Shellshock Bash and Bashbug Vulnerability

I’m sure most of you are familiar with the Heartbleed vulnerability with OpenSSL and how it has affected most of the applications and systems across the internet. Well a new vulnerability has appeared and is potentially much worse. While this vulnerability is new to the public it has been a “bug” for over 25 years and is just now being exploited on a much larger scale.

shellshock bashbug vulnerability fix

Shellshock Video:

Here is a quick video explaining Shellshock:

Shellshock Test:

In order to test for the Shellshock bash vulnerability you can run this test command from Terminal:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you’re not vulnerable, you’ll get this result:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' hello

If you are vulnerable to shellshock, you’ll get:

vulnerable hello

You may also need to check the version of bash you’re running by entering:

bash --version

Shellshock Fix:

Many Linux distributions already have patches available, and Apple/Mac users now have patch available which you can download and install it here.

Redhat Shellshock Fix

SUSE Shellshock Fix

Ubuntu Shellshock Fix

EMC products affected by Shellshockhttps://emc–

Cisco products affected by Shellshock

VMware products affected by Shellshock


This can potentially be one of the most dangerous vulnerabilities because of how easy it is to exploit. However it is also one of the easiest to fix and patch. Make sure all of your systems are updated with all of the latest security patches and you shouldnt have an issue. If you have any comments or need assistance leave me a comment below and I will address them.

Update: I have been getting asked how to patch windows for the vulnerability, so just to be clear Windows machines and Windows servers do not run Bash.

VMware’s Hyperconverged Infrastructure Appliance: EVO Rail

evo rail


At VMworld 2014 this year, a new hyperconverged infrastructure appliance emerged. This appliance brings together storage, networking and compute for an easy to manage IT infrastructure. A simple and powerful appliance taking a large step in the SDDC direction. When you no longer have to manage hardware, you can focus more on applications and data.

I put together this page as a central point for as much EVO information that I can find. Let me know if you find something else you would like me to add to this page, and I will continue to add information as I find it.

Official Product Page:

EVO Rail Datasheet



Marco Broeken
Julian Wood
Chris Wahl
Timothy Prickett Morgan
Louis Cheng


Project “MARVIN” stands for: Modular Automated Rackable Virtual Infrastructure Node.

VMware Project Mystic – MARVIN Hyper-Converged Infrastructure Appliance

Word on the internets is: VMware is coming out with a new Hyper-Converged Infrastructure Appliance. I plan to use this page to centralize any and all information I find out about this appliance.

The converged infrastructure market will hit $17.8 billion in 2016, up from $4.6 billion in 2012. Converged infrastructure will account for 12.8 percent of total storage, server, networking and software spending by 2016, up from only 3.9 percent in 2012. With this momentum it is no surprise that VMware is ready to release their own appliance. It excites me to see a virtualization giant like VMware explore the appliance market.

Project Codenames:

VMware Project Mystic

VMware Project Marvin


From Twitter:

“Introducing the world’s first 100% VMware powered hyper-converged infrastructure appliance.” The poster also displayed the name “MARVIN” and stated: “Arriving summer 2014.”
I have a feeling the first version of these appliances will be marketed to more of the SMB space, just as vSAN is.


OpenStack Icehouse Released Today

The latest version of OpenStack called Icehouse was released today.

New Features in Icehouse

OpenStack Icehouse has nearly 350 new features that reflect a community-wide effort to bring the voice of the user into the rapidly maturing open source cloud software platform. Key themes this release cycle have been raising the bar on testing and stability, as well as tighter integration across the platform. OpenStack Database Service (Trove) also became part of the integrated release in Icehouse.

Compute (Nova)

New support for rolling upgrades minimizes the impact to running workloads during the upgrade process. Testing requirements for third-party drivers have become more stringent, and scheduler performance is improved. Other enhancements include improved boot process reliability across platform services, new features exposed to end users via API updates (e.g., target machines by affinity) and more efficient access to the data layer to improve performance, especially at scale.

Object Storage (Swift)

Object Storage released discoverability, which dramatically improves workflows and saves time by allowing users to ask any Object Storage cloud what capabilities are available via API call. Additional improvements included a new replication process that improves performance with data that is more efficiently transported through s-sync instead of r-sync protocol. Significant progress was also made on ongoing storage policies features and will be further developed for the Juno release.

Block Storage (Cinder)

Block Storage added backend migrations with tiered storage environments, allowing for performance management in heterogeneous environments. Mandatory testing for external drivers now ensures a consistent user experience across storage platforms, and fully distributed services improve scalability. Overall quality, dependability and upgrades were a focus for Icehouse including fixing more than 400 bugs.

Networking (Neutron)

Networking introduced tighter integration with Compute in Icehouse that includes improved consistency with bulk instance creation and improved provisioning. There is better functional testing for actions that require coordination between multiple services, and third-party driver testing now ensures consistency and reliability across network implementations. Significant progress was made during the Icehouse release cycle to bring OpenStack Networking (Neutron) to feature parity with Nova-Networking, but both options are still available for users in the Icehouse release.

Dashboard (Horizon)

OpenStack Dashboard again expanded its multi-lingual support and now includes 16 languages with the addition of German, Hindi and Serbian. Additional improvements to the general user interface and experience were also implemented such as a more self-guided navigation, inline table editing and extensibility.

Identity Service (Keystone)

The first iteration of federated authentication is now supported allowing users to access private and public OpenStack clouds with the same credentials. General stability and performance improvements were also made.

Orchestration (Heat)

Automated scaling of additional resources across the platform, including compute, storage and networking is now available. A new configuration API brings more lifecycle management for applications, and new capabilities are available to end-users that were previously limited to cloud administrators. Collaboration with OASIS resulted in the TOSCA Simple Profile in YAML v1.0, demonstrating how the feedback and expertise of hands-on OpenStack developers can dramatically improve the applicability of standards.

Telemetry (Ceilometer)

Telemetry features improved access to metering data used for automated actions or billing / chargeback purposes.

Database Service (Trove)

A new capability included in the integrated release allows users to manage relational database services in an OpenStack environment.

Image Service (Glance)

The Image Service features improved calculation of storage quotas, and the project moved to using 0-based indices for location entries.

Cisco Live 2014

Have you already registered for Cisco Live 2014 ? If you haven’t yet I recommend you do so now ! Besides all of the keynotes and tech goodies that you will get to consume you will not want to miss this years Customer Appreciation Event (CAE) featuring non other than Lenny Kravitz !!! So not only do you get to see the Grammy award winning artist and star in films such as The Hunger Games and Zoolander… you will also get to see Imagine Dragons !!!

Lenny Kravitz Imagine Dragons


So again if you haven’t registered, I suggest doing so now ! #CLUS is going to be big this year and I look forward to seeing you there.

…Tomorrow Starts Here



EMC Avamar SSL Cert Generation

After completing a successful root to root Avamar migration I noticed that the old SSL certs were still being used. Through some digging I finally found a very simple and easy command to update it.

The gen-ssl-cert command installs a temporary Apache web server SSL cert and restarts the web server.

gen-ssl-cert [–debug] [–help] [–verbose]

Note: You must run the gen-ssl-cert as root, and the original files are backed up and saved as:
• /etc/httpd/conf/ssl.crt/server.crt.orig
• /etc/httpd/conf/ssl.key/server.key.orig

In order to view your current certificate you can use the following command:

root@avamarnew:/etc/apache2/ssl.crt/#: openssl x509 -noout -text -in server.crt

Here is the sample of what running the script looks like:

root@avamarnew:/srv/www/#: gen-ssl-cert
Generating RSA private key, 3072 bit long modulus
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Signature ok
Getting Private key
gen-ssl-cert: INFO: installed these web server SSL temporary certificate files:
-rw------- 1 root root 1708 Mar 2 12:29 /etc/apache2/ssl.crt/server.crt
-rw------- 1 root root 2455 Mar 2 12:29 /etc/apache2/ssl.key/server.key

Checking for httpd2: running
Shutting down httpd2 (waiting for all children to terminate) done
Starting httpd2 (prefork)

The Coolest Storage: EMC vFridge

If you went to EMCworld last year and watched Brian Gallagher’s keynote on Transforming Enterprise Storage to Create Business Value, you were one of the many that got a sneak peak of the prototype of the EMC vFridge.

(If you didn’t watch it, here it is… skip to 38 minutes in)

Watch on youtube

The vFridge was so popular in it’s initial appearance that it made another appearance at VMworld in #EMC booth 1207
EMC vFridge

The small fridge in a stylish VMAX shell was such a huge hit at both conferences that EMC engineers decided to make it “Enterprise Ready” and made it full size. Here are the features of the vFridge:

Key features:

  • Consists of Summit Appliance commercial refrigerator with an EMC VMAX door
  • Holds refreshments for a team: 14.5 cubic feet interior
  • Meets ETL-S commercial standard
  • Specifications
    • Dimensions: 23.9” wide x 29” deep x 74.9” high
    • Weight: 325 lbs.
    • Power requirements: 115V AC/60 Hz; 2.8 amps

I’m thinking I need one of these for my home lab so I can keep all of my mission critical beers cold. Here is the link to the official vFridge page on the EMC store.

vSphere Web Client Default Port

Open a Web browser and enter the URL for the vSphere Web Client: https://hostname:port/vsphere-client.

By default the port is 9443, but this can be changed during vSphere Web Client installation.

Beer Prank

I wouldn’t mind if someone pranked me like this! A group of friends disconnect the main water line in this guys house and replace it with cold beer!


XtremIO Interface Deep Dive

Miroslav Klivansky from the XtremIO Technical Marketing team gives a guided tour through the XtremIO GUI and shows how simple the array is to use as well as its  powerful monitoring capabilities.