It’s a universally accepted truth: The more changes you make to code, the larger the chance it’s going to break.
Everyone knows bugs happen, and organizations that are equipped to quickly and expertly squash them are the ones that come out ahead. Increasingly, those teams that prove to be masters of their codebase and fierce problem solvers operate in organizations that have come to embrace good DevOps practices.
Is your organization’s DevOps culture experiencing breakdowns or lack of synergy? It might be time to check for these common bugs – and deploy some proven fixes:
Linus Torvalds released version 4.16 of the Linux Kernel on Sunday, April 1st, nine weeks after the previous version. After the rather eventful 4.15 cycle, which included the loss of the Linux Kernel Mailing List for several days and the fallout from the Meltdown and Spectre bugs, 4.16 has been mercifully smooth.
Getting back to Meltdown and Spectre, the dust kicked up by both bugs still hasn’t completely settled. Quite a few patches were included to try and ameliorate some of their effects. Both 64-bit ARM and IBM z s390 architectures get patches that mitigate possible exploits. Meanwhile, access to /dev/mem is now more restrictive and the code that keeps x86 architectures safe has been cleaned up and optimized.
In more productive news, the VirtualBox Guest driver was merged into the mainline kernel. This means that the VirtualBox VM should work better on Linux from now on. Vaguely related, Jailhouse, a partitioning Hypervisor developed by Siemens, is now also supported in the mainline kernel. Jailhouse is different to other hypervisors in that it can be loaded and configured by a normal Linux system.
Other stuff to look forward to in Linux kernel 4.16
The AMD GPU DC display code has been improved so as to incorporate better multi-display support. This means that the highest display rate will be used when synchronizing several monitors. The new code also mitigates underflow/corruption problems which manifest as flickering ghosts when elements are moved on the desktop.
Operations for in-kernel filesystems will probably become faster thanks to a patch that optimizes the update of inode data and metadata. In some cases, the speed registered in read bandwidth increased to more than 200 percent.
There have been updates to the open source Risc V ISA, which was merged in 4.15. However, there are no device drivers yet.
Some new devices that are now supported in the mainline kernel include the Orange Pi R1, NVIDIA’s Tegra TX2, and the second generation “One by Wacom” tablets.
As usual, you can find out more by checking out the writeups at Kernel Newbies and Phoronix.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
Interest in evaluating and investing in open source startups is on the rise again after a dip in the past couple of years, according to speakers at a panel discussion on investment startups in the open source world.
The discussion took place at The Linux Foundation’s recent Open Source Leadership Summit (OSLS). In terms of investment activity in the open source startup space, “there is good appetite for the acquirers as well as the public markets, depending on the value proposition that these companies … have to offer,’’ said Rashmi Gopinath, a partner with Microsoft Ventures, the corporate venturing arm for Microsoft. She noted that Microsoft acquired Deis in 2017, an open source startup specializing in the Kubernetes container orchestration platform.
Brigade provides a way to script multiple containers to perform a task. With Brigade, you can build things like CI systems, ETL pipelines, and distributed batch processors. One of the critical capabilities of Brigade is its ability to share data between containers. This article describes the two main ways of sharing data.
Brigade’s Purpose
In a previous article in this series, I explained why we created Brigade. I described Brigade as an event-based scripting environment for Kubernetes. A second way of looking at Brigade is as a serverless platform for scripting containers.
Both descriptions share a central feature: Brigade is about linking multiple containers together to create powerful processing pipelines.
SUSE has released a SUSE Linux Enterprise Server 12 SP3 (SLES) for the popular Raspberry Pi, which comes with full commercial support for enterprise customers.
The release upgrades an unsupported version of SLES SP2 Raspberry Pi image released at 2016 SUSECON, which offered enterprises an alternative to Raspbian OS with an OS that uses the SUSE Linux Enterprise kernel for Arm.
According to SUSE, companies have been using SLES for Arm on Raspberry Pi for monitoring older industrial equipment such as robotic screwdrivers and sending alerts when they malfunction.
If the history of high performance computing has taught us anything, it is that we cannot focus too much on compute at the expense of storage and networking. Having all of the compute in the world doesn’t mean diddlysquat if the storage can’t get data to the compute elements – whatever they might be – in a timely fashion with good sustained performance.
Many organizations that have invested in GPU accelerated servers are finding this out the hard way when their performance comes up short when they get down to do work training their neural networks,…
The problem is that the datasets that are needed for storing the largely unstructured data that feeds into neural networks to let them do their statistical magic is growing at an exponential rate, and so is the computational requirement to chew on that data.
After starting with Ubuntu, Microsoft has added a number of Linux distributions to its Windows Subsystem for Linux (WSL) Linux runtime environment. A Windows machine can simultaneously offer an Ubuntu, SUSE, Debian, and Kali “personality,” providing users with a choice of the different distributions’ preferences and package management.
But if your distribution isn’t yet available or if you want a Linux installation that’s customized just the way you like it, there’s now an answer: Microsoft has an open source tool for building your own Linux package. The tool is aimed at two groups: distribution owners (so they can produce a bundle to ship through the Microsoft Store) and developers (so they can create custom distributions and sideload them onto their development systems).
This week in open source and Linux news, The Linux Foundation and other organization gathered in Los Angeles this week to collaborate and break major industry news, including AI and 5G developments
1) The Linux Foundation has launched a new AI Project, to help develop, share and deploy AI and machine learning apps.
Securing your network is an incredibly challenging task, one that’s made even more difficult by software that adds yet another layer of complexity on top. And let’s face it, most firewall tools are the stuff of user nightmare. That’s why, when a firewall tool strips away some of that complexity, it deserves attention.
One such tool is IPFire, an open source Linux distribution geared specifically for the task of firewalls. This particular distribution is hardened, secure, easy to operate, and ready to serve enterprise, small-to-medium businesses, and even home users. IPFire was designed for users new to firewalling, so it places a premium on user-friendliness.
How user friendly is IPFire? Let’s install it and find out.
Installation
The installation of IPFire might be the one stumbling block for new users. The install is text-based and might intimidate those who haven’t previously installed Linux. Fortunately, the installation is not hard. In this article, I’ll demonstrate how to install IPFire via a VirtualBox virtual machine. If you’re planning on doing the same, you must make sure to enable a second network adapter (before booting the ISO image for installation). One adapter will be used for the Green networking segment and one for the Red networking segment (more on this in a bit).
Once you’ve downloaded the ISO image and burned it to either a CD/DVD or USB drive, insert the newly created media and boot the machine. You will be greeted by the IPFire splash screen (Figure 1), where you select Install IPFire.
Figure 1: The IPFire splash screen.
Once you get beyond the splash screen, you will be presented with the ncurses-based installer. In the next few windows (Figure 2), you will have to accept the license, configure the language, and partition/format the drive.
Figure 2: The ncurses installation window.
This portion of the installation will complete very quickly and then require you to reboot. Once you’ve rebooted, you will be presented with the next phase of the installation, where you’ll configure the keyboard mapping, timezone (make sure this is correct), hostname, domain name, root user password, admin user (for the web interface) password, and then the network options. It isn’t until you get to the network configuration type that you might be tripped up. Here (Figure 3), you must select from the four options:
GREEN + RED
GREEN + RED + ORANGE
GREEN + RED + BLUE
GREEN + RED + ORANGE + BLUE
Figure 3: Selecting your networking layout.
What do these choices all mean? Each color represents a different network segment. The breakdown is as follows:
Red – WAN – External network connected to the Internet
Green – LAN – Internal/Private network connected locally
Orange – DMZ – The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue – WLAN – Wireless Network
You will want to select the combination that best-suits your network. For my testing purpose, I’ve selected GREEN + RED. Once you’ve made that you will be returned to the Networking configuration menu. Select Drivers and card assignments. In this new window, you must assign a network card to a color. Select one of the colors and then, when prompted (Figure 4), assign an interface to the color.
Figure 4: Assigning an interface to a color.
Once you’ve assigned the interfaces to colors, tab to Done and hit Enter on your keyboard. Back on the Network configuration menu, select Address settings. In the next window, select a color and then configure it for your network. You’ll need to give it an IP address and a network mask (Figure 5).
Figure 5: Giving our interface an address.
Make sure to configure both network interfaces. Once you’ve done that, tab to Done and hit Enter on your keyboard. The final network configuration is DNS and Gateway settings. Select that option and then, when prompted, enter the proper information (Figure 6).
Figure 6: Configuring DNS and gateway addresses.
Once you’ve finished the network configuration, you can then set up an optional DHCP server (Figure 7).
Figure 7: An optional DHCP server with IPFire.
At this point, IPFire will boot and land at a login prompt. You can either log in (using the user root and the password set during installation) or point your browser to http://SERVER_IP:444 (Where SERVER_IP is the IP address of the IPFire server).
At the web interface, login with the user admin and the password you set for that user during installation. Once you’ve successfully logged in, you will be presented with the IPFire web-based interface (Figure 8).
Figure 8: The IPFire web-based interface.
What to do now?
You are ready to start configuring your firewall. For full documentation on firewall setup, check out the official IPFire Documentation. Let’s say you want to configure a port-forward rule (so that traffic from the WAN can be properly directed to an machine on your LAN). For this you’ll need an originating source and a target destination. To create the new rule, click Firewall > Firewall Rules. In the resulting window, click New rule.
You will now need to configure the port forwarding rule (Figure 9).
Figure 9: Configuring a port forward rule.
Select Source address and enter the address for the originating source. Next click the check box for User Network Address Translation (NAT) and select Destination NAT. Next you must select the firewall interface for the NAT rule.
In the Destination section, click the check box for Destination address and type the IP address for the destination. With the address added, select the necessary protocol for the translation. Once you’ve selected the protocol, you can then add the required source and destination port for the NAT (Figure 10).
Figure 10: Adding ports for the NAT.
Click Add (at the bottom of the window) and you will be presented with a window displaying your new rule. If everything is correct, click Apply changes and the new rule will be added to the system.
That’s all there is to creating a new firewall rule with IPFire. It really is that easy.
Ease of use and security
If you need two reasons to give IPFire a try, they should be ease of use and security. You’d be hard-pressed to find a Linux-based firewall distribution that is as easy to setup and manage … that gives you this level of security. IPFire is an outstanding open source firewall solution. Give this distribution a test and see if it doesn’t make securing your network a very simple task.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
Etcd, a key-value store and a core component of Kubernetes clusters, is used to store highly sensitive configuration data but is also easily left unprotected, as a developer recently found.
Puerto Rican software developer Giovanni Collazo was looking into etcd, first developed by CoreOS, and realized that before version 2.1, released in July 2015, it didn’t support any type of authentication. Even after it was added, this feature was kept off by default for backward compatibility reasons.
A similar approach was taken by MongoDB developers in the past and resulted in thousands of insecure deployments on the internet that were abused by hackers. So, Collazo set out to see if etcd’s design decisions had a similar effect.
