Blogging Techstacks

Red Hat Consulting has released a migration guide for folks interested in moving off of WebLogic and onto JBoss. Nice to see the app server wars are heating up again.  

I nearly fell out of my chair when I came across this post at the Internet Storm Center:  JBoss Worm.  JBoss certainly has come a long way--now it's got a worm!  The JBoss Community article "Statement Regarding Security Threat to JBoss Application Server" has some additional information but both the ISC and JBoss Community articles are a bit short on information--for example, I'm kind of interested what kind of code gets executed once infection as occurred.  (Update:  OK, I take that last sentence back.  The first comment descibes what the worm does in very nice detail)

The worm spreads by connecting to unsecured jmx consoles and then executes code as the user jboss runs as.  If you hadn't followed the instructions in "Securing the JMX and Web Console" to restrict access to the jmx console, placed your app servers in your DMZs, and figured running them on port 80 as root was fine because "it's *just* jboss...who hacks jboss?" then you're in for a rough night and/or weekend.

If you are front-ending your jboss servers with Apache and figured setting a ProxyPass and ProxyPassReverse for "/" to your app servers was fine, it wasn't.  The same applies to those mod_jk JkMount's for "/*".

I saw the announcement over on Rich Sharples' blog that JBoss Application Server 7 is out.  The blog post covers some of the interesting new features and changes.  I also received an email from Redhat with 7 reasons to love about the new release:

1. Blazing fast start-up time - up to 10X faster!
2. Java EE 6 - leading the pack. again.
3. Very lightweight - exceptionally small footprint and aggressive memory management mean you can run it practically everywhere.
4. Modular core - delivers true application isolation.
5. Elegant management - simplified console and APIs.
6. Domain management - manage servers as groups.
7. Testable by design - simplified in-container testing via the Arquillian project speeds development. 

The JBoss community site has binaries available so we can all start playing right away.  Congratulations to the JBoss App Server team on this new release!  The countdown to JBoss EAP6 has now started.