It has been a really long time since my last blog post, so let’s fix that by
writing a followup post to my popular article on learning to write Juju Charms,
where we wrote a simple Charm to deploy a production ready Minetest server,
complete with postgresql integration through Juju relations.
Today, we are going to go a step further and delve into Reactive Charms, where
we can define and maintain state through flags. Flags let us have a memory of
events that have happened in the past, and only run certain functions to “react”
to changes in those flags.
Reactive Charms are primarily written in Python, and there are a lot of different
submodules that exist to help you develop your Charm. So buckle up, because we
are going to take our little Minetest Charm to the next level.
A few days ago, a case came in which had some rather odd symptoms, such as
processes using high amounts of CPU and memory, and running from the
After asking for some logs, and some samples of the binaries, it became obvious
that the system was compromised, and was now running some interesting malware.
In this post, we are going to look into the malware called dovecat, which
turned out to be a cryptominer, and hy4, which is a IRC botnet malware
I’m pretty excited, as I haven’t analysed any Linux malware before, and this is
real life stuff pulled directly from a production machine, so it still has its
Let’s get started.
You might have noticed a small change when running the
dmesg command in
Ubuntu 20.10 Groovy Gorilla, since it now errors out with:
dmesg: read kernel buffer failed: Operation not permitted
Don’t worry, it still works, it has just become a privileged operation, and it
works fine with
sudo dmesg. But why the change?
Well, I happen to be the one who proposed for this change to be made, and
followed up on getting the configuration changes made. This blog post will
describe how it slightly improves the security of Ubuntu, and the journey to
getting the changes landed in a release.
So stay tuned, and let’s dive into
Recently I worked a particularly interesting case where an OpenStack compute node
had all of its virtual machines pause at the same time, which I attributed to
a reference counter overflowing in the kernel’s
Today, we are going to take a in-depth look at the problem at hand, and see how
I debugged and fixed the issue, from beginning to completion.
Let’s get started.
One of the more recent killer features implemented by most major Linux distros
these days is the ability to patch the kernel while it is running, without the
need for a reboot.
While this may sound like sorcery for some, this is a very real feature, called
Livepatch. Livepatch uses ftrace in new and interesting ways, by patching in
calls at the beginning of existing functions to new patched functions, delivered
as kernel modules.
This lets you update and fix bugs on the fly, although its use is typically
reserved for security critical fixes only.
The whole concept is extremely interesting, so today we will look into what
Livepatch is, how it is implemented across several distros, we will write some
Livepatches of our own, and look at how Livepatch works in Ubuntu for end users.