Twitter
Home Blog Page 432

8 Takeaways from NIST’s Application Container Security Guide

By
Black Duck Software
-

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on Operations teams to find security vulnerabilities in the production environment.

Black Duck isn’t the only organization to identify this trend. The National Institute of Standards and Technology (NIST) published the “Application Container Security Guide” in September to address the security risks associated with container adoption.

Chances are, hackers are aware of the growing popularity of containers as well, which is why we compiled eight takeaways from NIST’s report on container security so you can be proactive about vulnerabilities in your production environment.

Read more at Black Duck

How To Tell If Your Linux Server Has Been Compromised

By
Bash-prompt
-

A server being compromised or hacked for the purpose of this guide is an unauthorized person or bot logging into the server in order to use it for their own, usually negative ends.

Disclaimer: If your server has been compromised by a state organization like the NSA or a serious criminal group then you will not notice any problems and the following techniques will not register their presence.

However, the majority of compromised servers are carried out by bots i.e. automated attack programs, in-experienced attackers e.g. “script kiddies”, or dumb criminals.

These sorts of attackers will abuse the server for all it’s worth whilst they have access to it and take few precautions to hide what they are doing.

Read more at bash-prompt

Agrarian-Scale Kubernetes: Part 1

By
Times Open
-

Visit the Kubernetes homepage, and one of the first things you’ll see is the promise of “Planet Scale.” The S-word is plastered across the pitch for Google’s managed version of Kubernetes as well (Google Kubernetes Engine, or “GKE”). Demand-based autoscaling! Support for thousands of host nodes! Cross-region federated clusters! The ability to scale easily to heavy workloads, across geographies and even multiple clouds makes Kubernetes and GKE great choices for high-traffic websites.

Because so many of the apps we create on the Interactive News Team are used only by reporters and editors in the building, we tend to take greater advantage of the less discussed dimension of scaling: fitting many applications into a single cluster. Consider our concerns on a kind of agrarian scale: a single plot of land (our newsroom) where our biggest concerns are crop rotation.

This guide is an outline of our devops philosophy on Interactive News at The New York Times, by way of tutorial. It assumes you can copy code into a command line, and that you have a rough understanding of what containers are. (Docker has a brief overview here.) You don’t need a background in cloud infrastructure.

Read more at Times Open

Linux, Open Source, and Beyond

By
Carla Schroder
-

Linux is 26 years old, and look what happened in those 26 years: everything. Now what? Linux is both shrinking and expanding.

Cloudy Linux

Cloud is a perfect metaphor for Linux. Once upon a time the Linux world was small, with well-defined boundaries, and populated by fierce partisans. Linux was the underdog and had enemies, like Microsoft and the SCO Group. Microsoft CEO Steve Ballmer once called Linux a cancer. Remember Darl McBride, the CEO of SCO, claiming that Linux was built on a mountain of misappropriated UNIX code, which McBride claimed was owned by SCO? SCO sued IBM, Novell, AutoZone, Red Hat, and Daimler-Chrysler. SCO played coy for years and refused to show the supposedly infringing code, but was finally was forced to reveal that their mountain was a few lines in the file errno.h.

Now Microsoft, and many other former adversaries, are Linux developers and partners with Linux companies and organizations. (But not SCO; the last SCO lawsuit is still alive, believe it or not, after 14 years.) Linux is mainstream and no longer needs defense against such silly accusations.

Clouds are diffuse, and now so is Linux. Check out the Linux distribution timeline, an amazing work that shows the depth and breadth of Linux development. Linux distributions come and go, but Linux keeps going.

Another diffusion is Linux celebrities. Back in the day there were a number of famous Linux leaders: Linus Torvalds, of course, Alan Cox, Debra and Ian Murdock, Bdale Garbee, Marc Ewing, Bob Young, Mark Shuttleworth, and many more. Now personalities are less important, as they should be, and the faces of Linux are considerably more numerous and diverse. See the latest Linux Kernel Development Report for a few examples.

Diversity is Everything

A lack of diversity leads to a lack of imagination. Any project’s contributors should mirror society, and all projects should prioritize building their communities to do this. It doesn’t happen without planning and effort. You know how some people still like to say “Those People just aren’t interested in tech, so why should we change how we do things?” A better question is why don’t Those People want to get involved with your project? The answer is almost always because they’re not welcomed.

Community is more important than code; the Apache Foundation says:

“We value the community more than the code.”

Nobody, but nobody is so special and important that they’re indispensible, and nobody should be indispensible, because the great strength of a healthy community is the work carries on regardless of which people are working on it. The last thing we need is rock stars. The work gets done by people who show up, who care about details, and who slog through the boring essential tasks.

Software is For Other People

Coding, of course, is essential. Without code there is no software. But any software project requires a host of essential contributors: artists, musicians, testers and quality assurance, documentation writers (doc writers also function as testers and quality assurance), project managers, mentors, teachers, marketers, community builders, record keepers, system and network administrators, and on and on.

Something that contributors and maintainers often forget is all of this is a means to an end, not the end. We’re building tools, tools that will be used in all manner of creative and unforeseen ways, and that hopefully will make life better for the people using them.

Linux is to Open Source as GNU is to Linux

The open source ecosystem has grown far beyond Linux, and this is how it should be. As Pardot Kynes said in the novel Dune:

“The more life there is within a system, the more niches there are for life.”

The GNU tools and applications were essential to creating Linux, to the point that some people still insist that it should be called GNU/Linux. Both the Linux kernel and software that goes into a Linux distribution have grown tremendously, while the GNU bits have declined.

When The Linux Foundation merged LinuxCon, ContainerCon, and Cloud Open into the Open Source Summit, I was sad at first, because it felt like a dismissal of Linux’s importance. But as I learned more about cloud and embedded technologies, the change made sense. Linux is still essential and growing, and these newer technologies are growing far beyond plain old Linux into the broader open source landscape.

Now What?

What’s next? More of the same, of course! More growth and invention, creating new things, improving old things. Which reminds me of another quote from Dune:

“The highest function of ecology is the understanding of consequences.”

This is something that needs more attention, taking the time to think about consequences. What happens if I do this…? We have 26 years of Linux history to learn from and decades of computing. So perhaps it is time to add more historians and philosophers to Linux and open source communities.

Why Now Is the Time for Multi-Cloud

By
OpenStack
-

Craig McLuckie isn’t a fan of every buzzword flitting across the tech landscape. He admits that multi-cloud wasn’t one of his favorites, but he’s changing his mind.

“I’m starting to see a deep legitimacy to multi-cloud,”  says McLuckie,  co-founder of Kubernetes and now CEO of Heptio, “I used to nod and smile when people talked about it, but never really believed it. I’m starting to see it for reals now.”

Multi-cloud was one of the three main pillars that he sees for the future of Kubernetes — the other two are improving developer productivity and tackling enterprise — that he elaborated on during keynotes at KubeCon + CloudNativeCon North America 2017.  And while it’s worth noting that multi-cloud is really happening, “we really need strong conformance” to make it materialize, he says.

Read more at OpenStack

Julia vs. Python: Julia Language Rises for Data Science

By
InfoWorld
-

Python has turned into a data science and machine learning mainstay, while Julia was built from the ground up to do the job.

Of the many use cases Python covers, data analytics has become perhaps the biggest and most significant. The Python ecosystem is loaded with libraries, tools, and applications that make the work of scientific computing and data analysis fast and convenient.

But for the developers behind the Julia language — aimed specifically at “scientific computing, machine learning, data mining, large-scale linear algebra, distributed and parallel computing”—Python isn’t fast or convenient enough. It’s a trade-off, good for some parts of this work but terrible for others.

Read more at InfoWorld

Linux Kernel Development Cycle

By
Medium Blog
-

The kernel development cycle has evolved so beautifully overtime that it has set an example in the open source world. Having contributed to the kernel I actually enjoyed learning about the whole development cycle. Terms like mainline kernel, rc, stable release, long-term support confused me a lot initially but with time I understood at least the basic work-flow.

Keeping in the mind the volume of code that sits inside the kernel, it is very difficult for a single person to inspect each and every part of the project perfectly. Hats off to Linus and people like Greg. To make the process easier (it looks easy :P), the kernel is broken down into subsystems with each subsystem having its own main developer or as generally said top level maintainer. These maintainers decide which patch goes to the mainline kernel. 

Read more at Medium

Who Contributed the Most to Open Source in 2017?

By
freeCodeCamp
-

For this analysis we’ll look at all the PushEvents published by GitHub during 2017. For each GitHub user we’ll have to make our best guess to determine to which organization they belong. We’ll only look at repositories that have received at least 20 stars this year.

Here are the results I got, which you can tinker with in my the interactive Data Studio report.

Read more at freeCodeCamp

LiFT Scholarship Winners Put Linux Skills to Work Helping Others

By
Esther Shein
-

Marie Drottar, 62, of the United States, is one of two recipients of the 2017 Linux Foundation Training (LiFT) Scholarships in the Women in Open Source category. The LiFT scholarships provide advanced training in open source to existing and aspiring IT professionals globally. 

Marie Drottar
Drottar is a clinical research specialist in the neonatal neuroimaging department at Boston Children’s Hospital, and she said a big part of her job is conducting neuroimaging data analysis.

“Enabling my skills in large batch processing of imaging data using Linux scripting will enhance my teaching skills in training new research assistants, post-doctoral employees, and medical/fellowship students, the large majority of whom are women,’’ she noted in her scholarship application.

Drottar said she hopes to use open source to analyze larger and larger volumes of data and make predictive models for health care and early intervention studies with infants and children.

Jona Azizaj
Jona Azizaj, 24, of Albania, is the other scholarship recipient in the Women in Open Source category. Azizaj is in her final year studying business informatics at the University of Tirana. She has been involved in open source for four years now, starting by contributing to Fedora, and is now involved with LibreOffice, Mozilla, Wikipedia, OpenStreetMap, Nextcloud, and more.

“When I started attending some conferences with other Fedora ambassadors I was the only girl on the team,’’ Azizaj wrote in her scholarship application. This was the impetus for her to want to work to tighten the gender gap that she has witnessed in other open source communities.

“But in Albania, at the Open Labs Hackerspace, the situation at my local community is completely different, because more than 70 percent of the members are girls,’’ she explained. “That’s why I think that this training will help me even more to help the girls of my local hackerspace to start their first contributions on different open source communities.”

Badri Basnet
The Linux Foundation also awarded two scholarships in the Developer Do Gooder category. The recipients are Badri Basnet, 65, of Australia, and Pedro Guarderas, 33, of Ecuador.

Basnet uses Ubuntu, along with an open source Geographic Information Systems (GIS) software, QGIS, and open source learning management system Moodle. He said he is using all of these systems to develop hands-on GIS learning resources and to teach GIS skills to undergraduates at the University of Southern Queensland, in addition to volunteering to educate others about GIS.

“The Linux training scholarship will help me to expand this work further by providing the additional skills necessary for making effective use of open source operating systems, open source software, and open source learning management systems for developing open source QGIS software,’’ he wrote in his scholarship application. Additionally, he said the scholarship would enhance his ability to improve hands-on GIS learning resources.

Pedro Guarderas
Guarderas started with open source by creating a plugin for QuantumGIS with Qt and C++. Since then, his interest in open source development increased, and he has gained experience with Debian, C++, R, Python, Fortran, SQL, Git, and several scientific libraries.

“I have worked extensively developing mathematical models, and many have been employed inside the government and private sector in Ecuador,” he said, and the impact of these models has reached thousands of people.  “Today I am deeply interested in knowing more about the Linux deep details; in particular, I am interested in distributed or parallel programming.”

Guarderas hopes to expand his knowledge and develop new scientific applications with high-quality standards.

Now in its seventh year, LiFT initiative has awarded more than $168,000 in training scholarships. This year, a record 1,238 applications were received for 14 scholarships. The Linux Foundation also supports a variety of community initiatives and organizations to help advance free and open source software and increase diversity in technology and the open source community. The Foundation offers training and event scholarships, and works with organizations such as Women Who Code and Goodwill to further these efforts.

Learn more about the LiFT Scholarship program from The Linux Foundation.

Call for Proposals Now Open for Open Networking Summit North America 2018

By
The Linux Foundation
-

The Linux Foundation has just opened the Open Networking Summit North America (ONS NA) 2018 Call for Proposals, and we invite you to share your expertise with over 2,000 technical and business leaders in the networking ecosystem. Proposals are due by 11:59pm PT on Jan. 14, 2018.

Over 2,000 attendees are expected to attend ONS North America 2018, taking place March 26-29 in Los Angeles, including technical and business leaders across enterprise, service providers, and cloud providers. ONS North America is the only event of its kind, bringing networking and orchestration innovations together with a focus on the convergence of business (CIO/CTO/Architects) and technical (DevOps) communities.

Read more at The Linux Foundation

1...431432433...10,742Page 432 of 10,742