Paul Jacobs

With more than a quarter of a century in IT, Paul brings with him a kaleidoscope of experiences and insight which he uses to drill into and pick apart the complexities of Linux server security and hosting issues, as Technical Evangelist and Content Writer for CloudLinux.

Recent Posts

New KernelCare+ patches Linux libraries and kernels

Feb 10, 2020 4:55:00 PM / by Paul Jacobs posted in KernelCarePlus

0 Comments

You want more—more protection for business-critical applications running on Linux, applications that depend on glibc and OpenSSL.

As with the kernel, vulnerabilities in glibc or OpenSSL can’t wait to be patched.

That’s why, last November, we announced KernelCare+, an enhanced variant of KernelCare, one that patches vulnerabilities in essential user space libraries in addition to those in the Linux kernel. And as with KernelCare’s Linux kernel live patching, KernelCare+ updates applications without affecting their operational state—no restarts, no reboots.

Read More

Announcing KernelCare Enterprise Edition

Feb 10, 2020 4:37:00 PM / by Paul Jacobs posted in KernelCare Enterprise

0 Comments

Our enterprise customers want more: more integration, more support, more control.

That’s why we’re thrilled to announce the launch of KernelCare Enterprise, a new member of the KernelCare family specially tailored for companies with 1000 servers or more.

Read More

Linux Kernel CVE Data Analysis - Part 3 - Vulnerabilities by Version

Jan 30, 2020 5:49:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

In Part 2, I ran Mango queries on a CouchDB database full of CVEs, and had a good picture of how the number and severity of Linux kernel vulnerabilities varies from year to year. (Part 1 showed how to set up CouchDB and import CVE data into it on Ubuntu 18.04.)

In this part, Part 3, I develop that core Mango query to look at how the number of Linux kernel vulnerabilities varies by kernel version.

Read More

Linux Kernel CVE Data Analysis - Part 2 - Vulnerabilities by Year

Jan 30, 2020 5:48:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

In Part 1, I installed CouchDB, loaded CVE data into it, and ran a simple Mango query that listed the Linux kernel vulnerabilities for a chosen date range for all severities and all kernel versions.

Here, in Part 2, I will extend and refine that query to see results by severity and kernel version. But rather than run queries repeatedly, I will use the power of the command line to semi-automate the process, and Gnuplot will chart the results.

Read More

Linux Kernel CVE Data Analysis - Part 1 - Importing into CouchDB

Jan 30, 2020 5:47:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

Which is the best Linux kernel?

Linux kernel developers tell us that the ‘best’ Linux kernel to use is the one that comes with whatever distribution we’re using. Or the latest stable version. Or the most recent long-term support (LTS) version. Or whatever one we want, so long as it’s maintained.

Choice is great, but I’d rather have a single answer; I just want the best. The trouble is, for some people, best means fastest. For others, the best is the one with the latest features, or a specific feature. For me, the best Linux kernel is the safest one.

Read More

Developer Tutorial: Live patching Debian 10 Linux kernel with Kpatch

Jan 27, 2020 2:28:00 PM / by Paul Jacobs posted in Developer Blog

0 Comments

Introduction

Live patching is a way of updating a Linux kernel without interruption.

Because kernel updates don’t take effect until the system is rebooted, Linux kernel live patching is most commonly used to patch severe Linux kernel vulnerabilities without rebooting servers.

Aside from improved service continuity and uptime, organizations with large server fleets also use live patching to avoid the administrative overhead associated with the coordination and planning needed to reboot multiple systems.

This tutorial will show how to use Kpatch to change the behavior of a running Debian 10 kernel without stopping it, changing the contents of /proc/uptime (and the uptime command) so that the system’s reported uptime is 10 years greater.

Read More

Why you should automate Linux kernel updates

Mar 8, 2019 1:16:46 PM / by Paul Jacobs posted in Articles, KernelCare Blog

0 Comments

Software is complex and constantly changing. Bugs are inevitable. Before the internet age, bugs were just faults to fix. Now, they are opportunities, one of the ways hackers get unauthorized access to systems. The cybersecurity industry thrives on this threat. Their products 'defend' and 'protect' but cannot plug a simple security loophole: the exploitation of vulnerabilities that persist in outdated and unpatched operating systems and applications.

This article reviews the background to this problem, and gives tips to remedy it using unattended update packages for Ubuntu, Red Hat and Fedora, and live patching solutions from KernelCare, Kgraft, Ksplice, and Livepatch.

Read More

KernelCare at 2019 RSA Conference—See You There?

Feb 27, 2019 5:46:37 PM / by Paul Jacobs posted in KernelCare Blog

0 Comments

KernelCare will be at the 2019 RSA Conference in San Francisco, USA.

Read More

Top 10 Benefits of Live Patching with KernelCare

Jan 18, 2019 4:00:46 PM / by Paul Jacobs posted in KernelCare Blog

0 Comments

This short post lists the 10 main benefits of KernelCare.

Read More

KernelCare is coming to Texas Linux Fest 2018

May 22, 2018 12:25:00 PM / by Paul Jacobs posted in KernelCare Blog, CloudFest

0 Comments

Texas Linux Fest is an open source software event held in Austin on June 8 and 9, 2018, at the AT&T Conference Center. Whether you are a Linux enthusiast or a business expert, whether you run your school’s infrastructure or a non-profit organization, Texas Linux Fest is a great place for you to learn and to meet others. There will be more than 30 presentations throughout the two days, and multiple tracks to ensure you can get insights on both, established and emerging technologies.

Read More