Twitter
Home Blog Page 403

This Week in Open Source: Containers Could Bring Linux Apps to Chrome, New Network Edge Project Via Linux Foundation

By
The Linux Foundation
-

This week in open source news, a new project from The Linux Foundation has been announced to create an open source software stack for network edge & much more! Read on for the top Linux and open source news of the week:

This move “could make Chrome OS a more powerful tool for developers and enterprises.”

Why Containers Could Finally Bring Linux Apps to Chrome OS– TechRepublic

The Linux Foundation has announced a new open source project “intended to create an open source software stack to support high-availability cloud services that are optimized for edge computing systems and applications.”

Linux Foundation Continues to Help Shape Telecoms Industry– ITWeb

This article outlines how you can get in on the active blockchain job market with training like The Linux Foundation’s FREE edX MOOC:

The Blockchain Market is Hot; Here’s How to Learn the Skills For It– ComputerWorld

Microsoft has “released an update that adds support for quantum development on macOS and Linux.”

Microsoft Brings its Quantum Dev Kit to MacOS, Linux; New Kind of Qubit This Year– ars Technica

“The company’s CTO of Data spoke with ZDNet about the growing importance of open source, given Microsoft now finds itself as one of the biggest contributors.”

Why Open Source is So Important to Microsoft– ZDNet

Hot Chips Face Off at MWC and Embedded World

By
Eric Brown
-

This week’s Mobile World Congress in Barcelona and Embedded World in Nuremberg are primarily designed to showcase smartphones and embedded systems, respectively. Yet, increasingly the shows are focused on the processors that drive them.

The only major chip announced in conjunction with this week’s conferences was Intel’s Stratix 10 TX FPGA, which is also the only chip covered here that doesn’t run Linux. Several other processors were announced earlier in the month, including AMD’s Ryzen Embedded V1000 and Epyc Embedded 3000. Meanwhile, new details were leaked about Intel’s 10nm Cannon Lake and Ice Lake chips, as well as some new 8th-Gen “Coffee Lake” models.    

We’ll start here with the AMD and Intel announcements before examining two previously announced ARM SoCs that loomed large at this week’s conferences. At MWC, the hot smartphone SoC was the Qualcomm Snapdragon 845, and at Embedded World there were several new products running NXP’s newly shipping i.MX8M. There was also plenty of speculation about the impact of Qualcomm’s impending acquisition of NXP, and whether the resulting valuation will make the merged entity too large for Broadcom to swallow.

AI chips pop into phones

This week’s conferences also saw some new developments in AI coprocessors. With the Snapdragon 845, Qualcomm has followed the lead of Huawei’s competing Kirin 970 smartphone SoC in integrating neural processing chips to accelerate AI operations. As a result, AI developers will soon be able to compare Huawei’s 970-based Mate 10 Pro phone with 845-based phones like the Samsung Galaxy S9.

In mid-February, Arm announced two new Project Trillium AI chip designs. Available now is Arm’s second-gen Object Detection (OD) Processor for optimizing visual processing and people/object detection. Due this summer is a Machine Learning (ML) Processor, which will accelerate AI applications including machine translation and face recognition. The Arm OD and ML, which use an entirely new computer architecture, could debut as coprocessors in mobile devices (ML) and other embedded systems (OD) by next year’s MWC.

Intel, meanwhile, announced an Intel AI: In Production program for its Movidius Neural Compute Stick based on its Linux-friendly Myriad 2 VPU technology. The program aims to ease the development of AI prototypes with the help of technologies such as an upcoming, mini-PCIe based “AI Core” board from Aaeon’s UP board community.

Sign up for ELC/OpenIoT Summit updates to get the latest information:

Intel Stratix 10 TX

This week, Intel’s Altera unit announced (and shipped) the Stratix 10 TX FPGA, featuring 58Gbps transceivers. The FPGA is designed for 4G and 5G base stations, network function virtualization, and other high-end networking equipment.

The Stratix 10 TX does not run Linux, but similar technology may appear in a future successor to the Linux-ready ARM/FPGA hybrid Stratix 10 SX. The 14nm fabricated SX and FPGA-only Stratix 10 GX and MX models were announced back in 2013, and then formally launched in Oct. 2016. Yet, the 1.5GHz, quad- A53 Stratix 10 SX didn’t ship until last October. The SX, which incorporates a Stratix V FPGA, competes with Xylinx’s similarly Linux-friendly, quad Cortex-A53 driven Xilinx Zynq UltraScale+ MPSoC ARM/FPGA hybrid.

The new Stratix 10 TX provides up to 144 transceiver lanes with data rates of up to 58Gbps using the new PAM4 (pulse amplitude modulation 4) and older 30G NRZ (non-return-to-zero) technologies. This dual-mode approach enables unprecedented aggregation capability for scaling to “100G, 200G and 400G delivery speeds,” claims Intel.

The FPGA taps an Intel “2.5D” packaging technology called EMIB (Embedded Multi-die Interconnect Bridge), which enables the integration of up to six “chiplets” in a single package. As a result, the Stratix 10 TX will be available in versions ranging from dual 600k logic element chiplets to six 2.8 million element chiplets.

Intel’s new “Coffee Lake” CPUs and Cannon Lake and Ice Lake leaks

Intel launched its first round of 8th-Gen Kaby Lake Refresh “Coffee Lake” chips back in September, and now several new models have broken cover.

This fourth generation of its 14nm fabricated Core chips — following Broadwell, Skylake, and Kaby Lake — offers relatively modest performance and power efficiency improvements. However, the U-series chips used in new Linux-based laptops from System76 and ZaReason provide slightly faster quad- instead of dual-core designs with the same price and 15W TDP as 7th-Gen models, delivering greater performance and power efficiency when running hyperthread-intensive applications. There are also some high-end models tuned to gaming, as well as the first hexa-core Core i5 and first quad-core Core i3 models.

On Feb. 28, Geekbench benchmarks were posted showing an unannounced hexa-core, 12-thread Core i7-8750H Coffee Lake chip clocked at 2.2GHz/4.09GHz. Earlier this week, a YouTube video was posted showing a purported 3DMark database document that revealed details about another Coffee Lake chip, as well as Intel’s upcoming 10nm Cannon Lake and Ice Lake CPUs.

The YouTube-leaked Coffee Lake-U Core i7-8559U chip has four cores and eight threads, and clocks to 2.7GHz, compared to a high of 1.9GHz for the fastest current Kaby Lake-U chip: the i7-8650U. The chip also offers the best graphics (Iris Plus Graphics 650) found on 8th-Gen chips to date. According to speculation from NotebookCheck, it will run at about 28W.

The video also showed a previously leaked, hexa-core Core i7-8670 8th-Gen part. Other Coffee Lake variants were leaked in mid-February, along with a Xeon-like Cascade Lake chip family expected to arrive in Q3.

The 10nm Cannon Lake and Ice Lake chips, meanwhile, are not only expected to offer major performance and efficiency gains but also to fix Intel’s Spectre and Meltdown vulnerabilities. (If so, that might put a crimp on Coffee Lake sales.)

The YouTube video showed a 2.4GHz Ice Lake-U CPU with four cores and eight threads and high-end Gen11 graphics, which are speculated to run at 15W. The video also showed a mobile/embedded oriented, dual-core, quad-threaded Cannon Lake Y chip clocked to 1.1GHz with basic Intel UHD graphics. V3 has speculated it will have an Intel Atom-like 4.5W TDP.

This appears to be the same dual-core Cannon Lake chip that Intel let slip in a microcode update in mid-February before quickly deleting the post. The document also listed a headless version of the chip without a GPU.

AMD Ryzen Embedded 1000 and Epyc Embedded 3000

Last week, AMD announced two embedded processors that borrow the 14nm Zen core from last year’s Ryzen desktop and Epyc 7000 server processors. The big news was the arrival of the Ryzen Embedded 1000, the successor to AMD’s R-Series “Merlin Falcon” — a high-end embedded SoC line that competed with lower end Intel Core chips. There was no word about an expected, Zen-based “Banded Kestrel” successor to the G-Series SoC, which competed with the lower-end Intel Atom.

Claimed to be up to twice as fast as the single-threaded R-Series, the single- or dual-threaded Ryzen Embedded V1000 is competitive with higher end Core CPUs than Merlin Falcon. It offers up to four Zen CPU cores for eight threads, with up to 3.75GHz burst. TDPs range from 12 to 54 Watts.

Perhaps even more impressive than the Zen-based CPU is the V1000’s Radeon Vega graphics (borrowed from the mainstream Ryzen), which offers up to 11 compute units. The Vega GPU supports DirectX 12 and OpenGL 4.4, as well as 10-bit HDR decoding, and it can generate four 4K displays simultaneously. Vendors including Advantech, Congatec, iBase, Esaote, Seco, Quixant, and more have announced boards or systems based on the SoC.

AMD also announced a headless Epyc Embedded 3000 processor aimed at high-end embedded edge systems and low-end storage and networking servers. Roughly comparable to Intel’s Xeon-D, this scaled down version of the Epyc 7000 offers four to 16 cores in single or multi-threading versions with 30W to 100W TDPs. The Epyc 3000 supports up to 64 PCIe slots, eight 10GbE ports, and 16 SATA ports.

Qualcomm Snapdragon 845

Announced in December, the Snapdragon 845 enjoyed a coming out party at MWC. Several phones driven by the SoC were unveiled or leaked, including Samsung’s Galaxy S9, Sony’s Xperia XZ2, and Xiaomi’s Mi Mix 2S.  In addition, Intrinsyc launched an Android 8.0 driven Open-Q 845 development kit.

Qualcomm’s Snapdragon 845 is claimed to offer up to 25 percent faster CPU performance compared to the similarly octa-core Snapdragon 835. Like the 835, the 845 features 10nm FinFET fabricated “Kryo” CPU cores. However, it uses a more efficient 10LPP process for improved performance and reduced power draw. The CPU is evenly split between Kryo cores that approximate Arm’s latest Cortex-A75 and lower-end Cortex-A55 architectures, which clock to 2.8GHz and 1.8GHz, respectively.

The Snapdragon 845 is the first SoC to implement Arm’s DynamIQ. This more flexible version of Arm’s Big.Little multi-core scheme should enable further performance gains.

The Snapdragon 845’s new Qualcomm Adreno 630 GPU is claimed to offer 30 percent faster graphics and 30 percent less power draw than the 835’s Adreno 540. The GPU also includes new “eXtended Reality” (XR) technology that can drive dual 2400×2400 @ 120Hz displays on VR headsets. Among many other improvements, the Snapdragon 845 supplies a new Hexagon 685 DSP with a Neural Processing Engine for accelerating AI operations.

NXP i.MX8M

NXP’s quad-core, Cortex-A53 i.MX8M successor to the ubiquitous quad -A9 i.MX6 SoC was announced back in Oct. 2016 and is now appearing in products. NXP’s intervening i.MX7 and lower-end i.MX UL are significant for lower-end IoT devices, but it will be the i.MX8M that will likely carry on the i.MX6 tradition of being the industry’s mainstream embedded Linux SoC.

The up to 1.5GHz, dual- or quad-core i.MX8M integrates a Vivante GC7000Lite GPU and VPU, enabling 4K HEVC/H265, H264, and VP9 video decoding with HDR. There’s also a 266MHz Cortex-M4 MCU and a security subsystem.

Several new computer-on-modules based on the i.MX8M were announced at Embedded World by Emcraft, Innocomm, and Seco. Also new is the armStone MX8M Pico-ITX SBC from F&S.

These boards join the previously announced, open source Wand-Pi-8M SBC from Technexion and its Wandboard.org community, which is due in the second quarter. Other earlier announcements include Compulab’s SBC-iMX8 Evaluation Kit and CL-SOM-iMX8 module, and Variscite’s recently shipping DART-MX8M module and sandwich-style VAR-DT8MCustomBoard SBC.

Registration is now open for the Embedded Linux Conference and OpenIoT Summit, to be held Mar. 12-14 at the Hilton Portland in Portland, OR. Linux.com readers can register now with discount code, LINUXRD5, for 5% off the attendee registration.

Namib Linux Makes Arch Linux a Dream for New Users

By
Jack Wallen
-

Let’s not mince words here. Arch Linux is a challenge to install. If it weren’t, we wouldn’t have so many distributions, such as Anarchy, which we covered previously, claiming to make Arch accessible for any user. Some of those distributions succeed and some fall flat. But few do as remarkable (albeit someone confusing) of a job as does Namib Linux. Not only does Namib Linux make installing and using Arch Linux as simple as can be, it also offers everything desktop Linux should have:

  • Pre-installed codecs to play multimedia files.

  • Automatic installation of hardware drivers.

  • Access to the latest versions of software.

  • Support for the easy installation and use of multiple kernels.

All of that, along with the usual Linux goodness that comes with standard desktop distribution (graphical desktop interface, pre-installed applications, etc.), helps make Namib Linux pretty impressive.

A little about Namib Linux

Namib Linux is a rolling release distribution created and maintained by Meerkat Software, which is based in New Zealand. One of the key aspects of Namib Linux is the idea that privacy, security, and control is of the utmost value. To that end, Namib Linux allows you to:

  • Update only when you want

  • Protect your data

  • Change nearly every aspect of the desktop

I’ve installed Namib Linux as a VirtualBox virtual machine and I can, without question, say the distribution lives up to its claims. Let’s get it installed and see what makes this user-friendly approach to Arch Linux special.

Installation

I’d love to spend a good amount of time discussing the installation of Namib Linux, but Meerkat Software has done such a great job of making the installation easy, there’s little use dwelling on the subject. Download the ISO image (there are four versions to choose from: Mate, GNOME, KDE, or Xfce), burn it to a disk, or USB drive (or just create a VirtualBox VM from the ISO) and boot up your machine (or virtual machine). I’ve tried both the Mate and GNOME versions of Namib Linux and can say they are both stellar options.

Namib Linux uses the Calamares Installer (Figure 1), which happens to be one the most user-friendly installers on the planet.

Figure 1: The Calamares Installer running from the live instance.

Once installed, you’ll find your Namib Linux desktop ready to serve. Reboot and log into your user account. The first thing you might check is to see if there are any updates. Open the software update tool for your desktop of choice (Figure 2) and run any necessary updates.

Figure 2: The GNOME version of Namib Linux, with a few updates available.

Because Namib Linux is a rolling release, you won’t have to install again, once a new release is out. Just keep it up to date and you’re good to go.

Software variations

I did notice that, between the Mate and GNOME editions of Namib, there are different main packages installed. For example, in the GNOME edition, LibreOffice is installed, whereas with the Mate edition, it is not. Oddly, the installed version of LibreOffice is out of date (at 5.4.5.1). Considering this is a rolling release, I am surprised that the Fresh version (6) of LibreOffice isn’t installed. If, however, you install LibreOffice from the default package manager, you will find the Fresh version (6.0.1.1 as of this writing) available. If you do this on the GNOME version, you’ll wind up with two different releases of LibreOffice.

Fortunately, each iteration of Namib Linux does include a graphical software installer (e.g., GNOME Software or Pamac). Thus, installing or removing software is as easy as opening the software installer, searching for the package to be installed (or removed), selecting it for installation (or removal), and providing your user password. This means you can open up the Add/Remove Software tool, and easily uninstall the LibreOffice 5 release. Oddly enough, GNOME Software wasn’t able to see the LibreOffice Still (5) version. Because of this, the only way to remove it (using a graphical tool) was by way of Pamac.

Conversely, I did notice that installing LibreOffice Fresh via GNOME Software resulted in the Add/Remove Software tool not being aware of this new installation. That’s right, both GNOME Software and Pamac will be available in the GNOME edition of Namib Linux, and they seem to have difficulting seeing what one another is doing. Even so, LibreOffice Fresh can be installed and launched from the GNOME Dash. NOTE: This issue didn’t appear in the Mate version of Namib Linux, as LibreOffice isn’t installed by default.

Regardless of your desktop of choice, Namib Linux does include a few extra bits and pieces (as compared to the likes of, say, Ubuntu Linux. You’ll find:

  • Avahi Server Browser

  • HP Device Manager

  • Parcellite (clipboard manager)

  • PulseAudio Volume Controller

  • V4L2 Test Bench

  • Polari IRC Chat

  • Builder

  • Nambi Notifications Settings

  • Namib Settings

It is that final entry that might be of interest to users. Within the Namib Settings tool, you can configure:

  • Locale Settings

  • Language Packages

  • User Accounts

  • Time and Date

  • Hardware

  • Keyboard

  • Kernel

That’s right, Namib Linux allows the user to easily install and remove kernels. If you open up the desktop menu and type namib, you’ll see the Namib Settings Manager. Open that and then double-click on the Kernel entry. In the resulting window (Figure 3), you will see a listing of available kernels.

Figure 3: The Namib Kernel Settings Window.

As you can see in the figure, I’ve already installed kernel 4.15.6a-1, so it is now available, alongside 4.15.5-1. Kernel 4.14.22-1 is also available for installation. Should I opt for one of the other kernels, I only need to click the Install button associated with the kernel I want to run. After entering the user password, the kernel will be downloaded and installed. When prompted, click Close and reboot your machine for the changes to take effect.

I did find one issue with this tool. After installing the 4.15.6-1-hardened kernel (using the Namib tool), I rebooted as described, only to find the 4.15.5-1 kernel running. It wasn’t until I issued the command sudo grub-mkconfig -o /boot/grub/grub.cfg, that the newer kernel booted. This leads me to believe the Namib Kernel Settings window is incomplete or somewhat misleading. According to the documentation, this is a one-click kernel switcher. However, if (after installing a new kernel) it then requires the user to issue the grub-mkconfig command, it is not truly a one-click solution.

Even with that one caveat, it does make for easy kernel switching.

Definitely worth a try

Even with these caveats, Namib Linux makes Arch Linux incredibly accessible for new users. If you’ve been looking for an excuse to get familiar with Arch Linux, you should definitely give Namib Linux a go. Once you’re familiar with the environment, you may want to give Arch Linux a try.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Why Are There Few Women in Tech? Watch a Recruiting Session

By
Wired
-

Tech companies have employed a host of tactics to help lift the scant number of women and minorities who work within their ranks, like anti-bias training, affinity groups, and software that scans job postings for gendered language. Yet the numbers remain dire. Of men with science, technology engineering, or math (STEM) degrees, 40 percent work in technical careers; only 26 percent of women with STEM degrees do. That means that qualified women are turning away from the field before they even get started.

Some of the problems start in these preliminary recruiting sessions, which routinely discourage women from applying at all, according to a paper published in February by Alison Wynn, a postdoctoral fellow at Stanford University’s Clayman Institute for Gender Research, and Stanford sociology professor Shelley Correll. …

The researchers documented an unwelcoming environment for these women, including sexist jokes and imagery, geeky references, a competitive environment, and an absence of women engineers—all of which intimidated or alienated female recruits. “We hear from companies there’s a pipeline problem, that there just aren’t enough people applying for jobs. This is one area where they are able to influence that,” says Wynn. They just don’t.

Read more at WIRED

How to Make Your First Upstream Kubernetes Contribution

By
OpenSource.com
-

One of the best ways to join an open source community is to make a contribution, and this article is here to help your first contribution be a successful one.

Communicate

Join the Kubernetes Slack. Kubernetes is a growing community, which means we’re still figuring out how to document everything, and often the best way to get unstuck is to reach out for help from a more experienced contributor. In fact, on the second Wednesday of each month, we have a “Meet Our Contributors” video chat just for that. Find it in the Kubernetes Community Calendar, and the corresponding Slack channel #meet-our-contributors. You may also find help in the following  #kubernetes-users, #kubernetes-novice, or #sig-contribex.

Read more at OpenSource.com

​Memcached DDoS: The Biggest, Baddest Denial of Service Attacker Yet

By
ZDNet
-

We’ve been seeing a rise of ever bigger Distributed Denial of Service (DDoS) attacks for years now. But, now a new attack method, Memcrashed, can blast your site with over a terabyte of traffic. Good luck standing up to that volume of abuse!

Memcrashed works by exploiting the memcached program. Memcached is an open-source, high-performance, distributed, object-caching system. It’s commonly used by social networks such as Facebook and its creator LiveJournalas an in-memory key-value store for small chunks of arbitrary data. It’s the program that enables them to handle their massive data I/O. It’s also used by many to cache their web-server-session data to speed up their sites — and that’s where the trouble starts.

Read more at ZDNet

Shell Scripting and Security

By
Linux Journal
-

Basic ways you can use shell scripts to monitor password strength and secret accounts.

Whether you have Linux running on your laptop or ancient PC file server or whether you’re managing a data center, your system is also vulnerable to malicious users. I can’t offer any sort of robust solution in this article, but let’s have a look at some basic things you can do with shell scripts to keep an eye on your system.

First and foremost, make sure you have complex non-guessable passwords for all your accounts and particularly your administrative or root account. It’s tough to check existing passwords, since they’re all stored in an encrypted manner without spending oodles of CPU cycles brute-forcing it, but how about a script where users can enter their password and it’ll confirm whether it’s hard to guess?

Read more at Linux Journal

New Linux Video Series from Jack Wallen and Swapnil Bhartiya

By
Amber Ankerholz
-

Two well-known tech journalists and frequent contributors to Linux.com have debuted a new video series discussing Linux topics. The “Let’s Get Serious” series from Jack Wallen and Swapnil Bhartiya will feature ideas, opinions, and engaging conversation based on their years of experience using Linux and covering the tech industry.

Swapnil and Jack started the video series in order to have a mature conversation about Linux, open source, and related topics. “With so many related topics, we felt it had become a challenge to have or find sensible, immediate, dialog with those involved, as each distinct community had become either too entrenched in their microcosm or disconnected from reality. Hence, ‘Let’s Get Serious,’” Jack said.

Join Jack and Swapnil as they dive into a lively discussion about Linux desktops, devices, distributions, and more.

Check out the first video below:

 

Linux LAN Routing for Beginners: Part 2

By
Carla Schroder
-

Last week we reviewed IPv4 addressing and using the network admin’s indispensible ipcalc tool: Now we’re going to make some nice LAN routers.

VirtualBox and KVM are wonderful for testing routing, and the examples in this article are all performed in KVM. If you prefer to use physical hardware, then you need three computers: one to act as the router, and the other two to represent two different networks. You also need two Ethernet switches and cabling.

The examples assume a wired Ethernet LAN, and we shall pretend there are some bridged wireless access points for a realistic scenario, although we’re not going to do anything with them. (I have not yet tried all-WiFi routing and have had mixed success with connecting a mobile broadband device to an Ethernet LAN, so look for those in a future installment.)

Network Segments

The simplest network segment is two computers in the same address space connected to the same switch. These two computers do not need a router to communicate with each other. A useful term is broadcast domain, which describes a group of hosts that are all in the same network. They may be all connected to a single Ethernet switch, or multiple switches. A broadcast domain may include two different networks connected by an Ethernet bridge, which makes the two networks behave as a single network. Wireless access points are typically bridged to a wired Ethernetwork.

A broadcast domain can talk to a different broadcast domain only when they are connected by a network router.

Simple Network

The following example commands are not persistent, and your changes will vanish with a restart.

A broadcast domain needs a router to talk to other broadcast domains. Let’s illustrate this with two computers and the ip command. Our two computers are 192.168.110.125 and 192.168.110.126, and they are plugged into the same Ethernet switch. In VirtualBox or KVM, you automatically create a virtual switch when you configure a new network, so when you assign a network to a virtual machine it’s like plugging it into a switch. Use ip addr show to see your addresses and network interface names. The two hosts can ping each other.

Now add an address in a different network to one of the hosts:

# ip addr add 192.168.120.125/24 dev ens3

You have to specify the network interface name, which in the example is ens3. It is not required to add the network prefix, in this case /24, but it never hurts to be explicit. Check your work with ip. The example output is trimmed for clarity:

$ ip addr show
ens3: 
    inet 192.168.110.125/24 brd 192.168.110.255 scope global dynamic ens3
       valid_lft 875sec preferred_lft 875sec
    inet 192.168.120.125/24 scope global ens3
       valid_lft forever preferred_lft forever

The host at 192.168.120.125 can ping itself (ping 192.168.120.125), and that is a good basic test to verify that your configuration is working correctly, but the second computer can’t ping that address.

Now we need to do bit of network juggling. Start by adding a third host to act as the router. This needs two virtual network interfaces and a second virtual network. In real life you want your router to have static IP addresses, but for now we’ll let the KVM DHCP server do the work of assigning addresses, so you only need these two virtual networks:

  • First network: 192.168.110.0/24
  • Second network: 192.168.120.0/24

Then your router must be configured to forward packets. Packet forwarding should be disabled by default, which you can check with sysctl:

$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

The zero means it is disabled. Enable it with this command:

# echo 1 > /proc/sys/net/ipv4/ip_forward

Then configure one of your other hosts to play the part of the second network by assigning the 192.168.120.0/24 virtual network to it in place of the 192.168.110.0/24 network, and then reboot the two “network” hosts, but not the router. (Or restart networking; I’m old and lazy and don’t care what weird commands are required to restart services when I can just reboot.) The addressing should look something like this:

  • Host 1: 192.168.110.125
  • Host 2: 192.168.120.135
  • Router: 192.168.110.126 and 192.168.120.136

Now go on a ping frenzy, and ping everyone from everyone. There are some quirks with virtual machines and the various Linux distributions that produce inconsistent results, so some pings will succeed and some will not. Not succeeding is good, because it means you get to practice creating a static route. First, view the existing routing tables. The first example is from Host 1, and the second is from the router:

$ ip route show
default via 192.168.110.1 dev ens3  proto static  metric 100 
192.168.110.0/24 dev ens3  proto kernel  scope link  src 192.168.110.164  metric 100

$ ip route show
default via 192.168.110.1 dev ens3 proto static metric 100
default via 192.168.120.1 dev ens3 proto static metric 101
169.254.0.0/16 dev ens3 scope link metric 1000
192.168.110.0/24 dev ens3 proto kernel scope link 
 src 192.168.110.126 metric 100
192.168.120.0/24 dev ens9 proto kernel scope link 
 src 192.168.120.136 metric 100

This shows us that the default routes are the ones assigned by KVM. The 169.* address is the automatic link local address, and we can ignore it. Then we see two more routes, the two that belong to our router. You can have multiple routes, and this example shows how to add a non-default route to Host 1:

# ip route add 192.168.120.0/24 via 192.168.110.126 dev ens3

This means Host 1 can access the 192.168.110.0/24 network via the router interface 192.168.110.126. See how it works? Host 1 and the router need to be in the same address space to connect, then the router forwards to the other network.

This command deletes a route:

# ip route del 192.168.120.0/24

In real life, you’re not going to be setting up routes manually like this, but rather using a router daemon and advertising your router via DHCP but understanding the fundamentals is key. Come back next week to learn how to set up a nice easy router daemon that does the work for you.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Security in the Modern Data Center

By
The New Stack
-

The National Institute of Standards and Technology, a division of the U.S. Department of Commerce, is well known in the security community for its standards and recommendations that guide many organizations towards secure culture, policies and technological infrastructure. Its recently publicized guidance, the Application Container Security Guide, analyzes the unique risks posed by containerized applications and advises organizations how to secure them. The first recommendation, “Tailor the organization’s operational culture and technical processes to support the new way of developing, running, and supporting applications made possible by containers,” sets the tone for analysis, implying that modern data centers require a major shift in enterprise strategy and means of securing them, in order to keep pace with the new methodologies of developing and running applications.

The document goes on to emphasize that securing the data center requires tools that were designed from the ground up for this purpose. The authors explain that existing security tools are simply not up for the task of securing the virtualization-based infrastructure, as they were designed before such an environment was envisioned.

Read more at The New Stack

1...402403404...10,743Page 403 of 10,743