Twitter
Home Blog Page 358

10 Open Source Security Tools You Should Know

By
Dark Reading
-

Open source tools can be the basis for solid security and intense learning. Here are 10 you should know about for your IT security toolkit.

In many ways, security starts with understanding the situation. For a couple of generations of IT security professionals, understanding their networks’ vulnerabilities starts with Nessus from Tenable. According to sectools.org, Nessus is the most popular vulnerability scanner and third most popular security program currently in use.

Nessus comes in both free and commercial versions. The current version, Nessus 7.1.0, is a commercial program, though it is free for personal home use. Version 2, which was current as of 2005, is still open source and free.

Read more at DarkReading

Open-Source Security: Zip Slip Critical Flaw Hits Thousands of Projects. Update Now

By
ZDNet
-

Security firm Snyk has disclosed a widespread and critical flaw in multiple archive file-extraction libraries found in thousands of open-source web application projects from HP, Amazon, Apache, Oracle, LinkedIn, Twitter and others.

As Snyk explains, some ecosystems, such as Java, don’t provide a central software library for fully unpacking archive files, leading developers to write their own code snippets to enable that functionality.

Snyk has published a list on GitHub of affected archive processing libraries for Java, .NET, Oracle, Apache, Ruby, and Go software.

Read more at ZDNet

Samsung’s Chromebook Plus Now Supports Linux Apps

By
The Verge
-

Google began bringing Linux app support to Chrome OS almost exactly one month ago, but it only started with a single device, the very expensive Pixelbook. Now, that’s changing: Linux support is becoming available for Samsung’s Chromebook Plus as well, as spotted by users on Reddit.

This still isn’t a widely available feature or something that most Chromebook users will want to check out. You’ll have to opt-in to the developer-only build of Chrome OS, enable things labeled as beta and experimental, and then use the Terminal to install Linux apps.

Read more at The Verge

GPU Virtualization Update

By
Mark Filion
-

A few months ago, Robert Foss wrote a blog post about virtualizing GPU Access. In his post, Robert explained the architecture of the GPU virtualization stack and, how to build and run a VM with hardware acceleration. In this post, Elie looks at the major improvements which landed upstream during these pasts 3 months.

By Elie Tournier, Software Engineer at Collabora.

tl;dr:

  • QEMU can now use OpenGL ES acceleration.
  • Virglrenderer is close to be OpenGL ES 2.0 compliant.
  • We are still working on OpenGL ES 3.0.

For each component of the stack, I will explain the added modifications and our plan for the future.

Virglrenderer

At Collabora, we have been working as part of the upstream community to add new features and improve the code base.

Most of our work consisted in adding more caps to support OpenGL ES 3.0 on OpenGL ES and to find some workarounds for the missing OpenGL ES features. For example, OpenGL ES does not support 1D texture so we have to use a 2D texture with one of the component set to 0.5.

On my system, KabyLake with Mesa 18.0, I obtained the following results:

  • Android OpenGL ES 2.0 CTS on OpenGL backend: 4 failures
  • Android OpenGL ES 2.0 CTS on OpenGL ES backend: 4 failures
  • Android OpenGL ES 3.0 CTS on OpenGL backend: 40 failures
  • Android OpenGL ES 3.0 CTS on OpenGL ES backend: ~2400 failures

The OpenGL ES 2.0 CTS failures seems to be driver related. The tests fail on my system but pass on r600.

The difference between OpenGL ES 3.0 results might seem scary but a single fix should take care of it. These failures are due to the fact that we don’t support reading back results from integer (as opposed to floating-point) rendering, so all the tests for integer formats fall.

QEMU

Status

We can, since 4867e47, create an OpenGL ES context. Thanks to this, we can now run QEMU on a system that only supports OpenGL ES.

Running QEMU on an OpenGL ES backend.

If you want to try it out, you can follow the guide from Robert’s blog. The only difference is the command line to run the WM, you just need to replace -sdl,gl=on by -sdl,gl=es.

So it will become:

qemu-system-x86_64 
    -enable-kvm -M q35 -smp 2 -m 4G 
    -hda ubuntu.qcow2 
    -net nic,model=virtio 
    -net user,hostfwd=tcp::2222-:22 
    -vga virtio 
    -display sdl,gl=es

Others flags are also available:
-sdl,gl=core Force to create an OpenGL context.
-sdl,gl=on Try to create an OpenGL context and if it fails, we fallback and try to create an OpenGL ES context.
-sdl,gl=off Disable the hw acceleration.

Continue reading on Collabora’s blog.

Community-Created Apps Help Ease Kubernetes Administration

By
Sam Dean
-

It didn’t take long at all for Kubernetes to become a star in the open source arena, emerging as the standard way to containerize applications at scale. Kubernetes is ushering in “operations transformation” and helping organizations make the transition to cloud-native computing, said Craig McLuckie, co-founder and CEO of Heptio and a co-founder of Kubernetes at Google, in a recent  free webinar.  

However, Kubernetes, which was created at Google and donated to the Cloud Native Computing Foundation, is known to be complex and can create many maintenance and deployment challenges. To address that, new classes of community-created complementary and helper applications are helping to tame Kubernetes.

At the Helm

The Helm project is a case in point. The Cloud Native Computing Foundation recently voted to accept Helm as an incubation-level hosted project. Helm is a package manager that provides an easy way to find, share, and use software built for Kubernetes. It removes complexity from configuration and deployment, and enables greater developer productivity.

“Helm addresses a common user need of deploying applications to Kubernetes by making their configurations reusable,” said Brian Grant, Principal Engineer at Google, and Kubernetes SIG Architecture co-chair and Steering Committee member. “Both the Helm and Kubernetes projects have grown substantially. As Kubernetes shifts its focus to its own core in order to better manage this growth, CNCF is a great home for Helm to continue making it easier for developers and operators to streamline Kubernetes deployments.”

According to a recent Kubernetes Application Survey, 64 percent of the application developers, application operators, and ecosystem tool developers who answered the survey reported using Helm to manage apps on Kubernetes.

Ease of management

But Helm is hardly the only open tool helping to ease the burden of managing Kubernetes. Microsoft has open sourced Draft, a tool that streamlines application development and deployment into any Kubernetes cluster. “Using two simple commands, developers can now begin hacking on container-based applications without requiring Docker or even installing Kubernetes themselves,” notes Gabe Monroy, PM Lead for Containers at Microsoft. “You can customize Draft to streamline the development of any application or service that can run on Kubernetes.” See this process in action here.

Are you aware that your iOS or Android smartphone can play a role in demystifying and operating Kubernetes? Cabin lets Kubernetes administrators leverage a dashboard from their phones. It drives many of the processes and features that you’ll find in the complete Kubernetes dashboard, ranging from reading pod logs to working with web-based apps that Kubernetes hosts, to accessing Helm charts.

Red Hat, too, has been helping users streamline their Kubernetes implementations. Through its acquisition of San Francisco-based startup Codenvy, Red Hat is giving developers options for building out cloud-based integrated development environments, including working with Kubernetes and containers. Codenvy is built on the open source project Eclipse Che, which offers a cloud-based Integrated Developer Environment (IDE) and development environment. The OpenShift.io cloud-based container development service from Red Hat already integrates Codenvy’s Eclipse Che implementation.

Dashboards are proven as good tools for simplifying administration of many kinds of processes, and although Kubernetes has a basic dashboard, efficient community-created dashboards are emerging. Kube-ops-view is a popular one. It gives you optics across multiple Kubernetes clusters, with graphical representations across the board that allow you to monitor memory and CPU usage, and more.

Writing and maintaining application definitions is one of the more complex aspects of running Kubernetes, and Kedge is a popular open tool that offers a simplified approach. With Kedge, you can supply a Kubernetes definition in simple form and Kedge expands into a full and correct application definition. It basically lets you work with shortcuts.

The move toward containers shifts many types of dependencies pertaining to applications, and it shifts how applications are created. Kubernetes has proven to be an essential orchestration tool as these changes take place, and it is good to see open tools that can help streamline Kubernetes itself and make developing applications easier.

To learn more about Kubernetes, check out the sample course materials for Kubernetes Fundamentals (LFS258), an online, self-paced course developed by The Linux Foundation Training that gives a high-level overview of what Kubernetes is and the challenges it solves. Download a free sample chapter now.

Shedding Old Architectures and Compilers in the Kernel

By
LWN
-

The kernel development process tends to be focused on addition: each new release supports more drivers, more features, and often new processor architectures. As a result, almost every kernel release has been larger than its predecessor. But occasionally even the kernel needs to slim down a bit. Upcoming kernel releases are likely to see the removal of support for a number of unloved architectures and, in an unrelated move, the removal of support for some older compilers.

Architectures

The Meta architecture was added to the 3.9 kernel as “metag” in 2013; it is a 32-bit architecture developed by Imagination Technologies. Unfortunately, at about the same time as the code was merged, Imagination Technologies bought MIPS Technologies and shifted its attention to the MIPS architecture. Since then, the kernel’s support for Meta has languished, and it can only be built with the GCC 4.2.4 release, which is unsupported. On February 21, James Hogan, the developer who originally added the Meta port to the kernel, proposed that it be removed, calling it “essentially dead with no users.”

The very next day, Arnd Bergmann, working entirely independently, also proposed removing Meta. Bergmann, however, as is his way, took a rather wider view of things: he proposed that the removal of five architectures should be seriously considered.

Read more at LWN

You Don’t Know Bash: An Introduction to Bash Arrays

By
OpenSource.com
-

Although software engineers regularly use the command line for many aspects of development, arrays are likely one of the more obscure features of the command line (although not as obscure as the regex operator =~). But obscurity and questionable syntax aside, Bash arrays can be very powerful.

Wait, but why?

Writing about Bash is challenging because it’s remarkably easy for an article to devolve into a manual that focuses on syntax oddities. Rest assured, however, the intent of this article is to avoid having you RTFM.

A real (actually useful) example

To that end, let’s consider a real-world scenario and how Bash can help: You are leading a new effort at your company to evaluate and optimize the runtime of your internal data pipeline. As a first step, you want to do a parameter sweep to evaluate how well the pipeline makes use of threads. For the sake of simplicity, we’ll treat the pipeline as a compiled C++ black box where the only parameter we can tweak is the number of threads reserved for data processing: ./pipeline --threads 4.

Read more at OpenSource.com

All Things Enterprise Cloud Native at Red Hat

By
The New Stack
-

At KubeCon + CloudNativeCon in Copenhagen in early May, we caught up with Red Hat‘s Brandon Philips, to discuss the state of CoreOS and containers as a whole. Philips was previously with CoreOS, which was acquired by Red Hat back in January, and the pairing has focused a good amount of Linux thought leadership on the Kubernetes project. In Copenhagen, he and Diane Mueller, director of community development at Red Hat, sat down to talk about what it’s been like merging the CoreOS and Red Hat teams.

The CoreOS team, and Red Hat overall has been working closely with the CNCFto expand the capabilities of Kubernetes for enterprise users. One big part of this effort has been the Kubernetes Operators Project, said Philips.

Read more at The New Stack

​The Killer Chromebook: Google’s i7 Pixelbook

By
ZDNet
-

Want the best of all Chromebooks? Then get Google’s Pixelbook.

Now, I’ve liked Chromebooks since the experimental Cr-48rolled out in late 2010. And, when Google released its first high-end Chromebook, 2013’s Pixel, I was sold. I slowly but surely put away my Linux-powered Lenovo ThinkPads and started replacing them with Google’s high-end Chromebooks. Why? Because they’re better than any other laptop out there.

Besides, as my tech buddy Mike Elgan points out, today’s high-end Chromebooks “run more apps without dual- or multi-booting than any other computing platform. Chromebooks can run apps from Android, Linux, and Windows concurrently in the same session.”

Read more at ZDNet

GitLab’s High-End Plans Are Now Free for Open Source Projects and Schools

By
TechCrunch
-

The fact that Microsoft is buying GitHub has left a lot of developers with a deep feeling of unease and a lot of them are now looking for alternatives. One of those is GitLab and that company has decided to strike the iron while it’s hot. To attract even more developers to its platform, GitLab today announced that its premium self-hosted GitLab Ultimate plan and its hosted Gold plan are now available for free to open source projects and educational institutions.

“Most education and open source projects don’t have access to enhanced security or performance management tools for their software projects,” GitLab CEO Sid Sijbrandij told me. “At GitLab, we are happy to have achieved a level of success that allows us to extend the full set of features to these important communities by offering GitLab Ultimate & GitLab Gold plans for free.”

Read more at TechCrunch

1...357358359...10,742Page 358 of 10,742