News

Tech News: VMware PowerCLI 10.0.0! Released

VMware just released PowerCLI 10.0.0. and before you ask; I thought they were just on version 6?  I wondered the same and here is the answer: The decision to move to version ten was a marketing choice as the PowerCLI project recently celebrated its 10th birthday.

Let’s get into the how to install or update to the latest

Requirments:

The only pre-requisite is to have PowerShell Core 6.0 installed. This adds support for Mac OS and Linux.

Installation Steps:

  1. Get yourself to a powershell prompt with administrative privileges
    In my case, I am on Windows 10 and prefer to use PowerShellISE
  2. Enter the following: Install-Module -Name VMware.PowerCLI -Scope CurrentUser
    This will initiate the install of the latest PowerCLI modules.

    If you receive a warning, use the -Force comamnd:

    “WARNING: Version ‘6.5.1.5377412’ of module ‘VMware.PowerCLI’ is already installed at ‘C:\Users\sysadmin\Documents\WindowsPowerShell\Modules\VMware.PowerCLI\6.5.1.5377412’. To install version ‘10.0.0.7895300’, run Install-Module and add the -Force parameter, this command will install version ‘10.0.0.7895300’ in side-by-side with version ‘6.5.1.5377412’.”

  3. Next enter: Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

    This version of PowerCLI changes the way certificates are handled when connecting to a vCenter server or ESXi host with the Connect-VIServer cmdlet. If your connection endpoint is using an invalid certificate (self-signed or otherwise), PowerCLI would previously return back a warning. The handling has been updated to be more secure and now return back an error.If you are using an invalid certificate, you can correct the error with the ‘Set-PowerCLIConfiguration’ cmdlet. The parameter needing to be configured is ‘InvalidCertificateAction’ and the available settings are Fail, Warn, Ignore, Prompt, and Unset.

For more info ref: https://blogs.vmware.com/PowerCLI

 

 

Saving Lives: American Heart Association! Please Donate

The following message is from my son: 

Hi, I’m Anthony and my friends and family call me AJ for short.  I’ve joined millions of others to help save lives alongside the American Heart Association!

At my school, I’m learning how I can help make a difference by raising lifesaving donations to help kids with heart disease.  I’m also learning about my own heart, and how to keep it healthy, by being active!

I’m excited to have the opportunity to help others, especially other kids who’s hearts don’t exactly work to their full potential.

Please help me make a difference

Thank you!

Donation Link

 

 

 

Please Note:  Many employers sponsor matching gift programs and will match any charitable contributions or volunteer hours made by their employees. To find out if your company has a matching gift policy please check the following page for additional details: http://matchinggifts.com/aha 

 

Important: Update Your Mozilla Web Browser to Firefox 58.0.1

Mozilla has released an important update for its Firefox web browser to patch a critical vulnerability that could allow remote attackers to execute malicious code on computers running an affected version of the browser.

Affected web browser versions include Firefox 56 (.0, .0.1, .0.2), 57 (.0, .0.1, .0.2, .0.3, .0.4), and 58 (.0). The vulnerability has been addressed in Firefox 58.0.1

Security fix

When using certain non-default security policies on Windows (for example with Windows Defender Exploit Protection or Webroot security products), Firefox 58.0 would fail to load pages (bug 1433065).

Reference link to 58.0 release notes

Known Issues of Security fix

  • Users running Firefox for Windows over a Remote Desktop Connection (RDP) may find that audio playback is disabled due to increased security restrictions.
  • Users running certain screen readers may experience performance issues and are advised to use Firefox ESR until performance issues are resolved in an upcoming future release.

 

According to a security advisory published by Cisco, Firefox 58.0.1 addresses an ‘arbitrary code execution’ flaw that originates due to ‘insufficient sanitization’ of HTML fragments in chrome-privileged documents (browser UI).

 

Hack Details:

Hackers could exploit this vulnerability (CVE-2018-5124) to run arbitrary code on the victim’s computer just by tricking them into accessing a link or ‘opening a file that submits malicious input to the affected software.’

The advisory states.

“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely,”

This could allow an attacker to install programs, create new accounts with full user rights, and view, change or delete data. However, if the application has been configured to have limited rights the impact is less on the system itself and should only impact the current session logged in.

 

News: Canonical Releases Ubuntu Kernel Updates for Meltdown / Spectre

No need to go into the back story on this.  If you are reading this, there is a chance you’ve already read other reports on what Meltdown / Spectre and the perceived risks.

Cononical made a public statement last week to provide a patch for supported Ubuntu releases against Meltdown and Spectre security vulnerabilities, and the first set of patches are now available in the stable software repositories of Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS.

ref: https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/

For Ubuntu 17.10 (Artful Aardvark), the updated kernel also patches four other security issues related to the Berkeley Packet Filter (BPF) implementation in the Linux kernel, which could allow a local attacker to execute arbitrary code or crash the system by causing a denial of service (CVE-2017-17863, CVE-2017-16995, CVE-2017-17862, and CVE-2017-17864).

 

Wanna’ Learn Cloud Architecture: Say Hello to AWS Architecture Monthly

The team over at Amazon are very helpful, especially when it comes to learning how to do things in the world they have helped shape. The coolest part of this is that they are willing to do it for free.

From building a simple website to crafting an AI-based chat bot.  Learn about the best practices and how/when  to apply them. So go checkout some of the best new tech content from AWS—from deep-dive tutorials to industry-trend articles.

With your free subscription to AWS Architecture Monthly, you can look forward to fresh content delivered directly to your Kindle device or Kindle app

Included are the following resources:

  • Technical whitepapers
  • Reference architectures
  • New solutions and implementation guides
  • Training and certification opportunities
  • Industry trends

 

 

Also shared via this dudes LinkedIn