This week in open source and Linux news, The Linux Foundation and other organization gathered in Los Angeles this week to collaborate and break major industry news, including AI and 5G developments
1) The Linux Foundation has launched a new AI Project, to help develop, share and deploy AI and machine learning apps.
Securing your network is an incredibly challenging task, one that’s made even more difficult by software that adds yet another layer of complexity on top. And let’s face it, most firewall tools are the stuff of user nightmare. That’s why, when a firewall tool strips away some of that complexity, it deserves attention.
One such tool is IPFire, an open source Linux distribution geared specifically for the task of firewalls. This particular distribution is hardened, secure, easy to operate, and ready to serve enterprise, small-to-medium businesses, and even home users. IPFire was designed for users new to firewalling, so it places a premium on user-friendliness.
How user friendly is IPFire? Let’s install it and find out.
Installation
The installation of IPFire might be the one stumbling block for new users. The install is text-based and might intimidate those who haven’t previously installed Linux. Fortunately, the installation is not hard. In this article, I’ll demonstrate how to install IPFire via a VirtualBox virtual machine. If you’re planning on doing the same, you must make sure to enable a second network adapter (before booting the ISO image for installation). One adapter will be used for the Green networking segment and one for the Red networking segment (more on this in a bit).
Once you’ve downloaded the ISO image and burned it to either a CD/DVD or USB drive, insert the newly created media and boot the machine. You will be greeted by the IPFire splash screen (Figure 1), where you select Install IPFire.
Figure 1: The IPFire splash screen.
Once you get beyond the splash screen, you will be presented with the ncurses-based installer. In the next few windows (Figure 2), you will have to accept the license, configure the language, and partition/format the drive.
Figure 2: The ncurses installation window.
This portion of the installation will complete very quickly and then require you to reboot. Once you’ve rebooted, you will be presented with the next phase of the installation, where you’ll configure the keyboard mapping, timezone (make sure this is correct), hostname, domain name, root user password, admin user (for the web interface) password, and then the network options. It isn’t until you get to the network configuration type that you might be tripped up. Here (Figure 3), you must select from the four options:
GREEN + RED
GREEN + RED + ORANGE
GREEN + RED + BLUE
GREEN + RED + ORANGE + BLUE
Figure 3: Selecting your networking layout.
What do these choices all mean? Each color represents a different network segment. The breakdown is as follows:
Red – WAN – External network connected to the Internet
Green – LAN – Internal/Private network connected locally
Orange – DMZ – The DeMilitarized Zone, an unprotected/Server network accessible from the internet
Blue – WLAN – Wireless Network
You will want to select the combination that best-suits your network. For my testing purpose, I’ve selected GREEN + RED. Once you’ve made that you will be returned to the Networking configuration menu. Select Drivers and card assignments. In this new window, you must assign a network card to a color. Select one of the colors and then, when prompted (Figure 4), assign an interface to the color.
Figure 4: Assigning an interface to a color.
Once you’ve assigned the interfaces to colors, tab to Done and hit Enter on your keyboard. Back on the Network configuration menu, select Address settings. In the next window, select a color and then configure it for your network. You’ll need to give it an IP address and a network mask (Figure 5).
Figure 5: Giving our interface an address.
Make sure to configure both network interfaces. Once you’ve done that, tab to Done and hit Enter on your keyboard. The final network configuration is DNS and Gateway settings. Select that option and then, when prompted, enter the proper information (Figure 6).
Figure 6: Configuring DNS and gateway addresses.
Once you’ve finished the network configuration, you can then set up an optional DHCP server (Figure 7).
Figure 7: An optional DHCP server with IPFire.
At this point, IPFire will boot and land at a login prompt. You can either log in (using the user root and the password set during installation) or point your browser to http://SERVER_IP:444 (Where SERVER_IP is the IP address of the IPFire server).
At the web interface, login with the user admin and the password you set for that user during installation. Once you’ve successfully logged in, you will be presented with the IPFire web-based interface (Figure 8).
Figure 8: The IPFire web-based interface.
What to do now?
You are ready to start configuring your firewall. For full documentation on firewall setup, check out the official IPFire Documentation. Let’s say you want to configure a port-forward rule (so that traffic from the WAN can be properly directed to an machine on your LAN). For this you’ll need an originating source and a target destination. To create the new rule, click Firewall > Firewall Rules. In the resulting window, click New rule.
You will now need to configure the port forwarding rule (Figure 9).
Figure 9: Configuring a port forward rule.
Select Source address and enter the address for the originating source. Next click the check box for User Network Address Translation (NAT) and select Destination NAT. Next you must select the firewall interface for the NAT rule.
In the Destination section, click the check box for Destination address and type the IP address for the destination. With the address added, select the necessary protocol for the translation. Once you’ve selected the protocol, you can then add the required source and destination port for the NAT (Figure 10).
Figure 10: Adding ports for the NAT.
Click Add (at the bottom of the window) and you will be presented with a window displaying your new rule. If everything is correct, click Apply changes and the new rule will be added to the system.
That’s all there is to creating a new firewall rule with IPFire. It really is that easy.
Ease of use and security
If you need two reasons to give IPFire a try, they should be ease of use and security. You’d be hard-pressed to find a Linux-based firewall distribution that is as easy to setup and manage … that gives you this level of security. IPFire is an outstanding open source firewall solution. Give this distribution a test and see if it doesn’t make securing your network a very simple task.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
Etcd, a key-value store and a core component of Kubernetes clusters, is used to store highly sensitive configuration data but is also easily left unprotected, as a developer recently found.
Puerto Rican software developer Giovanni Collazo was looking into etcd, first developed by CoreOS, and realized that before version 2.1, released in July 2015, it didn’t support any type of authentication. Even after it was added, this feature was kept off by default for backward compatibility reasons.
A similar approach was taken by MongoDB developers in the past and resulted in thousands of insecure deployments on the internet that were abused by hackers. So, Collazo set out to see if etcd’s design decisions had a similar effect.
In the mid-70s I heard about floppy drives, but they were expensive, exotic equipment. I didn’t know that IBM had decided as early as 1967 that tape drives, while fine for backups, simply weren’t good enough to load software on mainframes. So it was that Alan Shugart assigned David L. Noble to lead the development of “a reliable and inexpensive system for loading microcode into IBM System/370 mainframes” using a process called Initial Control Program Load (ICPL). From this project came the first 8-inch floppy disk.
Oh, yes, before the 5.25-inch drives many of you remember was the 8-inch floppy. By 1978, I was using those on mainframes. Later I would use them on dedicated cataloging PCs at the Online Computer Library Center.
Linux systems can provide more help with your schedule than just reminding you what day today is. You have a lot of options for displaying calendars — some that are likely to prove helpful and others that just might boggle your mind.
date
To begin, you probably know that you can show the current date with the date command.
$ date
Mon Mar 26 08:01:41 EDT 2018
cal and ncal
You can show the entire month with the cal command. With no arguments, cal displays the current month and, by default, highlights the current day by reversing the foreground and background colors.
Our journey through the history of IT infrastructure starts with the centralised mainframe era kicked off by IBM in the 1960s and advances through to the cloud-based, server-less world we now occupy. In between, we’ve seen the eras of personal computers, client/server computing and web-based enterprise computing, all of which have transformed the way businesses operate.
The personal computing era, for example, was driven by the proliferation of PCs and desktop productivity software tools such as spreadsheets and word processors in the early 1980s, which appealed to personal and corporate users alike.
This was followed by the rise of powerful server computers that were linked to ‘clients’ – i.e. desktop and laptop PCs – to provide users with a variety of capabilities in the client/server age of the late 1980s and the enterprise computing era of the 1990s, which was driven by the need to integrate disparate networks and applications together in a single infrastructure amidst the growth of the World Wide Web.
What are the pitfalls of running Java or JVM-based applications in containers? In this article, Jörg Schad and Ken Sipe discuss the challenges and solutions.
The Java Virtual Machine (not even with the Java 9 release) is not fully aware of the isolation mechanisms that containers are built around. This can lead to unexpected behavior between different environments (e.g., test vs production). To avoid this behavior one should consider overriding some default parameters (which are usually set by the memory and processors available on the node) to match the container limits.
This is a really wonderful study with far-reaching implications that could even impact company strategies in some cases. It starts with a simple question: “how can we improve the state of the art in deep learning?” We have three main lines of attack:
As I wrote above, the syslog-ng application is an enhanced logging daemon with a focus on portability and central log collection. Daemon means syslog-ng is an application running continuously in the background; in this case, it’s collecting log messages.
While Linux testing for many of today’s applications is limited to x86_64 machines, syslog-ng also works on many BSD and commercial UNIX variants. What is even more important from the embedded/IoT standpoint is that it runs on many different CPU architectures, including 32- and 64-bit ARM, PowerPC, MIPS, and more. (Sometimes I learn about new architectures just by reading about how syslog-ng is used.)
Why is central collection of logs such a big deal? One reason is ease of use, as it creates a single place to check instead of tens or thousands of devices.
The important role that open source will play in distributing compute power to the edge is coming into clearer focus here this week, with multiple initiatives and some significant contributions from major industry players.
The Open Networking Foundation kicked things off with its announcement of a strategic shift that will put major operators in charge of developing reference designs for edge SDN platforms for network operators, with the intent of moving open source technologies forward faster on that front. The Linux FoundationTuesday announced broader support for its Akraino Edge Stack open source community, including 13 new members and a major open source contribution from one of those Intel Corp. (Nasdaq: INTC). (See ONF Operators Take Charge of Edge SDN and ONF Operators Take Charge of Edge SDN.)
In the Intel keynote Tuesday afternoon, Melissa Evers-Hood, senior director of cloud and edge software for Intel’s Open Source Technology Center, explained Intel’s decision to open source its Wind River Titanium Cloud portfolio of technologies as well as Intel’s Network Edge Virtualization Software Development Kit. Wind River Titanium Cloud is Intel’s NFV Infrastructure, based on OpenStack.
