Home Blog Page 426

Meltdown and Spectre Linux Kernel Status

By
Linux Kernel Monkey Blog
-

If your Linux systems are running a normal Linux distribution, go update your kernel. They should all have the updates in them already. And then keep updating them over the next few weeks, we are still working out lots of corner case bugs given that the testing involved here is complex given the huge variety of systems and workloads this affects. If your distro does not have kernel updates, then I strongly suggest changing distros right now.

However there are lots of systems out there that are not running “normal” Linux distributions for various reasons (rumor has it that it is way more than the “traditional” corporate distros). They rely on the LTS kernel updates, or the normal stable kernel updates, or they are in-house franken-kernels. For those people here’s the status of what is going on regarding all of this mess in the upstream kernels you can use.

Read more at Linux Kernel Monkey Blog

4 Days Left to Submit Your Proposal for Open Networking Summit NA 2018

By
The Linux Foundation
-

Share your expertise and help shape the future of SDN, NFV, orchestration and the automation of cloud, network, & IoT services at Open Networking Summit North America, March 26 -29, 2018 in Los Angeles.

With more than 2000 attendees expected at this year’s event, submit before Sunday, January 14, 2018 at 11:59pm PST to share your ideas and expertise with the open networking community.

View the full list of suggested topics and submit your proposal today.

Read more at The Linux Foundation

Oath’s Top 5 Open Source Goals

By
The Linux Foundation
-

As with many other companies, the open source program at Oath started informally with a group of diligent engineers and a few legal people. But the ad hoc group soon realized it needed a more formal program if it was going to be able to scale to address more issues and achieve specific business goals. With a formal program in place, they are poised to achieve its goals.

The top five of Oath’s numerous open source goals, according to Yehuda, are:

  1. Keep aligned with the industry on open source technology standards by avoiding creating unique tech stacks that Oath alone would have to manage at its own expense.

Read more at The Linux Foundation

Spectre and Meltdown Attacks Against Microprocessors

By
Schneier on Security
-

The security of pretty much every computer on the planet has just gotten a lot worse, and the only real solution — which of course is not a solution — is to throw them all away and buy new ones.

On Wednesday, researchers just announced a series of major security vulnerabilities in the microprocessors at the heart of the world’s computers for the past 15-20 years. They’ve been named Spectre and Meltdown, and they have to do with manipulating different ways processors optimize performance by rearranging the order of instructions or performing different instructions in parallel. An attacker who controls one process on a system can use the vulnerabilities to steal secrets elsewhere on the computer. (The research papers are here and here.)

Read more at Schneier on Security

Four Tips for a More Secure Website

By
Dev.to
-

Security is a hot topic in web development with great reason. Every few months a major website is cracked and millions of user records are leaked. Many times the cause of a breach is from a simple vulnerability that has been overlooked. Here are a few tips to give you a quick overview of standard techniques for making your websites more secure. Note: I do not guarantee a secure website if you follow these suggestions, there are many facets to security that I don’t even touch in this article. This write-up is for increasing awareness about techniques used to correct some common vulnerabilities that appear in web applications.

1. Parameters are good for your health

According to OWASP, the top vulnerability for web applications is SQL injection. What is SQL injection? It is user provided data embedded into a SQL query without any protection. 

Read more at Dev.to

Prometheus vs. Heapster vs. Kubernetes Metrics APIs

By
Frederic Branczyk
-

In this blog post, I will try to explain the relation between PrometheusHeapster, as well as the Kubernetes metrics APIs and conclude with the recommended way how to autoscale workloads on Kubernetes.

This post assumes you have a basic understanding of Kubernetes and monitoring.

Heapster

Heapster provides metric collection, basic monitoring capabilities and supports multiple data sinks to write the collected metrics to. The code for each sink resides within the Heapster repository. Heapster also enables the use of the Horizontal Pod Autoscaler to autoscale on metrics.

Read more at Frederic Branczyk blog

New-Age Networking Predictions for the New Year: Open Source

By
Virtualization Review
-

As software-defined networking (SDN), network functions virtualization (NFV) and other new-age networking initiatives mature, we’ll be taking a look at what’s in store for some of the most promising projects in the new year, now examining the open source movement.

Modern networking techniques such as SDN and NFV are closely tied to the open source phenomenon. As they’ve originated, evolved and matured, such approaches naturally have gravitated to open source, which itself is in the midst of a rising popularity trend.

Read more at Virtualization Review

The Linux vs Meltdown and Spectre Battle Continues

By
ZDNet
-

So, where are we with fixing the problems? Work is continuing, but the latest update of the stable Linux kernel, 4.14.2, has the current patches. Some people may experience boot problems with this release, but 4.14.13 will be out in a few days.

Patches have also been added to the 4.4 and 4.9 stable kernel trees. But, as Greg Kroah-Hartman added, “This backport is very different from the mainline version that is in 4.14 and 4.15, there are different bugs happening.” Still, he said, “Those are the minority at the moment, and should not stop you from upgrading.”

Read more at ZDNet

7 Systems Engineering and Operations Trends to Watch in 2018

By
O'Reilly
-

We asked members of the 2018 O’Reilly Velocity Conference program committee for their take on the tools and trends that will change how you work. Below you’ll find the insights that I believe will have the greatest impact on the community in the year ahead.

Networking the edge

This year was all about the cloud as enterprises continued their migration to public, private, hybrid, and multi-cloud infrastructures to compete with agile, cloud-native competitors who can scale quickly at less cost. But next year, Fastly’s Senior Communications Manager Elaine Greenberg expects we’ll see more companies moving their networks closer to the edge.

Read more at O’Reilly

Irresistible Appeal of Open Source

By
Network World
-

Telecom companies have always cooperated in development of standards. It’s essential for interoperability – otherwise each company’s customers would only be able to interact with its other customers. But there’s a difference between agreeing on standards and sharing software.

Illustrating the increasing pace of open source acceptance in telecom, AT&T announced in early 2017 that it was handing over its ECOMP (Enhanced Control, Orchestration, Management and Policy) platform to the Linux Foundation for placement into open source. AT&T developed ECOMP to manage and automate virtual network functions (VNFs) in its software-defined networks (SDNs). Linux Foundation subsequently merged ECOMP platform with the Open Orchestrator Project to forge the Open Network Automation Platform Project.

Read more at Network World

1...425426427...10,743Page 426 of 10,743