The considerable growth in the Kubernetes market is well documented. It is by far the most widely used orchestration platform, but it’s not the only one, preventing it from receiving full default status. Kubernetes’ acceptance has forced it to mature quite fast and has left the technology community to rapidly innovate. It has helped force a disruption in the market as new and more established vendors now compete in the cloud-native space.
Container technologies prompted the rise and development of the Kubernetesorchestration platform. Today, the largest users of containers are companies with more than 1,000 employees which run their own data centers.
IoT devices are considered embedded devices, which in short means a computer attached to something else, whatever that something else might be. This is in contrast with laptops, desktops, and servers, for which the computer in them is the end and not just the means.
While these terms are not formal terms, a common way to distinguish IoT devices from other embedded devices is by the presence of network connectivity. This means that IoT devices can talk to other IoT devices, or to your desktop, or to some server in the cloud.
Some of these devices are low-cost consumer devices (for example light bulbs and light switches for the home) or are very purpose oriented (such as a fridge or oven, or the Amazon dash button). And others, while not as price sensitive or as single-purpose, have been developed by teams with little to no experience in network, which in turn have not taken full advantage of the networking capabilities of these devices.
It’s long been known that you should never insert an unknown USB drive to your computer because it could be loaded with malware. However, new research from Ben-Gurion University has exposed 29 types of USB attacks, and extends to your smartphone. It shows that you should never use a USB charger you find lying around or plug into a public USB port. Both can be compromised by attackers, as we talked about with one of the researchers on the project, Ran Yahalom.
“We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”
I remember, long, long ago, when installing apps in Linux required downloading and compiling source packages. If you were really lucky, some developer might have packaged the source code into a form that was more easily installable. Without those developers, installing packages could become a dependency nightmare.
But then, package managers like rpm and dpkg began to rise in popularity, followed quickly by the likes of yum and apt. This was an absolute boon to anyone looking to make Linux their operating system of choice. Although dependencies could still be an issue, they weren’t nearly as bad as they once were. In fact, many of these package managers made short shrift of picking up all the dependencies required for installation.
And the Linux world rejoiced! Hooray!
But, with those package managers came a continued requirement of the command line. That, of course, is all fine and good for old hat Linux users. However, there’s a new breed of Linux users who don’t necessarily want to work with the command line. For that user-base, the Linux “app store” was created.
This all started with the Synaptic Package Manager. This graphical front end for apt was first released in 2001 and was a breath of fresh air. Synaptic enabled user to easily search for a piece of software and install it with a few quick clicks. Dependencies would be picked up and everything worked. Even when something didn’t work, Synaptic included the means to fix broken packages—all from a drop-down menu.
Since then, a number of similar tools have arrived on the market, all of which improve on the usability of Synaptic. Although Synaptic is still around (and works quite well), new users demand more modern tools that are even easier to use. And Linux delivered.
I want to highlight three of the more popular “app stores” to be found on various Linux distributions. In the end, you’ll see that installing applications on Linux, regardless of your distribution, doesn’t have to be a nightmare.
GNOME Software
GNOME’s take on the graphical package manager, Software, hit the scene just in time for the Ubuntu Software Center to finally fade into the sunset (which was fortuitous, considering Canonical’s shift from Unity to GNOME). Any distribution that uses GNOME will include GNOME Software. Unlike the now-defunct Ubuntu Software Center, GNOME Software allows users to both install and update apps from within the same interface (Figure 1).
Figure 1: The GNOME Software main window.
To find a piece of software to install, click the Search button (top left, looking glass icon), type the name of the software you want to install, and wait for the results. When you find a title you want to install, click the Install button (Figure 2) and, when prompted, type your user (sudo) password.
Figure 2: Installing Slack from GNOME Software.
GNOME Software also includes easy to navigate categories, Editor’s Picks, and GNOME add-ons. As a bonus feature, GNOME Software also supports both snaps and flatpak software. Out of the box, GNOME Software on Ubuntu (and derivatives) support snaps. If you’re adventurous, you can add support for flatpak by opening a terminal window and issuing the command sudo apt install gnome-software-plugin-flatpak.
GNOME Software makes it so easy to install software on Linux, any user (regardless of experience level) can install and update apps with zero learning curve.
KDE Discover
Discover is KDE’s answer to GNOME Software. Although the layout (Figure 3) is slightly different, Discover should feel immediately familiar.
Figure 3: The KDE Discover main window is equally user friendly.
One of the primary differences between Discover and Software is that Discover differentiates between Plasma (the KDE desktop) and application add-ons. Say, for example, you want to find an “extension” for the Kate text editor; click on Application Addons and search “kate” to see all available addons for the application.
The Plasma Addons feature makes it easy for users to search through the available desktop widgets and easily install them.
The one downfall of KDE Discover is that applications are listed in a reverse alphabetical order. Click on one of the given categories, from the main page, and you’ll be given a listing of available apps to scroll through, from Z to A (Figure 4).
Figure 4: The KDE Discover app listing.
You will also notice no apparent app rating system. With GNOME Software, it’s not only easy to rate a software title, it’s easy to decide if you want to pass on an app or not (based on a given rating). With KDE Discover, there is no rating system to be found.
One bonus that Discover adds, is the ability to quickly configure repositories. From the main window, click on Settings, and you can enable/disable any of the included sources (Figure 5). Click the drop-down in the upper right corner, and you can even add new sources.
Figure 5: Enabling, disable, and add sources, all from within Discover.
Pamac
If you’re hoping to soon count yourself among the growing list of Arch Linux users, you’ll be glad to know that the Linux distribution often considered for the more “elite”, also includes a graphical package manager. Pamac does an outstanding job of making installing applications on Arch easy. Although Pamac isn’t quite on the design level of either GNOME Software or KDE Discover, it still does a great job of simplifying the installing and updating of applications. From the Pamac main window (Figure 6), you can either click on the search button, or click a Category or Group to find the software you’re looking to install.
Figure 6: The Pamac main window.
If you can’t find the software you’re looking for, you might need to enable one of the many repositories. Click on the Repository button and then search through the categories (Figure 7) to locate the repository to be added.
Figure 7: Adding new repositories in Pamac.
Updates are smoothly handled with Pamac. Click on the Updates button (in the left navigation) and then, in the resulting window (Figure 8), click Apply. All of your Arch updates will be installed.
Figure 8: Updating Arch via Pamac.
More where that came from
I’ve only listed three graphical package managers. That is not to say these three are the only options to be found. Other distributions have their own takes on the package manager GUI. However, these three do an outstanding job of representing just how far installing software on Linux has come, since those early days of only being able to install via source.
Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.
If you are attending ONS, you know the value of open source projects. You know they are going to play a critical role in your ongoing or upcoming SDN/NFV transformation. Open source projects have become very successful in the enterprise space and they are poised to do the same in the communications service provider (CSP) arena.
That leads to a question—how can you learn more about these projects, determine their value for your specific environment and map out your organization’s next steps? Certainly, you can review online materials on your own. However, if you are like me and learn best when another human being is providing or explaining the material starting with the basics, at an unhurried pace, then the ONAP and OPNFV training sessions offered onsite at Open Networking Summit in Los Angeles are something to consider. These training courses will empower you to integrate open source into your NFV/SDN deployments.
In your open source adventures, you may have heard the acronyms CLA and DCO, and you may have said “LOL WTF BBQ?!?” These letters stand for Contributor License Agreement and Developer Certificate of Origin, respectively. Both have a similar intent: To say that the contributor is allowed to make the contribution and that the project has the right to distribute it under its license. With some significant projects moving from CLAs to DCOs (like Chef in late 2016 and GitLab in late 2017), the matter has received more attention lately.
So what are they? The Contributor License Agreement is the older of the two mechanisms and is often used by projects with large institutional backing (either corporate or nonprofit).
At The Linux Foundation’s OSLS event in Sonoma this week, CNCF’s COO Chris Aniszczyk announced that its Kubernetes project has become a full blown project. Read the rest of this installment of our weekly digest to stay in the know!
1) At the Open Source Leadership Summit this week, CNCF’s COO announced that Kubernetes had been graduated to become a “full-blown open source project.”
2) A developer-first open source protection service raises a big chunk of money. The platform “continuously finds and fixes known vulnerabilities and license violations in open source dependencies.”
3) “The latest release of Bright Cluster Manager provides the ability for Bright customers to easily integrate OpenHPC libraries and packages for use within a Bright cluster.”
4) To help address licensing complications, GitHub has open sourced “Licensed” — an “internal tool they’ve used to automate some of GitHub’s open-source projects licensing process.”
A Twitter thread on trolls brought up mention of trolls on Usenet. The reason they were so hard to deal with, even then, has some lessons for today; besides, the history is interesting. (Aside: this is, I think, the first longish thing I’ve ever written about any of the early design decisions for Usenet. I should note that this is entirely my writing, and memory can play many tricks across nearly 40 years.)
A complete tutorial on Usenet would take far too long; let it suffice for now to say that in the beginning, it was a peer-to-peer network of multiuser time-sharing systems, primarily interconnected by dial-up 300 bps and 1200 bps modems. (Yes, I really meant THREE HUNDRED BITS PER SECOND. And some day, I’ll have the energy to describe our home-built autodialers—I think that the statute of limitations has expired…) Messages were distributed via a flooding algorithm. Because these time-sharing systems were relatively big and expensive and because there were essentially no consumer-oriented dial-up services then (even modems and dumb terminals were very expensive), if you were on Usenet it was via your school or employer. If there was abuse, pressure could be applied that way—but it wasn’t always easy to tell where a message had originated—and that’s where this blog post really begins: why didn’t Usenet authenticate requests?
A Sandia National Laboratories software program now installed as an additional test for the widely observed TOP500 supercomputer challenge has become increasingly prominent. The program’s full name — High Performance Conjugate Gradients, or HPCG — doesn’t come trippingly to the tongue, but word is seeping out that this relatively new benchmarking program is becoming as valuable as its venerable partner — the High Performance LINPACK program — which some say has become less than satisfactory in measuring many of today’s computational challenges.
“The LINPACK program used to represent a broad spectrum of the core computations that needed to be performed, but things have changed,” said Sandia researcher Mike Heroux, who created and developed the HPCG program. “The LINPACK program performs compute-rich algorithms on dense data structures to identify the theoretical maximum speed of a supercomputer. Today’s applications often use sparse data structures, and computations are leaner.”
CNCF is proud to sponsor a new FREE ebook from The New Stack titled Kubernetes Deployment and Security Patterns. Download the ebook today.
Moving beyond the shiny new technology stage, the reports posits that Kubernetes is now in adolescence. That means all eyes are tracking its growing maturity, how well it works in production, and what else is needed for Kubernetes to ascend further within enterprises of any size and across all industries, in all corners of the world. CNCF is also partnering with The New Stack and Huawei on a webinar that will explore international container growth.
Register today for “Global Container Adoption: A Closer Look at the Container Ecosystem in China” to be held 10 a.m. PT, March 20, 2018. Join Huawei CTO Dr. Ying Xiong, CNCF VP of Marketing Dee Kumar and The New Stack Editorial Director Libby Clark for the latest research, analysis and perspectives on how the container ecosystem is evolving in China.
eBook Highlights New Global Survey Data
Developers and Ops teams transitioning from VMs to containers will appreciate the detailed explanation and analysis the report includes on container orchestration and security patterns. The book also outlines how companies are deploying and securing Kubernetes, sharing insights from the most experienced users and advocates of the technology. Other highlights include:
The results of recent surveys (one from the CNCF and the other from The New Stack) detailing how current Kubernetes operators are using the software.
A recommendation of deployment patterns designed to help cluster operators deploy Kubernetes to manage containerized workloads.
A comparison of varying levels of control, costs and features to expect from different deployment patterns such as self-hosted/custom, managed Kubernetes, CaaS and PaaS platforms.
Analysis of emerging scenarios utilizing Kubernetes such as machine learning, serverless, edge computing and streaming analytics.
A detailed list of security considerations including threat models and various security considerations for a Kubernetes deployment, along with some best practices for operators to follow.
Chapter 1 dives into the latest research on Kubernetes adoption. It analyzes New Stack data, our cloud native survey results (see previous blog for survey highlights) and new findings from the same CNCF survey recently completed in China to offer a more global and broader look at Kubernetes deployment patterns and adoption challenges and trends. A close inspection of this data helps tell a more complete story on Kubernetes acceptance and dominance in the market.
In total, 764 respondents completed CNCF’s survey, with 187 responses from a questionnaire that was translated into Mandarin. Almost all (97 percent) respondents were using containers in some way, while 61 percent were using containers in production. Overall, 69 percent of respondents said they were using Kubernetes to manage containers. P.S. A more detailed analysis on China’s adoption of Kubernetes and key takeaways from the “Global Container Adoption: A Closer Look at the Container Ecosystem in China” webinar will be covered in a future CNCF blog.
By looking at many variables, such as company size, public, private or multi-cloud environments, workload types, and cluster size, Chapter 1 offers in-depth analysis of the tools and infrastructure surrounding Kubernetes in areas like storage, networking, security and monitoring and logging.
After carefully reviewing numerous data sets, TNS Writer Lawrence Hecht concludes: “At a high level, Kubernetes won the first battle of the container orchestration wars. Companies with competitive offerings, such as Docker and Mesosphere, now promote how their products interoperate with Kubernetes. The major cloud providers have followed suit, with Alibaba Cloud, Amazon Web Services (AWS), Google Cloud Platform, Huawei Cloud and Microsoft Azure offering services to manage Kubernetes environments. Today, Kubernetes is the leading choice for managing containers at scale.”
