Man 'deletes his whole company' after typing wrong bit of code by Chris Graham

http://www.independent.ie/business/technology/man-deletes-his-whole-company-after-typing-wrong-bit-of-code-34629615.html

Hosting provider Marco Marsala accidentally deleted his company after typing in a line of bad code.

15/04/2016

If ever there was a time you wish you could click 'undo', this would be it.

But while most people are often rescued by the quick 'control+z' command - seeing their entire document return to the screen after inadvertently deleting it all - there was no such saving grace for Marco Marsala.

The hosting provider wrote on help forum Server Fault that he had accidentally entered a code that seemed to have wiped his computers, including the websites of his customers. 

The command, "rm -rf", deletes everything it is told to and blocks the helpful warnings that usually inform the user that something is being deleted. In this case, because he hadn't specified what he wanted deleted, it erased everything.

“I run a small hosting provider with more or less 1,535 customers and I use Ansible to automate some operations to be run on all servers,” wrote Marco Marsala.

“Last night I accidentally ran, on all servers, a Bash script with a rm -rf {foo}/{bar} with those variables undefined due to a bug in the code above this line.

“All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).”

The response from the forum was far from positive.

“If you really don't have any backups I am sorry to say but you just nuked your entire company”

"If you really don't have any backups, I am sorry to say but you just nuked your entire company," wrote Andre Borie.

Another, Michael Hampton, said: "You're going out of business. You don't need technical advice, you need to call your lawyer."

One respondent pointed out - rather unhelpfully - that Mr Marsala should have kept the backup separate from everything else.

"Backups need to be offsite, offline, and incremental," said Tim. "That you could delete them from your main server means they weren't what I would call backups."

UPDATE: Marco Marsala's post on Server Fault:

http://serverfault.com/questions/769357/recovering-from-a-rm-rf

UPDATE: That man who ‘deleted his entire company’ with a line of code? It was a hoax:
http://www.pcworld.com/article/3057235/data-center-cloud/that-man-who-deleted-his-entire-company-with-a-line-of-code-it-was-a-hoax.html

TEENS REACT TO WINDOWS 95

Microsoft brings SQL Server to Linux by Mark Wilson

http://betanews.com/2016/03/07/sql-server-linux/

The new Microsoft has placed an increased importance on the cloud, and with other companies following suit, reliance on server solutions has increased.  Today the company announces that it is bringing SQL Server to Linux.

Both cloud and on-premises versions will be available, and the news has been welcomed by the likes of Red Hat and Canonical. Although the Linux port of SQL Server is not due to make an appearance until the middle of next year, a private preview version is being made available to testers from today.

Microsoft's increasing embrace of Linux sees the company expanding to a wider audience than ever. Al Gillen, group vice president, enterprise infrastructure, at IDC says that it shows Microsoft's "commitment to being a cross platform solution provider".

Writing on the Official Microsoft blog, Executive Vice President of Cloud and Enterprise Group at Microsoft, Scott Guthrie says:

• Today I’m excited to announce our plans to bring SQL Server to Linux as well. This will enable SQL Server to deliver a consistent data platform across Windows Server and Linux, as well as on-premises and cloud. We are bringing the core relational database capabilities to preview today, and are targeting availability in mid-2017.
• SQL Server on Linux will provide customers with even more flexibility in their data solution. One with mission-critical performance, industry-leading TCO, best-in-class security, and hybrid cloud innovations -- like Stretch Database which lets customers access their data on-premises and in the cloud whenever they want at low cost -- all built in.

Microsoft has not yet made clear exactly what other features of SQL Server 2016 will make their way to SQL Server for Linux, but more news is expected over the coming weeks and months.

Paul Cormier, President, Products and Technologies, Red Hat said, "SQL Server's proven enterprise experience and capabilities offer a valuable asset to enterprise Linux customers around the world." He continued:

• We believe our customers will welcome this news and are happy to see Microsoft further increasing its investment in Linux. As we build upon our deep hybrid cloud partnership, spanning not only Linux, but also middleware, and PaaS, we’re excited to now extend that collaboration to SQL Server on Red Hat Enterprise Linux, bringing enterprise customers increased database choice.

While the full launch of SQL Server for Linux is not due until the middle of 2017, SQL Server 2016 is expected to launch later this year.

Windows 10 Passes Windows XP In Market Share

http://tech.slashdot.org/story/16/02/02/1719204/windows-10-passes-windows-xp-in-market-share?utm_source=feedly1.0mainlinkanon&utm_medium=feed

Windows 10 Passes Windows XP In Market Share

Posted by timothy on Tuesday February 02, 2016 @12:14PM from the playing-with-numbers dept.

An anonymous reader writes:Six months after its release, Windows 10 has finally passed 10 percent market share. Not only that, but the latest and greatest version from Microsoft has also overtaken Windows 8.1 and Windows XP, according to the latest figures from Net Applications. Windows 10 had 9.96 percent market share in December, and gained 1.89 percentage points to hit 11.85 percent in January.Maybe it will jump even faster soon, but not necessarily for the best of reasons.

Privacy-Centric Linux Distro Tails Hits 2.0 Release

http://linux.slashdot.org/story/16/01/29/159219/privacy-centric-linux-distro-tails-hits-20-release?utm_source=feedly1.0mainlinkanon&utm_medium=feed

Privacy-Centric Linux Distro Tails Hits 2.0 Release38

Posted by timothy on Friday January 29, 2016 @10:11AM from the your-eyes-only dept.

A_Mythago writes:The Amnesic Incognito Live System (Tails) has finalized version 2.0, which has several improvements and updates to continue to meet their mission of preserving privacy, anonymity and circumventing censorship without a trace, using a Debian 8.0 custom live distro. More details about Edward Snowden's use of Tails and the distro itself can be found at a previous Slashdot story from 2014.

Windows Phone is dead by Tom Warren

http://www.theverge.com/2016/1/28/10864034/windows-phone-is-dead

Windows Phone started off life as a promising alternative to Android and iOS five years ago. Microsoft positioned its range of Windows Phone 7 handsets as the true third mobile ecosystem, but it's time to admit it has failed. If a lack of devices from phone makers and even Microsoft itself wasn't enough evidence, the final nail in the coffin hit today. Microsoft only sold 4.5 million Lumia devices in the recent quarter, compared to 10.5 million at the same time last year. That's a massive 57 percent drop. Even a 57 percent increase wouldn't be enough to save Windows Phone right now.

Microsoft and Nokia have sold a total of 110 million Windows Phones compared to 4.5 billion iOS and Android phones in the same period. IDC recently reported that 400 million phones were sold in the recent quarter, meaning just 1.1 percent of them were Lumia Windows Phones. Microsoft does not have any compelling Lumia handsets, and the Lumia 950 and Lumia 950 XL were both disappointing flagship devices with unfinished Windows 10 Mobile software.

With Lumia sales on the decline and Microsoft's plan to not produce a large amount of handsets, it's clear we're witnessing the end of Windows Phone. Rumors suggest Microsoft is developing a Surface Phone, but it has to make it to the market first. Windows Phone has long been in decline and its app situation is only getting worse. With a lack of hardware, lack of sales, and less than 2 percent market share, it's time to call it: Windows Phone is dead. Real Windows on phones might become a thing with Continuum eventually, but Windows Phone as we know it is done. It won't stop Microsoft producing a few handsets every year as a vanity project, but for everyone else it's the end of the line. Farewell, Windows Phone.

Hot Potato Exploit Gives Attackers the Upper Hand in Multiple Windows Versions by Catalin Cimpanu

http://news.softpedia.com/news/hot-potato-exploit-gives-attackers-the-upper-hand-in-multiple-windows-versions-499192.shtml

By chaining together a series of known Windows security flaws, researchers from Foxglove Security have discovered a way to break into almost all of Microsoft's recent versions of Windows.

The exploit, named Hot Potato, relies on three different types of attacks, some of which were discovered back at the start of the new millennium, in 2000.

All of these security flaws have been left unpatched by Microsoft, with the explanation that by patching them, the company would effectively break compatibility between the different versions of their operating system.

Hot Potato is made up of three different exploits

The three security problems that form the Hot Potato exploit are a local NBNS (NetBIOS Name Service) spoofing technique that's 100% effective, a flaw which allows attackers to set up fake WPAD (Web Proxy Auto-Discovery Protocol) proxy servers, and an attack against the Windows NTLM (NT LAN Manager) authentication protocol.

Going through these exploits one by one may take attackers from minutes to days, but if successful, the attacker can elevate an application's permissions from the lowest rank to system-level privileges, the Windows analog for a Linux/Android root user's permissions.

Foxglove researchers created their exploit on top of a proof-of-concept code released by Google's Project Zero team in 2014 and have presented their findings at the ShmooCon security conference over the past weekend. They've even posted their exploit code onGitHub.

Hot Potato can be used against multiple Windows versions

Additionally, some proof-of-concept videos were also uploaded on YouTube, and you can see the researchers break Windows versions such as 7, 8, 10, Server 2008 and Server 2012.

Researchers say that enabling "Extended Protection for Authentication" in Windows should stop the last stage of their exploit, the NTLM relay attack.

Using SMB (Server Message Block) signing may theoretically block the attack, but they have not properly investigated this mitigation technique.