Spectre and Meltdown Attacks Against Microprocessors

By

-

January 10, 2018

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution — which of course is not a solution — is to throw them all away and buy new ones.

On Wednesday, researchers just announced a series of major security vulnerabilities in the microprocessors at the heart of the world’s computers for the past 15-20 years. They’ve been named Spectre and Meltdown, and they have to do with manipulating different ways processors optimize performance by rearranging the order of instructions or performing different instructions in parallel. An attacker who controls one process on a system can use the vulnerabilities to steal secrets elsewhere on the computer. (The research papers are here and here.)

Four Tips for a More Secure Website

By

Dev.to

-

January 10, 2018

Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

1. Parameters are good for your health

According to OWASP, the top vulnerability for web applications is SQL injection. What is SQL injection? It is user provided data embedded into a SQL query without any protection.

Prometheus vs. Heapster vs. Kubernetes Metrics APIs

By

Frederic Branczyk

-

January 10, 2018

In this blog post, I will try to explain the relation between Prometheus, Heapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

This post assumes you have a basic understanding of Kubernetes and monitoring.

Heapster

Heapster provides metric collection, basic monitoring capabilities and supports multiple data sinks to write the collected metrics to. The code for each sink resides within the Heapster repository. Heapster also enables the use of the Horizontal Pod Autoscaler to autoscale on metrics.

New-Age Networking Predictions for the New Year: Open Source

By

Virtualization Review

-

January 10, 2018

As software-defined networking (SDN), network functions virtualization (NFV) and other new-age networking initiatives mature, we’ll be taking a look at what’s in store for some of the most promising projects in the new year, now examining the open source movement.

Modern networking techniques such as SDN and NFV are closely tied to the open source phenomenon. As they’ve originated, evolved and matured, such approaches naturally have gravitated to open source, which itself is in the midst of a rising popularity trend.

The Linux vs Meltdown and Spectre Battle Continues

By

ZDNet

-

January 10, 2018

So, where are we with fixing the problems? Work is continuing, but the latest update of the stable Linux kernel, 4.14.2, has the current patches. Some people may experience boot problems with this release, but 4.14.13 will be out in a few days.

Patches have also been added to the 4.4 and 4.9 stable kernel trees. But, as Greg Kroah-Hartman added, “This backport is very different from the mainline version that is in 4.14 and 4.15, there are different bugs happening.” Still, he said, “Those are the minority at the moment, and should not stop you from upgrading.”

7 Systems Engineering and Operations Trends to Watch in 2018

By

O'Reilly

-

January 9, 2018

We asked members of the 2018 O’Reilly Velocity Conference program committee for their take on the tools and trends that will change how you work. Below you’ll find the insights that I believe will have the greatest impact on the community in the year ahead.

Networking the edge

This year was all about the cloud as enterprises continued their migration to public, private, hybrid, and multi-cloud infrastructures to compete with agile, cloud-native competitors who can scale quickly at less cost. But next year, Fastly’s Senior Communications Manager Elaine Greenberg expects we’ll see more companies moving their networks closer to the edge.

Irresistible Appeal of Open Source

By

Network World

-

January 9, 2018

Telecom companies have always cooperated in development of standards. It’s essential for interoperability – otherwise each company’s customers would only be able to interact with its other customers. But there’s a difference between agreeing on standards and sharing software.

Illustrating the increasing pace of open source acceptance in telecom, AT&T announced in early 2017 that it was handing over its ECOMP (Enhanced Control, Orchestration, Management and Policy) platform to the Linux Foundation for placement into open source. AT&T developed ECOMP to manage and automate virtual network functions (VNFs) in its software-defined networks (SDNs). Linux Foundation subsequently merged ECOMP platform with the Open Orchestrator Project to forge the Open Network Automation Platform Project.

Quantum Computers Barely Exist—Here’s Why We’re Writing Languages for Them Anyway

By

MIT Technology Review

-

January 9, 2018

Quantum computers are still extremely rudimentary, and largely remain intriguing playthings in a few advanced research labs. That hasn’t deterred people from developing new programming languages for them.

The most recent one comes from Microsoft, which has unveiled Q# (pronounced Q sharp) and some associated tools to help developers use it to create software. It joins a growing list of other high-level quantum programming languages such as QCL and Quipper.

But given that practically nobody has a quantum computer, what’s the point?

2018: The Year of Kubernetes and Interoperability

By

The New Stack

-

January 9, 2018

On its own, Kubernetes is a great story. What makes it even better is the soaring interoperability movement it’s fueling. An essential part of enabling interoperable cloud-native apps on Kubernetes is the Open Service Broker API. OSBAPI enables portability of cloud services across offerings and vendors. A collaborative project across multiple organizations, including Fujitsu, Google, IBM, Pivotal, Red Hat and SAP, it enables developers, ISVs, and SaaS vendors to deliver services to applications running within cloud-native platforms. In 2017, we saw adoption of the API by Microsoft and Google. Late in the year, Amazon and Pivotal partnered to enable expose Amazon’s services via the broker as well. Red Hat uses it to support the OpenShift marketplace.

A craftily designed API, OSBAPI is beautiful in its simplicity. It got the abstraction right. After several iterations, the abstraction is still holding strong, enabling OSPABI to continue to grow in use and evolve over time, eventually becoming even more powerful.

Ringing in 2018 with 103 Hacker-Friendly SBCs

By

LinuxGizmos

-

January 9, 2018

Welcome to our latest biannual round-up of hacker-friendly single board computers that run Linux or Android. Included are a brief review of recent SBC market trends, a catalog with key features, specs, and pricing of each SBC, and a table comparing them all.

Relative to our June report, which was accompanied by a reader survey co-sponsored with Linux.com, our latest hacker-friendly single board computer (SBC) round-up has grown from 98 to 103 boards. Although there’s no survey here, we invite your comments in the discussion area at the bottom of this post.

There are three parts to this round-up: this post, which provides an overview of recent SBC market trends and discusses our latest crop of hacker-friendly SBCs in general terms; a catalog post with brief descriptions, specs, pricing, and links to related LinuxGizmos coverage and supplier product pages for all 103 SBCs; and a Google docs spreadsheet that tabulates key features and pricing for all 103 boards. Links to each are in the box below.