Louwrentius

With the release of the new MacBook Air we are one step closer to killing off the cd-rom and the dvd. As with the previous MacBook Air, this device has no optical drive. And that is a good thing. People do not need an optical drive. You have the network and you have USB disks. They are faster, more reliable and have more capacity.

I may expect that in the upcoming years this trend may continue with the other laptops. Just as Apple killed the floppy disk, it is killing the optical drive, one step at a time. I'd rather have a smaller and lighter laptop or more disk or battery capacity, than an optical drive. So I hope this is a trend that will continue and all other manufacturers will follow.

Zabbix is a populair tool for monitoring servers, services and network equipment. For monitoring hosts, Zabbix provides an agent that can be installed on the hosts that must be monitored.

Based on the supplied documentation and some remarks on the internets, the 'security' of Zabbix agents seems to rely on an IP-filter. It only accepts traffic from a specific IP-address. However, the protocol that is used between the Zabbix server and agents is unencrypted and does not seem to employ any additional authentication.

With a man-in-the-middle attack, pretending to be the Zabbix server, you would be able to compromise all servers running Zabbix. If remote commands are enabled on these hosts, the damage that could be done may be something you don't want to think about. Or maybe you do. Although it is true that for such an attack to be possible, as an attacker you need access to a system within the same network (VLAN) as the server, but none the less, it is just not secure.

Personally I don't think that Zabbix is suitable for high-security environments, due to the lack of encryption of sensitive data and the weak authentication mechanism.

Zabbix should employ at least SSL as a means for encrypted transport and use a password or shared secret for authentication. Even better would be the use of client-side certificates such as implemented by the system management tool Puppet.

[update]

Please note that Nagios agents also seem to work this way, but I have no experience with Nagios so I can't say for sure.

And Nagios is widely deployed in the enterprise...

Assuming that the rumor is true and OpenSolaris will be slain by Oracle, we must conclude that the Solaris operating system is obsolete. Solaris can be considered legacy. Sun was a hardware shop and to sell their hardware, they needed a great operating system.

Sun had a great operating system. And the Solaris platform was popular for a long time. And I think that was for the right reasons, at that time. If you or your company is still running on a Solaris platform, it may be time to rethink this strategy.

I do not understand why Oracle bought Sun. Oracle sells software. Sun sells hardware. Sun had some great products, like Java, so I can see some reasons. In the past, Solaris and Oracle had a tight relationship. But the only thing Oracle may be doing right now is a vendor lock-in strategy, where you are totally dependent on both hardware and software from Oracle.

But people don't seem to buy this, literally. People do want to continue to run Solaris, because thats the platform the've invested in. But they don't want to pay for those exotic Solaris Sparc systems, often way more expensive than commodity x86 hardware.

Oracle invested bilions in Sun assets. How are they going to make money of it? Squeeze out existing Sun Solaris customers who are depending on their platform?

If you are setting up a new business or if you think you can pull this off: stay away from this legacy platform. Migrate away from Solaris. Use an open platform that does not lock you in.

And this is also a very interesting read.