账户,就可以在不同的App中使用。

Unity Launcher中点击系统设置(System Settings)——>齿轮扳手(cog and spanner) ——>在线账户(Online Accounts) ——>添加账户(Add Account)

服务支持Aol, Windows Live, Twitter, Google, Yahoo!, Facebook (包括Facebook Chat), Flickr等等。
与在线账户关联的应用包括IM应用 Empathy, 社交客户端 Gwibber 和张片管理应用 Shotwell

5.整合Web应用

Unity Web Apps是此次的新特性之一,它与桌面整合了最流行的30个网站。例如,你可以添加BBC News ,你将会收到包含最新头条的通知推送。

6.调节隐私设置
隐私选项位于:系统设置面板,你可以选择哪些文件、文件夹和内容被记录或者不被记录,还可以清楚之前的记录。

7.安装专有硬件驱动
如果你希望系统发挥更好的视觉效果,玩3D游戏,就必须安装专用的驱动。
在系统设置(System Settings)——>附加驱动(Additional Drivers)中安装即可。

8.禁用或者删除Shopping Lens
作为一个新特性,Dash中的Amazon产品建议将会在你搜索App时出现,这是可以关闭的,打开系统设置中的隐私面板,设置”Include Online Results”为”Off”。

9.设置Ubuntu One
Ubuntu One使你在不同设备之间同步文件,有免费的5G空间,你只需在登录器中点击UbuntuOne图标,将会提示你登入账户(先注册)。

10.Enjoy it!
在Ubuntu上好好发挥你的创意,开展工作,Enjoy it!

转载请注明:Open Source Planet » 安装Ubuntu 12.10后必做的10件事