Category Archives: Commentary

A community member shares a viewpoint

XSA-108: Not the vulnerability you’re looking for

There has an unusual amount of media attention to XSA-108 during the embargo period (which ended Wednesday) — far more than any of the previous security issues the Xen Project has reported. It began when a blogger complained that Amazon was telling customers it would be rebooting VMs in certain regions before a specific date. Other media outlets picked it up and noticed that the date happened to coincide with the release of XSA-108, and conjectured that the reboots had something to do with that. Soon others were conjecturing that, because of the major impact to customers of rebooting, that it must be something very big and important, similar to the recent Heartbleed and Shell Shock vulnerabilities. Amazon confirmed that the reboots had to do with XSA-108, but could say nothing else because of the security embargo.

Unfortunately, because of the nature of embargoes, nobody with any actual knowledge of the vulnerability was allowed to say anything about it, and so the media was entirely free to speculate without any additional information to ground the discussion in reality.

Now that the embargo has lifted, we can talk in detail about the vulnerability; and I’m afraid that people looking for another Shell Shock or Heartbleed are going to be disappointed. No catchy name for this one.

Continue reading

Open Source Exposed

In an effort to further promote the Xen.org community and our amazing open source technologies, I have taken it upon myself to become an open source blogger on Network World. Of course, the benefit of exposure to me is something I will have to deal with. My hope is to educate people on the basics of open source while at the same time reaching out to open source enthusiasts with ideas that should be far outside the mainstream.

My first blog post is available at http://www.networkworld.com/community/blog/microsoft-open-source-company and should cause heartache as I point out how successful Windows is as an open source platform. If you have any ideas on future topics, please feel free to contact me.

New Blogroll Links for Xen Content

I have added a few new Blogroll links to other people who have active blogs on the Xen hypervisor. Please take some time to visit their blogs for interesting information:

Xen Hypervisor Case Studies

I am starting a new community initiative to collect and write Xen hypervisor case studies to demonstrate the variety of ways that the Xen hypervisor is leveraged in the IT world. The initial case study is from a Swedish company, ATG: ATG Case Study Feb 29, 2008

I have created a new section in the Wiki to store all the case studies that the community or I create. You can get to the Wiki case study section here.  Please feel free to create your own case study and upload into the Wiki site or contact me at stephen.spector@citrix.com if you would like my assistance. Having an updated collection of case studies is a great way for the community to show the power and capabilities of the Xen hypervisor.

Xen.org Blog Available

Welcome to the new Xen.org Blog site hosted by Slicehost running on your community Xen hypervisor solution. This blog site is open to all Xen.org members to communicate on all things Xen. Please keep all blog posts about the Xen hypervisor and related technology and remember this is not a marketing or sales tool to promote your Xen solution. I look forward to reading the variety of topics posted on Xen.

If you wish to be an author on this site, please contact me at stephen.spector@xen.org for account setup.