Sign up for our Technology Newsletter 
IBM Goes After Apache’s Tomcat
Java Developers looking for a mobile-friendly platform could be happy with the next release of IBM’s Websphere Application Server, which is aimed at offering a lighter, more dynamic version of the app middleware.
Shown off at the IBM Impact show in Las Vegas on Tuesday, Websphere Application Server 8.5, codenamed Liberty, has a footprint of just 50MB. This makes it small enough to run on machines such as the Raspberry Pi, according to Marie Wieck, GM for IBM Application and Infrastructure Middleware.
Updates and bug fixes can also be done on the fly with no need to take down the server, she added.
The Liberty release will be launched this quarter, and already has 6,000 beta users, according to Wieck.
John Rymer of Forrester said that the compact and dynamic nature of the new version of Websphere Application Server could make it a tempting proposition for Java developers.
“If you want to install version seven or eight, it’s a big piece of software requiring a lot of space and memory. The installation and configuration is also tricky,” he explained.
“Java developers working in the cloud and on mobile were moving towards something like Apache Tomcat. It’s very light, starts up quickly and you can add applications without having to take the system down. IBM didn’t have anything to respond to that, and that’s what Liberty is.”
For firms needing to update applications three times a year, for example, the dynamic capability of Liberty will make it a much easier process.
“If developers want to run Java on a mobile device, this is good,” Rymer added.
The new features are also backwards compatible, meaning current Websphere users will be able to take advantage of the improvements.
However, IBM could still have difficulty competing in the app server space on a standalone basis, according to Rymer.
Apache Finally Goes To The Cloud
The Apache Software Foundation (ASF) has announced Hadoop 1.0.
The open source software project has reached the milestone of its first full release after six years of development. Hadoop is a software framework for reliable, scalable and distributed computing under a free licence. Apache describes it as “a foundation of cloud computing”.
“This release is the culmination of a lot of hard work and cooperation from a vibrant Apache community group of dedicated software developers and committers that has brought new levels of stability and production expertise to the Hadoop project,” said Arun Murthy, VP of Apache Hadoop.
“Hadoop is becoming the de facto data platform that enables organizations to store, process and query vast torrents of data, and the new release represents an important step forward in performance, stability and security,” he added.
Apache Hadoop allows for the distributed processing of large data sets, often Petabytes, across clusters of computers using a simple programming model.
The Hadoop framework is used by some big name organisations including Amazon, Ebay, IBM, Apple, Facebook and Yahoo.
Yahoo has significantly contributed to the project and hosts the largest Hadoop production environment with more than 42,000 nodes.
.
The Linux Kernel Got Hacked
Servers that are part of the Linux kernel.org infrastructure were affected during a recent intrusion where attackers managed to gain root access and plant Trojan scripts.
According to an email sent out to the community by kernel.org chief administrator John Hawley, known as warthog9, the incident started with the compromise of a server referred to as Hera. The personal colocated machine of Linux developer H Peter Anvin (HPA) and additional kernel.org systems were also affected.
“Upon some investigation there are a couple of kernel.org boxes, specifically hera and odin1, with potential pre-cursors on demeter2, zeus1 and zeus2, that have been hit by this,” Hawley wrote.
The intrusion was discovered on 28 August and according to preliminary findings attackers gained access by using a set of compromised credentials. They then elevated their privileges to root by exploiting a zero-day vulnerability that the kernel.org administrators have yet to identify.
Fortunately, logs and parts of the exploit code were retained and will help the investigation. A Trojan was added to the startup scripts of affected systems, but gave itself away through Xnest /dev/mem error messages.
According to the kernel.org admins, these error messages have been seen on other systems as well, but it’s not clear if those machines are vulnerable or compromised. “If developers see this, and you don’t have Xnest installed, please investigate,” the administrators advised.
The good news is that the exploit failed on systems running the latest Linux kernel version, 3.1-rc2, which was released two weeks ago. This is possibly the fortunate consequence of one of the bugfixes it contains.