Tag Archives: Offer

Fedora’s GRUB2 EFI Build To Offer Greater Security Options


In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader.

GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren’t able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn’t allowed users to enjoy encryption of the boot partition and the “verify” module with ensuring better integrity of the early boot-loader code.

At last Friday’s FESCo meeting, the ticket was approved for including these modules in the default GRUB2 EFI build starting with Fedora 31 due out in October.

For future releases they may also look at automated signature verification as part of grub2-mkconfig as well as allowing cryptodisk to be configured from the Anaconda installer.

Fedora 31 Aims To Finally Offer Mono 5 For Open-Source .NET Support


While Fedora is generally known to ship the very latest upstream software with each release, Fedora has continued shipping Mono 4.8 even though Mono 5.0 shipped in May 2017. With the Fedora 31 release due out later in the year, they are finally working on switching to Mono 5.

The transition from Mono 4 to Mono 5 had been held up because of changes in their compiler stack and it depending upon some binary references. The Mono build process depends upon some binaries, which are actually available as source, but treated as pre-compiled binaries for simplification and speed.

This change caused issue for Debian and the Fedora developers are also in the same boat due to being adverse to binary components in their build process. Mono also requires itself to build and using Mono 4.8 isn’t able to build Mono 5.

The Fedora developers feel they have a path forward now as outlined via this change proposal and will be working to get Mono 5 into Fedora 31. This upgrade will allow cross-platform applications relying upon Microsoft’s .NET to now work if they have required .NET Framework 4.7 or later. Mono 4.8 also hasn’t worked on PowerPC 64-bit but Mono 5 should, among other benefits to upgrading this open-source .NET stack.

Linux Kernel Continues To Offer Mitigation for… » Linux Magazine

Usually, you want to mitigate all possible vulnerabilities unless we are talking about Meltdown and Spectre which are a class or family of dozens of vulnerabilities. But what sysadmins hate more than these vulnerabilities are mitigations offered to these vulnerabilities. Some of these mitigations have a massive impact on performance, while not offering any significant protection.

Gauging the pros and cons, sysadmins have gone as far as asking the Linux kernel community to give them an option to disable these mitigations. The Linux kernel community always listens.

Linux Kernel 4.15 added the ability for sysadmins to disable the kernel’s built-in mitigations for the Spectre v2 vulnerability, then Linux Kernel 4.17 offered the option to disable all mitigations for Spectre v4 and now Linux Kernel 4.19 allows admins to disable mitigations for Spectre v1.

You may or may not trust NSA, but they have a very decent guide on GitHub to help keep up with all Spectre related vulnerabilities.

Source link

Software-Defined Storage Products: IT Pros Offer Insight

Find out what users have to say about products in the emerging SDS market.

Software-defined storage promises two very attractive benefits to the enterprise: flexibility and lower cost. But how can IT pros know which software-defined storage (SDS) product will best meet the needs of their business?

Peer reviews published by real users can facilitate their decision-making with user feedback, insight, and product rankings that collectively indicate which products are in the lead.

Based on our real user reviews at IT Central Station, these products are some of the top choices for software-defined storage today.


A senior system engineer said, “The support we get from Nutanix is easily the best from all vendors we work with. If you open a case you directly speak to an engineer which can help quickly and efficiently. Our customers sometimes open support cases directly (not through us) and so far the feedback was great.”

However, a CTO at an IT consulting firm said while Nutanix has the ability to connect to Azure or AWS for storing backups, he would like to have the capability to spin up a backup on Azure or AWS for disaster-recovery purposes.

“Right now, you can only send a backup to either Azure or AWS. We would like to take a backup and spin it up to an actual server that could be connected to by users from the outside,” he added.

Here are more Nutanix reviews by IT Central Station users.

VMware vSAN

A senior systems administrator and storage specialist in the government sector said he finds that vSAN allows for very easy administration. “The fact that you don’t have LUNs to set up and assign is great. The ability to set up storage policies and assign them at the disk level is also a great part of this product,” he said. “You can allow for different setups for different workload requirements.”

A senior manager of IT infrastructure noted that “The vSAN Hardware Compatibility List Checker needs to improve, since currently it is a sore point for vSAN. You need to thoroughly check and re-check the HCL with multiple vendors like VMware, in the first instance, and manufacturers like Dell, IBM, HPE, etc., as the compatibility list is very narrow. I would definitely be happy if there is significant additional support for more models of servers from Dell, IBM, HPE, etc.”

Read more VMware vSAN reviews by IT Central Station members.

HPE StoreVirtual

A network engineer at a tech service firm reported that “Shelf level-redundancy is one of the big things that StoreVirtual has had before some other SAN manufacturer or SAN model brands, which is pretty nice. It can be rather expensive because you are much less efficient when you have that redundancy, but it’s definitely a benefit if you really need access to that data.

But a solutions engineer at an insurance company said the product’s user interface needs to be updated. “It’s getting kind of long in the tooth, and the user interface makes it look a lot more complex than it actually is to manage, and I think that you can mask a lot of that with a refresh of the user interface. While HPE has created a new HTML5 UI for the HyperConverged 380, it is not available to the rest of the StoreVirtual population.”

Read more HPE StoreVirtual reviews.  

Dell EMC ScaleIO

An engineer at a tech vendor that is both a customer and partner with Dell EMC likes the ScaleIO user interface. “EMC has been working with storage for a long time. Therefore, they know how to clearly present any important data, including data flow and each drive’s IOPS/bandwidth; and allow the user to easily monitor bottlenecks and problems, especially the rebuild and rebalance status of child objects. It controls them, as well as maintaining them well.”

He added that “If they could introduce a write cache feature, the product would be perfect overall.”

You can read more Dell EMC ScaleIO reviews here.

Source link