Twitter
Home Blog Page 291

Linux Technology for the New Year: eBPF

By
The New Stack
-

eBPF is “Linux’s newest superpower,” said SAP Labs’ developer Gaurav Gupta, during a talk that he gave about using the technology for low-overhead tracing at KubeCon in Copenhagen earlier this year.

A virtual machine for the Linux kernel, eBPF could set the stage for advanced, low-overhead tracing inside the kernel itself, offering insight into I/O and file system latency, CPU usage by process, stack tracing and other metrics useful for debugging. It could also play a role in system security, potentially offering a way to thwart DDOS attacks, to monitor for intrusion detection, and even replace IPtables. It also offers a cleaner alternative to installing drivers.

“In the future, you will see a lot more eBPF programs instead of kernel modules,” said Netflix Kernel and Performance Engineer Brendan Gregg, at the All Things Open conference held in Raleigh, North Carolina in October.

Read more at The New Stack

The Top 5 Linux and Open-Source Stories of 2018

By
ZDNet
-

Last year was among the best of times for Linux and open-source. It was also the worst of years. The top five Linux and open-source stories tell it all.

SPECTRE/MELTDOWN

First, last January there were a lot of exhausted and angry Linux kernel developers. That’s because a fundamental chip design mistake led to Linux and all Intel-based operating systems having to deal with the Spectre and Meltdown major security problems.

Linus Torvalds, Linux’s master developer, added, that with the “security issues kept under wraps, we couldn’t do our usual open methods. This made fixing the bugs much more painful than it should be.”

IBM BUYS RED HAT

I didn’t see this coming. IBM made the biggest software company acquisition of all time when it paid $34 billion for Red Hat. This deal wasn’t about Linux. It was about IBM wanting Red Hat’s cloud, container, and Kubernetes expertise.

Read more at ZDNet

Confused Deputies Strike Back

By
Cloud Atomic
-

A few weeks back Kubernetes had its first really severe security issue, CVE-2018-1002105. For some background on this, and how it was discovered, I recommend Darren Shepherd’s blog post, he discovered it via some side effects and initially it did not appear to be a security issue just an error handling issue. Of course we know well that many error handling issues can be escalated, but why was this one so bad?

To summarize the problem, there is an API server proxy component, that clients can use to talk to other API endpoints. As the postmortem document says

  • Kubernetes API server proxy components still use http/1.1 upgrade-based connection tunneling, which does not distinguish between request data sent by the apiserver while establishing the backend connection, and data sent by the requesting user

  • High and low-privilege API requests to aggregated API servers are proxied via the same component with the same high-permission transport credentials

Well, this security issue is actually well known enough to have its own name, it is the confused deputy problem, originally written about by Norm Hardy in 1988 although referring to an original example from the 1970s. The essence of the problem is that there are three parties involved, a user, a proxy or deputy type component and an object or service that needs to be accessed, or a similar set of endpoints. 

Read more at CloudAtomic

2019 and the Strength of Open Source

By
Amber Ankerholz
-

Now that the various challenges and successes of 2018 are behind us, let’s look back at some of the year’s highlights and see what’s in store for 2019 here on Linux.com.

Wins for 2018

2018 saw amazing growth for open source generally and for The Linux Foundation specifically, with huge tech acquisitions and widespread industry adoption stemming from more than 20 years of steady open source development and innovation.

At The Linux Foundation, this growth was reflected in the formation of many new projects, such as:

It was also reflected in record-breaking events, such as the sold-out KubeCon + CloudNativeCon; in the unprecedented number of new members joining The Linux Foundation last year; and in training milestones, such as surpassing the one million mark for the number of people enrolled in Linux Foundation training and certification courses on edX.  

This interest in learning and training was seen on Linux.com as well, where tutorials were consistently the most popular articles on the website. For 2019, our goal is to feed that interest with articles that educate and inform and that provide a firm foundation from which to explore the array of tools, projects, and opportunities within the open source ecosystem. You can look forward to previews of the best Linux distributions, in-depth command-line tutorials, information on LF training courses, ebooks, and webinars, highlights from industry-leading events, and much more.  

A word for 2019

I read an essay by Melinda Gates in which she said that, rather than making a list of resolutions, she picks a word for the year and uses to that word to inform her goals and shape her actions.

When pressed to choose a word for 2019, I choose strength. In doing so, I think about the various projects, teams, and individuals I work with and how we are more effective when we collaborate, learn from, and advocate for one another. I think about advances in terms of inclusion and acceptance and how diversity and civility can strengthen our community. I think about the opportunities we have to improve open source practices, expand them into new areas, and apply them to create solutions to new and existing problems. 

Open source is a powerful catalyst; its strength lies in the bonds formed through open development and shared knowledge which combine to make a stronger and more resilient whole. Let’s carry that strength into 2019 and become stronger together.

Assessing Progress in Automation Technologies

By
O'Reilly
-

To assess the state of adoption of machine learning (ML) and AI, we recently conducted a survey that garnered more than 11,000 respondents. As I pointed out in previous posts, we learned many companies are still in the early stages of deploying machine learning:

machine learning adoption

Companies cite “lack of data” and “lack of skilled people” as the main factors holding back adoption. In many instances, “lack of data” is literally the state of affairs: companies have yet to collect and store the data needed to train the ML models they desire. The “skills gap” is real and persistent.

Read more at O’Reilly

Tech Ethics New Year’s Resolution: Don’t Build Software You Will Regret

By
The New Stack
-

At The New Stack, we talk a lot about avoiding technical debt, but what about the ethical debt? Let’s begin by attempting to define just what ethical technical delivery even is. Black Pepper Software’s Sam Warner at the Good Tech Conf — a conference which focused on technology for social good — simplified this great university philosophy topic, saying ethical software:

  • causes no negative social impact
  • doesn’t make the world worse to live in

At Coed Ethics, another conference dedicated to tech ethics that The New Stack covered earlier this year, Doteveryone’s Sam Brown echoed Warner, saying “Responsible technology considers the social impact it creates and seeks to understand and minimalize its potential unintended consequences.” Doteveryone as an organization is dedicated to supporting responsible technology as a key business driver for positive and inclusive growth, innovation, and trust in technology.

But should those of us building the future’s code feel obligated to contribute something toward social good? Warner argues we should go even further than that and contribute to work that benefits the most amount of people in a significant way.

So, if this is our objective, where do we begin?

Read more at The New Stack

EU Offers Bug Bounties For 14 Open Source Projects

By
Threat Post
-

As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects.

The European Commission in January is funding 14 bug bounty programs in hopes of sniffing out vulnerabilities in the free open source projects that EU institutions rely on.

The bug bounty programs span 14 open source software projects and offers a total of almost $1 million for all bounties combined.  The bug bounty programs have varying rewards, start and end dates, and platforms. The first bug bounty programs – for Filezilla, Apache Kafka, Notepad++, PuTTy, and VLC Media Player – begin next week on Jan. 7.

The initiative stems back to the Free and Open Source Software Audit project (FOSSA), first created by European Parliament member Julia Reda.

Read more at ThreatPost

 

8 Tips to Help Non-Techies Move to Linux

By
OpenSource.com
-

While bringing them to the Linux side of the computing world, I learned a few things about helping non-techies move to Linux. If someone asks you to help them make the jump to Linux, these eight tips can help you.

1. Be honest about Linux.

Linux is great. It’s not perfect, though. It can be perplexing and sometimes frustrating for new users. It’s best to prepare the person you’re helping with a short pep talk.

What should you talk about? Briefly explain what Linux is and how it differs from other operating systems. Explain what you can and can’t do with it. Let them know some of the pain points they might encounter when using Linux daily.

If you take a bit of time to ease them into Linux and open source, the switch won’t be as jarring.

2. It’s not about you.

It’s easy to fall into what I call the power user fallacy: the idea that everyone uses technology the same way you do. That’s rarely, if ever, the case.

Read more at OpenSource.com

A Tour of elementary OS, Perhaps the Linux World’s Best Hope for the Mainstream

By
ArsTechnica
-

elementary OS began life over a decade ago as a set of icons. (Yes, seriously.) If ever there was a group of developers who started at the bottom and worked their way up to the top, it’s Daniel Foré and the rest of today’s elementary OS team. From a set of icons designed to improve the look of Ubuntu’s then GNOME 2 desktop, the elementary project expanded to include some custom apps, including a fork of the default GNOME files app, Nautilus, called nautilus-elementary. As with most open source projects, the borrowing went both ways: Ubuntu’s Humanity theme was a fork of elementary OS’s icon set.

Over the years, the elementary project continued to grow and encompassed ever more apps and ever more customizations for the desktop. Eventually, things got to the point where it became more and more cumbersome for users to install everything. But there was enough momentum behind the project that Foré decided the logical thing to do was for the group to create their own distribution. The project took Ubuntu as a base and began layering in their custom apps, and the highly refined look and feel of elementary OS was born.

elementary OS 5 Juno

For a bit of logistics, elementary OS Juno should be version .5, following the previous release, .4 or Loki. However, since .5 implies incomplete and elementary OS is more or less complete (in terms of stability certainly) ,the project is calling this release elementary OS 5.

Whatever the version number may be, one thing is for sure: there’s ton of new stuff in Juno. Enough features, in fact, that the release notes, written by elementary OS’s Cassidy James Blaede, are an impressive John Sircusa-style essay of some 8,000 words. If you want to know everything that’s new, Blaede’s notes are worth a read. If you want to know what it’s like to actually use all that stuff, read on.

Read more at Ars Technica

The Linux Kernel Ends 2018 With Almost 75k Commits This Year

By
Phoronix
-

As of this New Year’s Eve afternoon, the Linux kernel saw 74,974 commits this year that added 3,385,121 lines of code and removed 2,512,040 lines. 



For as impressive as seeing almost 75k commits in a single year to an open-source project, it’s not actually a record high. Last year in fact saw 80,725 commits that added 3.9 million lines and removed 1.3 million lines…  

Besides Linus Torvalds himself, those with the most commits this year to the Linux kernel included David S. Miller, Arnd Bergmann, Christoph Hellwig, Colin Ian King, and Chris Wilson. There were 4,208 different detected authors this year compared to 4,400 in 2017 but higher than the 4,043 recorded for 2016. 

Read more at Phoronix

1...290291292...10,743Page 291 of 10,743