Language Selection

English French German Italian Portuguese Spanish

User Mode Linux: Maximizing performance, jailing attackers

Filed under
Interviews

User Mode Linux (UML)has ideal security features for controlling and jailing hackers once they've taken the sweetened bait of a 'honeypot,' says User Mode Linuxauthor and project architect Jeff Dike. UML can log all terminal traffic to the host in a way that's invisible and impossible to interfere with from inside the UML unlike Xen and VMware.

Take a tour of UML with Dike as he offers best practices, explains how to boot from an empty jail, talks about jailing attackers and more.

What are some unique issues of server consolidation with User Mode Linux?

Jeff Dike: From my point of view, server consolidation doesn't differ greatly from any other virtualization workload. So, the advantages of UML apply here the same as in other areas.

One aspect of server consolidation that may distinguish it from other virtualization workloads is that the host administrator may not trust the UML administrators. In this case, the UML administrators won't have shell access on the host, and the host administrator will need to decide how they will be allowed to access their UMLs.

The easy solution is to allow only network access. But this will increase the support burden when UML owners make their UMLs inaccessible by misconfiguring their networks. In this case, allowing the equivalent of logging in on a hardwired terminal would be nice, so that the UML admins still have access to their UMLs and can fix the network themselves.

So how should host administrators determine access criteria for UML?

Full Story.

More in Tux Machines

Lenovo launches Yoga Tab 3 and Yoga Tab 3 Pro Android tablets

Lenovo says improvements have also been made to the projector inside, which has gotten brighter and can now beam out a 70-inch picture — and you can point it at either the wall or your ceiling this time. Sound quality is also a major focus, as the Yoga 3 Tab Pro has four front-facing speakers and what Lenovo describes as "virtualized Dolby Atmos" for an experience the company says can replicate surround sound. Such claims rarely pan out, but if you need to throw on a Netflix movie for a small room or restless kids (like say, when Netflix gets first dibs on Disney films next year), it might work out just fine. Read more

Moto X Pure Edition Review: This Phone Does Android Better Than Google

If you’re looking for the absolute best value Android smartphone out there: Yep. Yep, you should. The only hesitation you should feel in your heart is that Google will most likely be announcing two Nexus smartphones possibly by the end of the month. A Google Phone means two devices very similar to the Moto X, definitely getting upcoming Marshmallow update first, and ones that could even be a part of Google’s new Project Fi wireless service. But what Nexus most likely won’t have is a look tailored specifically to you and legitimately useful Moto apps you’ll want to use. Pull the trigger or wait—it’s a win-win. Read more

Chromebooks

  • Linux Foundation Gives Away Chromebooks with Open Source Training
    Want to learn about open source programming and get a free Chromebook? The Linux Foundation is sponsoring an opportunity to do both by enrolling in one of its training courses this month.
  • Chromebooks are eating Microsoft’s lunch and dinner
    Now there are concrete numbers to show that Chromebooks are in fact beating the sales of Windows notebooks. Microsoft fans may not accept it, but Microsoft knows how credible a threat Chrome OS is: That is why they ran an anti-Chromebook ad campaign, and why, we presume, they have created strategies to counter Chromebooks. You don’t come up with such plans to mute a non existing threat.

Getting to grips with Google’s open-source container project

Google decided to put its container project Kubernetes [ku-ber-net-ease] out in the wild because "there is power in open source", its co-founder tells ComputerworldUK. The project, which aims to simplify containers for organisations looking for faster app launch and scale-out, began as a “grand experiment”, Kubernetes' co-founder Craig McLuckie reveals. During the build, he discovered that if Google built a cloud platform in the open, “it would be better across any measurable dimension.” Read more